2013-09-11 Todd C. Miller <[email protected]> * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/da.mo, src/po/da.po, src/po/eo.mo, src/po/eo.po, src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: Sync with translationproject.org [d0e37a3f1289] [tip] * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: Mention that relative times don't always do what you might expect. [8e42f9ecba8c] * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Change "next" back to 2. In the context of "next Friday" we really do want the friday of the upcoming (not current) week. Unfortunately, this means that things like "next week" and "next year" will match one more than we really want. Fixing this will require some fairly major changes to the grammar. [dd01b09abb9f] * src/regress/ttyname/check_ttyname.c: Do not fail if ttyname() cannot determine the tty but sudo can. Should fix problems with running "make check" under pbuilder. [e6fc06a6c5cf] * plugins/sudoers/Makefile.in: Remove extraneous $$CWD; from Bdale Garbee [4d040ddd7446] 2013-09-09 Todd C. Miller <[email protected]> * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Make "this" and "next" qualifiers work a bit better. There is still room for improvement as "this week" will use the current time instead of the beginning of the week. That's a separate issue though. [e844c02f754a] 2013-09-06 Todd C. Miller <[email protected]> * common/regress/sudo_conf/conf_test.c, common/regress/sudo_parseln/parseln_test.c: Mark main() public to silence a warning on HP-UX. [ac0b869b9842] 2013-09-03 Todd C. Miller <[email protected]> * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c: Be specific that we are talking about the Unix epoch; bug #615 [25887775371b] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot, src/selinux.c: Do not use "setup" as a verb; bug #614 [17c4750aac5f] * plugins/sudoers/iolog.c: Fix logic goof when checking open() status. [76ece1445d71] * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, src/po/nl.po, src/po/ru.mo, src/po/ru.po: Sync with translationproject.org [21351498000f] * NEWS, plugins/sudoers/sudoreplay.c: Work around a bug in sudo 1.8.7 timing files where the indexes are off by two. [4aa0cd58af58] * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, plugins/sudoers/sudoreplay.c: Repair writing of the I/O log file indices broken in sudo 1.8.7. [6a5f867884f5] 2013-08-31 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Try to improve the PAGERS noexec example a bit. [226f11118daa] 2013-08-30 Todd C. Miller <[email protected]> * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: Document comment character in ldap.conf Clarify what is and is not supported in TLS_KEYPW Mention that gsk8capicmd can be used to create a stash file [fb8f06ab4458] 2013-08-26 Todd C. Miller <[email protected]> * NEWS: New bugs fixed for 1.8.8. [c158df7cd9d2] * plugins/sudoers/visudo.c: Fix setting of quiet flag when -q / --quiet is specified. Do not print "sudoers: parsed OK" in quiet mode. [df55acd57ce6] * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po: Updated translations from translationproject.org [e9e8abd23a28] * plugins/sudoers/check.c: Don't allow root to change its SELinux role without a password. Bug #611 [f8b599acb29d] 2013-08-21 Todd C. Miller <[email protected]> * NEWS: Mention new Mac OS X symbol interposition. [98293b7c4e0f] * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, src/po/eo.po, src/po/fr.mo, src/po/fr.po: Updated translations from translationproject.org [865be7454354] * config.h.in, configure, configure.in, src/sudo_noexec.c: Add configure checks for the exec functions we will dummy out. This is only really needed on Mac OS X when symbol interposition is being performed but won't hurt elsewhere. [49c20cf6bab0] 2013-08-20 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, src/Makefile.in, src/sudo_noexec.c: Fix installation of sudo_noexec on Mac OS X. Use library symbol interposition on Mac OS X 10.4 and higher so we don't need to set DYLD_FORCE_FLAT_NAMESPACE=1. [a82999dff8e6] 2013-08-17 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Fix error display from ldap_ssl_client_init(). There are two error codes. The return value can be decoded via ldap_err2string() but the ssl reason code cannot (you have to look it up in a table online). [0267125ce9f0] 2013-08-19 Todd C. Miller <[email protected]> * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: Fix typo in tls_key example for Tivoli [36599f424ac4] * src/parse_args.c: Don't escape '$' when running "sudo -i command". Bug #564 [17542d52f714] * plugins/sudoers/iolog_path.c: Fix typo in comment. [d0510ed5eaba] * plugins/sudoers/auth/pam.c: Fix comment. [4e89e0bfd6af] * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c: Quiet some gcc -Wformat=2 false positives [28a2014b9822] 2013-08-18 Todd C. Miller <[email protected]> * plugins/sudoers/auth/pam.c: Remove now-obsolete arg to env_merge() [ba015cf5d935] * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: Updated translations from translationproject.org [72b6aeaba505] * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po: French translation for sudo from translationproject.org. [a72321771860] * plugins/sudoers/logging.h: Add __printflike to audit_failure. [1686b3699d41] * include/missing.h: Use __nonnull__ attribute in __printflike. [d123613a1fb6] 2013-08-17 Todd C. Miller <[email protected]> * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: When merging the PAM environment, allow environment variables set in PAM to override ones set by sudo as long as they do not match the env_keep or env_check lists. [f3c64967fed7] * plugins/sudoers/auth/pam.c: Call pam_getenvlist() after we've opened the session to get the session-specific environment variables. [b413fb9e1c77] 2013-08-16 Todd C. Miller <[email protected]> * NEWS: option not flag [08c31af7b818] * compat/getopt_long.c, config.h.in, configure, configure.in: Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add a check for optreset which is a BSD extension and provide a definition in getopt_long.c if it is not present. [3393e8d83400] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [f38f65830118] * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: Use lower case for the long option arguments to match the manual. This is inconsistent with GNU but it is better to match the sudo documentation. [8fac2d64f5d2] * NEWS: Sudo 1.8.8 [105c73752474] * src/parse_args.c: Use lower card for the long option arguments to match the manual. This is inconsistent with GNU but it is better to match the sudo documentation. [af243dd39850] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Describe how remote command execution can be implemented. [3eba7f93b7f6] * doc/sudoers.ldap.cat: Bump version. [0ee7f02f3627] 2013-08-15 Todd C. Miller <[email protected]> * src/sudo.c: Make it a fatal error if the plugin returns invalid or out of range command info. [8a7e56c7584a] * plugins/sudoers/policy.c: Use strtol() instead of atoi() and perform error checking of parameters passed from the sudo front-end. [05e05be3c6c4] * plugins/sudoers/auth/pam.c: It is not possible for auth to be NULL here. [771500e776e9] * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Initialize user_runhost and user_srunhost to user_host and user_shost in visudo and testsudoers. [c47cca74e1fc] * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c, common/list.c, common/sudo_conf.c, common/sudo_debug.c, compat/Makefile.in, compat/getopt_long.c, include/error.h, include/fatal.h, plugins/sudoers/Makefile.in, plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c, plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, src/Makefile.in, src/locale_stub.c, src/net_ifs.c, src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: Rename error.h -> fatal.h now that there is no error() function. [3a3827f10f04] * common/sudo_debug.c, include/sudo_debug.h: Add support to the debug subsystem for zero-length strings. This can happen for things like warning(NULL) or fatal(NULL) where we just want to log the errno string. [3ed739c5cc91] * include/error.h: Add __printflike for vfatal, vfatalx, vwarning and vwarningx. [57e65ed595d2] * plugins/sudoers/audit.c: Need to include gettext.h for BSM audit. [a87fda2d0123] * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c, src/parse_args.c, src/sudo.c: Change some fatalx(NULL) that should be fatal(NULL). [8b1efda9f578] * include/error.h, include/missing.h: Use __printf0like for warning() and fatal() since the fmt string may be NULL. [858a890f00ad] * compat/pw_dup.c: Quiet a gcc "used uninitialized in this function" false positive. [98f47f89ce60] * mkpkg: Enable bsm audit on Mac OS X and Solaris >= 11. [8607488f986c] * plugins/sudoers/bsm_audit.c: Fix compilation on Solaris 11. [01aa46298ed7] * plugins/sudoers/bsm_audit.c: Add missing missing.h [080de69a55a1] * plugins/sudoers/sudoers.c: Move the -C (user_closefrom) check until after set_cmnd() so that closefrom_override can be used in a command-specific Defaults line. Fixes bug #610 from Mengtao Sun. [413565c6ff6b] 2013-08-14 Todd C. Miller <[email protected]> * src/exec.c: If not using a pty and the child process gets SIGTTOU or SIGTTIN and sudo is the foreground process, make the child the foreground process and continue it. [5ff433443bc4] * src/sudo.c: If sudo is not setuid and was not invoked with a full path, look in the user's PATH for the sudo binary to give a better error message. [a740129a38f0] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.h: Add limited support for "sudo -l -h other_host". Since group lookups are done on the local host, rules that use group membership may be incorrect if the group database is not synchronized between hosts. [2c8b222a5f7f] * src/parse_args.c: Fix parsing of "-h host" when used in conjunction with the -l flag. [62f3d726d52b] * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: Simplify usage messages a bit and make --help output more closely resemble GNU usage wrt long options. Sync usage and man page SYNOPSYS sections and improve long options in the manual pages. Now that we have long options we don't need to give the mnemonic for the single-character options in the description. [17b7e386955a] 2013-08-13 Todd C. Miller <[email protected]> * plugins/sudoers/logging.c: Fix setting of mailer argv[0] to basename of mailerpath. No need to strdup() mailerpath as it is not modified. [8843cdd958ee] * plugins/sudoers/logging.c: Make sure the mailer exists and is a regular file before trying to exec it. [b73d6214014f] * plugins/sudoers/timestamp.c: If tty_tickets are enabled but there is no tty, use a ticket file based on the parent pid. [75408bd61ced] * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c: Allow default plugin dir to be configured in sudo.conf. [478883594cc5] * doc/CONTRIBUTORS: UTF8 for Ruusamae, Elan; from Tae Wong [02e0c95b4fa6] 2013-08-12 Todd C. Miller <[email protected]> * MANIFEST, common/regress/sudo_conf/test5.in, common/regress/sudo_conf/test5.out.ok, common/regress/sudo_conf/test6.in, common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c: Don't allow max_groups to be set to zero, it just complicates things needlessly. Fixes an assertion in visudo when there is a group- based Defaults entry. [d62a8ea32db9] 2013-08-08 Todd C. Miller <[email protected]> * MANIFEST, common/Makefile.in, common/gidlist.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: Refactor code to parse list of gids into its own function that is shared by the sudo front-end and the sudoers module. Make uid/gid parse error be fatal, not just a warning. [da3b2b06605c] * common/atoid.c: Add function comment block. [09a324de716f] * common/atoid.c: Default text domain is now sudo, not sudoers. [1acb1da6f304] * common/Makefile.in: Update dependency for atoid.lo [5e367cd44288] * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: Add endpointer and separator args to atoid() [2077e4ed8578] 2013-08-07 Todd C. Miller <[email protected]> * compat/getgrouplist.c: Use private version of atoid() to avoid a dependency on libcommon.a (since that already depends on libreplace.a). [7c12d63b0560] * doc/CONTRIBUTORS: More UTF8 in names; from Tae Wong [512b263f51c8] * compat/getgrouplist.c, plugins/sudoers/iolog.c, plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: Use atoid() in more places. [06f4ae57c707] * MANIFEST, common/Makefile.in, common/atoid.c, plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c: Move atoid() to common so it can be used in src and compat too. [095d730701e4] * compat/closefrom.c: Avoid a crash on Mac OS X 10.8 (at least) when we close libdispatch's fds out from under it before executing the command. Switch to just setting the close on exec flag instead. [349ebf4987df] * doc/CONTRIBUTORS: Convert to last, first for easier sorting and use UTF8 (including a BOM). [8c30d221bd75] * plugins/sudoers/atoid.c: Add atoid() function to convert a string to an id_t (uid, gid or pid). We have to be careful to choose() either strtol() or strtoul() depending on whether the string appears to be signed or unsigned. Always using strtoul() is unsafe on 64-bit platforms since the uid might be represented as a negative number and (unsigned long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms. [5d818e399157] * MANIFEST, config.h.in, configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: Add atoid() function to convert a string to an id_t (uid, gid or pid). We have to be careful to choose() either strtol() or strtoul() depending on whether the string appears to be signed or unsigned. Always using strtoul() is unsafe on 64-bit platforms since the uid might be represented as a negative number and (unsigned long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms. [cd92246a710f] * plugins/sudoers/sudoers.c: Avoid "perm stack underflow" error when logging the unknown uid error. [871514c713b7] * plugins/sudoers/set_perms.c: In rewind_perms() there is nothing to do if perm_stack_depth == 0. [98de335f47f0] 2013-08-06 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in: Add pam_setcred sudoers option to allow the user to control whether pam_setcred() is called on the user's behalf. [4260a8e43073] * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: Add pam_service and pam_login_service sudoers settings to control the service name passed to pam_start. [5ea0e3588f3a] * mkpkg: Newer Xcode places the SDKs under Xcode.app [4b54379d5c45] 2013-08-03 Todd C. Miller <[email protected]> * MANIFEST, common/Makefile.in, common/zero_bytes.c, compat/Makefile.in, compat/memset_s.c, config.h.in, configure, configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, plugins/sudoers/logging.c, plugins/sudoers/sha2.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: Implement memset_s() and use it instead of zero_bytes(). A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the max conversation reply length. This constant can be used as a max value for memset_s() when clearing passwords filled in by the conversation function. [264ec146028e] 2013-08-01 Todd C. Miller <[email protected]> * plugins/group_file/Makefile.in, plugins/sample/Makefile.in, plugins/system_group/Makefile.in: Do not try to install plugins when shared modules are disabled (sudoers already had the check). [3d582c042042] * plugins/sudoers/Makefile.in: Update dependencies to take into account compat/getopt.h and compat/dlfcn.h. [301fb31cd121] * src/Makefile.in: Update dependencies now that sudo_usage.h is always included from the build dir. [c1ff70ec9515] 2013-07-31 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Add some warnings and debugging to sasl ccname handling. [467f415861f0] * plugins/sudoers/ldap.c: Fix write loop invariant in sudo_krb5_copy_cc_file() [6948cf6e9b9f] 2013-07-30 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Strip off leading FILE: or WRFILE: prefix before trying to copy the user's credential cache. [56c16feab62f] 2013-07-29 Todd C. Miller <[email protected]> * src/sudo.c: Instead of setting RLIMIT_NPROC to unlimited when sudo initializes, just save RLIMIT_NPROC in exec_setup() before the final setuid() and restore it immediately after. We don't need to modify RLIMIT_NPROC for simple euid changes, just for changing the real (and saved) uids before we exec. This also means we no longer need to worry about _SC_CHILD_MAX returning -1. Bug #565 [1372f1909039] 2013-07-28 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c, src/preload.c: Now that the ldap code runs with the real and effective uid set to 0, it is not possible for the gssapi libs to find the user's krb5 credential cache file. To work around this, we make a temporary copy of the user's credential cache specified by KRB5CCNAME (opened with the user's effective uid) and point gssapi to it. To set the credential cache file name, we dynamically look up gss_krb5_ccache_name() and use it if available, otherwise fall back to setting KRB5CCNAME. [8b86c134541a] 2013-07-19 Todd C. Miller <[email protected]> * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: Long option support for visudo and sudoreplay. [91427968be71] 2013-07-18 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in, src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: Add support for long options and fix inclusion of sudo_usage.h with modern gcc broken in 8597:1fcb7ba13018. [d13134819944] * src/Makefile.in: Add rule to rebuild sudo_usage.h when the .in file changes. [59a32899e251] * compat/Makefile.in, mkdep.pl, src/Makefile.in: Add make rules for building getopt_long.c [5f57593b3a8b] * src/parse_args.c: Make "-h hostname" work. Optional args in GNU getopt() only work when there is no space between the option flag and the argument. [b8258659cabb] 2013-07-17 Todd C. Miller <[email protected]> * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in, configure, configure.in, doc/LICENSE, src/parse_args.c: Use getopt_long() so we can make the -h flag take an optional argument. Includes a version for those without it. [d1dd66c8a86b] 2013-07-16 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Document that the -h option can be used specify a host name for future plugins. [8470c74cf326] * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in: Overload -h option to specify an optional hostname for remote access. This is future-proofing; no policy plugins currently support this. [0e01d8c3c623] * configure, configure.in: Bump version to 1.8.8 [a1155bfaa28f] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Document the remote_host setting (-h host) [c737db906f5d] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: fix "the the" [0025464a3942] * src/parse_args.c, src/sudo.c, src/sudo.h: Do not error out if arg to -U option cannot be resolved, that is for the plugin to decide. There is no need for runas_user and runas_group to be global, make them local to parse_args() instead. [fb02a62a72ba] * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po, src/po/pt_BR.mo, src/po/pt_BR.po: Sync with translationproject.org [e8f4772d918a] 2013-07-11 Todd C. Miller <[email protected]> * doc/TROUBLESHOOTING: Remove old bits about sudo setuid problems that should have been cleaned up in changeset 7917:fa4894896d8a. Also update the mode of sudo to 04755 to match current packaging. [1e3904cdc2de] * plugins/sudoers/auth/pam.c: Go back to ignoring the return value of pam_setcred() since with stacked PAM auth modules a failure from one module may override PAM_SUCCESS from another. If the first module in the stack fails, the others may be run (and succeed) but an error will be returned. This can cause a spurious warning on systems with non-local users (e.g. pam_ldap or pam_sss) where pam_unix is consulted first. [b6022e26135a] * src/net_ifs.c: Remove unused variable. [93dde7d82fde] * NEWS: Fix typo [5ef79671c2c7] 2013-07-09 Todd C. Miller <[email protected]> * plugins/sudoers/sssd.c: Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). From Dan Harnett. [4a0af6f12765] 2013-06-18 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Fix formatting typo; from Eric S. Raymond [058b533ba460] 2013-06-17 Todd C. Miller <[email protected]> * mkpkg: Use -gxcoff on aix so dbx can be used to debug sudo. [4950e019ed2d] 2013-06-12 Todd C. Miller <[email protected]> * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: Fix typo; bug 605 [41f7b46a6e51] 2013-06-04 Todd C. Miller <[email protected]> * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo, src/po/tr.mo: Regen .mo files that were out of date. [9e25a254f9db] 2013-05-30 Todd C. Miller <[email protected]> * NEWS, configure, configure.in: On Solaris 11 and higher, tag binaries for ASLR if supported by the linker. [a2a6cafa3e60] * mkpkg: No longer need to disable PIE on Solaris. [cf90019ae67e] 2013-05-28 Todd C. Miller <[email protected]> * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. OpenBSD also supports PIE but enables it by default so we don't need to do anything. This fixes problems on systems with a version of GNU ld that accepts -pie but where the run-time linker doesn't actually support PIE. Also verify that a trivial PIE binary works unless PIE is explicitly enabled. [3c5f125efeb1] 2013-05-24 Todd C. Miller <[email protected]> * aclocal.m4, configure, configure.in: Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld where we can end up crashing due to malloc() failures. Sems OK when Using Sun as and ld. [b8ba412102ab] * NEWS: Update with final changes. [78ff6d2ed47a] 2013-05-23 Todd C. Miller <[email protected]> * configure, configure.in: Add -fPIE to PIE_LDFLAGS as per gcc manual. [fe900cbb0780] 2013-05-22 Todd C. Miller <[email protected]> * common/Makefile.in, compat/Makefile.in: Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs [f84bc7482b78] * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/regress/visudo/test4.out.ok, plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: Replace sequence number-based cycle detection in visudo with a "used" flag in struct alias. The caller is required to call alias_put() when it is done with the alias. Inspired by a patch from Daniel Kopecek. [0bdbac1b3b39] 2013-05-20 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Eliminate a few relocations related to sudoers_io. [18e9e2cc3367] * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po: Sync with translationproject.org [f38cc128a2ad] 2013-05-18 Todd C. Miller <[email protected]> * src/ttyname.c: Clarify a comment. [7a045ee06e95] 2013-05-16 Todd C. Miller <[email protected]> * src/ttyname.c: Handle d_type == DT_UNKNOWN when resolving the device to a name and sprinkle some more debugging. [8774133747d9] 2013-05-03 Todd C. Miller <[email protected]> * doc/TROUBLESHOOTING: Add message about disabling PIE if sudo gets SIGSEGV. [c786af2a6751] * plugins/sudoers/check.h, plugins/sudoers/timestamp.c: No longer store the ctime of a devpts tty. The handling of ctime on devpts in Linux has been changed to conform to POSIX. As a result we can no longer assume that the ctime will stay unchanged throughout the life of the session. We store the session ID in the time stamp file so there is a much smaller chance of the time stamp file being reused by a new login. While here, store the uid/gid in the timestamp file too for good measure. [7028b21f7a9b] * configure, configure.in: PIE is broken on FreeBSD/arm [f232c60d6229] * mkpkg: Add explicit sendmail path for Linux since we may not have sendmail installed in the build chroot. [1ba2f84f4ff0] 2013-05-01 Todd C. Miller <[email protected]> * common/sudo_debug.c, plugins/sudoers/iolog.c, plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c: Quiet a few -Wunused-result compiler warnings. [ef12afb61423] 2013-04-30 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Mention what SHA-2 formats are supported. [bf298d0fdf8a] * doc/CONTRIBUTORS: List code and translations separately. [826547bc1295] 2013-04-29 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: Sync with translationproject.org [9499a6f438b8] * plugins/sudoers/po/sudoers.pot: regen [cce449e284a6] * Makefile.in: Fix c-format for fatal/fatalx [4ad81d3faaeb] 2013-04-26 Todd C. Miller <[email protected]> * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h: Change some error/errorx -> fatal/fatalx in comments and xgettext flags. [9d9b64fa2ec9] * NEWS: There is now a Turkish translation of sudoers. [701c5af6aa76] * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: Updated translations from translationproject.org including new Turkish translation. [9cedbb50d90f] 2013-04-25 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document that sudoers will re-use existing I/O log paths unless they are mktemp-style with trailing X's. [4f43bd13d9e7] * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: Allow ldap_conf and ldap_secret to be specified as plugin arguments in sudo.conf [37c6c425b565] * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: sudoers_debug is now deprecated in favor of the sudo debugging framework. [1195be1ec254] * plugins/sudoers/ldap.c: Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the debug file with the ldap subsystem. The sudoers_debug setting in ldap.conf is still honored for now but will be removed in a future release. [cfa42b4b913e] 2013-04-24 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers2ldif: Add support for converting sudoers files with SHA-2 command digests. [dc0d03485946] * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg, plugins/sudoers/sudoers2ldif: Add copyright notice to scripts [5e8bd4e6083f] * MANIFEST, plugins/sudoers/regress/sudoers/test14.in, plugins/sudoers/regress/sudoers/test14.out.ok, plugins/sudoers/regress/sudoers/test14.toke.ok: Add regress for SHA-2 digests. [0b258c2a2a95] * compat/getgrouplist.c: Solaris maps negative gids to GID_NOBODY. [57050e5c750f] * plugins/sudoers/visudo.c: Clear up an llvm checker warning which appears to be a false positive and fix an old XXX while I'm at it. [9ee13133e596] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: Correct last change date [3bc1fa5b0f76] * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c: No need to translate this error message. [4d9941970a26] * doc/UPGRADE: Mention .sl vs. .so extension handling on HP-UX Mention group membership changes Fix typos [40ac0efbdb2b] * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c, common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c, common/setgroups.c, common/term.c, common/ttysize.c, compat/Makefile.in, compat/dlopen.c, compat/endian.h, compat/getline.c, compat/getprogname.c, compat/isblank.c, compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c, compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utimes.c, doc/Makefile.in, include/Makefile.in, include/alloc.h, include/fileops.h, include/gettext.h, include/lbuf.h, include/missing.h, include/sudo_plugin.h, pathnames.h.in, plugins/group_file/Makefile.in, plugins/sample/Makefile.in, plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, plugins/sudoers/logging.h, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/prompt.c, plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, plugins/system_group/system_group.c, src/Makefile.in, src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c, src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c, src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c, src/utmp.c: Update copyright years. [5c6d72661bad] * plugins/sudoers/mon_systrace.h: Systrace support was removed long ago. [10a038a2da77] 2013-04-23 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok, plugins/sudoers/regress/sudoers/test9.toke.out.ok: Remove some files that were mistakenly added. [833502da26de] * common/sudo_debug.c, config.h.in, configure, configure.in, plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c: Use time(&now) instead of now = time(NULL) when storing the current time in a time_t (better compiler error checking). Better parsing and printing of 64-bit time_t on 32-bit platforms. [c227dc72c04e] 2013-04-21 Todd C. Miller <[email protected]> * src/ttyname.c: Don't check the tty of the parent process. Now that we get the controlling tty device number from the kernel there is no need. If the process has really disassociated from the tty then reporting "unknown" is appropriate. [62fb66e565db] 2013-04-20 Todd C. Miller <[email protected]> * common/error.c: Use EXIT_FAILURE instead of 1 as the fatal() exit value. [ed94c2c5e88a] * src/sesh.c: Change remaining errorx -> fatalx [3f6d70e19303] 2013-04-19 Todd C. Miller <[email protected]> * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an error if the entry already exists in the cache. [94d45970400a] * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot: Change "foo: failed" to just "foo" since we print the string form of errno. Gets rids of some useless translations. [476f37349dbc] 2013-04-18 Todd C. Miller <[email protected]> * plugins/sudoers/match.c: Fix pasto in debug_decl [08650186a239] * plugins/sudoers/Makefile.in: regen [acf4c34fba2c] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: Rename log_error() -> log_warning() for consistency with warning()/fatal() [474ed5a0e335] * plugins/sudoers/auth/API: The NO_EXIT flag was removed a while ago. [e0a4be270226] * common/aix.c, common/alloc.c, common/error.c, include/error.h, plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/policy.c, plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/utmp.c: Rename error/errorx -> fatal/fatalx and remove the exit value as it was always 1. [ea66f58c4da5] * NEWS: digests are supported in sudoers ldap too [77d6c25f7653] * plugins/sudoers/regress/check_symbols/check_symbols.c: Print test failures to stdout like the final count so the outputis not displayed out of order. [f541b78ecb93] * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po, src/po/it.po, src/po/tr.po: Sync with translationproject.org [cbd70678b99f] * Makefile.in: Check for any uncommitted changes in dist target and add force-dist target that omit check-dist. [78dc3f41e37e] 2013-04-17 Todd C. Miller <[email protected]> * src/regress/ttyname/check_ttyname.c: Fix logic bug when checking tty via ttyname(). [279aee076194] * compat/endian.h: Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX) [fe35e0b04502] * plugins/sudoers/po/sudoers.pot: regen [0ddebccd3045] * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document digest support. [d794c7b9a7bc] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/regress/parser/check_base64.c: Simple bas64 decode unit test. [344b0df0fe50] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c, plugins/sudoers/match.c, plugins/sudoers/parse.h: Move base64_decode into its own source file. [30497e7f88bc] * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Only check year against 2038 if time_t is 32-bit. [9c1f2e3fc3ba] 2013-04-16 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c, plugins/sudoers/parse.h, plugins/sudoers/sssd.c: Add digest support for sudoers in ldap and sss. [314937b5e59e] * INSTALL, configure, configure.in: Error out in configure if the compiler doesn't support "long long". [d3645c1d50d1] * plugins/sudoers/match.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Include stdint.h or inttypes.h before sha2.h [20ad1c20313d] * common/lbuf.c: Simplify lbuf append functions by moving the realloc code into lbuf_expand(). We now expand as needed each time bytes need to be written to the lbuf. Also handle a NULL pointer being passed in for paranoia's sake. [6283ee562ef4] * plugins/sudoers/iolog.c: Zero out struct iolog_details early to avoid a potential (though unlikely) dereference of stack garbage if we hit a fatal error before iolog_deserialize_info() is called. [2eeca8be05fb] 2013-04-15 Todd C. Miller <[email protected]> * sudo.pp: Update copyright year. [b843c6a43238] * plugins/sudoers/sudoers_version.h: Bump SUDOERS_GRAMMAR_VERSION for new digest support. [188556fb8156] * plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/match.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Sanity check digest in parser so visudo can catch errors. Add base64 support [b8586d5cc7ed] * MANIFEST, compat/endian.h, config.h.in, configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c: For big endian architectures just use memcpy() instead of BE macros in a loop. [c71a0f4a8a8e] 2013-04-14 Todd C. Miller <[email protected]> * MANIFEST, config.h.in, configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/parse.h, plugins/sudoers/regress/parser/check_digest.c, plugins/sudoers/regress/parser/check_digest.out.ok, plugins/sudoers/sha2.h, plugins/sudoers/sssd.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: Initial implementation of checksum support in sudoers. Currently supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format validation in parser and base64 support. checksum support for ldap sudoers [b8f196346eca] 2013-04-13 Todd C. Miller <[email protected]> * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h: SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai respectively. [7511d07c0a83] 2013-04-11 Todd C. Miller <[email protected]> * NEWS: Add sudo 1.8.6p8 [0666fd0321ae] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot: Add missing "not" in error message when mixing standalone and non- standalone authentication methods. [7eba4439db73] * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: Check for crypt() returning NULL. Traditionally, crypt() never returned NULL but newer versions of eglibc have a crypt() that does. Bug #598 [887b9df243df] * plugins/sudoers/auth/pam.c: Better PAM error messages [fd7eda53cdd7] * plugins/sudoers/auth/kerb5.c: Better error messages [98142874a2f4] * plugins/sudoers/bsm_audit.c: Use same error message for getauid() failure. [07f0d88cb1df] * plugins/sudoers/sssd.c: Start warning with a lower case letter for consistency and to match existing translated strings. [b719ac52c9e3] 2013-04-10 Todd C. Miller <[email protected]> * mkpkg: Disable PIE on Solaris where it is not really supported. [c36c84cdcc7a] * src/ttyname.c: AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit before we try to match it against st_rdev. [5dab449fb962] * src/ttyname.c: Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes a problem finding the tty name when it is not in /dev/pts. [6c205d087fa0] * compat/snprintf.c: Support %lld and %llu [feabfa06c954] * .hgignore, MANIFEST, src/Makefile.in, src/regress/ttyname/check_ttyname.c: Add ttyname test. [e987038f8c07] 2013-04-09 Todd C. Miller <[email protected]> * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po, src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: Sync with translationproject.org [4d7b73b22079] * plugins/sudoers/timestamp.c: Log timestampfile to debug file. [e997281146c0] * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot: Don't add the "Password: " string we look up in the PAM text domain to the sudoers.pot file. [771b52244abf] 2013-04-08 Todd C. Miller <[email protected]> * plugins/sudoers/po/sudoers.pot: Synce with regcomp() error message change. [fc6d3dfb8eb8] * plugins/sudoers/sudoreplay.c: Be consistent with error message when regcomp() fails. [de6c69ba04e4] 2013-04-05 Todd C. Miller <[email protected]> * plugins/sudoers/regress/testsudoers/test5.out.ok, plugins/sudoers/regress/testsudoers/test5.sh: Use group -1 instead of 1 as the invalid group since the running user might have group 1 as their default group. [71404a9fa75d] * plugins/sudoers/Makefile.in: PWD may be a shell builtin, use CWD instead. [c443105c5091] 2013-04-04 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: Split up check_user(). [ce7cc0767589] 2013-04-03 Todd C. Miller <[email protected]> * config.h.in, configure.in: Cosmetic fixes in the comments. [640abee43c14] 2013-04-02 Todd C. Miller <[email protected]> * configure, configure.in: Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status message for visibility checks when the test fails. [99665477ee55] * config.h.in: regen [00c22606719a] * configure, configure.in: We no longer use mbr_check_membership() and setrlimit64() is AIX- specific. [43caf685a1f1] * Makefile.in: The first (all) target must be by itself or some makes will choose the run the entire target list. [16cf3def49f5] * configure, configure.in: Do exec_prefix expansion when enable_shared even if noexec is not enabled. [7ed28cb32d8d] * compat/getgrouplist.c: Use free() not efree() since we don't include alloc.h here [1a008737be24] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [b939f941346f] * plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/testsudoers/test5.sh: Pass in expected gid to testsudoers in addition to the uid that matches the test sudoers files. [6a1710e8cac1] 2013-04-01 Todd C. Miller <[email protected]> * include/missing.h: Tru64 5.x does declare innetgr() and getdomainname(). [c75598e69c7e] * plugins/sudoers/match.c: Fix compilation when getdomainame() is not present. [e831b017a962] * config.h.in, configure.in, include/missing.h: Move SET/CLR/ISSET from config.h.in to missing.h [3a3dd29fd7f0] * configure, configure.in: Fix getgrouplist() check. [12a2adf60e98] * MANIFEST: No more timestamp.h [5677e26afc0f] * plugins/sudoers/check.c: Neded sys/time.h for struct timeval in struct sudo_tty_info. [aceaadd8c400] * plugins/sudoers/Makefile.in: regen depends [21675a8b67e5] * NEWS: Mention libibmldap on HP-UX [75b4e4b22950] * NEWS, plugins/sudoers/match.c: Instead of checking the domain name explicitly for "(none)", just check for illegal characters. [ce35dda811db] * plugins/sudoers/visudo.c: Only warn once when we are unable to open the sudoers file. [9e27e3aa5b10] * plugins/sudoers/sudoers.c: Fall back to opening /dev/tty to determine whether there is a tty if the system doesn't have kernel support for determing the tty. [2775bcf9a9b5] * compat/getprogname.c: Update guard to take __progname into account [60eae3f20232] * compat/snprintf.c: Some older systems have inttypes.h but not stdint.h [ed1ef160015f] * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c, compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c, compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utimes.c: Add guards in compat source files. Not really needed since we only include them in the Makefile if they are needed but should not hurt either. [8cbd3b4595b9] 2013-03-31 Todd C. Miller <[email protected]> * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Don't include gram.h in gram.y, its contents are already included. Move sudoerserror to the end of gram.y so COMMENT is declared when we need to use it. [7d72ebdd7222] 2013-03-29 Todd C. Miller <[email protected]> * config.h.in, configure.in: Remove some pre-ANSI cruft. [6a95704b2116] * plugins/sudoers/match.c: Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h when it is set. [da40c550ffed] * NEWS, plugins/sudoers/iolog_path.c: We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but just leave it as-is. [9a22de140d28] 2013-03-28 Todd C. Miller <[email protected]> * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Add missing semicolon in rule. [817d3f1b2a21] * plugins/sudoers/sudoers.c: Now that we can determine the terminal even when file descriptors are redirected we can check user_ttypath rather than opening /dev/tty when enforcing requiretty. [56a28bc09041] * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Stash umask in struct sudo_user so we don't need to look it up later. [9f85749199dc] * plugins/sudoers/sudoers.c: Minor cosmetic change [c373e106ed49] * plugins/sudoers/regress/parser/check_addr.c: No longer need to declare interfaces [d7ff7e579557] * plugins/sudoers/logging.c: Fix compilation in SUDOERS_NO_SEQ case [9a6db9247534] * plugins/sudoers/regress/parser/check_addr.c: No longer need to define sudo_printf [578ad13c3546] * plugins/sudoers/check.c, plugins/sudoers/check.h, plugins/sudoers/timestamp.c: Pass auth_pw to the timestamp functions. [f603649177d6] * plugins/sudoers/iolog_path.c: Fix SUDOERS_NO_SEQ [17881f9bcd68] * plugins/sudoers/locale.c: Don't need all of sudoers.h in here [c518150c6483] * plugins/sudoers/sudoers.c: Don't need to include sudoers_version.h here. [8abb31102119] 2013-03-27 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: DEFAULT_LECTURE is no longer used. [f565c00a68c1] * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: Move sudo_conv into policy.c [f699aee7136b] * plugins/sudoers/pwutil.c: cosmetic fixes [930e60389ca8] * plugins/sudoers/match.c: RHEL (and perhaps other Linux distros) use the string "(none)" instead of an empty string when there is no actual NIS-style domain name. Bug #596 [11aec11489ac] * plugins/sudoers/match.c: Fix return values when NAME_MATCH is defined. [ce030be9ccef] 2013-03-26 Todd C. Miller <[email protected]> * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h: Update copyright year. [7e4b8d49addd] * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: Add sudo_set_grlist(), currently unused by the back end. [b37ac1d0e8fc] * plugins/sudoers/pwutil.c: Remove unused macros, fix a debug_decl [6136fb4a0d3b] * include/missing.h: Tru64 Unix doesn't prototype innetgr() or getdomainname(). [585ac1874dfe] * include/missing.h: Whitespace fixes [0bb28cd91d97] * common/error.c: Don't need to include setjmp.h here, error.h already includes it. [fd05ab00e186] 2013-03-25 Todd C. Miller <[email protected]> * compat/Makefile.in, plugins/sudoers/Makefile.in: regen depends [57991f5e16b4] * plugins/sudoers/check.h: Rename guard define. [ccf4dba241d6] * plugins/sudoers/check.c, plugins/sudoers/check.h, plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: Move contents of timestamp.h into check.h. [c139757a9283] * plugins/sudoers/sudoers.h: expand_prompt() is now in prompt.c sudo_printf extern is now in error.h [219bd74ca62b] * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h, plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h, plugins/sudoers/toke.h: Change multiple inclusion guards to be _SUDOERS_FOO_H [faace6d55e78] 2013-03-23 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po: New Dutch translation for sudo and sudoers New Turkish translation for sudo From translationproject.org [bc918b7b23a4] 2013-03-21 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in: Fix a typo in a comment and make sure we don't mistakenly include _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in [694d12ac70ec] 2013-03-19 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: Don't build check_symbols if we are linking sudoers in statically. [f6602723bab7] * configure, configure.in: Use $host_os not $host when we only care about the os name and version. [05e4f4fcba06] * aclocal.m4, configure, configure.in: Suppress duplicate -L and -I flags. [228f2f581aed] * common/Makefile.in, compat/regress/fnmatch/fnm_test.c: Fix regress tests on non-OpenBSD platforms. [9d91bc859c50] * configure, configure.in: If we find sasl/sasl.h there's no need to check for sasl.h too [889efaa86012] * aclocal.m4, configure, configure.in: Add -R flags at the very end after configure link tests are done since we can only count on libtool to accept -R, the compiler front end may not. Also unify the libldap and libibmldap tests using AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by libibmldap (but is not an explicit dependency). [ab1451894351] 2013-03-18 Todd C. Miller <[email protected]> * configure, configure.in: Back out changes that broke detection of skey, opie and ldap libraries. [ffa82b8f8641] * plugins/sudoers/regress/testsudoers/test1.sh, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/testsudoers/test4.sh, plugins/sudoers/regress/testsudoers/test5.sh, plugins/sudoers/regress/visudo/test1.sh, plugins/sudoers/regress/visudo/test2.sh, plugins/sudoers/regress/visudo/test3.sh: Add explicit "exit 0" to prevent the check target from ending prematurely. [cca411b492bd] * plugins/sudoers/Makefile.in: Fix exit values in check target so we don't have to ignore errors. [cbc429c409e9] * plugins/sudoers/Makefile.in: Fail a test if there is unexpected stderr output. [4fc24d536bec] * MANIFEST: Fix path to sudo.conf manuals; remove non-existant test2.err.ok [6b8bcd60dd85] * src/load_plugins.c: Fix compilation in dynamic mode. [679856fa0774] * configure, configure.in: On HP-UX, libibmldap has a hidden dependency on libCsup [22994709d77c] * compat/dlopen.c: Pass BIND_VERBOSE to shl_load() [0060b9cfa9ab] * configure, configure.in: Only create static helper libs when --disable-shared is specified. [1fcdb1a437e0] * src/load_plugins.c: Ubreak static build. [4ac9f96be285] * INSTALL, aclocal.m4, configure, configure.in: Replace --with-rpath and --with-blibpath with --disable-rpath. Now that we use libtool for linking we can just use the -R flag and have libtool translate it to the proper linker flag. [09798fad6888] 2013-03-15 Todd C. Miller <[email protected]> * src/exec_pty.c: Bump I/O buffer size 32K [4ef793225309] 2013-03-14 Todd C. Miller <[email protected]> * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: Document sesh Path setting. [34b0b903b4f8] * src/exec.c, src/exec_common.c: Move exec_cmnd to exec.c to fix a compilation issue with sesh.c [06aa1956f38d] * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h, src/selinux.c: Make sesh path configurable in sudo.conf [91d331f273b7] * configure, configure.in: Use -fno-pie and -nopie if supported when --disable-pie is specified. [777138c04dcc] 2013-03-13 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Document direct execution of the command if the policy plugin has no close function. [6a14145c6e80] 2013-03-07 Todd C. Miller <[email protected]> * plugins/sudoers/auth/pam.c: Only delete creds if we actually established them. Print an error if pam_setcred() fails and we actually authenticated. [1e015314903b] * common/Makefile.in, plugins/group_file/Makefile.in: regen [dd8cee2a5e1b] * common/alloc.c, include/alloc.h: Convert efree() to a macro that just casts to void * and does free(). If the system free() can't handle free(NULL) this may crash but C89 was a long time ago. [efd0ff9270fb] * configure, configure.in: Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. Fixes a problem with errno sometimes not being set on error on HP- UX. [54b419d58320] * common/sudo_debug.c: Fix debug logging from the plugin when there is no error number. This was broken in the big debugging reorg for 1.8.7. [2ea7e145e928] 2013-03-06 Todd C. Miller <[email protected]> * configure, configure.in, plugins/group_file/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/load_plugins.c: Always install plugins with a .so extension regardless of what extension the system uses for shared libraries. That way the group_plugin sudoers setting can be shared between heterogenous systems. [a7e6ecff6fdf] * plugins/sudoers/match.c: Mac OS X has netgroup functions in netdb.h. [243881a974aa] * plugins/sudoers/parse.h: Tags in struct cmndtag can be set to IMPLIED as well. [cb6926988cc8] * plugins/sudoers/parse.c: Quiet a compiler warning. [14e608c2001d] * plugins/sudoers/testsudoers.c: Quiet an llvm checker warning. [2eeb9f3d08f3] * plugins/sudoers/parse.c: Quiet gcc -Wuninitialized false positive [643ad987503d] 2013-03-05 Todd C. Miller <[email protected]> * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document group_file and system_group plugins. [b56511e79230] * NEWS: Sudo 1.8.7 [e95183b8fa27] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Try to clarify that sudoedit in sudoers should not include a leading pathname. [7b2beac92a9c] * plugins/sudoers/pwutil_impl.c: Make sure groupname_len is at least 32 just to be on the safe side. It is better to allocate a little extra and not need it than to have to reallocate and start over. [6d3e1ba47de9] * include/alloc.h, include/missing.h: Add __malloc_like macro to apply __malloc__ attribute to emalloc, ecalloc and estrdup. It cannot be applied to realloc since that may return the same pointer. [8d70cb81d1f1] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix potential double free in an error path. [657573feb6a4] * src/exec_pty.c: When running the command in a pty, defer the call to exec_setup() until just before we exec the command. This is consistent with the non-pty path. As a side effect, the monitor process runs as root and not the runas user. [e2a7f8c7ee4c] 2013-03-02 Todd C. Miller <[email protected]> * compat/closefrom.c: Update copyright year. [9b652af4dfc0] 2013-03-01 Todd C. Miller <[email protected]> * compat/closefrom.c: Use pst_highestfd from pstat_getproc() on HP-UX. [09f3fea46a3d] 2013-02-28 Todd C. Miller <[email protected]> * Makefile.in, common/Makefile.in, doc/Makefile.in, plugins/sudoers/Makefile.in: Clean up generated test files and other minor housekeeping. [f5f4fdd908e1] * plugins/sudoers/iolog.c: Add back gettimeofday() call inadvertantly removed in e1abb9810a83 [675cce8401ae] * config.h.in, configure, configure.in, src/ttyname.c: Use pstat() on HP-UX to determine the tty device. [2884af22a9df] * plugins/sudoers/auth/pam.c: Fix PAM compilation: def_pam_session, not just pam_session. [5417d7acc6ea] * doc/fixmdoc.sh: Don't remove the -S option description when trimming out selinux. Bug #592 [8a94f2cfa0a0] 2013-02-25 Todd C. Miller <[email protected]> * NEWS: Update for Sudo 1.8.6p7 [0858a73e9c40] 2013-02-24 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Document when sudo may exec the command directly instead of forking. [da41951edc28] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Document that close and version be NULL for plugin API >= 1.3 and that sudo may execute the command directly if there is no close, or pty or timeout needed. [e5f929ddeaf8] * plugins/sudoers/auth/sudo_auth.c: Fix debug_decl for sudo_auth_begin_session and sudo_auth_end_session. [58243392c0df] * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: Add pam_session sudoers option. [d994465db9f1] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: Dummy out close function if there is no end_session for the auth method and the front-end can handle a NULL close function. Avoids the extra sudo process when we don't actually need it. [74886d5b0fb6] 2013-02-23 Todd C. Miller <[email protected]> * Makefile.in, aclocal.m4: Add m4/ to paths m4_include parameters so we don't need to use autoconf's -I flag. [4fd86e7a84f3] * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h, src/sudo_plugin_int.h: If the policy plugin does not provide a close function, there is no command timeout and no pty is required, skip the event loop and just exec the command directly. [ad532f107170] * src/sudo.c: Do not crash if the plugin close and version functions are not defined. If there is no policy close function, simply print a warning that the command was not found. [c789a9dd54e8] 2013-02-21 Todd C. Miller <[email protected]> * plugins/sudoers/parse.c: Fix typos in selinux/solaris privs specific code. [9af3999361b4] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, src/parse_args.c: Pass the default plugin directory to the plugin via the settings list. Could be used by a stacking plugin. [688e771fc145] * plugins/sudoers/timestamp.c: Completely ignore time stamp file if it is set to the epoch, regardless of what gettimeofday() returns. [df58842af660] * doc/CONTRIBUTORS: Add Nikolai Kondrashov [df59791438f9] * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: Use userpw_matches() for username matching so #uid works for sudoRunAsUser. [a124062334df] * plugins/sudoers/sssd.c: Avoid calling realloc3() with a zero size parameter when all retrieved sssd rules fail. Otherwise we'll get a run-time error due to malloc(0) checking. [84dfcb73ebd7] * plugins/sudoers/sssd.c: Do not send error mail if a user is not found in SSSD. Local users can run sudo too. From Nikolai Kondrashov [3d2ae99ee468] 2013-02-20 Todd C. Miller <[email protected]> * MANIFEST, common/regress/sudo_conf/test4.in, common/regress/sudo_conf/test4.out.ok: Test setting disable_coredump to illegal value. [3c71c6c49027] * common/sudo_conf.c: Fix atobool() usage. [d40c9f4d06b0] * common/regress/sudo_conf/conf_test.c: Remove unused variable. [328b524b365b] * plugins/sudoers/sudoers.c: Make "sudo -l non_existent_command" warn that non_existent_command doesn't exist, not the "list" pseudo-command. [9dc0388fc4f3] * plugins/sudoers/parse.c: Make sudoers file long list output better match the format used by ldap sudoers. Tags are now converted to options and there is a single command per line. [6e6dc3f20d84] * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Use the correct the sudoers policy symbol names and undo an editor goof committed when adding max_groups to sudo.conf. [2a6f7ddf5cc3] * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: For "sudo -l" start a new line if the runas list changes to make the output easier to read. [7dc3d724c924] 2013-02-19 Todd C. Miller <[email protected]> * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: For "sudo -l" and "sudo -ll" only print the runas info for subsequent commands in a list if the runas info has changed. If we have new runas info, print out the tags again so as to be less confusing to the user. For "sudo -ll" set the line continuation indent to 8. [b5ec02fe7fc1] 2013-02-18 Todd C. Miller <[email protected]> * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, plugins/group_file/group_file.c, plugins/group_file/group_file.exp, plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sample_group/sample_group.c, plugins/sample_group/sample_group.exp: Rename sample_group plugin to group_file. Install group_file and system_group plugins by default. [951b3e446fae] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add maxseq sudoers option to limit the max number of I/O log files. [e1abb9810a83] 2013-02-16 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Log lines and columns in the iolog file. [03adb6230e05] 2013-02-15 Todd C. Miller <[email protected]> * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c, common/regress/sudo_conf/test1.in, common/regress/sudo_conf/test1.out.ok, common/regress/sudo_conf/test2.in, common/regress/sudo_conf/test2.out.ok, common/regress/sudo_conf/test3.in, common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c, include/sudo_conf.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: Add simple regress tests for sudo.conf parsing. [3c36b61bf61c] * src/sudo.c: Always display the I/O plugin version as long as its open functions doesn't return an error. Previously it was only displayed if the plugin open returned 1. [4b0277db3f8c] * plugins/sudoers/pwutil_impl.c: Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead of poking around in struct utmpx. [2c0cc5c42958] * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c: #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the build directory and not the src dir when using a separate build directory. [1fcb7ba13018] 2013-02-14 Todd C. Miller <[email protected]> * common/fileops.c: If a line was longer that 0x80000000 the bit hack to round to the next power of two would roll over to zero. [f4f729cf6f0f] * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h, src/sudo.c: Use max_groups in front-end and plugin. [bf1e74166831] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, src/parse_args.c: Pass max_groups to plugin in settings list. [d7d76e8651f4] * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h: Add max_groups setting to sudo.conf (currently unused) and remove unused return value from setters. [f6494f71e1f0] 2013-02-12 Todd C. Miller <[email protected]> * INSTALL: Reorganize configure options [23475de8039f] 2013-02-11 Todd C. Miller <[email protected]> * NEWS: Add Sudo 1.8.6p7 [5192fc511cbe] 2013-02-10 Todd C. Miller <[email protected]> * INSTALL.configure: Sync with autoconf 2.68 [985e5c8efa4e] * INSTALL, README: Remove obsolete OS notes and move build requirements to INSTALL. [bf0dd53ca164] 2013-02-08 Todd C. Miller <[email protected]> * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Sort elements of the settings, user_info and command_info lists. [663062ada5b7] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Remove trailing white space [027916a6c8e7] * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: Store the session ID in the tty ticket file too. A tty may only be in one session at a time so if the session ID doesn't match we ignore the ticket. [4eb2cb8df48b] 2013-02-07 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c, src/sudo.c: Move tzset() call from sudoers plugin to sudo front end. [3c058dad8772] * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: Mention line continuation [399873f8c805] * MANIFEST, common/Makefile.in, common/fileops.c, common/regress/sudo_parseln/parseln_test.c, common/regress/sudo_parseln/test1.in, common/regress/sudo_parseln/test1.out.ok, common/regress/sudo_parseln/test2.in, common/regress/sudo_parseln/test2.out.ok, common/regress/sudo_parseln/test3.in, common/regress/sudo_parseln/test3.out.ok, common/regress/sudo_parseln/test4.in, common/regress/sudo_parseln/test4.out.ok, common/regress/sudo_parseln/test5.in, common/regress/sudo_parseln/test5.out.ok, common/regress/sudo_parseln/test6.in, common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c, include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c, plugins/sudoers/sudo_nss.c: Add line continuation support to sudo_parseln() and make it use getline() instead of fgets() internally. [d02bf3973fc5] 2013-02-06 Todd C. Miller <[email protected]> * plugins/sample/sample_plugin.c: Fix memory leak in error path; found by llvm checker [d090c26a5b00] * plugins/sudoers/sudoreplay.c: Remove useless store detected by llvm checker. [12a4db91651a] * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in, src/load_plugins.c, sudo.pp: Sudo now stores its libexec files in a "sudo" subdirectory instead of in libexec itself. For backwards compatibility, if the plugin is not found in the default plugin directory, sudo will check the parent directory default directory ends in "/sudo". [5de67de76489] * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c, plugins/system_group/system_group.c: Add missing __dso_public to plugin structs so they are exported. [dde703577621] * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: Mention that sudoers has its own plugins too. [0a6c6203b512] 2013-02-05 Todd C. Miller <[email protected]> * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: Correct last change date. [45894291d792] * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Remove duplicated sudo.conf info in the sudo, sudoers and sudo_plugin manuals and cross-reference the new sudo.conf manual. [b808ba29cf3a] * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: Fix typos [0e70964150c6] * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: Fix some typos. [94ae045cfbc6] * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: Add standalone sudo.conf manual page. [d64d949b700c] * doc/sample.sudo.conf: add group_source example [118c1ba1c014] * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. [f5bd6006dc1c] * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo, src/po/it.po: Sync with translationproject.org [a6f2b9aac371] 2013-02-03 Todd C. Miller <[email protected]> * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo, src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo, src/po/vi.po: Sync with translationproject.org [ba546666969d] 2013-02-01 Todd C. Miller <[email protected]> * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po, src/po/es.po, src/po/gl.po: Sync with translationproject.org [cdc454e34c03] 2013-01-31 Todd C. Miller <[email protected]> * NEWS: Clarify ttyname changes. [cbf2f80fe582] * NEWS: Add 1.8.6p6 [3aa591e98b3b] * src/ttyname.c: Remove ttyname() fall back code on systems where we can query the kernel for the tty device via /proc or sysctl(). If there is no controlling tty, it is better to just treat the tty as unknown rather than to blindly use what is hooked up to std{in,out,err}. [b2bd3005d2e4] 2013-01-27 Todd C. Miller <[email protected]> * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: Add group_source setting in sudo.conf to allow the admin to specify how a user's groups are looked up. Legal values are static (just the kernel list from getgroups), dynamic (whatever the group database includes) and adaptive (only use group db if kernel group list is full). [87a5b02e22ad] * plugins/sudoers/policy.c: Pass back exec_background to front end if it is enabled in sudoers. [8230e1cd0bbd] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Mention that exec_background is for 1.8.7 and higher only. [fdf0d5a3e182] 2013-01-24 Todd C. Miller <[email protected]> * MANIFEST: Add missing test files. [1165389aa5e6] * plugins/sudoers/regress/visudo/test3.err.ok, plugins/sudoers/regress/visudo/test3.out.ok, plugins/sudoers/regress/visudo/test3.sh: Add regress test for bug 361 [54c7fb61b82d] * plugins/sudoers/iolog.c: Add __dso_public to extern declaration of declaration to match actual definition. [4695ded501e6] * NEWS: Add 1.8.6p5 [b07b28c5c4d7] 2013-01-23 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok, plugins/sudoers/regress/visudo/test2.out.ok, plugins/sudoers/regress/visudo/test2.sh: Add test for visudo cycle check core dump; test case from Daniel Kopecek [41074541147a] * plugins/sudoers/visudo.c: Fix potential stack overflow due to infinite recursion in alias cycle detection. From Daniel Kopecek. [d7e018a87434] * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c: Ignore duplicate entries in sudo.conf and report the line number when there is an error. Warn, don't abort if there is more than one policy plugin. [dfcb5a698f0a] * plugins/sudoers/tsgetgrpw.c: Use strtoul() not atoi(). [58a52cf9b6b8] 2013-01-22 Todd C. Miller <[email protected]> * compat/Makefile.in: regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo [9b44e9d26d16] * compat/nss_dbdefs.h: Fix typo that breaks the build on HP-UX. [b9ab6ba23485] * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, configure, configure.in: Use nss_search() to implement getgrouplist() where available. Tested on Solaris and HP-UX. We need to include a compatibility header for HP-UX which uses the Solaris nsswitch implementation but doesn't ship nss_dbdefs.h. [d29dbc4dc06d] 2013-01-19 Todd C. Miller <[email protected]> * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h: Remove extra flag to sudo_sigaction(). We want to trap the signal regardless of whether or not it is ignored by the underlying command since there's no way to know what signal handlers the command will install. Now we just use sudo_sigaction() to set a flag in saved_signals[] to indicate whether a signal needs to be restored before exec. [c042d52c7192] 2013-01-18 Todd C. Miller <[email protected]> * compat/getgrouplist.c, config.h.in, configure, configure.in: Use _getgroupsbymember() on Solaris to get the groups list. Fixes performance problems with the getgroupslist() compat on Solaris systems with network-based group databases. [287d3ae2ce8d] 2013-01-17 Todd C. Miller <[email protected]> * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Document signal handler behavior in plugin API 1.3 [20dc9d1c105f] * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h: Move signal code into its own source file and add sudo_sigaction() wrapper that has an extra flag to check the saved_signals list to only install the handler if the signal is not already ignored. Bump plugin API version for the new front-end signal behavior. [5d2f27a1b404] * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute the command. If we get SIGINT or SIGQUIT, call the plugin close() functions as if the command was interrupted. If we get SIGTSTP, uninstall the handler and deliver SIGTSTP to ourselves. [332baf3a81b7] * src/exec.c, src/exec_pty.c: Rename handle_signals() to dispatch_signals(). Block other signals in handler() so we don't have to worry about the write() being interrupted. [666e95c9a0f1] 2013-01-16 Todd C. Miller <[email protected]> * src/tgetpass.c: Rename signal handler to avoid name clash with one in exec.c [8913101a29b6] 2013-01-13 Todd C. Miller <[email protected]> * src/sudo.c: Add missing call to save_signals(). [47d075d7326b] 2013-01-11 Todd C. Miller <[email protected]> * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Fill in the comment block at the top of the .pot files and preserve it when regenerating them. [6449497b76db] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: Add exec_background option in plugin command info and a sudoers option to match. When set, commands are started in the background and automatically foregrounded as needed. There are issues with some ill-mannered programs (like Linux su) so this is not the default. [c0b32b0938f2] * common/Makefile.in: regen [2b2b220e7aea] * src/Makefile.in: Add SESH_OBJS variable for sesh object files. [d3e04ae8fd1f] * configure.in, doc/LICENSE, plugins/sudoers/redblack.c: Update copyright year. [61a0f0cedb13] * src/exec_pty.c: Always resume the command in the foreground if sudo itself is the foreground process. This helps work around poorly behaved programs that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At worst, sudo will go into the background but upon resume the command will be runnable. Otherwise, we can get into a situation where the command will immediately suspend itself. [c368ac3eb2e4] * configure, configure.in: Use -fstack-protector-all in preference to -fstack-protector where supported. [f930c95ceb51] 2013-01-10 Todd C. Miller <[email protected]> * configure, configure.in: Only test for -fstack-protector and -fvisibility=hidden on GNU compatible compilers. [796f4696d863] 2013-01-03 Todd C. Miller <[email protected]> * NEWS: Add Sudo 1.8.6p4 [8a928de8e717] * common/Makefile.in, compat/Makefile.in, configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in: Break out stack smashing protector options into SSP_CFLAGS and SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). [01be114fc9fb] 2013-01-01 Todd C. Miller <[email protected]> * doc/CONTRIBUTORS, plugins/sudoers/redblack.c: In rbrepair(), make sure we never try to change the color of the sentinel node, which is the first entry, not the root. From Michael King [3fc4dc4004ec] 2012-12-28 Todd C. Miller <[email protected]> * src/exec_pty.c: No need to restore default signal handler for SIGSTOP as it is not catchable. Attempting to do so is harmless but sigaction() will fail and set errno to EINVAL which makes it looks like there is an error. [be7c0b759e9a] * src/exec.c: Print SIGCONT_FG and SIGCONT_BG properly in debug output. [93e59e301c8f] 2012-12-27 Todd C. Miller <[email protected]> * configure, configure.in: Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. [9ed48f696595] 2012-12-20 Todd C. Miller <[email protected]> * include/missing.h: Add howmany() macro since some systems have this in sys/param.h which we no longer include. [2c5efaa16c45] 2012-12-07 Todd C. Miller <[email protected]> * plugins/sudoers/regress/sudoers/test11.toke.out.ok: Remove errant file. [a91699beffc6] 2012-12-04 Todd C. Miller <[email protected]> * plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c: Remove obsolete sudoers_cleanup() stubs. [89153025a2ae] * common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/secure_path.c, common/sudo_conf.c, common/sudo_debug.c, common/term.c, compat/closefrom.c, compat/getcwd.c, compat/glob.c, compat/snprintf.c, include/missing.h, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, plugins/sudoers/policy.c, plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, plugins/system_group/system_group.c, src/conversation.c, src/exec.c, src/exec_common.c, src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: Don't include <sys/param.h>. We only needed it for MAXPATHLEN, MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and HOST_NAME_MAX throughout without falling back on MAXPATHLEN or MAXHOSTNAMELEN and define our own MIN/MAX macros as needed. [f4807d46f504] * include/missing.h, plugins/sudoers/match.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c: Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN (sys/param.h or netdb.h). [2544f5e306dd] 2012-11-30 Todd C. Miller <[email protected]> * plugins/sudoers/logging.c: Move debug_decl() in log_failure() to be after the variable declarations for C89. [f48d2035ab44] 2012-11-29 Todd C. Miller <[email protected]> * common/error.c, include/error.h, plugins/sudoers/iolog.c, plugins/sudoers/logging.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Cannot wrap sigsetjmp() or we end up returning to the wrong place. Use a macro instead. [749ee6acdad8] 2012-11-28 Todd C. Miller <[email protected]> * plugins/sudoers/policy.c: Fix return in sudoers_policy_open that should be debug_return. [a78b795b6846] 2012-11-27 Todd C. Miller <[email protected]> * src/ttyname.c: Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case too. [acfa891c229e] * src/solaris.c: Quiet a gcc warning and add comment about needing to keep the handle open. [f954f228960f] 2012-11-26 Todd C. Miller <[email protected]> * INSTALL: mention --disable-shared [6954d39e2d0f] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Add missing command_info argument in I/O plugin open() prototype. Bug #579 [72beb07aba0e] 2012-11-25 Todd C. Miller <[email protected]> * plugins/sudoers/gram.c: Regen for proper line numbers. [6cf6e132e764] * configure, configure.in: Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. [d604dc8ca38a] * common/sudo_printf.c: Include missing.h for __printflike. [a33640600faf] * plugins/sudoers/iolog.c: Saner loop invariant in io_mkdirs (cosmetic only). [dc30274afe38] * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c, configure, configure.in, include/error.h, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c, src/sesh.c: Move warn/error into common and make static builds work. [4d3f374f4e4c] * MANIFEST, common/Makefile.in, common/sudo_debug.c, common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/Makefile.in, src/conversation.c, src/sesh.c: Move _sudo_printf from src/conversation.c to common/sudo_printf.c. Add sudo_printf function pointer that is initialized to _sudo_printf() instead of requiring a sudo_conv function pointer everywhere. The plugin will reset sudo_printf to point to the version passed in via the plugin open function. Now plugin_error.c can just call sudo_printf in all cases. The sudoers binaries no longer need their own version of sudo_printf. [9b09d3f63790] * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't need error_jmp to be extern. Also add plugin_clearjmp() that clears a flag so error()/errorx() knows when to call exit() vs. longjmp(). [5a4617148e70] * plugins/sudoers/set_perms.c: Let warning() call gettext() for us. [ab8d502ba4ac] * include/error.h, plugins/sudoers/plugin_error.c, src/error.c: Do locale swapping in the warning()/error() macros themselves instead of in the underlying functions. [4cd205540e17] * common/alloc.c, common/list.c, include/error.h, plugins/sudoers/env.c, plugins/sudoers/plugin_error.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, src/hooks.c: Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). [48346393634d] * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c, src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: Call gettext() on parameters for warning()/warningx() instead of having warning() do it for us. [c71088bc9d3e] * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: Call gettext() in sudoerserror() in the user's locale and pass the untranslated string to it. [cdbfc231b848] * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Allow sudoers programs (visudo, sudoreplay, visudo) to use plugin_error.c instead of the error.c from the front-end. This means sudoers_setlocale() needs to be independent of the sudo_user struct and the defaults table. The sudoers locale is now updated via a callback. [e356f5f8cd6a] * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers warning/error functions work when sudo_conv is NULL [7365ee24a779] * src/error.c: No need to change locale in front-end warning()/error(). [23dc1df7f93b] * plugins/sudoers/tsgetgrpw.c: Ignore bad lines in passwd/group file instead if stopping processing when we hit one. [79b790559075] * plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/testsudoers/test5.sh: Bash doesn't let you set UID to use MYUID instead. [5be56335f059] * plugins/sudoers/visudo.c: Avoid NULL deref for unknown Defaults in strict mode. [545c21c1e7d6] * common/sudo_conf.c, common/sudo_debug.c: See DEFAULT_TEXT_DOMAIN [3d723e1d27db] 2012-11-13 Todd C. Miller <[email protected]> * .hgignore: Add signame.c and mksigname. [d59bbf423f00] * plugins/sudoers/Makefile.in: Fold preinstall into install-plugin and pass the path to the plugin binary to the preinstall command. [2c2205af8bb7] * pp: sync with upstream [a4b7336b3256] * src/sudo.h: repair spacing [f5c1255ce514] 2012-11-12 Todd C. Miller <[email protected]> * common/sudo_debug.c: Set group on sudo_debug when creating it to gid 0 so systems without BSD group semantics don't get the invoking user's group. [7dda01196554] * plugins/sudoers/iolog.c: Rename mkdir_parents() io_mkdirs() and add a flag to specify whether path is a temporary, in which case the final component is created via mkdtemp() instead of mkdir(). [79c0c4e7ed58] * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h: For PERM_ROOT set egid to 0 so log files are not created with the gid of the user. [5b964ea43474] * plugins/sudoers/logging.c: Add calls to set_perms(PERM_ROOT) becore logging to a file. We should already be root but since we cache the current permission status it is basically free. That way, if more of sudoers runs as non-root in the future logging will still work correctly. [c591d4973f41] * common/sudo_conf.c, config.h.in, configure, configure.in, include/gettext.h, plugins/sudoers/locale.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/error.c, src/exec.c, src/sesh.c, src/sudo.c: #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. [41f6bb4926f4] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: Mention that sudo.conf is parsed in the C locale. [f711c416e30c] * common/sudo_conf.c: Parse sudo.conf in the "C" locale. [776658f651ea] * plugins/sudoers/locale.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.h: Fix compilation on systems w/o setlocale() [6940d1c1c1ce] * doc/TROUBLESHOOTING: Sudo now includes a workaround for the Solaris 11 locale issue. [ab93787a552c] 2012-11-11 Todd C. Miller <[email protected]> * include/gettext.h, plugins/sudoers/iolog_path.c, plugins/sudoers/locale.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h: Always include locale.h from gettext.h so we no longer need to include locale.h from the .c files. [93d39182ccfa] * MANIFEST, config.h.in, configure, configure.in, mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c, src/solaris.c, src/sudo.c, src/sudo.h: Add os-specific initialization functions for solaris (workaround setuid locale problem in Solaris 11) and openbsd (set malloc_options if SUDO_DEVEL). Also move set_project() to solaris.c. [1d6581afbaf4] 2012-11-09 Todd C. Miller <[email protected]> * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: Avoid strerror() when possible and just rely on warning/error to handle errno in the proper locale. [bf612caae97c] * plugins/sudoers/logging.c: Set sudoers locale in log_allowed() [2dd0ac704cae] * plugins/sudoers/check.c: Make the sudo lecture translatable. [3cdfc183d72d] * Makefile.in: Add the values of badpass_message, passprompt and mailsub to sudoers.pot so they can be translated. [51cbe8adcb94] * plugins/sudoers/logging.c: Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked up by xgettext. [c5b74115caf0] 2012-11-08 Todd C. Miller <[email protected]> * plugins/sudoers/check.c, plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: Make expand_prompt() args const and free the prompt when we are done with it. [995ef8519fe6] * plugins/sudoers/policy.c: Fix cut and pasto [e002921c1d15] * plugins/sudoers/defaults.c, plugins/sudoers/logging.c: Expand def_mailsub in the sudoers locale, not the user's. [a4775f2fb385] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/iolog.c, plugins/sudoers/locale.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local. [286e0444f785] * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/defaults.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/error.c, src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: Display warning/error messages in the user's locale. [00a04165c0cf] * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: audit_failure() now calls gettext itself using the sudoers locale. [d77f1d78799a] * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: Convert setlocale() to sudoers_setlocale() in the sudoers module. This only converts existing uses, there are more places where we need to sprinkle sudoers_setlocale() calls. [8ee0cbf0d0a9] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, plugins/sudoers/locale.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add simple locale switching to make it easy to switch from the user's locale to the sudoers locale without making excessive setlocale() calls when we don't need to. [5c61582fdeee] * common/sudo_debug.c, include/error.h, include/sudo_debug.h, plugins/sudoers/plugin_error.c, src/error.c: Add variants of warn/error and sudo_debug_printf that take a va_list instead of a variable number of args. [00392bdc063c] * INSTALL, doc/TROUBLESHOOTING: Document Solaris 11 locale issues and workarounds. [05f7d34af3ae] * Makefile.in, configure, configure.in: Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 locales. Make links from localdir/lang -> localdir/lang.UTF-8 [5ca9326480e2] 2012-11-06 Todd C. Miller <[email protected]> * plugins/sudoers/audit.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: Do not inform the user that the command was not permitted by the policy if they do not successfully authenticate. This is a regression introduced in sudo 1.8.6. [c1279df08bfb] * plugins/sudoers/Makefile.in: Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup the rpath in HP-UX SOM shared libraries for the LDAP libs. [b07185657b42] * src/parse_args.c: The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. [22c73cbe3ff9] 2012-10-28 Todd C. Miller <[email protected]> * INSTALL, configure, configure.in: Allow the user to specify and alternate libtool [c9d6fc9521fd] 2012-10-26 Todd C. Miller <[email protected]> * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: Allow sudo to be build with sss support without also including ldap support. From Stephane Graber. [b992a80ebea1] 2012-10-25 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Refactor policy plugin interface code from sudoers.c into policy.c [393e62910b8a] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Refactor command_info setting into its own function. [a952b948324c] * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Make interfaces pointer private to interfaces.c and add get_interfaces() accessor. [b69b9334ed3c] 2012-10-24 Todd C. Miller <[email protected]> * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: Make user_cwd const since it is either a string literal or passed in from the front-end. [90751b81e8bc] * configure, configure.in: sudo 1.8.7 [bf727adb8af0] * plugins/sudoers/sudoers.c: Avoid nested strtok() calls. [9d9f22ab52a9] 2012-10-23 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: Move expand_prompt() into its own source file for easier unit testing. [b419b48a436f] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, plugins/sudoers/check.h, plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: Make check.c independent of the underlying timestamp implementation. [895071bd6065] * plugins/sudoers/iolog_path.c: Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. [8ac38f02dd6d] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Use a list for the possible values of Tag_Spec with a minimal indent to improve readability. In the pod version, these were =head3. Also use .St -p1003.1 instead of just POSIX when talking about glob() and fnmatch(). [361a6f7a5c44] 2012-10-02 Todd C. Miller <[email protected]> * src/ttyname.c: sudo_ttyname_dev() is unused if there is no /proc or sysctl(). [6598dbf81e16] * compat/mksiglist.c, compat/mksigname.c, compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c, plugins/sample_group/plugin_test.c, plugins/sudoers/regress/check_symbols/check_symbols.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: Explicitly mark main() as public in executables to avoid an HP-UX ld warning. [72a40ce218be] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Remove grep from SEE ALSO section. [c7cafee1621f] * common/alloc.c: If vasprintf() fails, just use the errno it sets instead of assuming ENOMEM. [1be5bfdc0cab] 2012-09-28 Todd C. Miller <[email protected]> * doc/TROUBLESHOOTING: Mention HP-UX pam.conf settings. [8b8e745b49fd] 2012-09-27 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: Split off timestamp functions into their own source file. [d5833332511d] 2012-09-26 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Mention how !foo is not the same as ALL,!foo [51f8e470757d] 2012-09-25 Todd C. Miller <[email protected]> * src/exec_pty.c: Start commands in the background when I/O logging is enabled. We can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2) which returns EINTR on signal instead of restarting automatically. [83b1d59146f7] * src/exec_pty.c: Handle SIGCONT_FG and SIGCONT_BG when converting signal number to string in deliver_signal(). [2cefea7a976e] 2012-09-24 Todd C. Miller <[email protected]> * src/exec_pty.c: Fix running commands that need the terminal in the background when I/O logging is enabled. E.g. "sudo vi &". When the command is foregrounded, it will now resume properly. [0bc13a253429] * plugins/sudoers/match.c: Add rudimentary support for name-based matching as a compile-time option. This unsafe when used in conjunction with the '!' operator. [f93bc8e6db15] 2012-09-21 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c: Split out implementation-specific back end code out of pwutil.c into pwutil_impl.c. This will allow the main pwutil code to be used for lookup methods other than getpw* and getgr*. [999c2dde60e4] 2012-09-18 Todd C. Miller <[email protected]> * NEWS, configure, configure.in: sudo 1.8.6p3 [97fef3d9ed65] 2012-09-17 Todd C. Miller <[email protected]> * doc/fixman.sh: Don't use embedded newline when matching, use \n. This got expanded at some point. Bug #573 [6652f834b8f5] * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Rename yyerror() to sudoerserror() to match yacc prefix changes. Not really needed due to the #defines that yacc makes but it is less confusing this way as the lexer calls sudoerserror(). [a0577be6527d] * common/alloc.c, plugins/sample_group/plugin_test.c, plugins/sudoers/env.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, src/exec_common.c, src/parse_args.c, src/sudo.c: No need to translate "unable to allocate memory" when we can just use the system translation via strerror(). [377499e5827c] * plugins/sudoers/sudoreplay.c: Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not all file systems support d_type. Bug #572 [8b861c62945f] * plugins/sudoers/sudoreplay.c: Avoid calling fclose(NULL) in the error path when we cannot open an I/O log file. [9401d5c4bb05] 2012-09-16 Todd C. Miller <[email protected]> * NEWS, configure, configure.in: Sudo 1.8.6p2 [6e32496280f2] * src/exec.c: When setting the signal handler for SIGTSTP to the default value in non-I/O log mode, store the old handler value for when we restore it after resume. [242628694e42] * plugins/sudoers/env.c: Replace the guts of sudo_setenv_nodebug() with our old setenv.c which supports non-standard BSD and glibc semantics. sudo_setenv() now simply calls sudo_setenv2(). [57ffb6c9efaa] 2012-09-15 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document non-Unix group support in LDAP sudoers. [33c89f3aeee6] * plugins/sudoers/ldap.c: Enable non-Unix group support for LDAP sudoers. We now check for non-Unix groups and netgroups with the same query in the second pass. Bug #571 [eb98fdff54d9] 2012-09-14 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/parse.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. [cb6c0d93215e] 2012-09-12 Todd C. Miller <[email protected]> * NEWS: Mention support for SUCCESS=return in /etc/nsswitch.conf [ef1f35aa0863] * NEWS, configure, configure.in: sudo 1.8.6p1 [73a5e1f004b3] 2012-09-11 Todd C. Miller <[email protected]> * plugins/sudoers/env.c: Avoid setting LOGNAME, USER and USERNAME variables twice when set_logname is enabled. [0de4f5fbd1d4] * plugins/sudoers/env.c: Fix duplicate detection in sudo_putenv(), do not prune out the variable we just set when overwriting an existing instance. Fixes bug #570 [854ee714c831] * plugins/sudoers/env.c: Add some debuggging [a25cd3305823] 2012-09-04 Todd C. Miller <[email protected]> * plugins/sudoers/sudo_nss.c: Disable word wrap in list mode when stdout is a pipe to make "sudo -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek. [65ade04511fd] * common/lbuf.c: Print a trailing newline in lbuf_print() when there is not enough space to do word wrapping and the lbuf does not end with a newline. [c0200e19cd09] * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: Add support for [SUCCESS=return] in nsswitch.conf; from Daniel Kopecek [5c480316e3ce] * MANIFEST: Add sssd.c [9cadd014ef97] 2012-09-01 Todd C. Miller <[email protected]> * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo, plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo, plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo, src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo: regen .po files [62423d4d143d] * MANIFEST, plugins/sudoers/po/vi.mo: Add Vietnamese sudoers translation from translationproject.org [33666a605525] * NEWS: mention PIE [05032e5304c6] * MANIFEST, plugins/sudoers/po/vi.po: Add Vietnamese sudoers translation from translationproject.org [015c2204bae2] 2012-08-29 Todd C. Miller <[email protected]> * Makefile.in, compat/Makefile.in, mkdep.pl: Add missing signame dependency [e493bfb01929] * src/exec.c, src/ttyname.c: Silence compiler warnings. [1c5374b66d9b] * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c, config.h.in, configure, configure.in, include/missing.h, mkdep.pl, src/exec.c, src/exec_pty.c: Replace strsigname() with sig2str(), emulating it as needed. [1e348cca1fa6] * config.h.in, configure, configure.in, src/utmp.c: Use fseeko() for legacy utmp handling if available. [b4bbd8d2c0e9] 2012-08-28 Todd C. Miller <[email protected]> * compat/strsigname.c, config.h.in, configure, configure.in: Detect sys_sigabbrev[] and use it in place of sys_signame[] if present. For some reason glibc does not declare sys_sigabbrev so we must add an extern definition of our own. [b38f3fbd7078] * compat/strsignal.c, compat/strsigname.c: Handle NULL entries in sys_siglist and sys_signame. [a388959d9654] * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c, compat/mksigname.h, compat/strsignal.c, compat/strsigname.c: Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name} [711e41aba59a] 2012-08-27 Todd C. Miller <[email protected]> * NEWS: sync [5a2522488754] * src/exec.c: Pass on SIGTSTP to the command if it was sent by a user process (not the kernel or the terminal) when we are not I/O logging and set the default SIGTSTP handler when we re-send the signal to ourself, restoring our handler after we resume. [4259c47e31c0] * src/exec.c: Shells typically change their process group when they start up so that they can implement job control. Most well-behaved shells change the pgrp back to its original value before suspending so we must not try to restore in that case, lest we race with the child upon resume, potentially stopping sudo with SIGTTOU while the command continues to run. Some shells, such as pdksh, just suspend the shell by sending SIGSTOP to themselves without restoring the pgrp. In this case we need to change the pgrp back for them. Should fix bug #568 [6ac6751ffd17] 2012-08-26 Todd C. Miller <[email protected]> * MANIFEST, compat/Makefile.in, compat/mksigname.c, compat/mksigname.h, compat/strsignal.c, compat/strsigname.c, config.h.in, configure, configure.in, include/missing.h, mkdep.pl, src/exec.c, src/exec_pty.c: Use strsigname() to print signal names in the debug output. If the system has no strsigname(), use our own. [0735f18906b9] 2012-08-23 Todd C. Miller <[email protected]> * plugins/sudoers/regress/testsudoers/test5.inc, plugins/sudoers/regress/testsudoers/test5.sh: Remove generated file and change path for temporary include file. [4e9fa830c6b5] * plugins/sudoers/Makefile.in: When running regress tests, list pass/fail rate for each dir (testsudoers and visudo) instead of the total. Also prevent the result files from clobbering each other by keeping them in the relevant directories. [6aac53baff7d] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Don't print an error message in yyerror() if open_sudoers() fails, we've already printed an error message. Also restore the check for sudoers_warnings in yyerror(). [aa6036df5fb2] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l: Avoid printing the >>> parse error <<< message for testsudoers when the -t flag is specified. [76f3433c8992] 2012-08-22 Todd C. Miller <[email protected]> * plugins/sudoers/parse.c: Fix NULL deref when an entry has no Runas_Entry [4b14983ff6e7] * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [440e9c9b37de] * NEWS: sync [3142ba2dce60] * plugins/sudoers/check.c: Correct the check_user() comment header. [73da30308fff] * plugins/sudoers/auth/sudo_auth.c: Change a log_fatal() into log_error() when no auth methods are configured. The caller already checks the return value. [05f5c39793a7] * plugins/sudoers/logging.c: Add missing debug_return [3a76bb7c2fe7] 2012-08-21 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: Make the capitalization consistent for .Ss and .Sx [5c5735ee4b2f] * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: Add COMMAND EXECUTION section that describes how sudo runs the command, the extra sudo processes and signal handling. [dff2d88e984e] 2012-08-18 Todd C. Miller <[email protected]> * Makefile.in: Happy Easter [4b9d697c6b83] 2012-08-17 Todd C. Miller <[email protected]> * compat/Makefile.in: Don't echo the awk command when building siglist.in [21daa72921e6] * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Cosmetic changes. [19259528e9ad] * doc/Makefile.in: The HISTORY, LICENSE and CONTRIBUTORS files are not longer generated. [ea6ac9e981e6] * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po, plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po, plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po, src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po, src/po/uk.po, src/po/vi.po: Sync with translationproject.org and add Italian sudoers translation. [9276740aea59] 2012-08-16 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Expand description of fqdn to talk about systems where the hosts file is searched before DNS. [4ee812ca6116] 2012-08-15 Todd C. Miller <[email protected]> * doc/Makefile.in: For cat pages there is nothing to make unless DEVEL is set. [fab4a5b68708] * configure, configure.in, doc/Makefile.in: Always use mandoc to format cat pages and remove now-extraneous nroff configure tests. [5747f4ed5762] * pp: sync polypkg from git [89ddf6ea3e3f] * plugins/sudoers/sudoers.c: Use AI_FQDN instead of AI_CANONNAME if available since "canonical" is not always the same as "fully qualified". [7c1d9c098386] 2012-08-14 Todd C. Miller <[email protected]> * doc/sudoers.mdoc.in: Fix some typos. Describe error messages not related to policy permissions. [f5ebf9030d85] * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/visudo.c: Add new check_defaults() function to check (but not update) the Defaults entries. Visudo can now use this instead of update_defaults to check all the defaults regardless instead of just the global Defaults entries. [3fa879ce1b65] 2012-08-13 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Document sudoers log format. [08998a7061ab] * NEWS: Update for sudo 1.8.5p3 [6e102a5d4e8d] * src/load_plugins.c: Add missing check for I/O plugin API version when checking for the presence of I/O plugin hooks. [ef05c7eeaf81] * src/hooks.c: Can't call debug code in the process_hooks_xxx functions() since ctime() may look up the timezone via the TZ environment variable. [2179fb26bd8e] 2012-08-10 Todd C. Miller <[email protected]> * src/exec_common.c, src/sesh.c, src/utmp.c: Include signal.h before sudo_exec.h since it uses sigset_t * in the fork_pty prototype. [94fc0d859600] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: Remove OPTIONS section; options now go inside DESCRIPTION [a619fc58a746] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [44719d80bc06] * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po, src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po: Sync with translationproject.org and add new Slovenian translation. [34b4b966bbac] * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: Reduce the number of "internal error, foo overflow" messages that need to be translated. [93ffa2b3d53f] * NEWS: Mention HP-UX reboot fix. [1e39b5aa32ac] * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in, doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in, plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers data source. From Daniel Kopecek and Pavel Brezina. [3f85e95d6928] 2012-08-09 Todd C. Miller <[email protected]> * common/sudo_conf.c, src/load_plugins.c: If sudo.conf contains an I/O plugin but no policy plugin, use sudoers for the policy plugin. If a policy plugin is specified without an I/O plugin, only the policy plugin will be loaded. [ea192df2439d] * doc/Makefile.in, doc/sudoers.man.in: Do not modify the .Os section when building the .man.in file from .mdoc.in. [a9f9628e147f] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Add a note about wildcards matching multiple words and include an example. Also mention that for sudoedit, a wildcard in command line args does not match a slash. [fcb9fbac14e0] 2012-08-07 Todd C. Miller <[email protected]> * src/exec_pty.c, src/sudo_exec.h: Fix a comment, update a variable name in a prototype; all cosmetic. [e89f10cbd6e1] * plugins/sudoers/iolog.c: Cast 2nd argument of lseek() to off_t if it is a constant for systems with 64-bit off_t but without a proper lseek() prototype. [d8779da135d0] * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/visudo.c: Fix some warnings from clang checker-267 [1e44ef7860b5] * plugins/sample/sample_plugin.c: Fix memory leak found by clang checker-267 [f8a43617fdfb] 2012-08-06 Todd C. Miller <[email protected]> * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: If we receive a signal from the command we executed, do not forward it back to the command. This fixes a problem with BSD-derived versions of the reboot command which send SIGTERM to all other processes, including the sudo process. Sudo would then deliver SIGTERM to reboot which would die before calling the reboot() system call, effectively leaving the system in single user mode. [4ffab9ab9e98] 2012-08-03 Todd C. Miller <[email protected]> * doc/fixman.sh, doc/fixmdoc.sh: Remove section about Solaris 10 on other systems. Add missing sudoers.man.in bit to fixman.sh. [176559199ba7] 2012-08-02 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: Expand section on Solaris privileges. [3a1bfa2f1743] * NEWS: Expand a bit on the Solaris priv set changes. [bffb78b4a520] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: The second argument to init_parser() is now bool. [fb727a4fb651] * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Fix printing of parse error message to stderr. [dea6b420b84f] * plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: If a command matches using an empty Runas_List (i.e. Runas_List is present but empty) and the -u option was not specified, set runas_pw to user_pw instead of using runas_default. This is intended to be used in conjunction with the Solaris Privilege Set support for rules that grant privileges without changing the user. [e84a081f3c11] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h: Add support for parsing an empty Runas_List, which only allows the command to be run as the invoking user. This can be used in conjunction with the Solaris Privilege Set support to grant privileges without changing the user. [dc34373792fc] 2012-08-01 Todd C. Miller <[email protected]> * doc/fixman.sh: Fix HP-UX, just use ".TH name section" like the vendor manuals. [559738237c92] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix compilation on Solaris [2d310302207c] * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, doc/sudoers.mdoc.sh: Generate a sed script file when munging *.mdoc or *.man instead of passing sed expressions on the command line. Older seds do not support \n in a replacement so generate and run a sed script instead. [0bcce3f1ca18] * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" [fe0f10b63776] 2012-07-31 Todd C. Miller <[email protected]> * src/exec.c: When checking whether a signal is user-generated, compare si_code against SI_USER instead of <= 0 since on HP-UX, terminal-related signals get a code of 0. [4e9021243343] * src/sudo.c: SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX interchangably. This causes problems when setting RLIMIT_NPROC to RLIM_INFINITY due to a bug in bash where bash tries to honor the value of _SC_CHILD_MAX but treats a value of -1 as an error, and uses a default value of 32 instead. Previously, we just checked RLIMIT_NPROC and, if it was unlimited, restored the previous value of RLIMIT_NPROC. However, that makes it impossible to set nproc to unlimited. We now only restore the nproc resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases, pam_limits will set RLIMIT_NPROC for us. [cb71cc8d0b08] 2012-07-30 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Active Directory apparently requires that tenths of a second be present in a date so append .0 to the "now" value in the time filter. Also remove space for the global AND from TIMEFILTER_LENGTH since it was not being used consistently. Buffers of TIMEFILTER_LENGTH now need to account for the terminating NUL byte. [d28619ff6e45] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix SELinux build [cc0d1f4e851b] 2012-07-29 Todd C. Miller <[email protected]> * MANIFEST: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they were not being kept in sync. [fc3ad1847cb1] * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod, doc/license.pod: Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they were not being kept in sync. [950363dffe3a] 2012-07-27 Todd C. Miller <[email protected]> * plugins/sudoers/logging.c: Fix printing of the permission denied message to standard error when a user is not allowed to run a command. This got broken by the recent logging changes. [b7af63da3ca1] * plugins/sudoers/sudoers_version.h: Bump grammar version for Solaris privs. [2a2baf024477] * doc/schema.ActiveDirectory: Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder were added. From David Hicks. [3fc432a8edb4] 2012-07-26 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: Remove lex.yy.c when building toke.c [72bb9e62b289] * doc/Makefile.in: Fix building docs in a build dir. [7a6f435af022] * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod, doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod, doc/sudoreplay.pod, doc/visudo.pod: Remove pod versions of the manual; we now use mdoc. [5c967d2dd5db] * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, doc/sudoers.mdoc.sh: Add post-processing scripts to strip out login class, BSD auth, SELinux and privilege set bits when they are not supported. [d0d51f72f597] * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, src/sudo.c, src/sudo.h: Merge in Solaris privilege support by Darren Moffat and John Zolnowsky [3aa0a64f2f5c] 2012-07-25 Todd C. Miller <[email protected]> * doc/contributors.pod: Sync with CONTRIBUTORS file [9a0852306ad9] * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in: Regen .man.in files with my private mandoc. [dc3c9fc449eb] * doc/Makefile.in: add MANDOC variable [35527e66afc5] 2012-07-20 Todd C. Miller <[email protected]> * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: Regen .man.in files with hacked mandoc to avoid issues with historic nroff. [d45cfa7d665f] 2012-07-19 Todd C. Miller <[email protected]> * doc/sudo.mdoc.in, doc/sudoers.mdoc.in: Fix groff warnings. [111d522ca807] * doc/Makefile.in: Fix dependencies for .man.in files. [aefeffe1af2b] * .hgignore: Add doc/*.mdoc to ignore file [1e4de6ef2ad8] * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: Build .man.in and .cat files from .mdoc.in files. Add new --with-man and --with-mdoc configure options. [c963fd7e8f80] 2012-07-18 Todd C. Miller <[email protected]> * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: Sudo manuals formatted in mdoc, to replace the pod versions. [e6dca4030451] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: More minor costmetic fixes. [a7287a68385a] 2012-07-12 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: Minor cosmetic fixes. [9c48bdaf3946] 2012-07-11 Todd C. Miller <[email protected]> * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot: Use "a password is required" instead of "password required" when the -n flag is used and we need to read a password. [a3c30fc41648] 2012-07-10 Todd C. Miller <[email protected]> * NEWS: Mention logging changes. [8238fd6e02e8] * plugins/sudoers/po/sudoers.pot: regen [e2cf634ba63b] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Document that other mail_* flags have precedence over mail_badpass. [9f4cc9188f40] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Move log_denial() calls and logic to log_failure(). Move authentication failure logging to log_auth_failure(). Both of these call audit_failure() for us. This subtly changes logging for commands that are denied by sudoers but where the user failed to enter the correct password. Previously, these would be logged as "N incorrect password attempts" but now are logged as "command not allowed". Fixes bug #563 [cad35f0b3ad7] 2012-07-06 Todd C. Miller <[email protected]> * common/aix.c: Do not set a resource limit to zero when we are unable to fetch a value from /etc/security/limits. [62bfb0a7895e] 2012-07-05 Todd C. Miller <[email protected]> * sudo.pp: Add "Provides: sudo" to debian sudo-ldap package [beb8afa0beb2] 2012-07-02 Todd C. Miller <[email protected]> * configure, configure.in, zlib/Makefile.in: Define NO_VIZ for zlib when gcc doesn't support symbol visibility attributes. [9fdcbf526386] * configure, configure.in: Use the autoconf cache when checking for symbol export control support. [03c2cce8711f] * INSTALL, common/Makefile.in, compat/Makefile.in, configure, configure.in, mkpkg, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in: Add configure check for building PIE executables instead of doing it in mkpkg. [02b5b78ef258] * sudo.pp: MacOS pp backend doesn't like modes longer than 4 characters. [01b49022bf01] 2012-07-01 Todd C. Miller <[email protected]> * configure, configure.in: Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool will strip -fstack-protector from the linker flags and we always link with libtool. [0a0a0250ac2b] 2012-06-29 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: Regen for sudo 1.8.6 [1657ee28b496] * NEWS, doc/sudoers.ldap.pod: Document improved Tivoli Directory Server support. [fb411edf4687] * config.h.in, configure, configure.in, plugins/sudoers/ldap.c: Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf option to specify Tivoli key db password. Allow TLS ciphers to be configured for Tivoli. [737e17c91e60] 2012-06-28 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Tivoli Directory Server 6.3 libs always return a (bogus) error when setting LDAP_OPT_CONNECT_TIMEOUT. [504406637c38] * NEWS: Update [687a755604e8] * plugins/sudoers/ldap.c: Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a set an ldap option fatal. [17cf93ae3304] 2012-06-27 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Zero pointers in sudo_user struct after freeing, just in case. [8eff1f80b943] * plugins/sudoers/sudoers.c: Free user_gids in close function if it has not already been freed. [cbce28877f37] * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Defer group ID to name resolution until we actually need it. [463e75b81e89] * src/sudo.c: It is safe to read in sudo.conf before calling user_info(). [3290b6434e3c] * plugins/sudoers/env.c, plugins/sudoers/ldap.c: Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to prevent potential truncation. Bug #562. [29d9fc4e0c4e] 2012-06-25 Todd C. Miller <[email protected]> * sudo.pp: If installing with installp, error out if there is already an instance of the rpm package installed. [ec24c6faba22] * mkpkg: Add --disable-nls for AIX [192ac2f7d65e] 2012-06-22 Todd C. Miller <[email protected]> * sudo.pp: Debian sudo-ldap packages should now depend on libldap-2.4-2, not libldap2. [cbcec71e6b58] 2012-06-21 Todd C. Miller <[email protected]> * sudo.pp: Add Homepage and Bugs to debian control file. [0f19d7d14e66] 2012-06-20 Todd C. Miller <[email protected]> * mkpkg: fix typo when setting aix_freeware [2fd6feb50195] * common/Makefile.in, compat/Makefile.in, configure, configure.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: Don't run regress tests or sudoers sanity check (using the newly- built visudo) when cross compiling. Bug #560 [0c4e3f68b2f5] * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map, plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, plugins/sample_group/sample_group.exp, plugins/sample_group/sample_group.map, plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map, plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in, plugins/system_group/system_group.exp, plugins/system_group/system_group.map, plugins/system_group/system_group.sym: Rename foo.sym -> foo.exp Remove foo.map from the repo and generate it on demand Use a loader option file for HP-UX ld to explicitly export symbols [2402ff5302ab] * src/Makefile.in: Remove extraneous backslash [8ca054de138c] * plugins/sudoers/regress/check_symbols/check_symbols.c: Don't check for errorx as an exported symbols as it is now a macro. Check for user_in_group() instead. [7b02c8ecd3ea] 2012-06-19 Todd C. Miller <[email protected]> * configure, configure.in: Adjust ld map file support to use an anonymous scope to match the updated .map files. [49be44282d9e] 2012-06-18 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, include/gettext.h: Older versions of Solaris lack ngettext() [028af10dfa5f] * configure, configure.in: Move the check for -static-libgcc until after AC_LANG_WERROR has been called and use AX_CHECK_COMPILE_FLAG(). [a7b09120e7ff] * include/gettext.h: Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H [3aa2780d4a4e] * include/error.h, include/sudo_debug.h: Fix gcc 2.x variant macro support. [8e71c2370997] * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c: Fix compilation on gcc 2.95 and other compilers that only allow variable declarations at the beginning of a block. [9d80c802bb46] * configure, configure.in, plugins/sudoers/Makefile.in: Link check_symbols with SUDO_LIBS to make sure we link with the requisite libraries to successfully dlopen sudoers.so. This is needed on HP-UX where a program dlopen()ing a shared object that uses pthreads must also be linked with pthreads (and HP-UX LDAP uses pthreads). [b8961cd82337] * plugins/sudoers/regress/check_symbols/check_symbols.c: Add check for exported local symbols. This will cause a "make check" failure on systems where we don't support symbol hiding. [8aa549389bb1] * configure, configure.in: Additional ${foo} -> $(foo) Makefile tweaks. [046bbde18f52] * plugins/sample/sample_plugin.map, plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map, plugins/system_group/system_group.map: No need to provide a name for the scope in the map file since we don't use the it for versioning. [5ed4b997560d] 2012-06-17 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/regress/check_symbols/check_symbols.c: Add regress test for symbol visibility. [9adddd4e0518] 2012-06-15 Todd C. Miller <[email protected]> * NEWS, configure, configure.in: sudo 1.8.6 [57008a7afb77] * configure, configure.in, include/missing.h: Add support for controlling symbol visibility using the HP and Solaris C compilers. [46d5b468979e] * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/sudoers.h: Use the expanded io log dir when updating the sequence number. Includes a workaround for older versions of sudo where the sequence number was stored in the unexpanded io log dir. [210797dab9a8] 2012-06-14 Todd C. Miller <[email protected]> * src/parse_args.c: Simplify "sudo -s" argv rewriting. [7be143dae7c5] * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in, src/sudo_noexec.map: Don't use a map file for sudo_noexec.so since Solaris ld doesn't allow '*' in the global section. The libtool export flag is now added to LT_LDFLAGS instead of commenting/uncommenting lines. [38fc37a66b04] 2012-06-13 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, include/missing.h: The visibility attribute was actually added in gcc 3.3.x, not 4.0. Just assume that if -fvisibility=hidden works that the attribute is usable. [d3904d6faf14] * plugins/sudoers/check.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map, plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c, plugins/system_group/system_group.c: Export group cache from sudoers.so for system_group.so to use. [16695d207fc5] * MANIFEST, configure, configure.in, include/missing.h, plugins/sample/Makefile.in, plugins/sample/sample_plugin.map, plugins/sample_group/Makefile.in, plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in, plugins/system_group/system_group.map, src/sudo_noexec.c, src/sudo_noexec.map: Use gcc's visibility attribute to specify when symbols are visible or hidden, if available. If not available, use an ELF version script if it is supported. If all else fails, fall back to using libtool's -export-symbols. [64e889921727] 2012-06-12 Todd C. Miller <[email protected]> * sudo.pp: Add mode for installed locale files but leave the directories with default mode and owner. [142237dbb31f] 2012-06-11 Todd C. Miller <[email protected]> * mkpkg, sudo.pp: Install AIX packages under /opt/freeware with links in /usr/bin and /usr/sbin. This matches the layout of the sudo package from AIX freeware. [0b79d47bbe01] * Makefile.in, configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp: Install shared objects with mode 0644 except on HP-UX which needs the executable bit set. [ae416af0ba6c] * Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Make installed file modes consistent with the file modes in the sudo package. [307386373289] 2012-06-08 Todd C. Miller <[email protected]> * doc/sudoers.pod: Add "%:" prefix when talking about QAS non-Unix group support. [7cb25f6861f8] * pp, sudo.pp: Fix packaging of symbolic links on HP-UX when the link source already exists in the filesystem. [c9bb48031596] * mkpkg: Only specify prefix if we are overriding the default value. Fixes the man dir (/usr/local/man vs. /usr/local/share/man). [65351b6c1697] * sudo.pp: Fix setting of sudoedit_man variable. [9beed9ae5bba] * doc/Makefile.in: Echo the command when linking the sudoedit manual. [6c83b5657b55] 2012-06-07 Todd C. Miller <[email protected]> * mkpkg, sudo.pp: Build .deb packages with selinux support. [3fd9cb1b4526] 2012-06-04 Todd C. Miller <[email protected]> * sudo.pp: Don't list paths for unstripped binaries in the lintial overrides. [4c8e16f1773b] * pp: Add support for Installed-Size header in control file, required by newer debian versions. [e97d76234bee] * pp: Fix extended description in .deb files. [d35e27ace146] * sudo.pp: Add Depends, Replaces and Conflicts headers for .deb packages. [76eb6c4b3278] 2012-06-01 Todd C. Miller <[email protected]> * plugins/sudoers/sudo_nss.c: If there are no privs to print, write the message to the lbuf instead of printing it directly. [ecd56226abb7] 2012-05-31 Todd C. Miller <[email protected]> * sudo.pp: Set -e in %pos and %preun for debian to quiet a lintian warning. [8bb908514df9] * doc/Makefile.in, src/Makefile.in, sudo.pp: Install sudoedit and the sudoedit manual as symbolic links, not hard links and package them as such. [f317ff3cf3e7] * sudo.pp: Make sudo binary permissions 755 instead of 111 Add lintian overrides file for .deb files. [991cd7d7f0e1] * configure, configure.in, doc/Makefile.in, mkpkg: Replace out of date MAN_POSTINSTALL with MANCOMPRESS and MANCOMPRESSEXT which can be used to compress the installed manual pages. Compress the man pages for .deb files to appease lintian. [4e34083b41d2] * sudo.pp: Debian fixes: * fix modes to be more in line with what Debian expects * add section * install LICENSE as copyright and ChangeLog as changelog * create stub changelog.debian [7f6c5647f588] * pp: Fix find command to properly skip files in the DEBIAN dir when building md5sums. [8918bde941fa] * pp, sudo.pp: Use a debian-compliant package maintainer field. [fc51a94170eb] 2012-05-30 Todd C. Miller <[email protected]> * plugins/sudoers/sudoreplay.c: No need to loop over atomic_writev(), it guarantees to write all data or return an error. Fix handling of stdout/stderr that contains "\r\n" and handle a "\r\n" pair that spans a buffer. [8aaf02d90c45] 2012-05-29 Todd C. Miller <[email protected]> * NEWS: Update for sudo 1.8.5p2 [d369d4d40a19] * plugins/sudoers/sudoreplay.c: Instead of doing extra write()s when replaying stdout, build up a vector for writev() instead. This results in far fewer system calls. [303d866c025c] 2012-05-27 Todd C. Miller <[email protected]> * src/env_hooks.c, src/sudo.h, src/tgetpass.c: Provide unhooked version of getenv() and use it when looking up DISPLAY and SUDO_ASKPASS in the environment. [04dbdccf4a14] 2012-05-25 Todd C. Miller <[email protected]> * plugins/sudoers/sudoreplay.c: When replaying a log of stdout or stderr, do newline to carriage return + linefeed conversion. We cannot have termios do this for us since we've disabled output postprocessing (POST) when setting raw mode. [61352a7d996f] 2012-05-24 Todd C. Miller <[email protected]> * configure, configure.in: When checking for -fstack-protector, treat warnings as fatal errors. [4124cd12d511] 2012-05-22 Todd C. Miller <[email protected]> * configure, configure.in: Fix test for -z relro [548bdb6f5c4a] * MANIFEST: Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4 [ed063264a2a1] * INSTALL, aclocal.m4, configure, configure.in, m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4: Build with -fstack-protector and link with -zrelo where supported. Added --disable-hardening option to disable hardening options. [0b6c1a1ceb03] 2012-05-21 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in, plugins/sudoers/regress/testsudoers/test1.sh, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/testsudoers/test4.out.ok, plugins/sudoers/regress/testsudoers/test4.sh, plugins/sudoers/regress/testsudoers/test5.inc, plugins/sudoers/regress/testsudoers/test5.out.ok, plugins/sudoers/regress/testsudoers/test5.sh, plugins/sudoers/testsudoers.c: Add tests for sudoers mode, owner and group checks. [a7607443aba0] * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: If sudoers_mode is group-readable but the actual sudoers file is not, open the file as uid 0, not uid 1. This fixes a problem when sudoers has a more restrictive mode than what sudo expects to find. In older versions, sudo would silently chmod the file to add the group-readable bit. [c056b6003e6f] * INSTALL, common/secure_path.c, config.h.in, configure, configure.in: No longer throw an error if sudoers is a symbolic link. Deprecated the --with-stow option as that is now (effectively) the default. [8ce783e54886] 2012-05-18 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in, plugins/sudoers/regress/testsudoers/test2.inc, plugins/sudoers/regress/testsudoers/test2.out.ok, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.d/root, plugins/sudoers/regress/testsudoers/test3.out.ok, plugins/sudoers/regress/testsudoers/test3.sh: Add basic tests for #include and #includedir [b303e4218951] * plugins/sudoers/testsudoers.c: Add -U sudoers_uid option to testsudoers. [3f8ed13501ba] 2012-05-17 Todd C. Miller <[email protected]> * NEWS, configure, configure.in: Update for 1.8.5p1 [c33c49bf5b4b] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix #includedir; from Mike Frysinger [d4833d4e39a0] * plugins/sudoers/check.c: Don't prompt for a password if the user is in the exempt group, is root, or is running the command as themselves even if the -k option was specified. This makes "sudo -k command" consistent with the behavior one would get if the user ran "sudo -k" immediately before running the command. [632b3961df00] 2012-05-15 Todd C. Miller <[email protected]> * INSTALL: Fix capitalization [7258aa977caf] * mkpkg: Build PIE executable on Mac OS X 10.5 and above. [2a5c7ef92182] 2012-05-14 Todd C. Miller <[email protected]> * NEWS: Update for sudo 1.8.4p5 [21164f508b68] * plugins/sudoers/match_addr.c: Add missing break between AF_INET and AF_INET6 in addr_matches_if_netmask() [672a4793931a] * plugins/sudoers/mon_systrace.c: Move systrace monitor code to the attic [d6faf4754e9c] 2012-05-11 Todd C. Miller <[email protected]> * src/exec.c: The pointer to the siginfo_t struct in a signal handler may be NULL. [41a4ee934b53] 2012-05-10 Todd C. Miller <[email protected]> * plugins/sudoers/pwutil.c: Fix an alignment problem on NetBSD systems with a 64-bit time_t and strict alignment. Based on a patch from Martin Husemann. [1e5ba3c18f17] * include/missing.h: Add offsetof macro for those without it. [e44cb51d2587] * MANIFEST: add system_group plugin [6169793b510c] 2012-05-09 Todd C. Miller <[email protected]> * compat/dlopen.c: Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. [85bd03bc5d94] 2012-05-08 Todd C. Miller <[email protected]> * NEWS: Mention system_group plugin [05393dd4bdb8] * Makefile.in, plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: update depends [6feb0b824fc4] * plugins/system_group/system_group.c: Only call gr_delref() when use sudo's password caching functions. [1103442e21fa] * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: Add missing dependency on libreplace.la [05bfd9d4657f] * compat/dlopen.c: Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and PROG_HANDLE. [2382d0693acc] * Makefile.in, configure, configure.in, plugins/system_group/Makefile.in, plugins/system_group/system_group.c, plugins/system_group/system_group.sym: Add group plugin that does lookups by name using the system group database. [2ddbb604112f] * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, src/po/pl.po: sync with translationproject.org [4ef05df4226d] 2012-05-03 Todd C. Miller <[email protected]> * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [115c3f828fc5] 2012-05-01 Todd C. Miller <[email protected]> * sudo.pp: Add mode for docdir and use '-' (default) for localedir mode. Fixes a problem on Linux when building in a directory with the setgid bit set. [582279c8bcb1] 2012-04-30 Todd C. Miller <[email protected]> * pp: Match CentOS 6.0 [1e99ef210f98] 2012-04-24 Todd C. Miller <[email protected]> * NEWS: Update with recent changes [c5fc220ba696] * pp: Fix version check on AIX [d272e39112f4] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [72b23509465a] * plugins/sudoers/ldap.c: Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP SDK. [87b685e70b9a] * plugins/sudoers/ldap.c: Fix printing of invalid uri [645aa53acdde] * plugins/sudoers/auth/pam.c: Pass PAM_SILENT when deleting creds to remove an annoying warning message on Solaris. [1dd0301ef293] 2012-04-23 Todd C. Miller <[email protected]> * src/utmp.c: Fix the setutxent and endutxent compatibility defines (this time correctly) when only setutent and endutent are available. [d136d2867db9] * plugins/sudoers/ldap.c: sudo_ldap_set_options_global() should not take an LDAP handle as an argument since the options affect the global settings. [1dc39b9d20f2] * mkpkg: Debian sudo has not been built with --with-exempt=sudo since 1.6.8. [c7716291a856] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: Call the policy's init_session() function before we fork the child. That way, the session is created and destroyed in the same process, which is needed by some modules, such as pam_mount. [ece552ba002e] * doc/TROUBLESHOOTING: Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is not specified. [bd293e100b28] * plugins/sudoers/auth/pam.c: Delete creds after closing the PAM session. [5158d726d6a5] * plugins/sudoers/ldap.c: Provide a more useful error message if using a Mozilla-style LDAP SDK and you forgot to specify TLS_CERT in ldap.conf. [7cb78feb899c] * src/exec_pty.c: Add missing initialization of a sigaction structure when I/O logging. Fixes a potential problem when suspending the command. [f4480f2ba816] * plugins/sudoers/ldap.c: Split global and per-connection LDAP options into separate arrays. Set global LDAP options before calling ldap_initialize() or ldap_init(). After we have an LDAP handle, set the per-connection options. Fixes a problem with OpenLDAP using the nss crypto backend; bug #342 [265c9d2dc12b] * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [6d7fe44be21e] 2012-04-21 Todd C. Miller <[email protected]> * src/sudo.c, src/sudo.h: Move struct passwd pointer into struct command details. [d6fb1eff2065] 2012-04-20 Todd C. Miller <[email protected]> * pp: Sync with upstream for Mac OS X (and other) fixes. [c2f4998d01b0] * mkpkg: Only built Mac intel universal binary on an intel machine. [0009e0b7e5a8] * src/Makefile.in: Do not pass libtool the -static-libtool-libs option when building sudo and sesh. Otherwise, libtool may prefer a static version of an installed library over a dynamic one when linking. [6fbac9adc885] 2012-04-19 Todd C. Miller <[email protected]> * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: Add German translation for sudo Add Croatian translation for sudoers [fa4da1a6530c] * plugins/sudoers/iolog.c: typo fix in comment [abd721d1288e] 2012-04-16 Todd C. Miller <[email protected]> * NEWS: Update with recent changes [6fa11e8448b9] * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Sort xgettext output by file name. [f650841810f0] * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: Clarify what "sudoreplay -l" displays and mention that it is sorted. [84031c117bd6] * config.h.in, configure, configure.in, src/ttyname.c: Use AC_HEADER_MAJOR to determine where major/minor are defined. [3c949650a223] * config.h.in, configure, configure.in, src/ttyname.c: Include sys/mkdev.h if present instead of sys/sysmacros.h for minor(). This is needed on Solaris (at least) where the makedev macros in sysmacros.h are obsolete and library functions should be used instead. [343928acf81e] * mkpkg: When building on Mac OS X, only set SDK_FLAGS if specified osversion doesn't match host. [d84c6efac872] 2012-04-15 Todd C. Miller <[email protected]> * src/ttyname.c: Add back buf and tty variables for _ttyname() case that were inadvertantly removed. [a4a820b22a44] 2012-04-13 Todd C. Miller <[email protected]> * plugins/sudoers/po/sudoers.pot: regen [5446b12c1250] * configure, configure.in: Remove b8 from version number. [5adc4dcec061] * src/ttyname.c: remove some XXX [187579a5f593] * src/ttyname.c: When looking for a device match, do a breadth-first search instead of depth-first. We already special case /dev/pts/ so chances are good that if it is not a pseudo-tty it is in the base of /dev/. Also avoid a stat(2) when possible if struct dirent has d_type. [0183f8a1b278] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, src/sudo.c, src/sudo.h: Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. [f0574d878491] * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, src/po/vi.mo: sync with translationproject.org [4527ea78fbd5] * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, src/po/hr.mo, src/po/hr.po: New Croatian and Galician translations from translationproject.org [ad4bd924b4de] * src/ttyname.c: Add depth-first traversal of /dev/ for the /proc case when not /dev/pts/N [499bd3456774] * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: If struct dirent has d_type, use it to avoid an extra stat(). [741dabbe4bcd] * plugins/sudoers/sudoreplay.c: Sort output of "sudoreplay -l" [c0615795bd4b] 2012-04-12 Todd C. Miller <[email protected]> * plugins/sudoers/sudoreplay.c: Fix duplicate free introduced in last rev [efdaabe69d75] 2012-04-11 Todd C. Miller <[email protected]> * plugins/sudoers/auth/pam.c: Instead of treating ^C from tgetpass() specially, always return AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. [a3b17298d4d0] * config.h.in, configure, configure.in, src/ttyname.c: Rototill code to determine the tty. For Linux, we now look up the tty device in /proc/pid/stat instead of trying to open /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given device number to a string. On BSD, we can use devname(). On Solaris, _ttyname_dev() does what we want. TODO: write /dev/ traversal code for the generic sudo_ttyname_dev(). [6b22be4d09f0] 2012-04-10 Todd C. Miller <[email protected]> * src/ttyname.c: Define PRNODEV for those w/o it. [f17290e64559] * config.h.in, configure, configure.in, src/ttyname.c: Check for SVR4-style struct psinfo.pr_ttydev and use that to determine the tty if std{in,out,err} are not ttys. [76ad33a91f4b] * src/ttyname.c: Better support for SVR4-style /proc entries where we can't use ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, attempt to map the device number back to the correct pseudo-tty slave device. [4f9f48cc79eb] * src/ttyname.c: When trying to determine the tty name, check parent's stderr in addition to its stdin and stdout. [604644056c7d] * src/exec_pty.c: Treat a tty read failure like EOF as it usually means the pty has gone away. Handle write() on the tty returning EIO. [16957f4a706f] * src/exec.c, src/exec_pty.c: Linux select() may return ENOMEM if there is a kernel resource shortage. Older Solaris select() may return EIO instead of EBADF when the tty goes away. If we get an unhandled select() failure, kill the child and exit cleanly. [d93940a311ab] * src/ttyname.c: Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might block in open. [a9f809d09d52] 2012-04-09 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c: Fix restoration of AIX permissions. [30c717115988] * src/parse_args.c: Allow the -k flag to be used along with the -i and -s flags. [0653b17c97f1] * plugins/sudoers/sudoreplay.c: Plug memory leak in parse_logfile() in the error path. [9cce86fa833b] * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [14af43d0b170] 2012-04-08 Todd C. Miller <[email protected]> * compat/regress/glob/globtest.c, config.h.in, configure, configure.in, plugins/sudoers/match.c: Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the glob() and fnmatch() results to be consistent. [4226750d73c2] 2012-04-06 Todd C. Miller <[email protected]> * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, src/ttysize.c: Move ttysize.c to common so sudoreplay can use it. [b4a0aa514cd4] * plugins/sudoers/sudoreplay.c: If I/O log file includes rows + cols, warn if the user's tty is not big enough. [b980ef89efff] * plugins/sudoers/sudoreplay.c: Fix printing of TSID in "sudoreplay -l" [4221e3e108b4] * common/sudo_debug.c, include/sudo_debug.h, plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c: Log the process id in the debug file output. Since we don't want to keep calling getpid(), stash the value at init time and when we fork(). [2782d30c024d] * src/exec_pty.c: Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It is better to receive EIO from read()/write() than to be suspended when we don't expect it. Fixes a problem when our terminal is revoked which can happen when, e.g. our sshd is killed unceremoniously. Also, only change the value of "alive" from true to false, never from false to true. It is possible for us to receive notification of the child having stopped after it is already dead. This does not mean it has risen from the grave. [26c9fe8ce0f9] * src/exec_pty.c: Distinguish between signals we received from the parent vs. those delivered explicitly to the monitor process in debugging info. [40716cb180e5] 2012-04-05 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". Update tty_is_devpts() to match so we can determine when the tty has been reused. [2689665df027] * common/sudo_debug.c, include/error.h, include/sudo_debug.h: Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. This allows consumers of sudo_debug_printf() to log that data without having to specify it manually. [7c94c4879208] * src/exec_pty.c: Make this compile after last change. [ee09034f3266] * src/exec_pty.c: Don't try to restore the terminal if we are not the foreground process. Otherwise, we may be stopped by SIGTTOU when we try to update the terminal settings when cleaning up. [c48b24335456] * src/exec.c: If select() return EBADF in the main event loop, one of the ttys must have gone away so perform any I/O we can and close the bad fds. [3bc8678c03ce] * common/sudo_debug.c, include/error.h, include/sudo_debug.h, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l: Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the function, file and line number in the debug log for warning() and error(). [894cd131f11d] 2012-04-04 Todd C. Miller <[email protected]> * common/sudo_debug.c, include/error.h, include/sudo_debug.h, src/conversation.c: Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. Use this flag when wrapping error() and warning() so the debug output includes the error string. [1e2c67adaf1f] 2012-03-30 Todd C. Miller <[email protected]> * NEWS: Update for sudo 1.8.5 [7d2b62b823fe] * plugins/sudoers/po/sudoers.pot: regen [718ad9de92cd] * doc/CONTRIBUTORS: sync [f48013aea641] * plugins/sudoers/pwutil.c: Use ecalloc() [fabd23c1f271] * src/exec_pty.c: Don't need zero_bytes() after ecalloc() [1a9d95cd10ef] * config.h.in, configure, configure.in, src/sudo_noexec.c: Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to sudo_noexec.c. [cbaa1d4b0f8a] * src/utmp.c: Fix compat setutxent and endutxent macros for systems with setutent() but not setutxent(). From Gustavo Zacarias [d7ce622fc5f2] 2012-03-29 Todd C. Miller <[email protected]> * configure.in: Add ignore_result definition to AH_BOTTOM [8d4096838a98] * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, src/exec.c, src/exec_pty.c, src/tgetpass.c: Fix compiler warnings on some platforms and provide a better method of defeating gcc's warn_unused_result attribute. [9a8f804fcc75] * configure, configure.in: Fix building the builtin zlib from a build dir. When a zlib dir was specified, prepend its include path instead of appending so we get the right zlib headers. [5f61d591b186] * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: Update zlib to version 1.2.6 [173c4bc4d4fc] 2012-03-28 Todd C. Miller <[email protected]> * include/missing.h: g/c __unused which is no longer used [7ef3f23edcd6] * src/env_hooks.c: Fix compilation if RTLD_NEXT is not defined. [d5605f468b71] * src/po/sr.mo, src/po/sr.po: sync with translationproject.org [27d559f7985d] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.man.in: regen [f9f63ce478b6] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [59035d82d15a] * Makefile.in: Ignore Project-Id-Version when comparing pot files. [22feb9ede46b] * plugins/sudoers/bsm_audit.c: Use error() instead of log_fatal() [54130bda4b50] * plugins/sudoers/env.c: Fix signedness of didvar in env_update_didvar() [77048a80b3e4] * plugins/sudoers/iolog.c: Quiet a compiler warning on some platforms. [8fdcaece0400] * compat/fnmatch.c: cast ctype(3) function/macro arguments from char to unsigned char to avoid potential negative subscripting. [bdcf7eef21ef] * common/setgroups.c: Quiet a warning on systems where the gids array in setgroups() is not prototyped as being const, even though it really is. [fdd758c6302d] * src/env_hooks.c: Quiet a compiler warning on systems where the argument to putenv(3) is const. [51bae2193b53] * plugins/sudoers/sudoreplay.c: Undo an incorrect int -> bool conversion. [b9a4ce320f14] * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, src/po/sv.mo, src/po/sv.po: Add Swedish sudo and sudoers translations from translationproject.org [f7ce1de9073f] * plugins/sudoers/env.c: No need to preserve ODMDIR on AIX now that we always read /etc/environment. [4aa04b2f0125] 2012-03-27 Todd C. Miller <[email protected]> * doc/sudoers.pod, plugins/sudoers/env.c: When initializing the environment for env_reset, start out with the contents of /etc/environment on AIX and login.conf on BSD. [5717bdc321e2] * doc/TROUBLESHOOTING, src/sudo.c: If we are not running with an effective uid of 0, try to give the user enough information to debug the problem. [fa4894896d8a] * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: Quiet a clang-analyzer false positive. [c4c0c1b9c8b0] * src/tgetpass.c: If there is nothing to read from the askpass program, set errno to EINTR. This makes the cancel button behave like the user entered ^C at the password prompt when PAM is used. [594302cb9caf] * src/sudo.h, src/tgetpass.c: Fetch the value of "askpass" from the sudo conf struct. [4593ee8f1bd3] * common/sudo_conf.c: Fix matching of "Path askpass" and "Path noexec" [4df28d62afb9] 2012-03-26 Todd C. Miller <[email protected]> * plugins/sudoers/visudo.c: Quiet a clang-analyzer dead store warning. [dd90bf385a3f] * plugins/sudoers/sudoers.c: If the "timestampowner" user cannot be resolved, use ROOT_UID instead of exiting with a fatal error. [8d62aae99715] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/iolog.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: Remove the NO_EXIT flag to log_error() and add a log_fatal() function that exits and is marked no_return. Fixes false positives from static analyzers and is easier for humans to read too. [a0fe785c2a3d] 2012-03-24 Todd C. Miller <[email protected]> * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, src/po/eo.po: sync with translationproject.org [df5e8777de13] 2012-03-20 Todd C. Miller <[email protected]> * src/po/da.mo, src/po/da.po: sync with translationproject.org [629d99548b78] * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: sync with translationproject.org [9d122a2860d6] 2012-03-19 Todd C. Miller <[email protected]> * src/po/it.mo, src/po/it.po: sync with translationproject.org [6397593b15cf] * common/sudo_conf.c, plugins/sudoers/alias.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c: Use ecalloc() when allocating structs. [8b5888868db2] * common/alloc.c, include/alloc.h: Add ecalloc() and commented out recalloc(). Use inline strnlen() instead of strlen() in estrndup(). [7fb9aa46c1e0] 2012-03-18 Todd C. Miller <[email protected]> * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: sync with translationproject.org [45a032c37334] 2012-03-16 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c: Remove unused label [2660bb0c1313] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document what changed in each plugin API revision [59b30a6fc4d1] * plugins/sudoers/set_perms.c: Remove bogus optimization that could lead to a double free of the group list. [b0bfbd2a83a8] 2012-03-15 Todd C. Miller <[email protected]> * doc/TROUBLESHOOTING: Expand AIX /etc/security/privcmds entry. [9f3f072e034e] * NEWS: Update for sudo 1.8.5 [086049011f25] * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: Rename plugin "args" to "options" [f25624951bd2] * doc/CONTRIBUTORS: Add Lithuanian and Vietnamese translators [2b4c075b69e3] * Makefile.in: Ignore comments when comparing new and old pot files. [f872999347b3] * src/Makefile.in: regen [c8193b1b11c7] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in: regen [15e3c17e8a3a] * doc/sudo_plugin.pod, include/sudo_plugin.h, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, src/sudo.c, src/sudo.h: Pass a pointer to user_env in to the init_session policy plugin function so session setup can modify the user environment as needed. For PAM authentication, merge the PAM environment with the user environment at init_session time. We no longer need to swap in the user_env for environ during session init, nor do we need to disable the env hooks at init_session time. [3f5277b359d8] * plugins/sample/sample_plugin.c: Add explicit NULL entries for init_session, register_hooks and deregister_hooks with appropriate comments. [727a57978b40] * compat/pw_dup.c: Quiet a gcc "used uninitialized in this function" false positive. [f14b68379ce9] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: We should always call warning() with a format string or a string literal. In this case, the argument (path) is not user-controlled. [e9ef51224024] 2012-03-14 Todd C. Miller <[email protected]> * src/selinux.c: Include sudo_exec.h for the sudo_execve() prototype. [769e58065edc] * config.h.in, configure, configure.in: Add check for pam_getenvlist() [36bde3f26c60] * common/sudo_conf.c: Set args to NULL in default plugin info struct when there is no Plugin line in sudo.conf. [93ec67708f01] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [a9287677795c] * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: regen [a242769d7962] * configure, configure.in: Bump version to 1.8.5 [e8618f0c2505] * doc/sudo_plugin.pod: Document hooks API [e6ad07d27958] 2012-03-13 Todd C. Miller <[email protected]> * sudo.pp: Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. [fd72340042d3] * include/sudo_plugin.h: Use sudo_hook_fn_t in struct sudo_hook. [938f93112d6e] * doc/TROUBLESHOOTING: If cross compiling, --host must include the OS in the tuple. E.g. --host powerpc-unknown-linux [b8c010070c1e] 2012-03-12 Todd C. Miller <[email protected]> * plugins/sudoers/parse.c: Fix bogus int -> bool conversion; tags can have a value of -1. [e63d6434a303] * plugins/sudoers/env.c: Add env_should_keep() and env_should_delete() wrapper functions to simplify things a bit and hide the fact that matches_env_check() is not bool. [7a03d7a12b50] * sudo.pp: Fix application of debian-specific sudoers mods when building packages as non-root. [34bf4c52c425] * plugins/sudoers/env.c: matches_env_check() returns int, not boolean [0ad915b8d5cb] * src/sudo_edit.c: Fix compilation when seteuid() is not available. [8a722f998000] * src/ttyname.c: Simply move the free of ki_proc outside the realloc() loop. [217b786da760] * src/ttyname.c: Bring back the erealloc() for the ENOMEM loop and just zero the pointer after we free it. [29a016e45127] * src/ttyname.c: Don't try to erealloc() a potentially freed pointer; Mateusz Guzik [266e08844065] 2012-03-10 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c: Use normal error path if unable to set sudoers gid. [01c816918c99] * plugins/sudoers/set_perms.c: Make this work again on systems w/o seteuid(). [2e67f7421e97] 2012-03-09 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c: Fix compilation if no seteuid/setreuid/setresuid available. [d0b3c1f88eb4] * plugins/sudoers/set_perms.c: Better error messages, and added debugging throughout. Fixed seteuid() version of set_perms()/restore_perms(). Fixed logic bug in AIX version of restore_perms(). Added checks to avoid changing uid/gid when we don't have to. Never set gid/uid state to -1, use the old value instead. [29188d469b5c] * src/exec_pty.c, src/ttyname.c: Fix format string warning on Solaris with gcc 3.4.3. [d1eeb6e1dd0f] * src/sudo.c: Always declare environ now that we swap it around unilaterally. [aaa3e92e7d0d] * src/Makefile.in: Honor LDFLAGS when linking sesh; from Vita Cizek [498b41438f6e] * src/sesh.c: Include alloc.h for estrdup() prototype; from Vita Cizek [93203655a320] 2012-03-08 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Don't read /etc/environment on Linux when using PAM, PAM should set the environment variables as needed via pam_env. [b1ef62cb2d40] * INSTALL: Fix editor goof. [0c3dd3bb8b57] * src/hooks.c, src/sudo.c, src/sudo.h: Disable environment hooks after we get user_env back to make sure a plugin can't to modify user_env after we "own" it. This is kind of a hack but we don't want the init_session plugin function to modify user_env. [8e6d119452a5] * src/hooks.c, src/sudo.c: Add support for deregistering hooks. If an I/O log plugin fails to initialize, deregister its hooks (if any). [ac00c93900c5] 2012-03-07 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c, src/sudo.c: Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook setenv. [e75469dd9908] * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, compat/setenv.c, compat/unsetenv.c, config.h.in, configure, configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: Initial cut at a hooks implementation. The plugin can register hooks for getenv, putenv, setenv and unsetenv. This makes it possible for the plugin to trap changes to the environment made by authentication methods such as PAM or BSD auth so that such changes are reflected in the environment passed back to sudo for execve(). [61cffa06f863] 2012-03-05 Todd C. Miller <[email protected]> * MANIFEST, src/po/vi.mo, src/po/vi.po: Add Vietnamese sudo translation from translationproject.org [96df426790d5] 2012-03-02 Todd C. Miller <[email protected]> * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, doc/sudoers.pod: List sudo_noexec.so not noexec.so in the sample sudo.conf [53844e190ec5] * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: Add support for plugin args at the end of a Plugin line in sudo.conf. Bump the minor number accordingly and update the documentation. A plugin must check the sudo front end's version before using the plugin_args parameter since it is only supported for API version 1.2 and higher. [587f1f819536] 2012-03-01 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: update depends [6d2da44e11e5] * MANIFEST: secure_path.c is in common, not compat [619c4a663dde] * configure, configure.in: Add check for variadic macro support in cpp. [756854caf675] 2012-02-29 Todd C. Miller <[email protected]> * common/secure_path.c, common/sudo_conf.c, include/secure_path.h, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add type param to sudo_secure_path() and add sudo_secure_file() and sudo_secure_dir() wrappers which get by #includedir in sudoers. [2ec2d3d8df04] 2012-02-28 Todd C. Miller <[email protected]> * doc/visudo.pod, plugins/sudoers/visudo.c: Check the owner and mode in -c (check) mode unless the -f option is specified. Previously, the owner and mode were checked on the main sudoers file when the -s (strict) option was given, but this was not documented. [b2d6ee1e547a] * config.h.in, configure, configure.in, src/ttyname.c: Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. [159f6a50456a] 2012-02-27 Todd C. Miller <[email protected]> * doc/CONTRIBUTORS: Add Eric Lakin for patch in bug #538 [490c29c234c6] * src/exec_pty.c: Fix typo in safe_close() made while converting to debug framework that prevented it from actually closing anything. [a66422a62afd] * src/exec_pty.c: Add some more debugging. [b5667947dda9] * common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in: We need sysconfdir in compat/Makfile to get the proper sudo.conf path. Add standard prefix and foodir expansion in all Makefiles to avoid this problem in the future. [62b6ce4ecae9] 2012-02-25 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: New Lithuanian sudoers translation from translationproject.org [10436b649035] * plugins/sudoers/po/ja.po: Update from translationproject.org [acb8db5f8ef1] 2012-02-24 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: When adding gids to the LDAP filter, only add the primary gid once. This is consistent with the space computation/allocation. From Eric Lakin [35d9d99c92c6] * doc/TROUBLESHOOTING: Add entry for AIX enhanced RBAC config. [5e10b6f8def7] * mkpkg: Target Mac OS X 10.5 when building packages. [06fce9bbebee] 2012-02-22 Todd C. Miller <[email protected]> * MANIFEST, common/Makefile.in, common/secure_path.c, common/sudo_conf.c, include/secure_path.h, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: Relax the user/group/mode checks on sudoers files. As long as the file is owned by the right user, not world-writable and not writable by a group other than the one specified at configure time (gid 0 by default), the file is considered OK. Note that visudo will still set the mode to the value specified at configure time. [241174babfcc] 2012-02-21 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c: Add AIX-specific version of permission setting code to make sure that the saved uid gets restored properly. [9a6f5d22c301] * config.h.in, configure, configure.in, src/exec_common.c: Check for LD_PRELOAD variants in configure instead of checkign cpp symbols. In disable_execute(), compute the length of the new envp and allocate it once instead of reallocating on demand. Also append old value of LD_PRELOAD (if any) to the new value. [680266346917] * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: Fix the description of noexec. [6a6d142f3c80] * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: The "op" parameter to set_default() must be int, not bool since it is set to '+' or '-' for list add and subtract. [8da5b137bea2] * sudo.pp: Make sure sudoers is writable before calling ed script. [95352ab6336b] 2012-02-17 Todd C. Miller <[email protected]> * doc/CONTRIBUTORS, doc/contributors.pod: Update contributors. Now includes translators and authors of compat code. [4fb5b616b50a] 2012-02-16 Todd C. Miller <[email protected]> * src/po/sudo.pot: regen [2c86e2c328fe] * pp, sudo.pp: Build flat packages, not package bundles, on Mac OS X. [57bda3cd5520] 2012-02-10 Todd C. Miller <[email protected]> * sudo.pp: Move macos section to be with the other OS-specific sections. [51423bb2973a] * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: Sync with translationproject.org [8ce41cbb8da0] * configure, configure.in: Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS [fa979aa6fe7d] * sudo.pp: Add Mac OS X support, printing the latest chunk of the NEWS file and the license text in the installer. [ffeab72387c0] * sudo.pp: Add explicit file modes that match those used by "make install" [7eb37242c920] * pp: Sync with upstream for Mac OS X fixes. [97cba179041e] * plugins/sudoers/Makefile.in, src/Makefile.in: Got back to using "install-sh -M" for files installed as non- readable by owner. This fixes "make install" as non-root for package building. [967804ee77d6] 2012-02-09 Todd C. Miller <[email protected]> * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: Sync with translationproject.org [0e53db12039a] * Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Use -m not -M for install-sh for everything except setuid. Install locale .mo files mode 0444, not 0644. If timedir parent doesn't exist, use default dir mode, not 0700. [8b6f64c92090] 2012-02-07 Todd C. Miller <[email protected]> * pp: Re-sync with upstream; no longer need a local patch. [97a2c7be5e59] * mkpkg: Add support for building Mac OS X packages. [94d49ac223a4] * pp: Sync with upstream [1c97654fc841] * src/Makefile.in: No longer need to define _PATH_SUDO_CONF here. [2560905b7482] * src/exec_common.c: Fix noexec for Mac OS X. [b7a744bca2c0] 2012-02-06 Todd C. Miller <[email protected]> * common/Makefile.in: Move _PATH_SUDO_CONF override to common to match sudo_debug.c [f0788972a63a] * plugins/sudoers/set_perms.c: More complete fix for LDR_PRELOAD on AIX. The addition of set_perm(PERM_ROOT) before calling the nss open functions (needed to avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective and then real uid to 0 for PERM_ROOT works around the issue. [5888eda051af] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [997fe403e219] * src/sudo.c: Set real uid to root before calling sudo_edit() or run_command() so that the monitor process is owned by root and not by the user. Otherwise, on AIX at least, the monitor process shows up in ps as belonging to the user (and can be killed by the user). [d4772d7d2fc5] * plugins/sudoers/set_perms.c: For PERM_ROOT when using setreuid(), only set the euid to 0 prior to the call to setuid(0) if the current euid is non-zero. This effectively restores the state of things prior to rev 7bfeb629fccb. Fixes a problem on AIX where LDR_PRELOAD was not being honored for the command being executed. [b9b40325b4dc] * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, include/missing.h, src/sudo.c: Make a copy of the struct passwd in exec_setup() to make sure nothing in the policy init modifies it. [b721261c921f] 2012-02-05 Todd C. Miller <[email protected]> * doc/sudoers.pod: update copyright [f9d229d1f65e] * common/sudo_debug.c, include/sudo_debug.h: g/c now-unused debug subsystems [8f21726e698f] * doc/sudo.pod, doc/sudoers.pod: Enumerate the debug subsystems used by sudo and sudoers. [ac4f84293d14] 2012-02-03 Todd C. Miller <[email protected]> * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, include/sudo_conf.h, src/sudo.c: Normally, sudo disables core dumps while it is running. This behavior can now be modified at run time with a line in sudo.conf like "Set disable_coredumps false" [ad14e0508b0d] * NEWS: Mention Spanish translation [600f3205bd6e] * common/sudo_debug.c: Make sure we don't try to fall back to using the conversation function for debugging in the main sudo process if we are unable to open the debug file. [ffa329aa908c] * MANIFEST, src/po/es.mo, src/po/es.po: Add sudo Spanish translation from translationproject.org [c1906654e740] 2012-02-02 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Better debug subsystem usage [1a31f115743c] * src/sudo.c: Remove duplicate function prototypes [ae04b00532eb] 2012-02-01 Todd C. Miller <[email protected]> * configure, configure.in: Error out if user specified --with-pam but we can't find the headers or library. Also throw an error if the headers are present but the library is not and vice versa. [d6bf3e3d0aae] 2012-01-31 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Fix the sudoers permission check when the expected sudoers mode is owner-writable. [8b0b7e770a22] 2012-01-30 Todd C. Miller <[email protected]> * configure, configure.in: Verify that we can link executables built with -D_FORTIFY_SOURCE before using it. [7578215d1a95] * src/exec_common.c: Fix potential off-by-one when making a copy of the environment for LD_PRELOAD insertion. Fixes bug #534 [cc699cd551b6] * configure, configure.in: Add rudimentary check for _FORTIFY_SOURCE support by checking for __sprintf_chk, one of the functions used by gcc to support it. [a992673d2ef8] * compat/stdbool.h, config.h.in, configure, configure.in: Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. [8ba1370884b3] 2012-01-29 Todd C. Miller <[email protected]> * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen [1e0b38397705] 2012-01-25 Todd C. Miller <[email protected]> * src/exec.c, src/sudo.c: The change in 818e82ecbbfc that caused to exit when the monitor dies created a race condition between the monitor exiting and the status being read. All we really want to do is make sure that select() notifies us that there is a status change when the monitor dies unexpectedly so shutdown the socketpair connected to the monitor for writing when it dies. That way we can still read the status that is pending on the socket and select() on Linux will tell us that the fd is ready. [7fb5b30ea48d] * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: Refactor disable_execute() and my_execve() into exec_common.c for use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of disabling exec in exec_setup(), disable it immediately before executing the command. Adapted from a diff by Arno Schuring. [ec4d8b53db6b] 2012-01-20 Todd C. Miller <[email protected]> * aclocal.m4, configure, configure.in: Add custom version of AC_CHECK_LIB that uses the extra libs in the cache value name. With this we no longer need to rely on a modified version of autoconf. [1c3b1d482d6c] 2012-01-19 Todd C. Miller <[email protected]> * configure, configure.in: Better handling of network functions that need -lsocket -lnsl [cc386342ec2b] * src/sudo.c: When setting up the execution environment, set groups before gid/egid like sudo 1.7 did. [928e1c5fa6c1] * configure, configure.in: Remove "WARNING: unable to find foo() trying -lsocket -lnsl" [84b23cdf138f] * plugins/sudoers/sudoers.c: For "sudo -g" prepend the specified group ID to the beginning of the groups list. This matches BSD convention where the effective gid is the first entry in the group list. This is required on newer FreeBSD where the effective gid is not tracked separately and thus setgroups() changes the egid if this convention is not followed. Fixes bug #532 [782d6909108b] 2012-01-17 Todd C. Miller <[email protected]> * configure, configure.in: Fix sh warning; use "test" instead of "[" [c6ee3407f65e] * src/exec.c: When not logging I/O, use a signal handler that only forwards SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. Fixes a race in the non-I/O logging path where the command may receive two keyboard-generated signals; one from the kernel and one from the sudo process. [9638684e786a] * src/exec.c: Back out change that put the command in its own pgrp when not logging I/O. It causes problems with pipelines. [4fc9c6e1e770] 2012-01-16 Todd C. Miller <[email protected]> * compat/Makefile.in, configure, configure.in: Only run compat regress tests on compat objects we actually build. Fixes "make check" in the compat dir for systems that don't implement character classes in fnmatch() or glob(). Bug #531 [a7addc305e83] 2012-01-14 Todd C. Miller <[email protected]> * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: Update po files from translationproject.org [5ea066af1356] 2012-01-13 Todd C. Miller <[email protected]> * sudo.pp: Include parent directories in case they don't already exist. This fixes a directory permissions problem with the AIX package when the /usr/local directories don't already exist. [a14f783dc827] * pp: sync with git version [2f79d0543661] * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: regen dependencies [24c92ca6c64d] * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: Move tty name lookup code to its own file. [58faf072cbf4] 2012-01-12 Todd C. Miller <[email protected]> * NEWS: Update with latest sudo 1.8.4 changes. [a4ffe4f42528] * config.h.in, configure, configure.in: Remove obsolete template for HAVE_TIMESPEC [75709007c906] * src/sudo.c: Add a check for devname() returning a fully-qualified pathname. None of the devname() implementations do this today but you never know when this might change. [16813ace38f9] 2012-01-11 Todd C. Miller <[email protected]> * plugins/sudoers/visudo.c: For "visudo -c" also list include files that were checked when everything is OK. [ad6f85b35c9c] * src/sudo.c: The device name returned by devname() does not include the /dev/ prefix so we need to add it ourselves. [b55285abb7ed] * src/sudo.c: Add debug warning if KERN_PROC sysctl fails or devname() can't resolve the tty device to a name. [b5a23916ba3a] * common/sudo_debug.c: The result of writev() is never checked so just cast to NULL. [4be4e9b58d5b] * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: Update Esperanto, Finnish, Polish and Ukrainian translations from translationproject.org. [bb91bc6ad7e9] 2012-01-10 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, src/sudo.c: Add support for determining tty via sysctl on other BSD variants. [fd15f63f719a] * configure, configure.in: Only check for struct kinfo_proc.ki_tdev on systems that support sysctl. [109b3f07a39d] * src/sudo.c: For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on ttyname() of std{in,out,err}. [95969b70bd68] 2012-01-09 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, src/sudo.c: On newer FreeBSD we can get the parent's tty name via sysctl(). [3207290501ee] * plugins/sudoers/testsudoers.c: Include locale.h [a602cd0b8c2d] * src/sudo.c: Silence a gcc warning. [8c6d0e3cd534] * plugins/sudoers/bsm_audit.c: Need to include gettext.h and sudo_debug.h; from John Hein [447912aa7300] * plugins/sudoers/iolog.c: Initialize the debug framework from the I/O plugin too. [ce1bf44d96d2] 2012-01-08 Todd C. Miller <[email protected]> * plugins/sudoers/testsudoers.c: Enable debugging via sudo.conf. [d85669c749d0] 2012-01-07 Todd C. Miller <[email protected]> * plugins/sudoers/visudo.c: Use SUDO_DEBUG_ALIAS for alias checking functions. [fb84af30dc76] * configure, configure.in: More complete test for getaddrinfo() that doesn't rely on the network libraries already being added to LIBS. [cbaf2369f4f0] 2012-01-06 Todd C. Miller <[email protected]> * common/aix.c: Add debug support. [def1bdf24485] * configure, configure.in: Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. [a2ea1c2eac61] * compat/getaddrinfo.c: Include errno.h and missing.h [7d15e17cc2f2] * .hgignore: ignore doc/varsub [417f9fc3231b] * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, plugins/sudoers/gram.y, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, src/parse_args.c, src/sudo.c, src/sudo.h: Update copyright year. [5d0ffc7dd567] * NEWS: Update for sudo 1.8.4 [841e3eff9844] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen pot files [c509cb45b66a] * plugins/sudoers/sudoreplay.c: Enable debugging via sudo.conf. [5087aaee8484] * plugins/sudoers/visudo.c: Enable debugging via sudo.conf. [04b067c16ed3] * plugins/sudoers/visudo.c: Allow "visudo -c" to work when we only have read-only access to the sudoers include files. [d8c6713fe5c1] * doc/sudo.pod, doc/visudo.pod: Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add HISTORY section in sudo that points to HISTORY file. [d1f1bcb051c5] * doc/sudo.pod, doc/sudo_plugin.pod: Document Debug setting in sudo.conf and debug_flags in plugin. [acfc505aa4a9] 2012-01-05 Todd C. Miller <[email protected]> * plugins/sudoers/match.c: Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a bug where a pattern like "/usr/*" include /usr/bin/ in the results, which would be incorrectly be interpreted as if the sudoers file had specified a directory. From Vitezslav Cizek. [0cdb6252188c] * INSTALL, config.h.in, configure, configure.in, plugins/sudoers/auth/kerb5.c: Add --enable-kerb5-instance configure option to allow people using Kerberos V authentication to use a custom instance. Adapted from a diff by Michael E Burr. [e83af8bb7aa7] * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: Remove -D debug_level option. [cbcd05094347] * doc/LICENSE: Update copyright year. [9f43dd7aa852] 2012-01-04 Todd C. Miller <[email protected]> * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: parse_error is now bool, not int [5ea7fb6fda38] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/parse.c: Print a more sensible error if yyparse() returns non-zero but yyerror() was not called. [d44ec88f1183] * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, plugins/sudoers/gram.c: Replace y.tab.c with the correct filename in #line directives. [3c84fcb7e959] 2012-01-03 Todd C. Miller <[email protected]> * src/sudo.c: When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2} if the main process's fds 0-2 are not hooked up to a tty. Adapted from a diff by Zdenek Behan. [b9dfce12af85] * src/exec.c: When not logging I/O, put command in its own pgrp and make that the controlling pgrp if the command is in the foreground. Fixes a race in the non-I/O logging path where the command may receive two keyboard-generated signals; one from the kernel and one from the sudo process. [d0e263ce496c] 2011-12-20 Todd C. Miller <[email protected]> * src/sudo_edit.c: Quiet a bogus gcc warning. [2009669e0608] * src/parse_args.c, src/sudo.h: Fix warnings related to sudo.conf accessors. [08ddc29ba50b] * common/sudo_conf.c, include/sudo_conf.h: Separate sudo.conf parsing from plugin loading and move the parse functions into the common lib so that visudo, etc. can use them. [f1fc659a8079] * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: Separate sudo.conf parsing from plugin loading and move the parse functions into the common lib so that visudo, etc. can use them. [e1f2cf6bd57a] * doc/sudoers.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/sudoers.c, src/sudo.c: Remove support for noexec_file in sudoers and the plugin API [3e2fd58879b5] * plugins/sudoers/sudoers.c: Don't dump interfaces if there are none. [9081bb4d3e9e] * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: Add missing %s printf escape to the group_plugin, iolog_dir and iolog_file descriptions. [7db03f2b737e] 2011-12-18 Todd C. Miller <[email protected]> * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c: Fix typo in visiblepw description; from Joel Pickett [2fb4b26d5c2c] 2011-12-08 Todd C. Miller <[email protected]> * MANIFEST, configure, configure.in, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: When running a login shell with a login_class specified, use LOGIN_SETENV instead of rolling our own login.conf setenv support since FreeBSD's login.conf has more than just setenv capabilities. This requires us to swap the plugin-provided envp for the global environ before calling setusercontext() and then stash the resulting environ pointer back into the command details, which is kind of a hack. [ad4f1190143b] * plugins/sudoers/Makefile.in: If srcdir is "." just use the basename of the yacc/lex file when generating the C version. This matches the generated files currently in the repo. [0b11c3df87a8] * doc/Makefile.in, plugins/sudoers/Makefile.in: Clean up the DEVEL noise [9de2afe457fd] * src/exec.c: Handle different Unix domain socket (actually socketpair) semantics in BSD vs. Linux. In BSD if one end of the socketpair goes away select() returns the fd as readable and the read will fail with ECONNRESET. This doesn't appear to happen on Linux so if we notice that the monitor process has died when I/O logging is enabled, behave like the command has exited. This means we log the wait status of the monitor, not the command, but there is nothing else we can do at that point. This should only be an issue if SIGKILL is sent to the monitor process. [818e82ecbbfc] * src/exec_pty.c: Catch common signals in the monitor process so they get passed to the command. Fixes a problem when the entire login session is killed when ssh is disconnected or the terminal window is closed. Previously, the monitor would exit and plugin's close method would not be called. [0e4658263138] * INSTALL, configure, configure.in: Mention how to configure pam_hpsec on HP-UX to play nicely with sudo. [a7294cd8ce98] 2011-12-07 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Escape values in the search expression as per RFC 4515. [c2adbc5db92b] * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: No need for install target to depend explicitly on install-dirs, the install-foo targets all depend on it. [62a36ed98279] 2011-12-05 Todd C. Miller <[email protected]> * .hgignore: ignore src/sesh [463d492f6782] * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/Makefile.in: Add support for setenv entries in login.conf. We can't use LOGIN_SETENV since the plugin sets up the envp the command is executed with. Also regen the Makefile.in files while here. Fixes bug #527 [088d507926e2] 2011-12-02 Todd C. Miller <[email protected]> * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h, config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, src/net_ifs.c: Add getaddrinfo() for those without it, written by Russ Allbery [4cf9ac831222] * doc/Makefile.in: Restore PACKAGE_TARNAME, it is used in docdir [9d65e893edb1] * MANIFEST, compat/stdbool.h: SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to the MANIFEST [e67700dc5621] * common/atobool.c, common/term.c, src/exec.c: Remove duplicate return statements. [48a20d5215fd] * plugins/sudoers/auth/bsdauth.c: Remove inaccurate comment [e7f0265cf657] * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: Fetch the login class for the user we authenticate specifically when using BSD authentication. That user may have a different login class than what we will use to run the command. When setting the login class for the command, use the target user's struct passwd, not the invoking user's. Fixes bug 526 [21bf0af892f7] * compat/Makefile.in, configure, configure.in, doc/Makefile.in, plugins/sudoers/Makefile.in: Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" [8ee6e0891f27] * plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c: Fix "make check" fallout from the sudo_conv changes in sudo_debug. [b0aaa63c9081] * common/fileops.c, common/sudo_debug.c, configure, configure.in, include/fileops.h, plugins/sample/Makefile.in, plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in, plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/sudo_plugin_int.h, src/utmp.c: Use stdbool.h instead of rolling our own TRUE/FALSE macros. [dcb0bbc42fc9] 2011-12-01 Todd C. Miller <[email protected]> * compat/stdbool.h, config.h.in, configure, configure.in: Add stdbool.h for systems without it. [18bd9dda1dcd] * aclocal.m4, config.h.in, configure, configure.in: No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default includes have unistd.h in them. Add check for socklen_t for upcoming getaddrinfo compat. [d705465bef69] * common/fileops.c, compat/nanosleep.c, config.h.in, configure, configure.in, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c, src/net_ifs.c: Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of HAVE_TIMESPEC and HAVE_IN6_ADDR respectively. [fa187c9bd2be] * src/sudo_noexec.c: No longer need to include time.h here as missing.h does not use time_t. [fa3a089bf5b1] 2011-11-30 Todd C. Miller <[email protected]> * plugins/sudoers/visudo.c: Fix mode on sudoers as needed when the -f option is not specified. [7a1c40b0dc03] * MANIFEST, src/po/sr.mo, src/po/sr.po: Add Serbian translation for sudo from translationproject.org [9a0c25e25cba] * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c, src/parse_args.c: No longer pass debug_file to plugin, plugins must now use CONV_DEBUG_MSG [810cda1abb0b] * mkpkg: Build PIE executables for newer Debian and Ubuntu [1c5f25f8904a] * common/sudo_debug.c: Include time.h for ctime() prototype. [10090cf3bca1] 2011-11-29 Todd C. Miller <[email protected]> * common/sudo_debug.c, include/sudo_debug.h, src/exec.c, src/exec_pty.c: Do not close error pipe or debug fd via closefrom() as we need them to report an exec error should one occur. [732f6587fafa] * doc/sudoers.ldap.pod: Document that a sudoUser may now be a group ID. [2fef46b9d3d3] * plugins/sudoers/ldap.c: Add support for permitting access by group ID in addition to group name. [b9450fdf1f69] * plugins/sudoers/ldap.c: Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() [d62a1e7cff4f] * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE: Replace UCB fnmatch.c with a non-recursive version written by William A. Rowe Jr. [354d3384adb8] * plugins/sudoers/auth/pam.c: Fix typo, return_debug vs. debug_return [1b522efcbb0d] 2011-11-23 Todd C. Miller <[email protected]> * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: Update Japanese sudoers translation from translationproject.org [ec0f2beaad36] * doc/sudoers.pod: Make the env_reset descriptions consistent. [41c056f02688] 2011-11-22 Todd C. Miller <[email protected]> * configure, configure.in: Do multiple expansion when expanding paths to the noexec file, sesh and the plugin directory. Adapted from a diff by Mike Frysinger [d7e16c876c66] * common/Makefile.in: regen [9d729e09c186] 2011-11-21 Todd C. Miller <[email protected]> * .hgignore: Add ignore file; from Mike Frysinger [1fa8d52425f8] * mkdep.pl: no longer save old Makefile.in to .old [378dd2395545] * plugins/sudoers/Makefile.in, src/Makefile.in: regen [769faf517720] * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltversion.m4: Update to libtool 2.4.2 [9dac78d84b4f] 2011-11-18 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers_version.h: Bump grammar version for #include and #includedir relative path support. [82a4f7cd8f71] 2011-11-17 Todd C. Miller <[email protected]> * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add support for relative paths in #include and #includedir [4d6e3bd0c24f] * plugins/sudoers/Makefile.in: Fix install-plugin when shared objects are unsupported or disabled. [cbdd770a7a1b] * plugins/sudoers/goodpath.c: Don't write to sbp if it is NULL [fc438f8e8570] 2011-11-16 Todd C. Miller <[email protected]> * Makefile.in: Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set, only install matching .mo files [c1dc30ab4ebc] 2011-11-13 Todd C. Miller <[email protected]> * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, src/conversation.c: Fix non-dynamic (no dlopen) sudo build. [b0bd3fa925a3] * configure, configure.in: Don't error out if the user specified --disable-shared [cf035dd1e5cc] * common/sudo_debug.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/conversation.c: Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to the debug file. [640c62f83251] * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, plugins/sudoers/sudoers.h: Make sudo_goodpath() return value bolean [fea2d59a6e55] * INSTALL, MANIFEST, configure, configure.in, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c: Remove obsolete securid auth method. [4e54f860214b] * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h: Prefix authentication functions with a "sudo_" prefix to avoid namespace problems. [581d74063ea1] * INSTALL, MANIFEST, config.h.in, configure, configure.in, doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c: Remove the old Kerberos IV support [2e4b4a44209d] 2011-11-12 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: Don't print garbage at the end of the custom lecture. [44bb788fafaa] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add lexer tracing as debug@parser [d850f3f9d414] * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/gram.c, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and <def_data.h> and not "def_data.h" when generating the parser in a build dir. [7da701def753] 2011-11-08 Todd C. Miller <[email protected]> * mkdep.pl, plugins/sudoers/Makefile.in: Better devdir support in mkdep.pl [7dcec57bd155] * plugins/sudoers/Makefile.in: Add devdir before srcdir in include path and fix up dependecies accordingly. [6e9958eca485] * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: #include "gram.h" not <gram.h> and "def_data.h" and not <def_data.h>. [003bdb078a15] * sudo.pp: Mark libexec files as optional. If we build without shared object support, libexec is not used. [4bffcf482219] * src/load_plugins.c: Change Debug sudo.conf setting to take a program name as the first argument. In the future, this will allow visudo and sudoreplay to use their own Debug entries. [cfb8f7e4867c] * src/sudo.c: fix sudo_debug_printf priority [dcb67e965609] * plugins/sudoers/sudoers.c: add missing debug_return_int [d88ec450c592] 2011-11-07 Todd C. Miller <[email protected]> * common/sudo_debug.c, include/error.h, include/sudo_debug.h, plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c: Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR [dcee8efc294f] * doc/UPGRADE: Add missing word in HOME security note. [fd844fdcc1ac] * plugins/sudoers/testsudoers.c: Prevent "testsudoers -d username" from trying to malloc(0). [839126e56e8c] 2011-11-06 Todd C. Miller <[email protected]> * plugins/sudoers/regress/sudoers/test10.in, plugins/sudoers/regress/sudoers/test10.out.ok, plugins/sudoers/regress/sudoers/test10.toke.ok, plugins/sudoers/regress/sudoers/test10.toke.out.ok, plugins/sudoers/regress/sudoers/test11.in, plugins/sudoers/regress/sudoers/test11.out.ok, plugins/sudoers/regress/sudoers/test11.toke.ok, plugins/sudoers/regress/sudoers/test11.toke.out.ok, plugins/sudoers/regress/sudoers/test12.in, plugins/sudoers/regress/sudoers/test12.out.ok, plugins/sudoers/regress/sudoers/test12.toke.ok, plugins/sudoers/regress/sudoers/test13.in, plugins/sudoers/regress/sudoers/test13.out.ok, plugins/sudoers/regress/sudoers/test13.toke.ok, plugins/sudoers/regress/sudoers/test9.in, plugins/sudoers/regress/sudoers/test9.out.ok, plugins/sudoers/regress/sudoers/test9.toke.ok, plugins/sudoers/regress/sudoers/test9.toke.out.ok: Tests for empty sudoers (should parse OK) and syntax errors within a line (should report correct line number) both with and without the trailing newline. [d57c879c4718] * plugins/sudoers/regress/sudoers/test4.out.ok, plugins/sudoers/regress/sudoers/test5.out.ok, plugins/sudoers/regress/sudoers/test7.out.ok, plugins/sudoers/regress/sudoers/test8.out.ok, plugins/sudoers/testsudoers.c: Print line number when there is a parser error. [5444ef6ac6dc] 2011-11-05 Todd C. Miller <[email protected]> * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Keep track of the last token returned. On error, if the last token was COMMENT, decrement sudolineno since the error most likely occurred on the preceding line. Previously we always uses sudolineno-1 which will give the wrong line number for errors within a line. [d661a03a64da] 2011-11-03 Todd C. Miller <[email protected]> * NEWS: update with sudo 1.8.3p1 info [0f79ff31f602] * plugins/sudoers/sudoers.c: Fix crash when "sudo -g group -i" is run. Fixes bug 521 [a3087ae337c4] 2011-10-26 Todd C. Miller <[email protected]> * plugins/sudoers/visudo.c: Make alias_remove_recursive() return TRUE/FALSE as its callers expect and remove two unused arguments. Fixes bug 519. [2ee3b2882844] * plugins/sudoers/regress/visudo/test1.out.ok, plugins/sudoers/regress/visudo/test1.sh: Add regress test for bugzilla 519 [48000ebedf97] * plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_fill.c: Disable warning/error wrapping in regress tests. [373c589ba561] 2011-10-25 Todd C. Miller <[email protected]> * Makefile.in: Do compile-po as part of sync-po so that the .mo files get rebuild automatically when we sync with translationproject.org [83f3cbfc2f33] * plugins/sudoers/Makefile.in: check_addr needs to link with the network libraries on Solaris [322bd70e316e] * plugins/sudoers/match.c: When matching a RunasAlias for a runas group, pass the alias in as the group_list, not the user_list. From Daniel Kopecek. [766545edf141] * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: We need to init the auth system regardless of whether we need a password since we will be closing the PAM session in the monitor process. Fixes a crash in the monitor on Solaris; bugzilla #518 [e82809f86fb3] 2011-10-24 Todd C. Miller <[email protected]> * src/exec.c: Get rid of done: label. If the child exits we still need to close the pty, update utmp and restore the SELinux tty context. [cc127bf48405] 2011-10-22 Todd C. Miller <[email protected]> * common/Makefile.in, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/list.c, common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c, src/ttysize.c, src/utmp.c: Add debug_decl/debug_return (almost) everywhere. Remove old sudo_debug() and convert users to sudo_debug_printf(). [8f3bbf907b67] * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/error.c: Wrap error/errorx and warning/warningx functions with debug statements. Disable wrapping for standalone sudoers programs as well as memory allocation functions (to avoid infinite recursion). [562ed7b5ae8d] * README, config.h.in, configure, configure.in: Add checks for __func__ and __FUNCTION__ and mention that we now require a cpp that supports variadic macros. [314cfe4c5d23] * MANIFEST, common/Makefile.in, common/sudo_debug.c, include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c, src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: New debug framework for sudo and plugins using /etc/sudo.conf that also supports function call tracing. [cded741e9f10] 2011-10-21 Todd C. Miller <[email protected]> * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: Update Japanese sudoers translation from translationproject.org [c24725775e32] 2011-10-12 Todd C. Miller <[email protected]> * configure, configure.in: Override and ignore the --disable-static option. Sudo already runs libtool with -tag=disable-static where applicable and we need non- PIC objects to build the executables. [aff1227b853a] 2011-10-10 Todd C. Miller <[email protected]> * NEWS: Add sudoedit fix [74655c7ccad1] * plugins/sudoers/po/sudoers.pot: regen pot files [28d89a831ed3] * plugins/sudoers/env.c: Ignore set_logname (which is now the default) for sudoedit since we want the LOGNAME, USER and USERNAME environment variables to refer to the calling user since that is who the editor runs as. This allows the editor to find the user's startup files. Fixes bugzilla #515 [6c5dddf5ff05] * plugins/sudoers/pwutil.c: Instead of trying to grow the buffer in make_grlist_item(), simply increase the total length, free the old buffer and allocate a new one. This is less error prone and saves us from having to adjust all the pointers in the buffer. This code path is only taken when there are groups longer than the length of the user field in struct utmp or utmpx, which should be quite rare. [5587dc8cffaf] * src/po/it.mo: Add Italian translation for sudo from translationproject.org [1b3dd886e7e3] * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, src/po/ja.mo, src/po/ja.po: Japanese translation for sudo and sudoers from translationproject.org [c06dd866be6e] 2011-10-07 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: sudoreplay depends on timestr.lo too; from Mike Frysinger [b9e73214b2f1] 2011-10-04 Todd C. Miller <[email protected]> * plugins/sudoers/po/sudoers.pot: Regen sudoers pot file. [019588bafdb3] * NEWS: Update with latest sudo 1.8.3 news [6868042a88e9] * plugins/sudoers/sudoers.c: It appears that LDAP or NSS may modify the euid so we need to be root for the open(). We restore the old perms at the end of sudoers_policy_open(). [2da67a5497ef] * plugins/sudoers/set_perms.c: Better warning message on setuid() failure for the setreuid() version of set_perms(). [07abcfe7bd9a] 2011-09-27 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: Delref auth_pw at the end of check_user() instead of getting a ref twice. [cb665f55e6a5] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c: Make sudo_auth_{init,cleanup} return TRUE on success and check for sudo_auth_init() return value in check_user(). [92631c919356] * plugins/sudoers/auth/sudo_auth.c: Do not return without restoring permissions. [59ef40b6696a] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: regen pot files [9f320a340b7c] * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Modify the authentication API such that the init and cleanup functions are always called, regardless of whether or not we are going to verify a password. This is needed for proper PAM session support. [19a53f3fb596] * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: Add missing dependency for getspwuid.lo and regen other depends. [f7f70eae819a] * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: Fix a PAM_USER mismatch in session open/close. We update PAM_USER to the target user immediately before setting resource limits, which is after the monitor process has forked (so it has the old value). Also, if the user did not authenticate, there is no pamh in the monitor so we need to init pam here too. This means we end up calling pam_start() twice, which should be fixed, but at least the session is always properly closed now. [fbc063a2a872] * src/utmp.c: Add check for old being NULL in utmp_setid(); from Steven McDonald [e87126442f2e] 2011-09-25 Todd C. Miller <[email protected]> * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: If the invoking user cannot be resolved by uid fake the struct passwd and store it in the cache so we can delref it on exit. [a27e2f8b9f5e] 2011-09-24 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Don't error out if the group plugin cannot be loaded, just warn. [0fbfcd381e33] 2011-09-23 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Quiet a false positive found by several static analysis tools. These tools don't know that log_error() does not return (it longjmps to error_jmp which returns to the sudo front-end). [33d0469df21b] 2011-09-22 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po: Add Italian translation for sudo from translationproject.org Regen .mo files [c3c888a82be6] 2011-09-21 Todd C. Miller <[email protected]> * doc/TROUBLESHOOTING: Update to current reality and add bit about ssh auth [184a1e7c2eeb] * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Make "verbose" static; fixes a namespace clash with pam_ssh_agent_auth (and it doesn't need to be extern these days). [cc38d2eb2f4c] * config.h.in, configure, configure.in, src/get_pty.c: FreeBSD has libutil.h not util.h [dab4c94b6d4f] * configure, configure.in: Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD [41c362f0a92a] 2011-09-20 Todd C. Miller <[email protected]> * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po: Update po files from translationproject.org [1e99e147c7fa] 2011-09-16 Todd C. Miller <[email protected]> * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for DEREF in ldap.conf. [3c1937a98547] * Makefile.in: install target should depend on ChangeLog too, not just install-doc [1a7c83941175] * doc/sudoers.pod: Only iolog_file (not iolog_dir) supports mktemp-style suffixes. [0eca47d60a2c] * NEWS: Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. [0501415cc5ff] * doc/UPGRADE: Document group lookup change and possible side effects. [585743e1ebf7] * configure, configure.in: Fix some square brackets in case statements that needed to be doubled up. While here, use $OSMAJOR when it makes sense. [8973343f4696] * plugins/sudoers/pwutil.c: Fix a crash in make_grlist_item() on 64-bit machines with strict alignment. [c89508c73c46] * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: Remove list_options() function that is no longer used now that "sudo -L" is gone. [fcc6a776c135] * configure, configure.in: Error message if user tries --with-CC [ec5b478f813a] * configure, configure.in: Check for -libmldap too when looking for ldap libs, which is the Tivoli Directory Server client library. [bb3007a97206] 2011-09-09 Todd C. Miller <[email protected]> * plugins/sudoers/parse.c: Honor NOPASSWD tag for denied commands too. [8dd92656db92] 2011-09-08 Todd C. Miller <[email protected]> * INSTALL, configure, configure.in: Remove --with-CC option; it doesn't work correctly now that we use libtool. Users can get the same effect by setting the CC environment variable when running configure. [ec22bd1a55e0] 2011-08-31 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, plugins/sudoers/visudo.c, src/sudo_edit.c: Assume all modern systems support fstat(2). [6a5a8985f6a0] 2011-08-30 Todd C. Miller <[email protected]> * compat/regress/glob/globtest.c, config.h.in, configure, configure.in, include/missing.h, plugins/sudoers/sudoers.h, src/sudo.h, src/sudo_noexec.c: Add configure test for missing errno declaration and only declare it ourselves if it is missing. [456e76c809a2] * plugins/sudoers/alias.c: Include errno.h before sudo.h to avoid conflicting with the system definition of errno. [d0b97e392512] 2011-08-29 Todd C. Miller <[email protected]> * plugins/sudoers/regress/parser/check_addr.c: Only print individual check status when there is a failure. [2ac704c91441] * plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/parser/check_addr.c: Add calls to setprogname() for test programs. [a8d9b420e826] * configure, configure.in: Add -Wall and -Werror after all tests so they don't cause failures. [2661188ff3fa] * plugins/sudoers/Makefile.in: Actually run check_addr in the check target [0b2778bc86bf] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, plugins/sudoers/match_addr.c, plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/regress/parser/check_addr.in: Split out address matching into its own file and add regression tests for it. [12b9a2bf8dba] 2011-08-27 Todd C. Miller <[email protected]> * plugins/sudoers/match.c: When matching an address with a netmask in sudoers, AND the mask and addr before checking against the local addresses. [9747bb6d7b1c] 2011-08-26 Todd C. Miller <[email protected]> * plugins/sudoers/match.c: Fix netmask matching. [a3c8f8cc1464] * plugins/sudoers/visudo.c: Don't assume all editors support the +linenumber command line argument, use a whitelist of known good editors. [21d43a91fd10] 2011-08-23 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/sudo.c: Silence compiler warnings on Solaris with gcc 3.4.3 [da620bae6fdb] * mkpkg: Fix building on RHEL 3 [f3227fb2a252] * INSTALL, configure, configure.in: Add --enable-werror configure option. [fec2cdb95543] * common/setgroups.c: setgroups() proto lives in grp.h on RHEL4, perhaps others. [de91c0de5a98] * configure, configure.in: Use PAM by default on AIX 6 and higher. [e16493208e5f] 2011-08-22 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, src/po/eo.po: Add new Esperanto translation from translationproject.org [0d9a59e04c64] 2011-08-19 Todd C. Miller <[email protected]> * plugins/sudoers/iolog_path.c: Quiet an innocuous valgrind warning. [0582b6027161] 2011-08-18 Todd C. Miller <[email protected]> * plugins/sudoers/iolog_path.c, plugins/sudoers/regress/iolog_path/data: Fix expansion of strftime() escapes in log_dir and add a regress test that exhibited the problem. [a5c7c1c4c589] * plugins/sudoers/Makefile.in: Fix "make check" return value. [33b58e175230] 2011-08-17 Todd C. Miller <[email protected]> * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Regen pot files [063841aac19b] * Makefile.in: Fix logic inversion in pot file up to date check. [f6a8ca8654df] 2011-08-15 Todd C. Miller <[email protected]> * configure, configure.in: Add caching for gettext() checks. [01b7200f6105] * configure, configure.in: Better handling of libintl header and library mismatch. [9a49b1d4db69] 2011-08-13 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Also check sudoers gid if sudoers is group writable. [23ef96ca0d33] 2011-08-12 Todd C. Miller <[email protected]> * configure, configure.in: If dlopen is present but libtool doesn't find it, error out since it probably means that libtool doesn't support the system. [a9da0a5f7941] * mkpkg: configure args on the command line should override builtin defaults. Disable NLS for non-Linux/Solaris unless explicitly enabled. [b2fb05614504] * plugins/sudoers/auth/aix_auth.c: Fix loop that calls authenticate(). If there was an error message from authenticate(), display it. [063a0c4f0b9a] 2011-08-11 Todd C. Miller <[email protected]> * m4/libtool.m4, m4/ltversion.m4: Update to autoconf 2.68 and libtool 2.4 [5a912a6eb67b] * config.guess, config.sub, configure, configure.in, ltmain.sh: Update to autoconf 2.68 and libtool 2.4 [931ab56aecf6] * doc/sudoers.pod: Fix typo; OPT should be OTP [e97bd2e46544] * plugins/sudoers/Makefile.in: Rename libsudoers convenience library to libparsesudoers to avoid libtool confusion. [2a89a613f537] 2011-08-10 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: Add Danish sudoers translation from translationproject.org [27b96e85eb13] * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: Add dedicated callback function for runas_default sudoers setting that only sets runas_pw if no runas user or group was specified by the user. [b8382d8eea34] 2011-08-09 Todd C. Miller <[email protected]> * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo, src/po/ru.po: Update Finish, Polish, Russian and Ukrainian translations from translationproject.org. [f9339aff664e] * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: Go back to using a callback for runas_default to keep runas_pw in sync. This is needed to make per-entry runas_default settings work with LDAP-based sudoers. Instead of declaring it a callback in def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a bit naughty, but avoids requiring stub functions in visudo and the tests. [9aaefb908415] 2011-08-05 Todd C. Miller <[email protected]> * Makefile.in: Add check for out of date message catalogs when doing "make dist". [e45a29b612f4] 2011-08-02 Todd C. Miller <[email protected]> * configure: regen [d6f9ad26774a] * configure.in: Make sure compiler supports static-libgcc before using it. [b01bd9566e50] 2011-08-01 Todd C. Miller <[email protected]> * src/Makefile.in: Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc [c99c7ab3edef] 2011-07-30 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po, src/po/zh_CN.mo: Add new Russian sudo translation from translationproject.org and rebuild the other translation files. [e20015459056] 2011-07-29 Todd C. Miller <[email protected]> * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po: Update Finish and Polish translations from translationproject.org [4e3dbba4a1de] * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: Go back to escaping the command args for "sudo -i" and "sudo -s" before calling the plugin. Otherwise, spaces in the command args are not treated properly. The sudoers plugin will unescape non- spaces to make matching easier. [dfa2c4636f33] 2011-07-28 Todd C. Miller <[email protected]> * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c, plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix some potential problems found by the clang static analyzer, none serious. [ff64aa74aae6] * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, src/po/zh_CN.po: Updated Ukranian and Chinese (simplified) po files from translationproject.org [ec792becb48e] 2011-07-27 Todd C. Miller <[email protected]> * plugins/sudoers/po/pl.po: Updated Polish translation from translationproject.org [a3af53cb649c] * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Rebuild pot files [c650524c0f0a] * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c: Don't try to audit failure if the runas user does not exist. We don't have the user's command at this point so there is nothing to audit. Add a NULL check in audit_success() and audit_failure() just to be on the safe side. [2a0007c2022f] * mkpkg: Add -g to CFLAG for PIE builds. [32a0a9693c9c] 2011-07-25 Todd C. Miller <[email protected]> * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: Remove fallback to per-group lookup when matching groups in sudoers. The sudo front-end will now use getgrouplist() to get the user's list of groups if getgroups() fails or returns zero groups so we always have a list of the user's groups. For systems with mbr_check_membership() which support more that NGROUPS_MAX groups (Mac OS X), skip the call to getgroups() and use getgrouplist() so we get all the groups. [51b3ed8c600b] 2011-07-22 Todd C. Miller <[email protected]> * common/setgroups.c: Fix setgroups() fallback code on EINVAL. [2b6faecd56a4] * plugins/sudoers/set_perms.c: Fix two PERM_INITIAL cases that were still using user_gids. [9680bab0acc6] * MANIFEST: Add Polish sudo message catalog [8bb40c3ba576] * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: user_group is no longer used, remove it [9acede0fe6c5] 2011-07-20 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po: Add Polish translation from translationproject.org [afac5c638573] * MANIFEST, common/Makefile.in, common/setgroups.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h, src/sudo_edit.c: Add a wrapper for setgroups() that trims off extra groups and retries if setgroups() fails. Also add some missing addrefs for PERM_USER and PERM_FULL_USER. [224dfd8aae5c] * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in, configure, configure.in, include/missing.h, mkdep.pl, plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: Instead of keeping separate groups and gids arrays, create struct group_info and use it to store both, along with a count for each. Cache group info on a per-user basis using getgrouplist() to get the groups. We no longer need special to special case the user or list user for user_in_group() and thus no longer need to reset the groups list when listing another user. [0ad849a8b2d5] * src/preload.c: Don't rely on NULL since we don't include a header for it. [b40937f1890c] 2011-07-19 Todd C. Miller <[email protected]> * doc/sudoers.pod: Fix typo [c1035360e169] 2011-07-18 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Do not shadow global sudo_mode with a local variable in set_cmnd() [0c72969503ad] 2011-07-17 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: bash 2.x doesd not support the -l flag and exits with an error if it is specified so use --login instead. This causes an error with bash 1.x (which uses -login instead) but this version is hopefully less used than 2.x. [5c4c296e30e6] * src/po/pl.mo, src/po/pl.po: Add Polish translation from translationproject.org [48592dd6edcf] 2011-07-13 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c: Make error strings translatable. [414c5c484768] * mkpkg: Only run configure with --with-pam-login for RHEL 5 and above. [6c16e4de4026] * sudo.pp: Fix typo in summary [9ac618c9a749] 2011-07-11 Todd C. Miller <[email protected]> * plugins/sudoers/logwrap.c: Add missing logwrap.c [c12a413ecc1d] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/regress/logging/check_wrap.c, plugins/sudoers/regress/logging/check_wrap.in, plugins/sudoers/regress/logging/check_wrap.out.ok: Split out log file word wrap code into its own file and add unit tests. Fixes an off-by one in the word wrap when the log line length matches loglinelen. [52ed277f6690] 2011-07-05 Todd C. Miller <[email protected]> * mkpkg: For SuSE, only use /usr/lib64 as libexec if generating 64-bit binaries. [645ab903cf77] * src/load_plugins.c, src/sudo.c: Fix build error when --without-noexec configure option is used. [b994f7b0d8b4] * configure, configure.in: Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3 and above. [c2a6f9b472f3] 2011-07-01 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Resolve the list of gids passed in from the sudo frontend (the result of getgroups()) to names and store both the group names and ids in the sudo_user struct. When matching groups in the sudoers file, match based on the names in the groups list first and only do a gid-based match when we absolutely have to. By matching on the group name (as it is listed in sudoers) instead of id (which we would have to resolve) we save a lot of group lookups for sudoers files with a lot of groups in them. [8dc19353f148] 2011-06-26 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Workaround for "sudo -i command" and newer versions of bash which don't go into login mode when -c is specified unless -l is too. [9393762b80f3] 2011-06-23 Todd C. Miller <[email protected]> * plugins/sudoers/logging.c: Rewrite logfile word wrapping code to be more straight-forward and actually wrap at the correct place. [f712a0c90f55] 2011-06-22 Todd C. Miller <[email protected]> * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c: Set use_pty=true in command details when use_pty is set in sudoers. From Ludwig Nussel [8d95a163dfc1] 2011-06-20 Todd C. Miller <[email protected]> * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: Sync Chinese (simplified) PO files from translationproject.org [acce8eb7be18] 2011-06-18 Todd C. Miller <[email protected]> * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo: Add Danish translation from translationproject.org and add missing Basque mo files. [0c22bb21b9c4] * Makefile.in, configure, configure.in: No longer need to specify LINGUAS in configure, "make install-nls" now just installs all the .mo files it finds. [fcd45cf04885] 2011-06-17 Todd C. Miller <[email protected]> * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod: Build CONTRIBUTORS from newly-added contributors.pod [8b192f2720f4] * doc/CONTRIBUTORS: Rework the wording in the leading paragraph [312044145cdd] 2011-06-14 Todd C. Miller <[email protected]> * MANIFEST, doc/CONTRIBUTORS: Add a CONTRIBUTORS file with the names of folks who have contributed code or patches to sudo since I started maintaining it (plus the original authors). [b8bdd8b59528] 2011-06-13 Todd C. Miller <[email protected]> * plugins/sudoers/env.c: Preserve SHELL variable for "sudo -s". Otherwise we can end up with a situation where the SHELL variable and the actual shell being run do not match. [b8b3974aee3e] 2011-06-10 Todd C. Miller <[email protected]> * configure, configure.in: Only enable Solaris project support when setproject() is present in libproject. [49ad7857ab89] * sudo.pp: Explicitly set mode and owner of /etc/sudoers instead of relying on "cp -p" to work in the postinstall script. On AIX 6.1 at least the postinstall script runs before the final file permissions are set. [e41ffc0212b2] 2011-06-09 Todd C. Miller <[email protected]> * doc/sudo.pod, doc/sudoers.pod: Refer the user to the "Command Environment" section in description of sudo's -i option. [263cc3be7eef] * doc/sudo.pod: Fix typo [35dfac450f4d] 2011-06-08 Todd C. Miller <[email protected]> * mkdep.pl: If there is no old dependency for an object file, use the MANIFEST to find its source. [d15e3b9899f9] * compat/Makefile.in: Remove dependency for getgrouplist.lo as we don't ship that source file. [312a6d5fe6b0] 2011-06-07 Todd C. Miller <[email protected]> * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Do not declare yyparse() static as the actual function generated by yacc is extern. [9017b79dcf55] 2011-06-06 Todd C. Miller <[email protected]> * Makefile.in: Remove locale files in "make uninstall" [201ff261ecbe] * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, plugins/sudoers/po/uk.po, src/po/eu.po: Add Basque translation and sync Finish and Ukranian translations. [66d2c78c8a13] * configure, configure.in: FreeBSD no longer needs the main sudo binary to link with -lpam now that plug-ins are loaded with RTLD_GLOBAL. [96c710df2457] * plugins/sudoers/group_plugin.c, src/load_plugins.c: Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes problems with pam modules not having access to symbols provided by libpam on some platforms. Affects FreeBSD and SLES 10 at least. [0d016983ec84] * Makefile.in: Move xgettext invocation out of update-po target into update-pot [19a73c6d017c] 2011-06-04 Todd C. Miller <[email protected]> * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: Regenerate .pot files for 1.8.2rc2 [c3037f591dd8] * Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Move nls targets to the top level Makefile so the paths in the pot file are saner [65b9285cd8d9] * src/po/fi.mo: Add compiled version of sudo Finish translation [8f2405384ea3] * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo: Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo files [a165e70fa9ec] * configure, configure.in, plugins/sudoers/po/fi.po: Add Finish translation from translationproject.org [4466f8a96ceb] 2011-06-03 Todd C. Miller <[email protected]> * doc/sudoers.pod: The group named by exempt_group should not have a % prefix. [df084d6b32c8] 2011-06-01 Todd C. Miller <[email protected]> * doc/sudoers.pod: Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" [5113699a3f8b] 2011-05-31 Todd C. Miller <[email protected]> * src/exec.c, src/exec_pty.c: Fix compressed io log corruption in background mode by using _exit() instead of exit() to avoid flushing buffers twice. Improved background mode support. When not allocating a pty, the command is run in its own process group. This prevents write access to the tty. When running in a pty, stdin is not hooked up and we never read from /dev/tty, which results in similar behavior. [87c15149894c] * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: Clean up regress files Generate proper dependencies for regress objs in compat [88bfc728c1e7] * plugins/sudoers/Makefile.in: Add missing dependency for check_fill.o. [0bd6362e3e17] 2011-05-29 Todd C. Miller <[email protected]> * INSTALL, configure, configure.in: Add support for --enable-nls[=location] [b90db44a050f] 2011-05-28 Todd C. Miller <[email protected]> * plugins/sudoers/linux_audit.c: Include gettext.h [7f909a6e48cb] * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: Quiet gcc warnings. [b41a6cdca583] * configure, configure.in: Don't install .mo files if gettext was not found. [1397b34cc165] 2011-05-27 Todd C. Miller <[email protected]> * src/exec.c: Always allocate a pty when running a command in the background but call setsid() after forking to make sure we don't end up with a controlling tty. [b6454ba172e8] * plugins/sudoers/iolog.c: Add missing space between command name and the first command line argument. [fe217f0a36d4] * plugins/sudoers/sudoreplay.c: Quiet a compiler warning on some platforms. [de9f2849f236] * plugins/sudoers/po/README, src/po/README: README file that directs people to translationproject.org [30c0fc323281] * plugins/sudoers/po/uk.po, src/po/fi.po: Sync translations with TP [1d7d64559cba] * Makefile.in: Add 'sync-po' target to top-level Makefile to rsync the po files from translationproject.org. [20508211aaa3] * plugins/sudoers/Makefile.in: install nls files from install target [5fc07b6cab38] * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp: Include .mo files in sudo binary packags. [278d4821a916] * configure, configure.in, plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: Add simplified chinese translation [2b33ffc755b9] 2011-05-26 Todd C. Miller <[email protected]> * configure, configure.in, plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po: Add ukranian translation [2d8102688e93] * compat/Makefile.in: refer to siglist.c, not ./siglist.c since not all makes will treat foo and ./foo the same. [6639d293ffba] * plugins/sudoers/sudoers.c: Set def_preserve_groups before searching for the command when the -P flag is specified. [0edc7942f875] * Makefile.in, compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: Add dependency for siglist.lo in compat. This is a generated file so "make depend" needs to depend on it. [28d0932f8b50] * compat/Makefile.in: More dependency fixes. [aad0d05cd020] * compat/Makefile.in: Fix a few dependencies. [eb21aa35a032] * plugins/sudoers/Makefile.in, src/Makefile.in: Place compiled mo files in the src dir, not the build dir. When installing compiled mo files, display a status message. [e15634c29cd3] 2011-05-25 Todd C. Miller <[email protected]> * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Tivoli Directory Server requires that seconds be present in a timestamp, even though RFC 4517 states that they are optional. [55fe23dd4ef9] * plugins/sudoers/sudo_nss.h: Add missing bit of copyright [d2eba3c364ca] * doc/visudo.pod: Mention cycle detection warnings [a76bef15ab67] * plugins/sudoers/visudo.c: When checking aliases, also check the contents of the alias in case there are problems with an alias that is referenced inside another. Replace the self reference check with real alias cycle detection. [a66c904cf53b] * plugins/sudoers/alias.c: Set errno to ELOOP in alias_find() if there is a cycle. Set errno to ENOENT in alias_find() and alias_remove() if the entry could not be found. [b4f0b89e433c] * plugins/sudoers/visudo.c: Increment alias_seqno before calls to alias_remove_recursive() to avoid false positives with the alias loop detection. Fixes spurious warnings about unused aliases when they are nested. [a344483b8193] * MANIFEST: add mkdep.pl [86b7ed33eab2] * plugins/sudoers/Makefile.in: Add dependency on convenience libs to binaries [cd3078b3c997] * Makefile.in: mkdep.pl only works when run from the src dir [f35a5e47c944] * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Auto-generate Makefile dependencies with a perl script. [a3e4afcd7975] 2011-05-23 Todd C. Miller <[email protected]> * plugins/sudoers/match.c: If the user specifies a runas group via sudo's -g option that matches the runas user's group in the passwd database and that group is not denied in the Runas_Spec, allow it. Thus, if user root's gid in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if no groups are present in the Runas_Spec. [e3f9732dc564] 2011-05-22 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in, src/Makefile.in: Add dependencies on gettext.h [a3a9dc51f78b] * plugins/sudoers/Makefile.in, src/Makefile.in: Fix install-nls target with HP-UX sh when gettext is not present. [0c6b9655cd41] 2011-05-20 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: regenerate .pot files for lbuf changes [918ded125a0b] * configure, configure.in: Add missing "checking" message for gettext when using the cache. [9c21187ad1d2] * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, src/parse_args.c: Add primitive format string support to the lbuf code to make translations simpler. [ee71c7ef5299] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: Add message catalog template files for sudo and the sudoers module. [f3f8acb1f014] * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c, config.h.in, configure.in, doc/Makefile.in, include/gettext.h, plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h: Add gettext.h convenience header. This is similar to but distinct from the one included with the gettext package. [930a0591f73c] 2011-05-19 Todd C. Miller <[email protected]> * configure, configure.in: Add checks for nroff -c and -Tascii flags [19ca990b3149] * configure, configure.in: Add check for HP bundled C Compiler (which cannot create shared libs) [517716a7072d] * plugins/sudoers/sudoreplay.c: Fix C format warnings. [6514326013fa] * include/error.h: Add __printflike [e1749a30a406] * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/parse_args.c: Translate help / usage strings. [ee1cc9b1a8bd] * plugins/sudoers/Makefile.in, src/Makefile.in: Set --msgid-bugs-address to the bugzilla url [5a0aa250ca21] * Makefile.in, common/Makefile.in, compat/Makefile.in, configure, configure.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Add scaffolding to update .po files and install .mo files. [f05f4eed1fe1] * doc/license.pod: update copyright year [fa0c62523875] * INSTALL, README: No need to include version number at the top of these files. [9f2981325351] 2011-05-18 Todd C. Miller <[email protected]> * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: Minor warning/error cleanup [9236dc85aeab] * config.h.in, configure.in: Emulate ngettext for the non-nls case [13571d63fa36] * plugins/sudoers/ldap.c: Do not mark untranslatable strings for translation [735f5d4413fe] * plugins/sudoers/check.c: Use ROOT_UID not 0. [09a268db8da4] * plugins/sudoers/check.c, plugins/sudoers/iolog.c, plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c, src/load_plugins.c, src/sudo.c, src/sudo_edit.c: Minor warning/error message cleanup [3c7b1a7939b5] * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/net_ifs.c, src/selinux.c: cannot -> "unable to" in warning/error messages [31c3897649e9] * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.c, src/utmp.c: can't -> "unable to" in warning/error messages [127b75f15291] * configure, configure.in: FreeBSD needs the main sudo executable to link with -lpam when loading dynaic pam modules for some reason. [944522cc9bef] 2011-05-17 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c: We don't want to translate debugging messages. [56a1a365815a] * configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/Makefile.in, src/sesh.c, src/sudo.c: Add calls to bindtextdomain() and textdomain() Currently there are two domains, one for the sudo front-end and one for the sudoers plugin and its associated utilities. [0426138f789e] * configure, configure.in: Fix caching of libc gettext check. [942142d2c43a] * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c, plugins/sudoers/mkdefaults: Mark defaults descriptions for translation [5b27f018e6cf] * NEWS: Update for sudo 1.8.1p2 [747c4dee2ca7] 2011-05-16 Todd C. Miller <[email protected]> * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Quiet compiler warning when SELinux is enabled. [1fbf77dda240] * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, src/error.c, src/net_ifs.c, src/sesh.c: Add missing includes of libintl.h. [bc1d66316082] * plugins/sudoers/auth/pam.c: Fix gettext marker. [a5cf4ed66c66] * common/aix.c, common/alloc.c, compat/strsignal.c, plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h: Include libint.h where needed. [2b0e5a663c7b] * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: Prepare sudoers module messages for translation. [7212ae1909c5] * plugins/sudoers/sudoers.c: Only check gid of sudoers file if it is group-readable. [50e3bc0cb242] * plugins/sudoers/auth/aix_auth.c: For AIX, keep calling authenticate() until reenter reaches 0. [e240815b74b1] 2011-05-09 Todd C. Miller <[email protected]> * configure, configure.in: Cache the status of the initial gettext() check. [32751ebe1704] * INSTALL, configure, configure.in: Add --disable-nls flag and improve checks for gettext. [c7e6b17052de] * configure, configure.in: When building with gcc on HP-UX, use -march=1.1 to produce portable binaries on a pa-risc2 host. Previously, the +Dportable option was used for the HP-UX C compiler but gcc always produced native binaries. [8f4c749324d7] 2011-05-06 Todd C. Miller <[email protected]> * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c, src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/utmp.c: Prepare sudo front end messages for translation. [2fc2fabceccb] 2011-05-04 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c: Add initial scaffolding to support localization via gettext() [7d47b59fcf95] * compat/fnmatch.h, compat/glob.h: Don't let the fnmatch/glob macros expand the function prototype. [a9014aa0288e] 2011-05-03 Todd C. Miller <[email protected]> * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h: Resolve namespace collisions on HP-UX ia64 and possibly others by adding a rpl_ prefix to our fnmatch and glob replacements and #defining rpl_foo to foo in the header files. [caa9b690a15d] 2011-04-29 Todd C. Miller <[email protected]> * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Split ALL, ROLE and TYPE into their own actions. Since you can only have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in the non-SELinux case. This is safe because the actions are in one big switch() statement. [7473fc2cfa2c] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. [9be3480c2865] 2011-04-27 Todd C. Miller <[email protected]> * doc/UPGRADE, doc/sudoers.pod: askpass moved from sudoers to sudo.conf in sudo 1.8.0 [b2c2956cec4e] * doc/sudoers.pod: Remove obsolete warning about runas_default and ordering. Move syslog facility and priority lists into the section where the relevant options are described. [e57b8dc3f779] 2011-04-26 Todd C. Miller <[email protected]> * plugins/sudoers/auth/sia.c: Fix SIA support; we no longer have access to the real argc and argv so allocate space for a fake one and use the argv passed to the plugin with "sudo" for argv[0]. [1c0552772ad2] 2011-04-23 Todd C. Miller <[email protected]> * src/net_ifs.c: Remove useless realloc when trying to get the buffer size right. [792225380a62] * plugins/sudoers/set_perms.c: Be explicit when setting euid to 0 before call to setreuid(0, 0) [7bfeb629fccb] 2011-04-18 Todd C. Miller <[email protected]> * configure, configure.in: Need to do checks for krb5_verify_user, krb5_init_secure_context and krb5_get_init_creds_opt_alloc regardless of whether or not krb5-config is present. [9d1b98ece1d3] 2011-04-15 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c: Work around weird AIX saved uid semantics on setuid() and setreuid(). On AIX, setuid() will only set the saved uid if the euid is already 0. [069fc08150ca] 2011-04-14 Todd C. Miller <[email protected]> * sudo.pp: update copyright year [1c42d579ba6e] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Treat a missing includedir like an empty one and do not return an error. [92f71d8cbfd4] 2011-04-12 Todd C. Miller <[email protected]> * pp: Fix ARCH setting in cross-compile Solaris packages. [b0de281cc889] * sudo.pp: Fix aix version setting. [98437dbfb085] * plugins/sudoers/ldap.c: Remove extraneous parens in LDAP filter when sudoers_search_filter is enabled that causes a search error. From Matthew Thomas. [1d75bf1fc8d9] 2011-04-11 Todd C. Miller <[email protected]> * plugins/sudoers/regress/iolog_path/check_iolog_path.c: Correct sizeof() to fix test failure. [fd2f7c0c0572] * plugins/sudoers/Makefile.in: "install" target should depend on "install-dirs". Fixes "make -j" problem and closes bz #487. From Chris Coleman. [083902d38edb] 2011-04-07 Todd C. Miller <[email protected]> * config.h.in: Add HAVE_RFC1938_SKEYCHALLENGE [a94cb33758a8] 2011-04-06 Todd C. Miller <[email protected]> * NEWS: Mention plugin loading and libgcc changes [e11b30b5026a] * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: Load plugins after parsing arguments and potentially printing the version. That way, an error loading or initializing a plugin doesn't break "sudo -h" or "sudo -V". [1b76f2b096a2] * Makefile.in: When using a sub-shell to invoke the sub-make, exec make instead of running it inside the shell to avoid an extra process. [fd2c04a71fbf] * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c: Stop testing unspecified behavior in fnmatch Make glob test more portable [229803093725] * compat/Makefile.in: No need to add current dir to include path and having it breaks the test programs that expect to get the system glob.h and fnmatch.h [68085f624be4] * INSTALL, configure, configure.in: Fix and document --with-plugindir; partially from Diego Elio Petteno [07edc52ea89e] * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: Fix fnmatch and glob tests to not use hard-coded flag values in the input file. Link test programs with libreplace so we get our replacement verions as needed. [c2cca448f660] * Makefile.in: If make in a subdir fails, fail the target in the upper level Makefile too. Adapted from a patch from Diego Elio Petteno [76fc9a0d96fd] * configure, configure.in, plugins/sudoers/auth/rfc1938.c: Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also has this. Adapted from a patch from Diego Elio Petteno [a97279a59b93] * plugins/sudoers/Makefile.in: Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ directly. [47b884029b3b] * configure, configure.in: Fix warnings when -without-skey, --without-opie, --without-kerb4, --without-kerb5 or --without-SecurID were specified. [71ad150f4d24] * MANIFEST: Add plugins/sudoers/sudoers_version.h [7423966de440] * configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: Back out the --with-libpath addition to SUDOERS_LDFLAGS since that now include LDFLAGS in the sudoers Makefile.in. Add missing settng of @LDFLAGS@ in plugin Makefile.in files. [b835826f889c] 2011-04-05 Todd C. Miller <[email protected]> * NEWS: Mention %#gid support in User_List and Runas_List [5a983dff017a] * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h, plugins/sudoers/visudo.c: Keep track of sudoers grammar version and report it in the -V output. [52901a3c0296] * plugins/sudoers/sudo_nss.h: Add multiple inclusion guard [50853aed046e] * configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: The --with-libpath option now adds to SUDOERS_LDFLAGS as well as LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and set it to -Wc,-static-libgcc if not using GNU ld so we don't have a dependency on the shared libgcc in sudoers.so. [66ad8bc5e32d] * doc/sudoers.pod: Fix typo; from Petr Uzel [f9a7afd80892] 2011-04-01 Todd C. Miller <[email protected]> * plugins/sudoers/testsudoers.c: In dump-only mode, use "root" as the default username instead of "nobody" as the latter may not be available on all systems. [0c48e6414337] 2011-03-31 Todd C. Miller <[email protected]> * plugins/sudoers/testsudoers.c: Remove NewArgv/NewArgc, they are no longer needed. [16e18f734c7e] * plugins/sudoers/testsudoers.c: Fix setting of user_args [aa29e0d0a54a] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add '!' token to lex tracing [5227ad266235] * plugins/sudoers/regress/testsudoers/test1.sh: Use group bin in test, not wheel as most systems have the bin group but the same is no longer true of wheel. [718802b3b45e] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Avoid using pre or post increment in a parameter to a ctype(3) function as it might be a macro that causes the increment to happen more than once. [78e281152c3a] 2011-03-30 Todd C. Miller <[email protected]> * sudo.pp: Strip off the beta or release candidate version when building AIX packages. [28fe31668559] * configure, configure.in: We need to include OSDEFS in CFLAGS when doing the utmp/utmpx structure checks for glibc which only has __e_termination visible when _GNU_SOURCE is *not* defined. [59ae1698911f] * common/aix.c: getuserattr(user, ...) will fall back to the "default" entry automatically, there's no need to check "default" manually. [3c7a47a61fdb] 2011-03-29 Todd C. Miller <[email protected]> * doc/UPGRADE: Document parser changes. [ec415503308d] * Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: If there is an existing sudoers file, only install if it passes a syntax check. [37427c73e8cb] * plugins/sudoers/regress/sudoers/test6.out.ok, plugins/sudoers/testsudoers.c: Add runasgroup support to testsudoers [047ea5571f33] * plugins/sudoers/Makefile.in: For "make check", keep going even if a test fails. [ce6a0a73c372] * plugins/sudoers/testsudoers.c: More useful exit codes: * 0 - parsed OK and command matched. * 1 - parse error * 2 - command not matched * 3 - command denied [1d2ce1361903] * doc/sudoers.pod: Document %#gid, and %:#nonunix_gid syntax. [492d4f9696c4] * plugins/sudoers/pwutil.c: Add support to user_in_group() for treating group names that begin with a '#' as gids. [20240c94a134] * config.h.in, configure, configure.in, src/utmp.c: Add explicit check for struct utmpx.ut_exit.e_termination and struct utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update ut_exit if we detect one or the other. [b4e8cab777e6] 2011-03-28 Todd C. Miller <[email protected]> * plugins/sudoers/toke.c: Add back missing #include of config.h [9ab3897a1b2e] * plugins/sudoers/iolog_path.c, plugins/sudoers/regress/iolog_path/data: Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like strftime() does. [93395762cdcd] * aclocal.m4: Quote first argument to AC_DEFUN(); from Elan Ruusamae [97f53ad31d77] 2011-03-27 Todd C. Miller <[email protected]> * MANIFEST: add new sudoers tests [476af91b3da3] * plugins/sudoers/regress/sudoers/test8.in, plugins/sudoers/regress/sudoers/test8.out.ok, plugins/sudoers/regress/sudoers/test8.toke.ok: Add test for a newline in the middle of a string when no line continuation character is used. [de2394bc86ab] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Use bitwise AND instead of modulus to check for length being odd. A newline in the middle of a string is an error unless a line continuation character is used. [bdb1d762a1d5] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Move lexer globals initialization into init_lexer. [1ce62211aadb] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix a potential crash when a non-regular file is present in an includedir. Fixes bz #452 [1586760c3525] * pp: On some Linux systems, "uname -p" contains detailed processor info so check "uname -m" first and then "uname -p" if needed. Recognize PLD Linux. [b8535cb9012e] 2011-03-25 Todd C. Miller <[email protected]> * plugins/sudoers/redblack.c: Don't need all sudoers.h here. [8c0929f42dab] * src/sudo.c: Print sudo version early, in case policy plugin init fails. [47cddc4358bc] 2011-03-24 Todd C. Miller <[email protected]> * plugins/sudoers/regress/sudoers/test4.toke.ok: Update to match change in input. [4a3af8e68790] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Make an empty group or netgroup a syntax error. [66f51ddc2ff6] * plugins/sudoers/regress/sudoers/test7.in, plugins/sudoers/regress/sudoers/test7.out.ok, plugins/sudoers/regress/sudoers/test7.toke.ok: An empty group or netgroup should be a syntax error. [bd5bf1e2edce] * plugins/sudoers/regress/sudoers/test6.in, plugins/sudoers/regress/sudoers/test6.out.ok, plugins/sudoers/regress/sudoers/test6.toke.ok: Check that uids work in per-user and per-runas Defaults Check that uids and gids work in a Command_Spec [c5e848e6082b] * plugins/sudoers/regress/sudoers/test5.in, plugins/sudoers/regress/sudoers/test5.out.ok, plugins/sudoers/regress/sudoers/test5.toke.ok: Test empty string in User_Alias and Command_Spec [3a084d777e03] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Allow a group ID in the User_Spec. [bc2859eb71dc] 2011-03-23 Todd C. Miller <[email protected]> * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Return an error for the empty string when a word is expected. Allow an ID for per-user or per-runas Defaults. [915c259b00ff] * plugins/sudoers/testsudoers.c: Fix printing "User_Alias FOO = ALL" [ba58c3d548b3] 2011-03-22 Todd C. Miller <[email protected]> * src/parse_args.c: Better error message about invalid -C argument [c9a8d15bbf5d] * NEWS: fix typo [cdcfbafed013] * doc/sudoers.pod: Fix placement of equal size ('=') in user specification summary. [5ad7178b230d] 2011-03-21 Todd C. Miller <[email protected]> * MANIFEST: update to match sudoers regress [e04db0648717] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Restore ability to define TRACELEXER and have trace output go to stderr. [d9531e4d1b20] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Restore old behavior of setting sawspace = TRUE for command line args when a line continuation character is hit to avoid causing problems for existing sudoers files. [fd930ad25550] * plugins/sudoers/regress/sudoers/test4.in, plugins/sudoers/regress/sudoers/test4.out.ok, plugins/sudoers/regress/sudoers/test4.toke.ok: Add test for line continuation and aliases [29ab538ca6bb] * plugins/sudoers/Makefile.in: Make test output line up nicely for parse vs. toke [257ef82c1434] * plugins/sudoers/Makefile.in, plugins/sudoers/regress/sudoers/test1.in, plugins/sudoers/regress/sudoers/test1.out.ok, plugins/sudoers/regress/sudoers/test1.toke.ok, plugins/sudoers/regress/sudoers/test2.in, plugins/sudoers/regress/sudoers/test2.out.ok, plugins/sudoers/regress/sudoers/test2.toke.ok, plugins/sudoers/regress/sudoers/test3.in, plugins/sudoers/regress/sudoers/test3.out.ok, plugins/sudoers/regress/sudoers/test3.toke.ok, plugins/sudoers/regress/testsudoers/test1.ok, plugins/sudoers/regress/testsudoers/test1.out.ok, plugins/sudoers/regress/testsudoers/test1.sh, plugins/sudoers/regress/testsudoers/test2.out, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/testsudoers/test3.ok, plugins/sudoers/regress/testsudoers/test3.sh, plugins/sudoers/regress/visudo/test1.ok, plugins/sudoers/regress/visudo/test1.sh: Move parser tests to sudoers directory and test the tokenizer output too. [44f529b3cdb6] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: If we match a rule anchored to the beginning of a line after parsing a line continuation character, return an ERROR token. It would be nicer to use REJECT instead but that substantially slows down the lexer. [355478293f8c] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l: Move LEXTRACE macro to toke.h so we can use it in yyerror(). [72ee7a06d3ca] 2011-03-20 Todd C. Miller <[email protected]> * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l: Make lex tracing settable at run-time in testsudoers via the -t flag. Trace output goes to stderr. Will be used by regress tests to check lexer. [93bd53c413c8] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Allow whitespace after the modifier in a Defaults entry. E.g. "Defaults: username set_home" [9dfcf8dd8a3a] 2011-03-18 Todd C. Miller <[email protected]> * mkpkg: Don't set CC when cross-compiling. [4b95b0c04e1c] * NEWS: Credit Matthew Thomas for the sudoers_search_filter changes. [a65998ab09f7] * MANIFEST: Add the .sym files to the MANIFEST [f599225cc861] * NEWS: Update for sudo 1.8.1 beta [71021e854c49] * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c: user_shell -> run_shell to avoid confusion with the user's SHELL variable. [dc0ac6dafc21] * src/exec_pty.c: Save the controlling tty process group before suspending in pty mode. Previously, we assumed that the child pgrp == child pid (which is usually, but not always, the case). [10b2883b7875] * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for sudoers_search_filter setting in ldap.conf. This can be used to restrict the set of records returned by the LDAP query. [b0f1b721d102] 2011-03-17 Todd C. Miller <[email protected]> * configure, configure.in: Remove the hack to disable -g in CFLAGS unless --with-devel [89822cf84ef4] * doc/sudoers.pod: The '@' character does not normally need to be quoted. [7823f5ed829a] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: We normaly transition from GOTDEFS to STARTDEFS on whitespace, but if that whitespace is followed by a comma, we want to treat it as part of a list and not transition. [1ca6943e1824] * plugins/sudoers/regress/testsudoers/test3.ok, plugins/sudoers/regress/testsudoers/test3.sh: Add check for whitespace when a User_List is used for a per-user Defaults entry. [91f75e6dd19a] * plugins/sudoers/regress/testsudoers/test2.out, plugins/sudoers/regress/testsudoers/test2.sh: Expand quoted name checks to cover recent fixes. [ce4f76bca146] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Fix parsing of double-quoted names in Defaultd and Aliases which was broken in 601d97ea8792. [424b0d6c1dc4] * plugins/sudoers/Makefile.in: toke_util.c lives in $(srcdir) not $(devdir) [94866bebee83] 2011-03-16 Todd C. Miller <[email protected]> * configure, configure.in: Change trunk version to 1.8.x to distinguish from real 1.8.0. [a9781e61d064] * NEWS, doc/UPGRADE: Document major changes in 1.8.1 and add upgrade notes. [f2cf51b0d9ce] * plugins/sudoers/match.c: Be careful not to deref user_stat if it is NULL. This cannot currently happen in sudo but might in other programs using the parser. [06a2334dd674] * mkpkg: configure will not add -O2 to CFLAGS if it is already defined to add -O2 to the CFLAGS we pass in when PIE is being used. [1ce6481ece59] * doc/sudoers.pod: Warn about the dangers of log_input and mention iolog_file and iolog_dir in the log_input and log_output descriptions. [ae854ffb0768] * pp: sync with git version [a993e39ce3cb] * doc/sudoers.pod: It seems that h comes after i [0f621109220d] * doc/sudoers.pod: Move log_input and log_output to their proper, sorted, location. Document set_utmp and utmp_runas. [273b234b9c34] * src/exec.c: Save the controlling tty process group before suspending so we can restore it when we resume. Fixes job control problems on Linux caused by the previous attemp to fix resuming a shell when I/O logging not enabled. [f03a660315ee] * common/lbuf.c: Fix printing of the remainder after a newline. Fixes "sudo -l" output corruption that could occur in some cases. [25d83fb501fc] 2011-03-15 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, src/exec_pty.c, src/sudo_exec.h, src/utmp.c: Add support for ut_exit [b574c13f1bba] * doc/sudo_plugin.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c: Add support for controlling whether utmp is updated and which user is listed in the entry. [44a81632133f] * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h, plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults, plugins/sudoers/parse.c: Fix typo; tupple vs. tuple [697744acb710] * src/utmp.c: For legacy utmp, strip the /dev/ prefix before trying to determine slot since the ttys file does not include the /dev/ prefix. [7ad5b81ff90c] * aclocal.m4, configure, configure.in, pathnames.h.in: Add check for _PATH_UTMP [21e638029bfd] 2011-03-14 Todd C. Miller <[email protected]> * plugins/sudoers/regress/iolog_path/check_iolog_path.c: Adapt check_iolog_path to sessid changes [728b5fe2be6f] * config.h.in, configure, configure.in, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, src/utmp.c: Redo utmp handling. If no getutent()/getutxent() is available, assume a ttyslot-based utmp. If getttyent() is available, use that directly instead of ttyslot() so we don't have to do the stdin dup2 dance. [18aa455cd140] 2011-03-11 Todd C. Miller <[email protected]> * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, src/utmp.c: Move utmp handling into utmp.c [f6eae6c8e012] * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c, compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utimes.c, doc/sudo.pod, doc/visudo.pod, include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, plugins/sudoers/logging.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c: Update copyright years. [16aa39f9060a] * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/parse_args.c: Add "user_shell" boolean as a way to indicate to the plugin that the -s flag was given. [fb1ef0897b32] * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: Move sessid out of sudo_user. [ba298ddb57f4] * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Log the TSID even if it is not a simple session ID. [d7cc1b9c513c] * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod: Document noexec in sample.sudo.conf and add back noexec_file section in sudoers with a note that it is deprecated. [4a6e961e494d] * plugins/sudoers/set_perms.c: Fix running commands as non-root on systems where setreuid() changes the saved uid based on the effective uid we are changing to. [df0769b71b34] 2011-03-10 Todd C. Miller <[email protected]> * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c, src/sudo.h: Move noexec path into sudo.conf now that sudo itself handles noexec. Currently can be configured in sudoers too but is now undocumented and will be removed in a future release. [6fa8befdc110] * doc/sudo.pod, doc/sudoers.pod: Document "Path noexec ..." in sudo.conf. No longer document noexec_file in sudoers, it will be removed in a future release. [24eee3a0b3e5] * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: Move noexec handling to sudo front-end where it is documented as being. [3ed4f10d7052] * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/sudo_exec.h: Add support for disabling exec via solaris privileges. Includes preparation for moving noexec support out of sudoers and into front end as documented. [dec843ed553e] * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.sym: Only export the symbols corresponding to the plugin structs. [8d8d03b0ca54] * configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: Install plugins manually instead of using libtool. This works around a problem on AIX where libtool will install a .a file containing the .so file instead of the .so file itself. [796971cfbddb] * Makefile.in: Move check into its own rule since some versions of make will run both targets as the default rule. [34d759979176] * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltversion.m4, m4/lt~obsolete.m4: Update to libtool 2.2.10 [34c130de6af7] 2011-03-09 Todd C. Miller <[email protected]> * src/exec.c: In handle_signals(), restart the read() on EINTR to make sure we keep up with the signal pipe. Don't return -1 on EAGAIN, it just means we have emptied the pipe. [d5b9c8eb9000] * compat/mktemp.c: Reorder functions to quiet a compiler warning. [c9e9a23729f0] * mkpkg: Use the Sun Studio C compiler on Solaris if possible [11a86e27891e] 2011-03-08 Todd C. Miller <[email protected]> * mkpkg: Fix default setting of osversion variable. [52e49ca1cedd] * doc/sudo_plugin.pod: Make two login_class entris consistent. [18ff1fa94a91] * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, src/sudo_exec.h: Add support for adding a utmp entry when allocating a new pty. Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). Currently only creates a new entry if the existing tty has a utmp entry. [32db72b81d80] * plugins/sudoers/boottime.c: Avoid pulling in headers we don't need on Linux For getutx?id(), call setutx?ent() first and always call endutx?ent(). [5dad21e1ee1b] * configure, configure.in: Add some more libs to SUDOERS_LIBS instead of relying on them to be pulled in by SUDO_LIBS. [18a7c21c09a7] * plugins/sudoers/sudoers.c: Fix return value of "sudo -l command" when command is not allowed, broken in [c7097ea22111]. The default return value is now TRUE and a bad: label is used when permission is denied. Also fixed missing permissions restoration on certain errors. On error()/errorx(), the password and group files are now closed before returning. [4f2d0e869ae5] 2011-03-07 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: Fix passing of login class back to sudo front end. [6f70a784ce48] * mkpkg: Add --osversion flag to specify OS instead of running "pp --probeonly" [a8efdccb7bc1] * sudo.pp: Fix expr usage w/ GNU expr [48895599ee63] 2011-03-06 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Fix exit value for validate and list mode. [c7097ea22111] * plugins/sudoers/sudoers.c: Fix non-interactive mode with sudoers plugin. [172f29597bd2] 2011-03-05 Todd C. Miller <[email protected]> * doc/sudoreplay.pod: sudoreplay can now find IDs other than %{seq} and display the session. [fc3dd3be67e9] 2011-03-04 Todd C. Miller <[email protected]> * plugins/sudoers/sudoreplay.c: Add support for replaying sessions when iolog_file is set to something other than %{seq}. [ca3131243874] * plugins/sudoers/visudo.c: If we are killed by a signal, display the name of the signal that got us. [994bb76a990e] * configure, configure.in: Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS where they belong. [40f94b936fa4] * configure.in: Fix bug in skey/opie check that could cause a shell warning. [83c043072be5] * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: No longer need sudo_getepw() stubs. [bbee15c36912] 2011-03-03 Todd C. Miller <[email protected]> * plugins/sudoers/sudo_nss.c: Fix exit value of "sudo -l command" in sudoers module. [a6541867521b] 2011-03-02 Todd C. Miller <[email protected]> * compat/regress/glob/globtest.c: Use fgets() not fgetln() for portability. [df1bb67fb168] * sudo.pp: Don't use the beta or release candidate version as the rpm release. [d661ef78021a] 2011-02-25 Todd C. Miller <[email protected]> * configure, configure.in: version 1.8.0 [f6530d56f6ae] [SUDO_1_8_0] * NEWS: update sudo 1.8 section [f2ee2cf95d18] 2011-02-23 Todd C. Miller <[email protected]> * plugins/sudoers/regress/testsudoers/test2.sh: fix test description [cd5730fa9f09] * plugins/sudoers/regress/testsudoers/test2.out, plugins/sudoers/regress/testsudoers/test2.sh, plugins/sudoers/regress/visudo/test2.out, plugins/sudoers/regress/visudo/test2.sh: convert test2 to use testsudoers [b5ec3f0b69f1] * include/sudo_plugin.h, src/sudo_plugin_int.h: Move struct generic_plugin to sudo_plugin_int.h [6f7bc629329c] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Allow sudoers file name, mode, uid and gid to be specified in the settings list. The sudo front end does not currently set these but may in the future. [22f38a0fda2a] 2011-02-21 Todd C. Miller <[email protected]> * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: 1.8.0rc1 [5d4588b9c057] * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.h: add help text to sudo, visudo and sudoreplay for the -h option [52e7378d8476] 2011-02-19 Todd C. Miller <[email protected]> * compat/snprintf.c: avoid using "howmany" for a parameter name since it is a select- related macro [a14d565401a1] * doc/sudoers.pod: mention group_plugin when describing nonunix_group [e0d1d0034b17] * doc/sudo_plugin.pod: Add missing period at end of sentence [6744d7e9056d] * Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: add localstatedir; closes bug 471 [7aefcab85088] * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c: The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes Bug 470 [927ed6740f32] * configure.in: add missing AH_TEMPLATE for ENV_RESET [16300010c986] * src/exec.c: SVR5 systems return non-zero for success on socketpair(), check for -1 instead. Closes Bug 469 [4d276494bf8e] 2011-02-16 Todd C. Miller <[email protected]> * configure, configure.in: 1.8.0b5 [d611cd5d73d3] * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: regen [85e96eeaed82] * doc/sudo.pod: Document that a sudo.conf file with no Pligin lines uses the default sudoers plugins. [88bd52da977f] * src/load_plugins.c: If sudo.conf contains no Plugin lines, use the default sudoers policy and I/O plugins. [fd8f4cb811ab] 2011-02-14 Todd C. Miller <[email protected]> * plugins/sudoers/sudo_nss.c: Avoid printing empty "Runas and Command-specific defaults for user" line. [2dd330fe4f8b] * common/lbuf.c: Truncate the buffer at buf.len before printing in the non-wordwrap case. [901e9833f80d] * common/lbuf.c: Remove extra newline when the tty width is very small or unavailable [245c05506c0e] 2011-02-11 Todd C. Miller <[email protected]> * plugins/sudoers/alias.c: Remove unneeded variable. [2c086d30b796] 2011-02-09 Todd C. Miller <[email protected]> * configure, configure.in: Prefer getutxid over getutid [3f3322e9c93e] * plugins/sudoers/boottime.c: Include utmp.h / utmpx.h before missing.h as apparently including it afterwards causes a compilation problem on GNU Hurd. [a528029ae962] 2011-02-07 Todd C. Miller <[email protected]> * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c: #include "foo.h", not <foo.h> for local includes. [f65ec693998e] * src/parse_args.c: remove bogus XXX [9136c17d53ce] * compat/mksiglist.c: Fix typo [1a3bb7b455c9] * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c: return foo not return(foo) [5c9e0647359a] 2011-02-06 Todd C. Miller <[email protected]> * src/exec.c: Remove duplicate FD_SET of signal_pipe[0] [3096527d2215] 2011-02-05 Todd C. Miller <[email protected]> * compat/mksiglist.c: Use "missing.h" not <missing.h> in generated code. [d8e09cffbe09] 2011-02-04 Todd C. Miller <[email protected]> * aclocal.m4, configure: fix --with-iologdir=no [a89699cb5f5f] * aclocal.m4, configure: fix typo that broke --with-iologdir [91b54eb22403] 2011-02-03 Todd C. Miller <[email protected]> * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: Bump version to 1.8.0b4 [e2b7f2cdc02e] * NEWS: sync [decf5a0a8a33] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Attempt to clarify how users and groups interact in Runas_Specs [e6fb3a2dbd77] * plugins/sudoers/regress/visudo/test2.out, plugins/sudoers/regress/visudo/test2.sh: Add test for quoted group that contains escaped double quotes [44596c48c629] * src/exec.c, src/exec_pty.c: Pass SIGUSR1/SIGUSR2 through to the child. [c3108a827b01] * src/exec_pty.c, src/sudo_exec.h: Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and SIGUSR2 to indicate whether the child should be continued in the foreground or background. [35ca47cc6785] * src/exec.c: Use pid_t not int and check the return value of kill() [36ae7d37d7f9] 2011-02-02 Todd C. Miller <[email protected]> * src/exec_pty.c: Remove obsolete comment [baebef4919f6] * src/exec.c: In non-pty mode before continuing the child, make it the foreground pgrp if possible. Fixes resuming a shell. [fef5b1d02ddb] * src/exec_pty.c: If we get a signal other than SIGCHLD in the monitor, pass it directly to the child. [b3ecb28163a0] * src/exec.c, src/exec_pty.c, src/sudo.h: Save signal state before changing handlers and restore before we execute the command. [faf7475dc4bf] 2011-02-01 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Use a char array to map a number to a base36 digit. [257576c51f8b] * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod: Be clear about what versions of sudo support new LDAP attributes. Fix up some formatting of attribute names. Minor other tweaks. [39f65df71f65] 2011-01-31 Todd C. Miller <[email protected]> * plugins/sudoers/toke.c, plugins/sudoers/toke.l: match quoted strings the same way whether in a Defaults line or as a user/group/netgroup name. Fixes escaped double quotes in quoted user/group/netgroup names. [601d97ea8792] * plugins/sudoers/Makefile.in: 'make check' depends on visudo and testsudoers [127c5a24df8f] * plugins/sudoers/sudoers2ldif: Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags [9029163a58c3] 2011-01-30 Todd C. Miller <[email protected]> * doc/UPGRADE: Mention LDAP attribute compatibility status. [2c3595aaec63] 2011-01-28 Todd C. Miller <[email protected]> * README.LDAP: Mention phpQLAdmin [9304c9064fbe] * INSTALL, NEWS, config.h.in, configure, configure.in, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: Add --disable-env-reset configure option. [8a753aa13a46] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Document that sudoers_locale also affects logging and email. [998d6ac11277] * NEWS, config.h.in, configure, configure.in, plugins/sudoers/logging.c: Do logging and email sending in the locale specified by the "sudoers_locale" setting ("C" by default). Email send by sudo includes MIME headers when the sudoers locale is not "C". [cb7e55408400] 2011-01-27 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: Fix indentation [65ae7e92b9e4] 2011-01-25 Todd C. Miller <[email protected]> * NEWS, src/parse_args.c, src/sudo.c: Perform command escaping for "sudo -s" and "sudo -i" after validating sudoers so the sudoers entries don't need to have all the backslashes. [4e168c103f4b] 2011-01-24 Todd C. Miller <[email protected]> * plugins/sudoers/logging.c: Prepend "list " to the command logged when "sudo -l command" is used to make it clear that the command was listed, not run. [f392a6056cd6] * plugins/sudoers/parse.c: cosmetic change [7c0951dbc2dd] * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c, compat/nanosleep.c, compat/regress/glob/globtest.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, src/sudo_noexec.c, src/tgetpass.c: standardize on "return foo;" rather than "return(foo);" or "return (foo);" [32d76c5aaf8c] * plugins/sudoers/sudoers.c: Do not reject sudoers file just because it is root-writable. [0febc579185b] 2011-01-21 Todd C. Miller <[email protected]> * NEWS: sync [1ab03f8278ff] * plugins/sudoers/sudo_nss.c: For "sudo -U user -l" if user is not authorized on the host, say so. [289afe6dd15c] * plugins/sudoers/ldap.c: In sudo_ldap_lookup(), always do the initial sudoers check as the invoking user. If we are listing another user's privs we will do a separate lookup using list_pw later. [e52bc15de76d] 2011-01-20 Todd C. Miller <[email protected]> * MANIFEST: add parser fill tests [4f65140d3515] * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: Don't test features not supported by the bundled glob() [8ec7ace11949] * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c, compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in: Update copyright year to 2011 [ac1b45cb1809] * plugins/sudoers/sudo_nss.c: When listing, use separate lbufs for the defaults and the privileges and only print something if the number of privileges is non-zero. Fixes extraneous Defaults output for "sudo -U unauthorized_user -l". [d0854d39f8ef] * plugins/sudoers/ldap.c: Stash pointer to user group vector in LDAP handle and only reuse the query if it has not changed. We always allocate a new buffer when we reset the group vector so a simple pointer check is sufficient. [88861d4eba69] * plugins/sudoers/sudo_nss.c: Check initgroups() return value. [3bdaf58408a7] * plugins/sudoers/Makefile.in, plugins/sudoers/regress/parser/check_fill.c: Add tests for the fill functions in toke_util.c [bca587ab4956] 2011-01-19 Todd C. Miller <[email protected]> * plugins/sudoers/regress/iolog_path/check_iolog_path.c: fix copyright year [e2038cdaf055] * NEWS: sync [56ca5d5eaebe] 2011-01-18 Todd C. Miller <[email protected]> * common/term.c: Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e. [b91f266624ec] 2011-01-14 Todd C. Miller <[email protected]> * mkpkg, sudo.pp: Add Requires line for audit-libs >= 1.4 for RHEL5+ [6c02f976171b] * pp: sync with git version [d301c32d5865] 2011-01-13 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: fix typo [39353f92976f] 2011-01-12 Todd C. Miller <[email protected]> * NEWS: Update for sudo 1.7.4p5 [b444da76901f] * doc/schema.OpenLDAP, doc/schema.iPlanet: Add sudoNotBefore and sudoNotAfter attributes as optional attributes to the sudoRole object class. From Andreas Mueller [dacfad7e7a95] 2011-01-11 Todd C. Miller <[email protected]> * NEWS: Mention "sudo -g group" password check fix. [1eb8fb14e53b] * plugins/sudoers/sudoers.c: Fix "sudo -g" support in the sudoers module. [07d1b0ce530e] * plugins/sudoers/check.c: If the user is running sudo as himself but as a different group we need to prompt for a password. [caf1fcc9a117] 2011-01-10 Todd C. Miller <[email protected]> * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla- derived LDAP SDKs but we can pass the timeout parameter to ldap_search_ext_s() or ldap_search_st() when possible. [5537049991f7] * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: regen [5b361c3c4324] * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility with OpenLDAP ldap.conf files. [e97843bd16fb] * plugins/sudoers/pwutil.c: If user has no supplementary groups, fall back on checking the group file expliticly. [5223ad4eb690] 2011-01-08 Todd C. Miller <[email protected]> * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: constify [6e132a4cca61] * plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l: Move fill macro to toke.h [623d430798cf] * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c, plugins/sudoers/toke.h, plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: Split tokenizer utility functions out into toke_util.c [89a97bd51618] * plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/toke.c, plugins/sudoers/toke.l: ANSIfy [ca0eba1dfaa9] 2011-01-07 Todd C. Miller <[email protected]> * MANIFEST: sync [a43f94064bb3] * plugins/sudoers/Makefile.in: Add visudo tests to check target [8c82fb4ed40f] * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: Add my regress tests for fnmatch() and glob() from OpenBSD. [6e8c1f211723] * plugins/sudoers/regress/testsudoers/test1.sh, plugins/sudoers/regress/visudo/test1.ok, plugins/sudoers/regress/visudo/test1.sh: Add regress test for command tags using visudo -c [18b0ef207c0f] * plugins/sudoers/Makefile.in, plugins/sudoers/regress/testsudoers/test1.ok, plugins/sudoers/regress/testsudoers/test1.sh: Add support for regress tests using testsudoers [1fa94bd2671b] * plugins/sudoers/testsudoers.c: Need to set user_name explicitly due to internal changes made when converting sudoers to a plugin. [1fa54e86a364] 2011-01-06 Todd C. Miller <[email protected]> * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/sudoers/regress/iolog_path/check_iolog_path.c, plugins/sudoers/regress/iolog_path/data, src/Makefile.in, zlib/Makefile.in: Add regression tests for iolog_path() [afa4b416e559] * Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Add support for "make Makefile" to regenerate Makefile from Makefile.in [98bd2dda3294] * plugins/sudoers/iolog_path.c: Quiest a bogus compiler warning. [5ff932a7ad67] 2011-01-05 Todd C. Miller <[email protected]> * plugins/sudoers/iolog_path.c: Protect call to setlocale() with HAVE_SETLOCALE [2c29ee3ccc81] 2011-01-04 Todd C. Miller <[email protected]> * MANIFEST: mkstemps.c was renamed mktemp.c [ae299c3b1827] * NEWS: Update from 1.7 branch [20817d79717b] * Makefile.in: Use "mv -f" when regenerating ChangeLog [c163635206c6] * plugins/sudoers/match.c: Fix NULL dereference with "sudo -g group" when the sudoers rule has no runas user or group listed. Fixes RedHat bug Bug 667103. [41a6a1243d9e] 2011-01-03 Todd C. Miller <[email protected]> * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Correct the default sudo.conf example [4e791698cad1] 2010-12-31 Todd C. Miller <[email protected]> * plugins/sudoers/iolog_path.c: Reset slashp if we allocate a new buffer for strftime() [e491daa4203b] * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add extra out parameter to expand_iolog_path() to allow the caller to split the path into dir and file components if needed. [88346bc5ae39] 2010-12-30 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: mkdir_iopath() returns size_t now that it uses strlcpy() and not snprintf() [3c4c64d265eb] * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c: Trim leading slashes from iolog_file and trailing slashes from iolog_dir [a803b51f8948] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Pass a single I/O log file name in command_details instead of separate dir + file parameters. [d672a3e46e80] * plugins/sudoers/sudoreplay.c: change an error() to errorx() [8013dcfdd69d] * plugins/sudoers/iolog.c: Add missing cwd line to I/O log info file that got dropped when iolog_deserialize_info() was added [7cf84f208423] 2010-12-29 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Avoid relying on globals filled in by the sudoers policy module for the sudoers I/O log module. The I/O log open function now pulls the bits it needs out of user_info and command_info. [c02f6951b0cc] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: If no iolog file is specified by the policy plugin, use io_nextid() to determine the next file in the sequence. [faa1130b1020] 2010-12-28 Todd C. Miller <[email protected]> * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document iolog_compress in command_info [58895c7d12f5] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Add support for the iolog_compress variable in command_info. [36f13a2fd1c1] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Add sigsetjmp() calls to all plugin entry points just to be safe. [3fa482355bc4] * src/sudo.c, src/sudo.h: Don't need iolog variables in struct command_details, they are for the I/O log plugins to handle. [5111579ffd9d] 2010-12-27 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Document use of mkdtemp() for iolog path teplates [5db6101408a9] * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: regen [1ee11fd6d4eb] * doc/sudo_plugin.pod, doc/sudoers.pod: Document iolog_file and supported escape sequences for sudoers. Clarify that iolog_file can contain directories. [da611dedcbdb] * compat/Makefile.in, configure, configure.in: Fix building of mkstemps/mkdtemp replacements. [793a5e303122] * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure, configure.in, include/missing.h: Provide mkdtemp() for systems without it. [b0527dfa965c] * plugins/sudoers/iolog_path.c: Fix typo [277f6c514cba] * plugins/sudoers/iolog.c: Only use mkdtemp() if the path ends in at least 6 Xs since otherwise glibc mkdtemp() returns EINVAL. [2e7323b05579] * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Allow sudoers to specify the iolog file in addition to the iolog dir. Add escape sequence support to iolog file and dir: sequence number, user, group, runas_user, runas_group, hostname and command in addition to any escape sequence recognized by strftime(3). [75cd32ee0435] * plugins/sudoers/iolog.c: Add missing sigsetjmp() call in I/O plugin open function. Fixes a crash when the I/O plugin calls error(), errorx() or log_error(). [1a6718bd817d] 2010-12-21 Todd C. Miller <[email protected]> * doc/sudo_plugin.pod, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Give the policy module fine-grained control over what the I/O plugin logs. [d29784fd2a66] * common/term.c: Clear OPOST from c_oflag like we used to. Fixes screen-based editors such as vi. [506ad5ae9b4e] * doc/sudoers.pod: Clarify umask option description. From Reuben Thomas. [1294ac84222b] 2010-12-20 Todd C. Miller <[email protected]> * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Pick last match in LDAP sudoers too [fbfd8e85703b] * doc/sudo_plugin.pod: Document iolog_file, iolog_dir and use_pty [26120a59c20e] * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Adapt plugins to version I/O logging ABI 1.1 [880dd64bc1e8] * src/exec.c, src/sudo.h: Add use_pty command_info flag for policies to indicate that a pty should be allocated even if no I/O logging is performed. [e7b167f8a6e5] * src/sudo.c: Add remaining plugin convenience functions [ffeaf96da031] * include/sudo_plugin.h, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: Change I/O log API to pass in command info to the I/O log open function. Add iolog_file and iolog_dir parameters to command info. This allows the policy plugin to specify the I/O log pathname. Add convenience functions for calling plugin functions that handle ABI backwards compatibility. [9b81dce76ce5] * compat/dlopen.c: Remove useless cast [7cecce969739] 2010-12-17 Todd C. Miller <[email protected]> * configure, configure.in: Bump version to 1.8.0b3 [1dc9f040aae0] 2010-12-13 Todd C. Miller <[email protected]> * configure.in: Remove extraneous newline [71c94551eea5] 2010-12-10 Todd C. Miller <[email protected]> * doc/sudoers.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/iolog.c: Make I/O log dir configurable. [99b576667a38] * aclocal.m4, configure, configure.in, doc/sudoers.pod: Rename io_logdir to iolog_dir [0731662acc8d] 2010-12-07 Todd C. Miller <[email protected]> * pp: Add missing '*' that prevented the generic ELF case from matching. [be77ca26bfb2] * pp: If file(1) can't identify the ELF binary type, try readelf(1). [38a18d32a9e3] 2010-11-30 Todd C. Miller <[email protected]> * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c, plugins/sudoers/env.c, plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, src/sudo.c: Use %u to print uid/gid, not %lu and adjust casts to match. [03c43b8749cf] * doc/sudoers.ldap.pod: Clarify ordering of entries and attributes. [924e2a6bb603] * doc/sudoers.ldap.pod: Fix typo and editing goof. [79dc7ccd85a8] * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudoers.ldap.pod: Merge in ordered LDAP entry support from Andreas Mueller. [ea5885989bad] * plugins/sudoers/ldap.c: Make sure we don't dereference a NULL handle. [1a9f9ee15371] 2010-11-24 Todd C. Miller <[email protected]> * pp: Add support for RHEL 6 file modes that include a trailing dot on files with an SELinux security context [dc09be959547] 2010-11-23 Todd C. Miller <[email protected]> * src/sudo.c: exec_setup() does not need to setuid(0), the Ubuntu issue was in the sudoers module. [d6dd99fc6062] * plugins/sudoers/sudoers.c: create_admin_success_flag() should use restore_perms() rather than set_perms() to restore the uid. [eba7a91c1f57] * src/sudo.c: In exec_setup() call setuid(0) to make certain the subsequent uid and gid changes will succeed. Fixes a problem on Ubuntu. [c5d32abf0645] * src/sudo_edit.c: Error out if we cannot change to root's uid so we catch the failure early. [7a2e7f8f2c80] 2010-11-22 Todd C. Miller <[email protected]> * doc/sudoers.pod: fix typo; from Michael T Hunter [a574a9d0db5b] * plugins/sudoers/match.c: In sudoedit mode, assume command line arguments are paths and pass FNM_PATHNAME to fnmatch(). [ce0abff8ce9f] 2010-11-20 Todd C. Miller <[email protected]> * configure, configure.in: Add workaround for an error in sys/types.h on HP-UX 11.23 when large file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the broken bits of the header file. [e337217f097a] * aclocal.m4: Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM [fbbcee28961f] * sudo.pp: For Tru64, strip off beta version. [eeccd762df5e] * MANIFEST, plugins/sudoers/testsudoers.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h: Avoid conflicts with system definitions in grp.h and pwd.h [b219ffe1da09] * zlib/gzguts.h: Include stdio.h after zlib.h, not before. We need the large file defines to come first. [21d6df39790f] 2010-11-19 Todd C. Miller <[email protected]> * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: regen [3ff8750d0aac] * Makefile.in: Don't clean ChangeLog [ab0d30d289d4] * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Add prototype for cleanup() [75626fd3769a] 2010-11-18 Todd C. Miller <[email protected]> * plugins/sudoers/group_plugin.c: Avoid deferencing group_plugin if it is NULL in group_plugin_query(). This should not happen. [4f2933c8da7e] * plugins/sudoers/group_plugin.c: group plugin init function return TRUE when successful [198024477030] 2010-11-17 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Enlarge the array of entry wrappers int blocks of 100 entries to save on allocation time. From Andreas Mueller [375c916bb03b] * plugins/sudoers/ldap.c: Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() that was mistakenly dropped. [1555f5bc132d] 2010-11-16 Todd C. Miller <[email protected]> * doc/TROUBLESHOOTING: Mention that sudo needs "ar" to build. [65582ace2d09] * configure, configure.in: Fail with a more useful error if "ar" is not found. [d1cb83719c17] 2010-11-14 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Merge in ordered LDAP entry support from Andreas Mueller and add local changes from the 1.7 branch. [bca29e461618] 2010-11-12 Todd C. Miller <[email protected]> * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add timed entry support from Andreas Mueller. [e18d1df46a8d] * plugins/sudoers/group_plugin.c: Don't try to unload if group_plugin is NULL. Don't call dlclose() if group_handle is NULL [de2273da37d5] * plugins/sudoers/sudoers.h: It is now plugin_cleanup(), not cleanup() [da62a4e1a78c] * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: Call plugin_cleanup(), not cleanup() [e800ad8b33ad] 2010-11-11 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Use efree() not free() and remove malloc.h include since we never directly call malloc() or free(). [107fffd134bb] 2010-11-09 Todd C. Miller <[email protected]> * sudo.pp: set PSTAMP for Solaris and move the backend-specific bits to their own %if [xxx] %endif blocks in %set. [a94ebe8920c1] * pp: sync with git repo [75ff509696b4] * configure, configure.in: Only substitute file zlib files when using the builtin zlib [6c8145b2deb4] * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: Give up on using VPATH to find sources as it is implemented inconsistenly in different versions of make. [60517c69aaee] * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, plugins/sudoers/gram.c, plugins/sudoers/toke.c: Include config.h before any other includes to make sure we get the right value for _FILE_OFFSET_BITS. [8fb007ca832e] * MANIFEST: Add zlib [04a3e23dfaa9] * zlib/Makefile.in: Add missing targets [40e45a177168] * src/Makefile.in: g/c unused $(GENERATED) [c8758068c1bc] 2010-11-08 Todd C. Miller <[email protected]> * plugins/sudoers/group_plugin.c: Zero out group_plugin on unload just to be safe. [0b10f4d101ca] * plugins/sudoers/group_plugin.c: Unload group plugin if its init function fails. [6552cdac4b7c] * src/sudo.c: Only chdir to cwd if it is different from the current cwd or there is a new root (chroot). [b8203e875e84] * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in: Bump version to 1.8.0b2 [6dadeb75a878] 2010-10-28 Todd C. Miller <[email protected]> * INSTALL: Better --enable-zlib description [e0da54fa59a6] * mkpkg: Use system zlib on Linux Let configure decide on Solaris For all others, use builtin zlib [3d52eddb523c] * zlib/zconf.h.in: Add large file support. [bec01215270d] * config.h.in: Add large file support. [244e95b034ec] * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod, zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c, zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c, zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h, zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h, zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: Add local copy of zlib for systems that lack it. [7542ca465c5a] 2010-10-15 Todd C. Miller <[email protected]> * src/exec.c: If perform_io() fails, kill the child before exiting so it doesn't complain about connection reset. We can get an I/O error if, for example, and we get EIO reading from stdin. [e59a05fa729f] 2010-10-12 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c, src/sudo.c: Fix complilation on systems with set_auth_parameters() Sprinkle volatile to quiet warnings from gcc 2.8.0 [a34c2b924ba7] * compat/dlfcn.h, compat/dlopen.c: Avoid potential namespace issues with dlopen() emulation. [aedfababd6ca] * MANIFEST: sync [6afb97e6d308] * plugins/sudoers/interfaces.c: Use INADDR_NONE instead of casting -1 to in_addr_t (which may not exist). [ddfca5af1a36] * Makefile.in: Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg [e9d04bfa4505] * configure, configure.in: HP-UX 10.20 libc has an incompatible getline [2e7bc202e78d] * plugins/sudoers/visudo.c: Quiet an HP-UX compiler warning. [55b9d587ac8c] * configure, configure.in: Check for vi even with --with-editor specified; the sample plugin needs it. [94dfc3643f76] 2010-10-11 Todd C. Miller <[email protected]> * compat/dlopen.c: Fix remaining syntax errors. [9d729b5b577e] * src/Makefile.in: sudo binary depends on the libtool-generated libs [9e6148406adb] * plugins/sudoers/group_plugin.c, src/load_plugins.c: Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to include the local or system dlfcn.h [68cfe4c1089b] * pp: Don't use run_as_superuser=false on HP-UX [532242370b09] * src/net_ifs.c: Use memset() instead of zero_bytes() since we don't include sudoers.h [a187c18c2472] * plugins/sudoers/interfaces.c: Fix pasto; AF_INET not AF_INET6 [2d2e9d7dc6f9] * compat/dlopen.c: Actually call shl_load() [ed8153b8a3cd] * pp: Update from git repo. Debian: version numbers now compliant with policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX 10.20 [ecf2692bceeb] * configure, configure.in: Fix dlopen() detection for systems where dlopen() is in a separate library. [fa6b175582b6] * plugins/sudoers/auth/pam.c: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful message and return AUTH_FATAL so sudo does not keep trying to validate the user. [1be8857e5291] * src/preload.c: sudo_preload_table is an array [b7704e72a9da] * compat/dlopen.c: Quiet a compiler warning and fix sudo_preload_table external definition. [8234987664cc] * compat/dlfcn.h: Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype. [8bab6a4053cc] * plugins/sudoers/group_plugin.c: Make this compile correctly when no dlopen is available. [57643879bd2b] 2010-10-07 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: Having a timestamp file defined is no longer indicative of tty tickets being enabled. Check def_tty_tickets directly. [efcc11ad157f] * src/exec_pty.c, src/sudo.h, src/ttysize.c: Fix TCGETWINSZ compat. [da3a8b17cf7a] 2010-10-02 Todd C. Miller <[email protected]> * src/exec_pty.c, src/ttysize.c: Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE [926492dd10a6] 2010-10-01 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c, src/sudo.c: Move set_project() from sudoers module into sudo proper. [beabafac03b4] * configure, configure.in: Fix typo and regenerate [4a3caf4234f3] * plugins/sudoers/ldap.c: When iterating over returned LDAP entries, keep looking at remaining matches even if we have a positive match. This catches negative matches that may exist in other entries and more closely match the sudoers file behavior. [f47db6e609b0] * pp: Add support for multiple package instances on Solaris. [7f2a8b942545] * src/exec.c: Add missing signal_pipe[0] to fdsr for the non-pty case. [79d01e11b19c] * mkpkg: Add --with-project for Solaris [ffa4c2bb93f7] * README: Need ar and ranlib too [5c2f679172ef] 2010-09-27 Todd C. Miller <[email protected]> * plugins/sudoers/env.c: Preserve ODMDIR environment variable by default on AIX. [bd47cb1e804f] 2010-09-26 Todd C. Miller <[email protected]> * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in, configure, configure.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c, src/preload.c: Add dlopen() emulation for systems without it. For HP-UX 10, emulate using shl_load(). For others, link sudoers plugin statically and use a lookup table to emulate dlsym(). [e92edfb3c642] 2010-09-24 Todd C. Miller <[email protected]> * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c, compat/nanosleep.c, compat/utimes.c: When including compat headers, use the compat dir as part of the path so we are sure to get the correct header. [6c2a45da6af5] 2010-09-21 Todd C. Miller <[email protected]> * plugins/sudoers/linux_audit.c: Ignore ECONNREFUSED from audit_log_user_command() which will occur if auditd is not running. [d314fe4c8d03] 2010-09-17 Todd C. Miller <[email protected]> * pp: Sync with git version [1c0357744222] 2010-09-16 Todd C. Miller <[email protected]> * common/fileops.c, plugins/sudoers/defaults.c: Cast isblank argument to unsigned char. [c822dbb3ca54] 2010-09-14 Todd C. Miller <[email protected]> * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: Implement --with-umask-override configure flag. [863e3047df22] * plugins/sudoers/env.c: Take MODE_LOGIN_SHELL into account when initially setting reset_home instead of special-casing it later. [5d6b16480fd6] * plugins/sudoers/sudoers.c: In login mode, make a copy of the runas user's pw_shell for NewArgv[0] because 1) we modify it and 2) it will runas_pw gets freed before exec. [1d1ccb568dfa] * plugins/sudoers/env.c: Reset HOME for "sudo -i" even if HOME was listed in env_keep. [c1c1c65a2d63] * src/sudo.c: Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK. [7443454e5f88] * src/sudo.c: Reset signal mask at sudo startup time; we need to be able to rely on normal signal delivery to control the child process. [95800163ff94] 2010-09-13 Todd C. Miller <[email protected]> * install-sh: Use sed instead of expr to split a flag from its argument. Fixes a problem with expr interpreting its arguments as a flag when they start with a dash. [736065e14301] * common/lbuf.c: Do not need sys/time.h after all [91f6f668ccda] * common/lbuf.c: Include sys/time.h for utimes() and struct timeval. No longer need ioctl.h or termios.h [2d75273d3213] * compat/snprintf.c: Quiet bogus compiler warnings. [fe252e1968f5] * include/missing.h: Declare innetgr() for HP-UX which is missing a declaration. Declare domainname() for HP-UX and Solaris which are missing a declaration. [b37c50751138] * plugins/sudoers/bsm_audit.c: Use __sun for consistency with the rest of the sources. [6b086b61ccb6] * plugins/sudoers/group_plugin.c: Quiet a bogus compiler warning. [ebc069842c4a] * plugins/sudoers/pwutil.c: Don't try to delref a NULL group. [f6ff0838be21] * common/alloc.c, common/lbuf.c: Include memory.h on systems that need it. [4e676da81c6f] 2010-09-11 Todd C. Miller <[email protected]> * src/exec.c: Quiet gcc warnings on glibc systems that use warn_unused_result for write(2). [0532da0b7cf7] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: sudo_plugin is in section 8; from Ted Percival [b4506a0de87e] * plugins/sudoers/Makefile.in: testsudoers depends on libsudoers.la, not sudoreplay [cdb1cc3bf06a] 2010-09-10 Todd C. Miller <[email protected]> * src/exec.c: Read as many signals on the signal pipe as we can before returning. [b181671da047] * src/exec.c, src/exec_pty.c, src/sudo_exec.h: Instead of using a array to store received signals, open a pipe and have the signal handler write the signal number to one end and select() on the other end. This makes it possible to handle signals similar to I/O without race conditions. [ee84d65c16b6] 2010-09-09 Todd C. Miller <[email protected]> * doc/visudo.pod, plugins/sudoers/visudo.c: Make "visudo -c -f -" check the standard input. [195a3d2a9a26] * doc/sudoers.pod: set_home and always_set_home have an effect if HOME is present in the env_keep list. [159d0b9dc5c8] * plugins/sudoers/env.c: Make -H flag work when HOME is listed in env_keep. Also makes "set_home" and "always_set_home" override override HOME in env_keep. [a3e5b966193f] 2010-09-08 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/match.c, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/net_ifs.c: Convert sudoers plugin to use interface list passed in settings. [87d9b5f4f586] * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c, src/parse_args.c, src/sudo.h: Query local network interfaces in the main sudo driver and pass to the plugin as "network_addrs" in the settings list. [7f35bcfe77a7] * plugins/sudoers/bsm_audit.c: Solaris BSM audit return EINVAL when auditing is not enabled, whereas OpenBSM returns ENOSYS. [411b980ec58b] 2010-09-07 Todd C. Miller <[email protected]> * compat/fnmatch.c: missing.h should come before most local includes [53921a7b8b5b] * plugins/sudoers/sudoreplay.c: missing.h should come before most local includes [e9abb0db1aac] * plugins/sudoers/sudoers.h: Make local includes consistent; use double quotes for local includes except for generated ones where we use angle brackets. [09de4faa9547] * plugins/sudoers/sudoers.c: Always fill in NewArgv for audit code. [7c3aca60519f] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add missing LOG_INPUT/LOG_OUTPUT support in the lexer. [007cf6560f92] * common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c, compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/unsetenv.c, compat/utimes.c, include/compat.h, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, plugins/sample_group/sample_group.c, plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/linux_audit.c, plugins/sudoers/match.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, src/ttysize.c: Make local includes consistent; use double quotes for local includes except for generated ones where we use angle brackets. Also g/c unused compat.h. [e57070dc8f04] 2010-09-06 Todd C. Miller <[email protected]> * plugins/sudoers/match.c: When matching the runas user and runas group (-u and -g command line options), keep track of runas group and runas user matches separately. Only return a positive match if we have a match for both runas user and runas group (if specified). [815219e04cc8] 2010-09-04 Todd C. Miller <[email protected]> * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for multiple URI lines by joining the contents and passing the result to ldap_initialize. [a47cae3b72e8] * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: Do not return -1 on error from the display functions; the caller expects a return value >= 0. [101456a7dd00] * plugins/sudoers/sudoers.c: Do not set both MODE_EDIT and MODE_RUN [8faa36694d54] 2010-09-03 Todd C. Miller <[email protected]> * include/missing.h: Move includes to the top of the file. [a51436798e8c] 2010-08-30 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: Add missing definition of timedir [458a749c2c5e] * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c, compat/mksiglist.c, compat/strsignal.c, plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c: Add #include of sys/types.h for .c files that include missing.h to be sure that size_t and ssize_t are defined. [08e3132dbf4f] * plugins/sudoers/Makefile.in: Install sudoers file from the build dir not hte src dir. [ca89e962dbf4] 2010-08-26 Todd C. Miller <[email protected]> * plugins/sudoers/set_perms.c: If runas_pw changes, reset the stashed runas aux group vector. Otherwise, if runas_default is set in a per-command Defaults statement, the command runs with root's aux group vector (i.e. the one that was used when locating the command). [24f9107cedd2] * plugins/sudoers/Makefile.in: Add target to generate sudoers file Remove generated sudoers file as part of distclean [fb7422e90f03] 2010-08-24 Todd C. Miller <[email protected]> * src/exec.c: When not logging I/O install a handler for SIGCONT and deliver it to the command upon resume. Fixes bugzilla #431 [495dce52a5aa] 2010-08-21 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.h: g/c unused auth_pw extern definition [40eb7477ba17] * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: Move get_auth() into check.c where it is actually used. [e31db0ce3a61] 2010-08-20 Todd C. Miller <[email protected]> * common/lbuf.c: Convert a remaining puts() and putchar() to use the output function. [d69e363a506b] * plugins/sudoers/plugin_error.c: Plug memory leak [68895469ea8d] 2010-08-18 Todd C. Miller <[email protected]> * plugins/sudoers/env.c: Set dupcheck to TRUE when setting new HOME value if !env_reset but always_set_home is true. Prevents a duplicate HOME in the environment (old value plus the new one) introduced in f421f8827340. [9ca19183794f] * configure, configure.in, plugins/sudoers/sudoers, plugins/sudoers/sudoers.in: Substitute sysconfdir in the installed sudoers file to get the correct path for sudoers.d. [86072b6cd55d] 2010-08-17 Todd C. Miller <[email protected]> * src/get_pty.c: Fix typo that prevented compilation on Irix; Friedrich Haubensak [b48be51b65fc] 2010-08-16 Todd C. Miller <[email protected]> * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c, compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/unsetenv.c, compat/utimes.c, include/compat.h, include/missing.h, plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, src/ttysize.c: Merge compat.h and missing.h into missing.h [572909ae9716] 2010-08-14 Todd C. Miller <[email protected]> * plugins/sudoers/auth/pam.c: If the user hits ^C while a password is being read, error out before reading any further passwords in the pam conversation function. Otherwise, if multiple PAM auth methods are required, the user will have to hit ^C for each one. [23782631748c] 2010-08-12 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: Update comment [a5296cb3a20a] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document sudo_conv_t function and sudo_printf_t return values. [745c0017814c] * src/conversation.c: Make _sudo_printf return the number of characters printed on success like printf(3). [8eeefe8d7e77] 2010-08-10 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: sudoers.h includes sudo_plugin.h for us [cabe68e07807] * common/Makefile.in, common/gettime.c, compat/mkstemps.c, plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h, src/sudo_edit.c: Use gettimeofday() directly instead of via the gettime() wrapper. [7490426c99ae] * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c, compat/strerror.c, config.h.in, configure, configure.in, include/compat.h, include/missing.h, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c: Remove some obsolete configure tests, ancient Unix systems are no longer supported. [2be6218c3a36] 2010-08-07 Todd C. Miller <[email protected]> * sudo.pp: Set pp_kit_version and strip off patch level [aacfda1b676d] * sudo.pp: Better handling of versions with a patchlevel. For rpm and deb, use the patchlevel+1 as the release. For AIX, use the patchlevel as the 4th version number. For the rest, just leave the patchlevel in the version string. [638bd35f2346] 2010-08-06 Todd C. Miller <[email protected]> * plugins/sudoers/auth/sudo_auth.c: For non-standalone auth methods, stop reading the password if the user enters ^C at the prompt. [82c2911bb264] * configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/pwutil.c: No need to look up shadow password unless we are doing password- style authentication. This moves the shadow password lookup to the auth functions that need it. [ba9e3eba2b72] * plugins/sudoers/sudoers.c: Retain final passwd/group refs until the policy close() function. Note that this doesn't get called in all cases so putting this in a cleanup function is probably better. [bbe214cb4119] * plugins/sudoers/check.c: Fix mismerge [395115f89dd6] * plugins/sudoers/check.c: When removing/resetting the timestamp file ignore the tty ticket contents. [b709f5667a0b] * plugins/sudoers/sudoers.c: delref sudo_user.pw, runas_pw and runas_gr immediately before we return. [4d67d15dfd3b] 2010-08-04 Todd C. Miller <[email protected]> * plugins/sudoers/check.c, plugins/sudoers/ldap.c, plugins/sudoers/match.c, plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Reference count cached passwd and group structs. The cache holds one reference itself and another is added by sudo_getgr{gid,nam} and sudo_getpw{uid,nam}. The final ref on the runas and user passwd and group structs are persistent for now. [e544685523c3] * doc/UPGRADE: fix typo [e32f2d35e6c9] 2010-08-03 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: Do not produce a warning for "sudo -k" if the ticket file does not exist. [1598f6061b75] * plugins/sudoers/pwutil.c: Instead of caching struct passwd and struct group in the red-black tree, store a struct cache_item which includes both the key and datum. This allows us to user the actual name that was looked up as the key instead of the contents of struct passwd or struct group. This matters because the name in the database may not match what we looked up, due either to case folding or truncation (historically at 8 characters). Also mark the disabled calls to sudo_freepwcache() and sudo_freegrcache() as broken since we use cached data for things like set_perms() and the logging functions. Fixing this would require making a copy of the structs for user and runas or adding a reference count (better). [225d4a22f60e] * plugins/sudoers/Makefile.in: Fix path to mkinstalldirs [b4968379b12d] * plugins/sudoers/check.c, plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec_pty.c, src/get_pty.c, src/tgetpass.c: Quiet gcc warnings on glibc systems that use warn_unused_result for write(2) and others. [c99f138960e0] 2010-08-02 Todd C. Miller <[email protected]> * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add %option noinput [72b9cd49b4f1] * aclocal.m4, configure, configure.in: Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when cross-compiling. [e385c176d0ee] 2010-07-31 Todd C. Miller <[email protected]> * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in: Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT and AC_CHECK_SIZEOF([long int]) instead of rolling our own. [cf3e60d9c440] 2010-07-29 Todd C. Miller <[email protected]> * pp: Update to latest version [32f93be33961] 2010-07-28 Todd C. Miller <[email protected]> * sudo.pp: Let pp determine pp_aix_version itself. [7cf0245d84ed] * INSTALL, config.h.in, configure, configure.in, mkpkg, plugins/sudoers/sudoers.c: Add support for Ubuntu admin flag file and enable it when building Ubuntu packages. [00e27cff2dfb] * plugins/sudoers/sudoers, sudo.pp: Add commented out SuSE-like targetpw settings [4605d47b7413] * configure, configure.in: Only try to use +DAportable for non-GCC on hppa [75d0f284ccf7] * configure, configure.in: Prevent configure from adding the -g flag unless in devel mode [b1fd3f8d45c0] 2010-07-27 Todd C. Miller <[email protected]> * sudo.pp: Go back to sudo-flavor to match existing packages and only use an underscore for those that need it. [d737069d1e1c] * sudo.pp: Use sudo_$flavor instead of sudo-$flavor since that causes the least amount of trouble for the various package managers. [71f547af35fc] * mkpkg: Fix handling of the ldap flavor Remove destdir unless --debug was specified Make distclean before running configure if there is a Makefile present [6316f08de7d3] * sudo.pp: Add back include file. [195627bf68b8] * mkpkg: Pass extra args on to configure on HP-UX, if we don't have the HP C compiler, disable zlib to prevent gcc from finding it in /usr/local/lib. [473efa0e2bac] * mkpkg: Use the HP ANSI C compiler on HP-UX if possible [fb249b6b175d] * plugins/sudoers/sudoreplay.c: Some getline() implementations (FreeBSD 8.0) do not ignore the length pointer when the line pointer is NULL as they should. [2410a1a3543c] * plugins/sudoers/sudoreplay.c: Don't need to check for *cp being non-zero, isdigit() will do that. [7df11ea8a487] * plugins/sudoers/sudoreplay.c: Add setlocale() so the command line arguments that use floating point work in different locales. Since sudo now logs the timing data in the C locale we must Parse the seconds in the timing file manually instead of using strtod(). Furthermore, sudo 1.7.3 logged the number of seconds with the user's locale so if the decimal point is not '.' try using the locale-specific version. [4d385765f23b] * src/exec.c: Do I/O logging in the C locale so the floating point numbers in the timing file are not locale-dependent. [5961cec044ec] * plugins/sudoers/sudoreplay.c: Use errorx() not error() for thingsthat don't set errno. [0fe5e692af84] 2010-07-26 Todd C. Miller <[email protected]> * pp: Better support for 1.2.3 style versions in Tru64 kits [997c549bb777] * sudo.pp: Add Tru64 kit support [e273a954f981] * pp: Remove apparently unnecessary use of sudo [be8840d85125] * Makefile.in, plugins/sudoers/Makefile.in: Create timedir as part of install-dirs target. [c736bc2fb14f] * src/exec_pty.c: Handle ENXIO from read/write which can occur when reading/writing a pty that has gone away. [fa2e8059879f] * plugins/sudoers/pwutil.c: sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL [3a045475d5ee] * mkpkg: platform is a pp flag not a variable [12eba39a47c1] * Makefile.in, mkpkg, sudo.pp: Add simple arg parsing for mkpkg so we can set debug, flavor or platform. [ada839fe252d] * pp: Make rpm backend work on AIX 5.x [549a76d11393] 2010-07-25 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers: Add commented out Defaults entry for log_output [7e67d7588900] 2010-07-23 Todd C. Miller <[email protected]> * doc/Makefile.in: Remove sudo docdir completely [dce8e82878ef] * doc/sample.sudo.conf: Add sample sudo.conf [aafdba3fc411] 2010-07-22 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: Add PACKAGE_TARNAME for docdir [930c92b8f8f0] 2010-07-23 Todd C. Miller <[email protected]> * src/Makefile.in: Pass install-sh -b~ here too. [c3f5eb446c38] * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Install binary files with -b~ to make a backup. Fixes "text file busy" error on HP-UX during install. [81f306f54f8c] * install-sh: "mv -f" on HP-UX doesn't unlink the destination first so add an explicit rm before moving the temporary into place. [fb719a79582d] * configure, configure.in: Some more ${foo} -> $(foo) conversion for consistent Makefiles. [0aa098770074] * doc/Makefile.in, plugins/sudoers/Makefile.in: Install sudoers2ldif in the doc dir [33ac3b53d7f5] 2010-07-22 Todd C. Miller <[email protected]> * pathnames.h.in: Add missing include of maillock.h for Solaris [5a58883be23a] * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE, doc/sample.syslog.conf, doc/sudoers.cat: Change the default syslog facility from local2 to authpriv (or auth if the operating system doesn't support authpriv). [3b70ba514f49] * Makefile.in, sudo.pp: Install sudoers as /etc/sudoers on RPM and debian systems where the package manager will not replace a user-modified configuration file. This fixes upgrades from the vendor sudo packages. [d886b6d60b5b] * pp: RPM: use %config(noreplace) instead of %config for volatile This results in the new file being installed with a .rpmnew suffix instead of the file being replaced and the old one renamed with a .rpmsave suffix. [58be2119f8e8] 2010-07-21 Todd C. Miller <[email protected]> * compat/mkstemps.c, plugins/sudoers/boottime.c: Include time.h for struct timeval [ddf8b04f0276] * src/exec_pty.c: The return value of strsignal() may be const and should be treated as const regardless. [620074ae1e77] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Mention that 127.0.0.1 will not match, nor will localhost unless that is the actual host name. [8b574122eb8f] * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE: Rename WHATSNEW -> NEWS [d1a2c8c47d89] * pp: Updated pp with latest patches [98e16b9b8f62] * WHATSNEW: Sync with 1.7.4 [65ac4dafeef7] * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/sudoers: Add commented out line to add HOME to env_keep and add a warning to the note about the HOME change in UPGRADE. [0d6a775bb6c8] 2010-07-20 Todd C. Miller <[email protected]> * plugins/sudoers/sudoreplay.c: Add LINE_MAX define for those without it. [446d9dbe7859] * INSTALL, WHATSNEW, config.h.in, configure, configure.in, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: The tty_tickets option is now on by default. [a01c48206d80] * WHATSNEW: Mention that AIX authdb support has been fixed. [87bd7f4eba6a] * common/aix.c: setauthdb() only sets the "old" registry if it was set by a previous call to setauthdb(). To restore the original value, passing NULL (or an empty string) to setauthdb() is sufficient. [470da190a254] 2010-07-19 Todd C. Miller <[email protected]> * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/env.c: Reset HOME when env_reset is enabled unless it is in env_keep [f421f8827340] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: The default for set_logname has been "true" for some time now. [f489da5674c3] * plugins/sudoers/boottime.c: Add missing include of time.h [624d7014932f] * plugins/sudoers/logging.c: Fix check for dup2() return value. [140ea2d50d20] * plugins/sudoers/env.c: Add PYTHONUSERBASE to initial_badenv_table [3149aae5b12c] * plugins/sudoers/visudo.c: Treat an unknown defaults entry as a parse error. [b3ebad73efb2] * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: Check return value of setdefs() but don't stop setting defaults if we hit an unknown one. [945e752239ab] * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in, plugins/sudoers/env.c: If env_reset is enabled, set the MAIL environment variable based on the target user unless MAIL is explicitly preserved in sudoers. [a1b03e2e0e96] 2010-07-17 Todd C. Miller <[email protected]> * pp: decode debian code names [8741280d9960] * WHATSNEW: fix typo [a8a19451110b] 2010-07-16 Todd C. Miller <[email protected]> * WHATSNEW: Merge with 1.7.4 [9348fa7e15b8] * src/sudo.c: Restore RLIMIT_NPROC after the uid switch if it appears that runas_setup() did not do it for us. Fixes a bash script problem on SuSE with RLIMIT_NPROC set to RLIM_INFINITY. [786fb272e5fd] 2010-07-15 Todd C. Miller <[email protected]> * mkpkg, pp, sudo.pp: Restore the dot removal in the os version reported by polypkg. Adapt mkpkg and sudo.pp to the change. [dcafdd53b88f] 2010-07-16 Todd C. Miller <[email protected]> * INSTALL: document --with-pam-login [ea93e4c6873c] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: The tag is NOSETENV, not UNSETENV. From Petr Uzel. [2ac90d8de36e] 2010-07-15 Todd C. Miller <[email protected]> * sudo.pp: Include flavor in solaris package name [e605f6364c9f] * mkpkg: Older shells don't support IFS= so set explictly to space, tab, newline. [7773960bc8a0] * mkpkg: Use '=' not '==' in test [c99d42bc48e6] * mkpkg: Fix typo that prevented debian from matching [84421078fcb7] * mkpkg: Add missing prefix setting for debian [6466f23de4aa] * sudo.pp: Use tab indents to reduce the chance of problem with <<- Fix the debian %set section, pp does not set pp_deb_distro Uncomment %sudo line in sudoers for debian Uncomment some env_keep lines for RHEL, SLES and debian to more closely match the vendor sudoers files. Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on debian for ldap flavor [c5b49feb1a0c] * plugins/sudoers/sudoers: Add commented out env_keep entries, sample Aliases and a %sudo line for debian. [387719e52d0f] * configure, configure.in: Move zlib check later on in the script to avoid a strange shell problem on SLES11. [1a3153bb1291] * configure.in: Remove check for egrep; configure has its own [a3b9d98cb5d2] 2010-07-14 Todd C. Miller <[email protected]> * mkpkg: Enable zlib for linux distros [8fa51a1405a4] * mkpkg: Add ldap flavor to default build [97644f5a555f] * mkpkg, sudo.pp: Simplify rpm linux distro settings [b9dcf10cdf20] * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat: Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo. [2c549c1acde9] * Makefile.in: Fix ChangeLog creation from build dir [3d0c7904f173] * plugins/sudoers/sudoers.c: Handle getcwd() failure. [aef7bef87394] * doc/Makefile.in, mkpkg, sudo.pp: Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR environment variable. [be6ed611b7a8] * sudo.pp: Create sudo group on debian [6ed6c032042e] * mkpkg, sudo.pp: Add debian 4/5/6 and use the dot when doing version matches [6bcb664d1f4f] * aclocal.m4, configure: Use a loop when searching for mv, sendmail and sh [d5e9369f8d13] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Remove spurious "and"; from debian [a21e6f7c5b99] * aclocal.m4, configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: Substitute the value of EDITOR into the sudoers and visudo manuals. [cd79e587dd7f] 2010-07-13 Todd C. Miller <[email protected]> * mkpkg, pp, sudo.pp: Initial support for debian 4.0 [ac6707915fa8] * mkpkg: Some platforms need -fPIE instead of -fpie [fd6be19e5bc2] * plugins/sudoers/auth/pam.c: Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. On Linux it causes a DNS lookup via libaudit. [1e10105ade5b] * MANIFEST: Update MANIFEST to match packaging changes [ef86ee557b5b] * sudo.psf: We now use pp to generate HP-UX packages [f7aa8da7844e] * INSTALL.binary, plugins/sudoers/Makefile.binary.in: Remove vestiges of old binary package bits. [afffd005452f] * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: install-man -> install-doc [99b5fa05567c] * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg, plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp: Use http://rc.quest.com/topics/polypkg/ for packaging [5ca8eb75b223] * install-sh: Just ignore the -c option, it is the default Add support for -d option [a8b6b0a131e8] 2010-07-12 Todd C. Miller <[email protected]> * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c: Use _PATH_STDPATH instead of _PATH_DEFPATH [137fa911908e] * plugins/sudoers/Makefile.in, src/Makefile.in: Do not strip binaries. [20166e287176] * INSTALL, configure, configure.in: Add --insults=disabled configure option to allow people to build in insult support but have the insults disabled unless explicitly enabled in sudoers. [523b8c552e90] * compat/mkstemps.c: Add prototype for gettime() [275eee40473b] * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c, plugins/sudoers/env.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add support for a sudo-i pam.d file to be used for "sudo -i". Adapted from a RedHat patch. [06d34f16520b] 2010-07-09 Todd C. Miller <[email protected]> * include/missing.h: Fix mkstemps() prototype [2421841e815b] * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c, config.h.in, configure, configure.in, include/missing.h, src/sudo_edit.c: Use mkstemps() instead of mkstemp() in sudoedit. This allows sudoedit to preserve the file extension (if any) which may be used by the editor (like emacs) to choose the editing mode. [d33172d2c086] 2010-07-08 Todd C. Miller <[email protected]> * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you should avoid disabling TLS_CHECKPEER is possible. [196622436212] 2010-07-07 Todd C. Miller <[email protected]> * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Make sudo_plugin format a bit more like a man page [048d596e32da] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Add suport for negated user/host/command lists in a Defaults entry. E.g. Defaults:!baduser noexec [d41112cf0342] * Makefile.in, common/Makefile.in, compat/Makefile.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Add uninstall target [fea66ebf136a] * common/Makefile.in, compat/Makefile.in: Remove unused AR, SED and RANLIB variables [2ff9928bfdb3] * Makefile.in: Do not install sample plugins [5443b87bd1c3] 2010-07-06 Todd C. Miller <[email protected]> * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure, configure.in, plugins/sudoers/env.c: Now that sudoers is a dynamically loaded module we cannot override the libc environment functions because the symbols may already have been resolved via libc. Remove getenv/putenv/setenv/unsetenv replacements from sudoers and add replacements for setenv/unsetenv for systems that lack them. [3f2b43cb8851] * configure, configure.in, plugins/sudoers/Makefile.in: Link testsudoers with -ldl when needed [f79606f9fcd7] * plugins/sample_group/plugin_test.c: Remove unused time.h and add limits.h for PATH_MAX [3f5d0074d621] * doc/sudoers.ldap.pod: Fix typo. [bc855fd57397] 2010-07-05 Todd C. Miller <[email protected]> * plugins/sample_group/plugin_test.c: Do not depend on strlcpy/strlcat [6e7e2b5af051] * plugins/sample_group/plugin_test.c: Standalone test driver for sudoers group plugin. [eb1235fc3b8e] 2010-07-02 Todd C. Miller <[email protected]> * plugins/sudoers/group_plugin.c, src/load_plugins.c: Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging aid. [2a34e616229b] * plugins/sample_group/sample_group.c: Fix style nit in function declarations [ab87c7c76bf9] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Document group_plugin syntax. [ed1faf72ddcb] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document the sudoers group plugin. [f19a62dc8cfc] * INSTALL, MANIFEST, Makefile.in, config.h.in, configure, configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h, plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c, plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c, plugins/sudoers/match.c, plugins/sudoers/nonunix.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c: Replace built-in non-unix group support with a sudoers group plugin. Include a sample plugin that can read Unix-format group files. [8fc58ce0b1a8] * configure, configure.in, src/load_plugins.c: Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage. [5c491dddb8ef] 2010-07-01 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Move sudoers-specific bits out of sudo(8) and into sudoers(5) [e8a5a5830cfe] * aclocal.m4, configure, configure.in: Substitute @io_logdir@ for the sudoers I/O log directory. [21a75ca7b0ab] 2010-06-29 Todd C. Miller <[email protected]> * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, compat/glob.c, compat/snprintf.c, config.h.in, configure, configure.in, include/fileops.h, plugins/sample/sample_plugin.c, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c, src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: Set usrinfo for AIX Set adminstrative domain for the process when looking up user's password or group info and when preparing for execve(). Include strings.h even if string.h exists since they may define different things. Fixes warnings on AIX and others. [cf8b93e872c9] * Makefile.in: Add a separate all target for AIX make which was using the entire LHS (not just the first entry) of the first target as the implicit target. [a45b980a01ef] * plugins/sudoers/env.c: Do not rely on env.env_len when unsetting a variable, just use the NULL terminator. [ca6eb239c829] * plugins/sudoers/env.c: In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008 [7046ba7caa4e] 2010-06-25 Todd C. Miller <[email protected]> * plugins/sudoers/vasgroups.c: Use warningx() instead of log_error() since the latter is not available to visudo or testsudoers. This does mean that they don't end up in syslog. [152b7c50f426] * plugins/sudoers/sudoers.c: Defer call to sudo_nonunix_groupcheck_cleanup() until after we have closed the sudoers sources. From Quest sudo. [c1cd573bab94] * plugins/sudoers/pwutil.c: Ignore case when matching user/group names in the cache. From Quest sudo. [2aa4ecc7d7f5] 2010-06-24 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, src/selinux.c: Add check for setkeycreatecon() when --with-selinux is specified. [affae247b4e0] * configure, configure.in: Error out if libaudit.h is missing or ununable when --with-linux- audit was specified [d82e743fac04] * doc/HISTORY, doc/history.pod: Add =head3 entries, mostly for the html version [ee93112d0308] 2010-06-22 Todd C. Miller <[email protected]> * doc/HISTORY, doc/history.pod: Mention when LDAP was incorporate. [2923dc17f79c] 2010-06-21 Todd C. Miller <[email protected]> * configure, configure.in: Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is not covered by _ALL_SOURCE. [c92fd69809d0] 2010-06-18 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Add a cast to quiet a compiler warning. [a200e07ee1bc] * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Quiet a compiler warning. [c9acfc927cea] * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: Call set_fqdn() after sudoers has parsed instead of inline as a callback. [5f4e5d075f2d] * WHATSNEW, plugins/sudoers/sudoers.c: Do not call set_fqdn() until sudoers parses (where is gets run as a callback). [09040fca6d40] * WHATSNEW: mention the change in tty ticket behavior when there is no tty [575a1fd98f05] * plugins/sudoers/check.c: Do not update tty ticket if there is no tty. [63f9c33ce6a7] * doc/LICENSE, doc/license.pod: Update copyright year [0722ab5d404b] * doc/Makefile.in: Do not rely on BSD make's $> [936a86398bd9] * configure, configure.in: Set timedir to /var/db/sudo for darwin to match Apple sudo's location [d5b9b03096f1] 2010-06-16 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.h: Add stub declarations for struct stat and struct timeval [f6d90551a4fd] * MANIFEST: Remove compat/sigaction.c [d0ed6d9a770e] * config.h.in, configure, configure.in, plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: Check for zlib.h in addition to libz. [6e191b4a6065] * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: Move functions and symbols shared between exec.c and exec_pty.c into sudo_exec.h. [14ae63403544] * doc/Makefile.in: Comment out rules to build .man.in and .cat files unless --with- devel [3cf7e5606a85] * doc/Makefile.in: Comment out rules to build .man.in and .cat files unless --with- devel [d30495b0e29e] * src/parse_args.c: Quote any non-alphanumeric characters other than '_' or '-' when passing a command to be run via the shell for the -s and -i options. [d633f74fe2d9] * doc/Makefile.in: Add back .man suffix [6e63b60a2739] * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, src/selinux.c: Add Linux audit support. [5a2f445e0bd4] 2010-06-15 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Remove an XXX [a170cbe651d1] * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, plugins/sudoers/sudoreplay.c: Add -f (filter) option to sudoreplay to allow certain streams to be replayed and others ignored. [62e51b432ea1] * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/tgetpass.c: Fix -A flag when askpass is specified in sudo.conf or if sudo doesn't need to read a password. [2e401e4a00e3] * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: Clean up some XXXs [689f0b002d3d] * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: Add support for multiple sudoers_base entries in ldap.conf. From Joachim Henke [e3e4a3c2bd5b] * config.h.in, configure, configure.in, plugins/sudoers/logging.c, src/exec_pty.c: remove setsid check, we require a POSIX system [cc73cb9e22c0] * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/tgetpass.c: Check for dup2() failure. [5d46d66794f5] * config.h.in, configure, configure.in: Remove dup2() check, it is not optional. [5f1d56de4384] 2010-06-14 Todd C. Miller <[email protected]> * WHATSNEW: sync with sudo 1.7.3 [88e5c0bd6d59] * INSTALL: SunOS does not ship with an ANSI compiler [f13c85c67069] * INSTALL: Update OS specific notes. Delete some really ancient ones and move older ones to the end of the list. [59ce592c4c52] * README: Sudo can be downloaded from the web site too Mention "OS dependent notes" section in INSTALL [191871538984] * src/exec_pty.c, src/selinux.c: Call selinux_restore_tty() as part of cleanup() so it gets called from error()/errorx() [bb017da6b6da] * MANIFEST, doc/PORTING: Remove obsolete porting guide [321e35591344] * plugins/sudoers/interfaces.h, plugins/sudoers/match.c: Move union sudo_in_addr_un into interfaces.h [b2c8b19ee094] * doc/Makefile.in: Remove useless circular dependencies [5682181b59cf] * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c: Convert to ANSI C function declarations [a4f76927d034] * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c, common/zero_bytes.c, compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c, compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, compat/strlcpy.c, compat/timespec.h, compat/utime.h, compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod, include/alloc.h, include/error.h, include/lbuf.h, include/list.h, include/missing.h, pathnames.h.in, plugins/sudoers/alias.c, plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/match.c, plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c, src/conversation.c, src/error.c, src/load_plugins.c, src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c: Update copyright year [26ac7991f7d8] * doc/Makefile.in: Fix commented DEVDOCS when not in devel mode. [e0a97eaf3793] * plugins/sudoers/match.c: Quiet a compiler warning. [b2a17ebd5d38] * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: Quiet a compiler warning. [687843bc593d] * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h: Make all functions in ldap.c static [b2111e89eeba] * doc/schema.ActiveDirectory: Updates from Alain Roy to provide better examples for importing the schema and to fix problems caused by Windows validating attributes which have not yet been added before committing the changes. [69f4c5ccaf89] 2010-06-11 Todd C. Miller <[email protected]> * configure, configure.in, doc/Makefile.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: Leave rules to build .man.in and .cat files uncommented but only make them part of the "all" rule in devel mode. Generate .cat files directly from .man.in instead of .man using default values in configure.in [c3054a44f6a5] * configure, configure.in: Bump sudo version to 1.8.0b1 [8f79c85135e1] * configure, configure.in, src/sudo.c, src/sudo_usage.h.in: Print configure args with verbose version information. [1ce690660ed2] * TODO, plugins/sudoers/visudo.c: Remove tfd from struct sudoersfile; it is not used. Add prev pointer to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE. Use tq_append to append sudoers entries to the tail queue. [1743f9a286e4] 2010-06-10 Todd C. Miller <[email protected]> * WHATSNEW: Describe tty timestamp improvements [e214e863a313] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: A comment character may not be part of a command line argument unless it is quoted with a backslash. Fixes parsing of: testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 [ea2e990f85ed] * doc/sudoers.pod: Make this read a little bit better when passwd_timeout is 0. [39d362757f31] * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod: Attempt to handle a default password prompt timeout of zero more gracefully. [ea47d43acf5b] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: Do not override value of keepopen global, instead restore it to the value we pushed onto the stack when popping. [fe282e5a3402] * plugins/sudoers/Makefile.in: Add dependency for utility programs on libreplace and libcommon [2339aba64928] * compat/sigaction.c, config.h.in, configure.in, include/compat.h, plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, src/exec.c, src/exec_pty.c, src/tgetpass.c: Remove sigaction emulation Use SA_INTERRUPT in sa_flags [7dd61f1bd8d2] * MANIFEST, config.h.in, configure, configure.in, include/missing.h: We don't use getgrouplist() at the moment so there's no need to provide a compat version. [1597536fbada] * TODO: sync with reality [9e1a874e7885] * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, src/conversation.c, src/sudo.h, src/tgetpass.c: Fix visiblepw sudoers option; the plugin API portion still needs documenting [60b6933ef5e0] * src/sudo.c: Print sudo version as well. [987ed459b459] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Use sudo_printf for I/O log version Clarify policy plugin version string [5a58b7e8c80b] * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c: Silence some compiler warnings [afb1eba90915] * src/load_plugins.c, src/tgetpass.c: Store askpass path in a global instead of uses setenv() which many systems lack. [b440bcc0e660] 2010-06-09 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/check.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c, src/tgetpass.c: Move askpass path specification from sudoers to sudo.conf. [5507ab867c26] * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: Use a flag bit in struct command_details for selinux instead of a separate field. [c59ca4acded9] * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: Implement background mode. If I/O logging we use pipes instead of a pty. [c07a4b356cbd] * compat/mksiglist.c, compat/strsignal.c, include/compat.h, src/exec.c, src/exec_pty.c, src/tgetpass.c: Move compat definition of NSIG to compat.h [ab0385467f25] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Mention plugins in the sudo manual and add some missing path substitution in the sudo_plugin manual. [570f831f47a3] * src/Makefile.in: Set _PATH_SUDO_CONF based on $(sysconfdir) [fde51869cf07] * common/lbuf.c, common/term.c, config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, src/ttysize.c: Require POSIX termios to build sudo [9ec6b41f3f95] * src/tgetpass.c: Ignore SIGPIPE for "sudo -S" [7ad27fde0c06] * src/tgetpass.c: Fix uninitialized variable in TGP_ECHO case and print a newline if the user interrupted password input. [ce19204d8dd4] * src/tgetpass.c: Make TGP_ECHO override TGP_MASK and don't try to restore the terminal if we didn't modify it. [a7e11abfe7e4] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, src/conversation.c, src/sudo.h, src/tgetpass.c: Add SUDO_CONV_PROMPT_MASK define which corresponds to the "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set. [e0550590cabe] * src/exec_pty.c: Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl [762448182fe3] 2010-06-08 Todd C. Miller <[email protected]> * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h: Add selinux_enabled flag into struct command_details and set it in command_info_to_details(). Return an error from selinux_setup() instead of exiting. Call selinux_setup() from exec_setup(). [011bea23a5a0] 2010-06-09 Todd C. Miller <[email protected]> * src/exec_pty.c: Remove commented out copy of old sudo_execve() function. [9c5e21380472] 2010-06-08 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Fix setting selinux type on command line. [814b20a0b3be] * plugins/sudoers/iolog.c: In sudoers_io_close(), skip NULL io_fds[] elements. [4011ff7d4daf] * include/compat.h: No longer need NGROUPS_MAX define [cae4c49d7077] * compat/nanosleep.c, config.h.in, configure, configure.in, include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c, plugins/sudoers/visudo.c, src/sudo_edit.c: Replace timerfoo macros with timevalfoo since the timer macros are known to be busted on some systems. [4f97d79f2d41] * src/exec_pty.c: Remove duplicate call to selinux_setup(). [82bd52764e21] * plugins/sudoers/auth/pam.c: If pam_open_session() fails, pass its status to pam_end. [1d8de4cf8ff3] * plugins/sudoers/toke.c, plugins/sudoers/toke.l: If a file in a #includedir has improper permissions or owner just skip it. This prevents packages that incorrectly install a file into /etc/sudoers.d from breaking sudo so easily. Syntax errors in #includedir files still result in a parse error (for now). [ade99a4549a4] * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/iolog.c: Add use_pty sudoers option to force use of a pty even when not logging I/O. [b280a8972a79] * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: Make env_init() void as it never fails. [d3890e55daa7] * plugins/sudoers/env.c: No longer use _NSGetEnviron so don't need crt_externs.h [9b4e0e139881] * plugins/sudoers/env.c: Remove unused VNULL define [a42cacb263e3] 2010-06-07 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Add #define for maximum session id [9e18c17a28c2] * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h: Split exec.c into exec.c and exec_pty.c [d52376327332] * MANIFEST: Sync with source file moves. [4a62c6c9e846] * src/Makefile.in, src/get_pty.c, src/pty.c: Rename pty.c -> get_pty.c [5696a12bd29b] 2010-06-06 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Only use I/O input log file if def_log_input is set and output file if def_log_output is set. [d866992f1681] 2010-06-04 Todd C. Miller <[email protected]> * compat/strsignal.c: Update copyright year [a96f2593fd4e] * src/pty.c: uid -> ttyuid [c3454d74ebcb] * plugins/sudoers/sudoers.c: For sudoedit, make a local copy of editor string si become part of argv. If no editor environment variable, split def_editor on ':' since it may be a colon-delimited path. [2ee298506a6e] * src/sudo_edit.c: Remove unneeded endpwent()/endgrent() [623f6743d101] * doc/Makefile.in: Use value of nroff from configure [b2ce649125ab] * src/exec.c: Add missing const to I/O log action function [d764a3955e04] * plugins/sudoers/check.c: Update copyright year and fix whitespace [e648c35b16be] * configure, configure.in: Fix typo [8e0bdfc47da4] * plugins/sudoers/iolog.c: Remove redundant tty signal blocking in log function. [f17f575dabd4] 2010-06-03 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Place static keyword where it belongs [b01aec7c86b4] * plugins/sudoers/logging.c: Always use a printf format string for send_mail() [13b1ada644c9] * common/atobool.c, plugins/sudoers/ldap.c: Extend atobool() so we can use it in the LDAP code. [73f8e6807044] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: Sudo now stashes tty ctime for tty_tickets on Solaris too. [e82df13ad3fd] * plugins/sudoers/boottime.c: Fix dummy version of get_boottime() [01d69c06013b] 2010-06-02 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: Enable tty_is_devpts() support for Solaris with the "devices" filesystem. [237c6b25fa84] * src/exec.c: Unbreak the non-io logging case. [4822b9f709fb] * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: Fix symbol name conflict with sudo_printf. [0d44eab0a8f6] * plugins/sudoers/auth/pam.c: Fix OpenPAM detection for newer versions. [1b2abed232d8] * plugins/sudoers/vasgroups.c: Sync with Quest sudo git repo [f1d98b3cba02] * aclocal.m4, configure, configure.in: HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check Add missing template for ENV_DEBUG Adapted from Quest sudo [695dbd7b28f4] * README.LDAP: Fix typos; from Quest Sudo [4eba9da33b8e] 2010-06-01 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: Add back -I$(top_srcdir); we need it for including compat/foo.h since we cannot rely on "foo.h" being found relative to the source file when the cwd is different. [bbf24695f325] * src/exec.c: Fix a bug where we could treat EAGAIN as a permanent error. Also set cstat if perform_io() returns an error. [200475c4326f] * common/alloc.c, plugins/sudoers/boottime.c, plugins/sudoers/sudoers.c: Add casts to quiet compiler warnings. [85eb1c336697] * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Fix typo in ternary operator usage. [6492ac1450e2] 2010-05-30 Todd C. Miller <[email protected]> * INSTALL, configure, configure.in: Add --enable-warnings and fix typo in SUDO_IO_LOGDIR [92121d693b30] * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: Update docs to match sudoers I/O logging changes [18d651989e49] * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in, pathnames.h.in, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/iolog.c, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c: Break sudoers transcript feature up into log_input and log_output. [db3c1248d2ad] * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Use setprogname() as needed. [6beee63a4553] * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: Adapt sudoreplay to iolog changes. [581f52c05f0f] 2010-05-29 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c: Log all input and output into separate files and store a number on each timing file line to indicate which file the data is in. [fb460c5273dd] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Make sudoers_io functions static to iolog.c [b2df3cc3eecb] 2010-05-28 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c, src/sudo_usage.h.in: Completely remove the -L flag from the sudo front end. [3d220030b720] * plugins/sudoers/sudoreplay.c: Fix EAGAIN handling when writing to stdout. [4766d77cea49] * plugins/sudoers/sudoers.c: Eliminate unused variables [83bd711e79c4] * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c: Re-enable cleanup functions in sudoers plugin and sudo driver for error()/errorx(). [43093f937dd8] * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: Use sudo_printf to display verbose version information. [435cc9f8d4a2] * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Minor Makefile cleanup: fix a typo, change the removal order in the clean targets, and remove a superfluous include path for the sudoers plugin. [6e3b2d6b4437] * plugins/sudoers/env.c: Handle duplicate variables in the environment. For unsetenv(), keep looking even after remove the first instance. For sudo_putenv(), check for and remove dupes after we replace an existing value. [c1bbb88d0435] 2010-05-27 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: Use explicit path to source file instead of $< for files that live in devdir and top_srcdir. [358ab7f6cc64] * plugins/sudoers/Makefile.in: Add explicit rules to compile gram.c and toke.c for HP-UX Pevent ending LIBSUDOERS_OBJS with a backslash [481a5c96d47e] * plugins/sudoers/Makefile.in, src/Makefile.in: Link libcommon before libreplace since libcommon may use functions only present in libreplace. [1847c496ff5b] * common/Makefile.in: Move code common to sudo and the sudoers plugin to a convenience library, libcommon. Removes the need to make links in the sudoers plugin dir and reduces re-compilation of duplicate object files. [4c8986352937] * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c, common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, configure, configure.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c, src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c, src/zero_bytes.c: Move code common to sudo and the sudoers plugin to a convenience library, libcommon. Removes the need to make links in the sudoers plugin dir and reduces re-compilation of duplicate object files. [1d1d98bd55b9] * src/exec.c, src/sudo.c, src/sudo.h: Rename script_execve to sudo_execve and rename script_foo in exec.c [a35ec80de96a] * MANIFEST, src/Makefile.in, src/exec.c, src/script.c: rename script.c exec.c and fix up the MANIFEST file [36bc3bff9578] * src/script.c, src/sudo.c, src/sudo.h: Rename script_setup() to pty_setup() and call from script_execve() directly. [899b0fb2a14d] * configure, configure.in: bump version to 1.8.0a2 [0b1c1ca9d4e5] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document init_session [b5324785a406] * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h: Clean up the sudoers auth API a bit and update the docs. [c40fd4cb6e68] * include/sudo_plugin.h, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/script.c, src/sudo.c: Add init_session function to struct policy_plugin that gets called before the uid/gid/etc changes. A struct passwd pointer is passed in,which may be NULL if the user does not exist in the passwd database.The sudoers module uses init_session to open the pam session as needed. [d71723320ee8] 2010-05-26 Todd C. Miller <[email protected]> * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add open/close session to sudo auth, only used by PAM. This allows us to open (and close) the PAM session from sudoers. [2665e2920d0d] * plugins/sudoers/Makefile.in: Add explicit rule to build getdate.o for HP-UX make. [7f049e989956] * plugins/sudoers/Makefile.in: Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c rules as an alternate way to prevent HP-UX make (and others) from trying to rebuild the parser in non-dev mode. [f84badad98c5] * plugins/sudoers/sudoers.c: Re-enable PATH_MAX check for command [40d8a50da136] * Makefile.in: For distclean, clean the main directory last since the subdirs need to be able to run libtool to clean things. [8949a9861634] * compat/Makefile.in: Fix generation of mksiglist.h [b7cdc9b36650] * src/script.c: Now that we defer sending cstat until the end of script_child() we cannot reuse cstat when reading command status from parent. [25c882643466] 2010-05-25 Todd C. Miller <[email protected]> * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: Use numeric registers to handle conditionals instead of trying to do it all with text processing. [478079c3fd4b] * doc/sudoers.pod: Document per-command SELinux settings [13840d566805] * plugins/sudoers/sudoers.c: Repair "sudo -l -U username" [10a0dcdf2ddf] * plugins/sudoers/sudoers.c: Set selinux role and type in command details. [8ae6d35a126d] * src/script.c, src/selinux.c, src/sudo.h: Rework SELinux support. [83279cc94bf2] 2010-05-24 Todd C. Miller <[email protected]> * src/script.c, src/selinux.c, src/sudo.h: Make SELinux support compile again. Needs more work to be complete. [3d3addebcf82] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c, src/sudo.h: Bring back closefrom settings. [b1c6257d4bbb] * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: If running a command or sudoedit in transcript mode, call io_nextid() before log_allowed() so the session id is logged. [c42f3ae40150] * configure, configure.in: Use mandoc(1) if nroff(1) is not present. [daad4bbd04af] * doc/Makefile.in: Use the --file argument to config.status instead of setting CONFIG_FILES in the environment. [c89411a8bf70] * plugins/sudoers/Makefile.in: We cannot conditionally update gram.h or the dependency ordering gets messed up in devel mode. [c938953231d9] 2010-05-21 Todd C. Miller <[email protected]> * Makefile.in, compat/Makefile.in, configure, configure.in, doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Substitute @SHELL@ into Makefiles [36aa6a095335] * config.sub: Fix typo [16d294d26b58] * config.guess, config.sub, configure, configure.in: Update to autoconf 2.65 [4fa6ea8caea3] * Makefile.in: Fix libtool target (space vs. tabs) [755cf3892618] * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c: Remove use of RETSIGTYPE; all modern systems have signal handlers that return void. [42b4e3aee668] * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Update to libtool-2.2.6b. I haven't made any local modifications this time, which should be OK since we install sudo_noexec.so by hand now. [6f79ced593bb] * compat/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Use libtool to clean objects [1581057d6472] * include/Makefile.in: Install sudo_plugin.h as part of "make install" and make other install targets callable from the top-level Makefile [aaaeb027d774] * configure, configure.in: regen with autoupdate to eliminate AC_TRY_LINK [5d5541c230f5] * Makefile.in, compat/Makefile.in, configure, configure.in, doc/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Install sudo_plugin.h as part of "make install" and make other install targets callable from the top-level Makefile [b258b8401b1c] * plugins/sample/sample_plugin.c: The sample plugin doesn't support being run with no args so return a usage error in this case. [473b3cf965be] * plugins/sudoers/iolog.c: Set close on exec flag for descriptors used for I/O logging so they are not present in the command being run. [2c7e8708df76] * plugins/sudoers/tsgetgrpw.c: Set close on exec flag in private versions of setpwent() and setgrent(). [64fef78cb833] * src/script.c: Close the I/O pipes aftering dup2()ing them to std{in,out,err}. Fixes extra fds being present in the command when it is part of a pipeline. [060451617713] * plugins/sudoers/sudoers.c: Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it is used when logging). Note that user_ttypath will still be NULL if there is no tty. [31b69a6ecda7] * src/script.c, src/sudo.h: Cosmetic changes: add comments, remove orphaned prototype and make a global static. [f7851af0143e] 2010-05-20 Todd C. Miller <[email protected]> * src/script.c: Move check for maxfd == -1 to flush_output where it belongs. [b826a95b4491] * src/script.c: Break out of select loop if all the fds we want to select on are -1. [f5b387024238] * src/sudo.c: Avoid possible malloc(0) if plugin returns an empty groups list. [9765a8fe5ce7] * src/sudo.c: Add debugging info when calling plugin close function [95a273c7ff66] * src/script.c: Avoid closing stdin/stdout/stderr when we are piping output. [330e76423caf] * src/script.c: When execve() of the command fails, it is possible to receive SIGCHLD before we've read the error status from the pipe. Re-order things such that we send the final status at the very end and prefer error status over wait status. [b0dcf825244f] 2010-05-19 Todd C. Miller <[email protected]> * plugins/sudoers/auth/sudo_auth.c: Fix compilation for non PAM/BSD auth/AIX auth [e382b39d2e4f] 2010-05-18 Todd C. Miller <[email protected]> * src/script.c: Additional checks to make sure we don't close /dev/tty by mistake. When flushing, sleep in select as long as we have buffers that need to be written out. [8139cbd3dd54] * src/script.c: Now that we can use pipes for stdin/stdout/stderr there is no longer a need to error out when there is no tty. We just need to make sure we don't try to use the tty fd if it is -1. [666621635d26] 2010-05-17 Todd C. Miller <[email protected]> * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c: Add argc and argv to I/O logger open function. [0d7faa007d27] * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c, src/sudo_edit.c: Remove check_sudoedit function pointer in struct sudo_policy. Instead, sudo will set sudoedit=true in the settings array. The plugin should check for this and modify argv_out as appropriate in check_policy. [c0328e3276b8] 2010-05-16 Todd C. Miller <[email protected]> * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: If plugin sets "sudoedit=true" in the command info, enable sudoedit mode even if not invoked as sudoedit. This allows a plugin to enable sudoedit when the user runs an editor. [96d67b99e42e] 2010-05-15 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: gram.h must not depend on gram.y if we want to avoid unnecessary rebuilding of targets dependent on gram.h when gram.y changes. [9db4b767fdca] * plugins/sample/sample_plugin.c: Refactor common bits of check_policy and check_edit [ac4d366a04cf] * plugins/sample/sample_plugin.c: Add sudoedit support [a1a6cc4c0cef] 2010-05-14 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in: Rely more on VPATH; fixes a dependency issue with the parser. [45e406ebdea2] * include/compat.h: Fix typo introduced in last commit [3ccb0f853d11] * include/compat.h: Emulate seteuid using setreuid() or setresuid() as needed. There are still a few places that call seteuid() directly. [36e8efa3a99d] * src/parse_args.c, src/sudo_edit.c: Attempt to fix building on systems that only have setuid. [8e9ba4083318] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Clarify sudoedit a tad. [d39dfaa14ade] 2010-05-13 Todd C. Miller <[email protected]> * src/sudo_edit.c: Fix compilation on HP-UX [f6e47843d139] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document sudoedit [4cbf5196d993] * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: Change how we handle the sudoedit argv. We now require that there be a "--" in argv to separate the editor and any command line arguments from the files to be edited. [20623d549a3c] * include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: Work in progress support for sudoedit. The actual interface used by the plugin for sudoedit is likely to change. [c31262a31997] * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: Make find_path() a little more generic by not checking def_foo variables inside it. Instead, pass in ignore_dot as a function argument. [9c23101a094d] * plugins/sudoers/env.c: Add version of getenv(3) that uses our own environ pointer. [0e3783e63534] 2010-05-12 Todd C. Miller <[email protected]> * src/script.c: Avoid a potential race condition if SIGCHLD is received immediately before we call select(). [99adc5ea7f0a] * plugins/sudoers/sudoers.c: Call env_init() before we open the sudoers sources as those may call our setenv() replacement. [5f82601f5ab0] * plugins/sudoers/env.c: Initialize env_len in env_init() [7ae02b3029b5] 2010-05-11 Todd C. Miller <[email protected]> * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: Document time stamp shortcomings under SECURITY NOTES Use "time stamp" instead of timestamp. [2b86120815b2] * doc/Makefile.in: Make sed substitution of mansectsu and mansectform global. [94588632dba0] * plugins/sudoers/check.c: If the tty lives on a devpts filesystem, stash the ctime in the tty ticket file, as it is not updated when the tty is written to. This helps us determine when a tty has been reused without the user authenticating again with sudo. [0e62a31bceb0] * src/tgetpass.c: Fix pasto in mulitple signal fix and use _NSIG not NSIG since that is what our compat checks set. [df50f0a040c9] * configure, configure.in: Add check for whether sudo need to link with -ldl to get dlopen(). This is a bit of a hack that will get reworked when libtool is updated. [63bdcf579533] * plugins/sudoers/check.c: Fix timestamp removal with -k/-K [6b4639fef973] * plugins/sudoers/Makefile.in: audit.c is now private to the sudoers plugin [1974f342ae0b] * configure, configure.in: Link with -lpthread on HP-UX since a plugin may be linked with -lpthread and dlopen() will fail if the shared object has a dependency on -lpthread but the main program is not linked with it. [d42139391263] * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c: Add separate test for getresuid() since HP-UX has setresuid() but no getresuid(). [910fe727a374] * doc/Makefile.in: Remove errant backslash [dd5464257c69] * src/script.c: Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout we need to pass any SIGPIPE we receive to the running command. [3f6b1991f4fd] * src/script.c: Also start the command in the background if stdin is not a tty. [d93bc33a3740] 2010-05-10 Todd C. Miller <[email protected]> * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c: No need to use pseudo-cbreak mode now that we use pipes when stdout is not a tty. Instead, check whether stdin is a tty and if not, delay setting the tty to raw mode until the command tries to access it itself (and receives SIGTTIN or SIGTTOU). [e68315cf8c6b] * src/tgetpass.c: Use an array for signals received instead of a single variable so we don't lose any when there are multiple different signals. [2ac726dac864] * src/tgetpass.c: Do signal setup after turning off echo, not before. If we are using a tty but are not the foreground pgrp this will generate SIGTTOU so we want the default action to be taken (suspend process). [bebb6209c795] 2010-05-07 Todd C. Miller <[email protected]> * src/script.c: Flush the iobufs on suspend or child exit using the same logic as the main event loop. [c627feee1035] * src/script.c: Free memory after we are done with it. [8db9b611b45a] 2010-05-06 Todd C. Miller <[email protected]> * doc/HISTORY: Quest now sponsors Sudo development [6cc490083bc7] 2010-05-05 Todd C. Miller <[email protected]> * doc/Makefile.in: Install sudo_plugin man page. [c253729790b2] * src/script.c: Go back to reseting io_buffer offset and length (and now also the EOF handling) in the loop we do the FD_SET, not after we drain the buffer after write() since we don't know what order reads and writes will occur in. [5f38bfa8497f] * MANIFEST: audit files moved to sudoers plugin directory [b1ead182428e] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document plugin_printf and new logging functions. [fe9430b60ab5] * src/script.c: Add support for logging stdin when it is not a tty. There is still a bug where "cat | sudo cat" has problems because both cat and sudo are trying to read from the tty. [04c9c59fcfba] * include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, src/script.c: Add separate I/O logging functions for tty in/out and stdin/stdout/stderr. NOTE: stdin logging does not currently work and is disabled for now. [a36dfd4ca935] 2010-05-04 Todd C. Miller <[email protected]> * include/sudo_plugin.h, plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: Add pointer to a printf like function to plugin open functon. This can be used instead of the conversation function to display info and error messages. [98734eea8ef1] * Makefile.in: Stop if make in a subdir fails [228bb3ad2dbc] * src/script.c: Only set user's tty to blocking mode when doing the final flush. Flush pipes as well as pty master when the process is done. [20ff67218666] 2010-05-03 Todd C. Miller <[email protected]> * plugins/sudoers/ldap.c: Use print_error() when displaying ldap config info in debugging mode. [d142e0cacb22] * compat/Makefile.in, compat/strdup.c, compat/strndup.c: No longer need strdup() or strndup() replacements. [df53697174ec] * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, plugins/sudoers/sudoers.h: Add print_error() function that uses the conversation function to print a variable number of error strings and use it in log_error(). [b1fa2861b575] * src/script.c, src/sudo.h, src/term.c: Do not need the opost flag to term_copy() now that we use pipes for stdout/stderr when they are not a tty. [f42811f70a19] * src/script.c: Use pipes to the sudo process if stdout or stderr is not a tty. Still needs some polishing and a decision as to whether it is desirable to add additonal entry points for logging stdout/stderr/stdin when they are not ttys. That would allow a replay program to keep things separate and to know whether the terminal needs to be in raw mode at replay time. [1a945e0ab2da] 2010-04-30 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, src/audit.c, src/bsm_audit.c, src/bsm_audit.h: Move audit sources into the sudoers plugin dir; the driver does not use them. [50ec36422cd0] * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c, compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c, plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c, src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c, src/term.c, src/ttysize.c: Use angle brackets when including headers that can only be found when an -I flag is specified. The files in the compat dir could get away with double quotes here but I've converted all the source files to use angle brackets for consistency. [9e30a8fc6d4b] * plugins/sudoers/Makefile.in: Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat dir can be found when building outside the source tree. [1150934b79dd] * plugins/sudoers/Makefile.in: Clean up links in distclean [78595028be8b] * plugins/sudoers/Makefile.in: Hack around VPATH semantic differences by symlinking files we need from ../../src into the current directory and build those. A better fix would be to either make a .a or .la file with those files in it or simply use a single, flat, Makefile instead of per-subdirs Makefiles. [892c332d3f05] * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c: fmt_string is used by the sudoers plugin too so do not include sudo.h (which is not really needed here anyway) [231c35e3941f] * compat/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Fix building with non-BSD versions of make such as GNU make. Requires VPATH support, which should be in any non-neolithic make. [dc174f135919] * configure, configure.in, plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, src/Makefile.in: Re-enable bsm audit. Currently auditing is done within the sudoers plugin itself. If possible, this should really be done in the main driver but we don't presently have the needed data to do that. This will be re-evaluated when Linux audit support is added. [1d05a3236bfe] * compat/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Remove extraneous $srcdir and use more .c.lo and .c.o rules instead of explicit rules in the dependency. [88f80efd25f0] * plugins/sudoers/visudo.c: Fix mismerge; alias_remove_recursive() now returns int [6257a4849641] 2010-04-29 Todd C. Miller <[email protected]> * plugins/sudoers/visudo.c: Fix a crash when checking a sudoers file that has aliases that reference themselves. Based on a diff from David Wood. [545d194484a7] * src/script.c: Print signal info after restoring the tty mode, not before. [a68618e67435] * src/script.c: Defer call to alarm() until after we fork the child. Pass correct pid to terminate_child() If the command exits due to signal, set alive to false like we do when it exits normally. Add missing check for errpipe[0] != -1 before using it in FD_ISSET [22f0a1549391] 2010-04-28 Todd C. Miller <[email protected]> * plugins/sudoers/boottime.c: Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h [0e627170c6e8] 2010-04-27 Todd C. Miller <[email protected]> * src/Makefile.in: Simplify dependencies by using .c.o and .c.lo rules. [6abcaef5d1ac] * configure, configure.in, plugins/sudoers/Makefile.in, src/Makefile.in: Substitute in @PROGS@ into src/Makefile to add sesh [cc46d3b6208f] 2010-04-26 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Add back calls to log_denial() if sudoers does not allow the command. [9783316207f0] * plugins/sudoers/sudoers.c: Pass in correct pwflag for list and validate. [973dd56d4b81] * plugins/sudoers/env.c: Add missing check for NULL in validate_env_vars [1d6eb6957824] * src/Makefile.in: Add sudo_noexec.la to "all" target, otherwise it only gets built at install time. [644a9694d2ef] * plugins/sudoers/sudoers.c: Only set sudo_user.env_vars if the env_add list is empty. [fccdf6f0e0e2] * plugins/sudoers/sudoers.c: Set sudo_user.env_vars so that environment variables specified on the command line get logged correctly. [9b51012c491e] * plugins/sudoers/env.c, plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Re-enable environment files and setting environment variables on the command line. [5662d5645dbd] 2010-04-24 Todd C. Miller <[email protected]> * plugins/sudoers/check.c: Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime() a pointer to time_t as tv_sec in struct timeval may be long. [4de0c46e788e] * plugins/sudoers/check.c: Don't stash ctime in on-disk tty ticket info for now; on many (most?) systems the ctime is updated when the tty is written to. Once I have a better idea of what systems do not update ctime on ttys (and have a way to test for this) the ctime stash will be conditionally re-enabled. [a90eeec0f648] 2010-04-23 Todd C. Miller <[email protected]> * MANIFEST, Makefile.in: Add back "dist" target, this time using a MANIFEST file [29277c05499f] * Makefile.in: Remove Makefile in distclean target [83d695f4f450] * Makefile.in, src/Makefile.in: Update clean and cleandir targets [ad7b2afeb9c1] * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c, src/sudo.h: Move fileops.c defines and prototypes to filesops.h [4545e9b6892d] * plugins/sudoers/check.c: Lock the tty timestamp when writing. We shouldn't have to lock when reading since the file is updated via a single write system call. [0c7276f02696] 2010-04-22 Todd C. Miller <[email protected]> * plugins/sudoers/alias.c, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: Convert to ANSI C function declarations [9c45def57cf7] * plugins/sudoers/sudoers.h: Remove extraneous bits and classify by source file. [e8ea9f109ebb] * include/compat.h: Add timercmp macro for systems without it [d3bf87b1d08e] * plugins/sudoers/boottime.c, plugins/sudoers/check.c, plugins/sudoers/sudoers.h: get_boottime() now fills in a timeval struct [3573c3f44e11] * plugins/sudoers/check.c: Store info from stat(2)ing the tty in the tty ticket when tty tickets are in use. On most systems, this closes the loophole whereby a user can log out of a tty, log back in and still have the timestamp be valid. [53380f9f5242] * config.h.in, configure.in: Add timespec2timeval and use it when getting ctime/mtime [4cb7f7caec2c] 2010-04-20 Todd C. Miller <[email protected]> * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: Convert perm setting to push/pop model; still needs some work Use the stashed runas groups instead of using getgrouplist() Reset perms to the initial value on error [09c072ebde8b] * config.h.in, configure.in: fix ctim_get and mtim_get macros [58773dc1e360] * config.h.in, configure, configure.in, include/compat.h, plugins/sudoers/check.c, plugins/sudoers/gettime.c, plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c: Use timeval directly instead of converting to timespec when dealing with file times and time of day. [a0ce1ae00a67] * plugins/sudoers/Makefile.in: Don't like sudoreplay with libsudoers.la due to a yacc symbol conflict. [f1a59cc63a15] 2010-04-18 Todd C. Miller <[email protected]> * configure, configure.in: Darwin >= 9.x has real setreuid(2) [7ec942a64275] 2010-04-17 Todd C. Miller <[email protected]> * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: Ansify env.c [f58551bad10a] * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Remove remaining references to the environ pointer. [96faa530816a] 2010-04-16 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, plugins/sudoers/env.c: Don't change the environ directly in the sudoers plugin [6db48ed3f7e0] 2010-04-15 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Fix typo [4aa452b07f8f] * plugins/sudoers/alias.c: Fix use after free in error message when a duplicate alias exists. [ce1d2812ee34] 2010-04-14 Todd C. Miller <[email protected]> * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, src/parse_args.c: Add a "noninteractive" boolean to the settings passed in to the plugin's open function that is set when the user specifies the -n flag. [68f8d9d6d4d0] * config.h.in, configure, configure.in, plugins/sudoers/env.c: Add workaround for the lack of the environ pointer on Mac OS X in dlopen()ed modules. Use of environ in the sudoers plugin should ultimately be removed but this will do for the moment. [80c61647434f] * plugins/sudoers/visudo.c: Set errorfile to the sudoers path if we set parse_error manually. This prevents a NULL dereference in printf() when checking a sudoers file in strict mode when alias errors are present. [45e249ca99f7] * plugins/sudoers/sudoers.c: Main sudo no longer print "unable to execute" on exec failure so do it here. [50aaf62b43b5] 2010-04-13 Todd C. Miller <[email protected]> * src/script.c: Use a pipe to pass back errno to the parent if execve() fails. If we get an error in script_child(), kill the command and exit. [dc3bf870f91b] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, src/parse_args.c, src/sudo.c: Handle plugin's open function returning -2 (usage error). [aadf900c1de8] * src/script.c: If execve() fails, leave it to the plugin to print an error string. [e25748f2d5b9] * src/script.c: If execve fails in logging mode, pass the errno directly to the grandparent on the backchannel and exit. The immediate parent will get SIGCHLD and try to report that status but its parent will no longer be listening. It would probably be cleaner to pass this over a pipe in script_child(). [cb122acc81a8] * plugins/sudoers/sudoers.c: Don't override rval with results of check_user() unless it failed. [46fb7e87ac7d] 2010-04-12 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Fix typo [ccd0b693f3da] * src/parse_args.c: NULL-terminate env_add [2c534368a0c3] 2010-04-11 Todd C. Miller <[email protected]> * src/sudo.c: Call the I/O log open function before the I/O version function. [e88bf898990b] * plugins/sudoers/iolog.c: Remove io_conv and just use sudo_conv [a280052468eb] * plugins/sudoers/set_perms.c: Fix set/restore perms for systems w/o setresuid [4160517f6666] 2010-04-10 Todd C. Miller <[email protected]> * plugins/sudoers/check.c, plugins/sudoers/logging.c, plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Primitive set/restore permissions. Will be replaced by a push/pop model. [aae102290866] * src/script.c: Only need to take action on SIGCHLD in parent if no I/O logger. If there is an I/O logger we will receive ECONNRESET or EPIPE when we try to read from the socketpair. [e1e4560401f6] 2010-04-09 Todd C. Miller <[email protected]> * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/find_path.c: Merge fb4d571495fa from the 1.7 branch to trunk. [c8fb424ad4d2] 2010-04-08 Todd C. Miller <[email protected]> * src/script.c: Don't set SA_RESTART when registering SIGALRM handler. Do set SA_RESTART when registering SIGWINCH handler. [173472b76525] * doc/Makefile.in: Add dev targets for *.man.in and *.cat that don't specfify the $(srcdir) prefix. [b62f425da2e4] * src/script.c: If log_input or log_output returns false, terminate the command. [074f4c0c34a0] * src/script.c: Better signal handling. Instead of using a single variable to store the received signal, use an array so we can't lose a signal when multiple are sent. Fix process termination by SIGALRM in non-I/O logger mode. Fix relaying terminal signals to the child in non-I/O logger mode. [7a4723aca99d] * src/script.c: Fix a race between when we get the child pid in the parent and when the child process exits. The problem exhibited as a hang after a short-lived process, e.g. "sudo id" when no IO logger was enabled. [80bcc0aca70b] 2010-04-07 Todd C. Miller <[email protected]> * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: Add a note about the security implications of the fast_glob option. [c37a92ab7c93] 2010-04-06 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in: Fix up some AC_DEFINE descriptions and regen config.h.in [f4655adc0db3] 2010-04-05 Todd C. Miller <[email protected]> * include/missing.h: No longer check for strdup or strndup for LIBOBJ replacement. [fdc764ee8109] * src/script.c: Avoid installing signal handlers that are io-logger specific. Fixes job control when no io logger is enabled. [0853dd0906d4] * doc/Makefile.in: Only regen man pages from pod when configured with --with-devel [ab1995f8103d] 2010-04-04 Todd C. Miller <[email protected]> * Makefile, Makefile.in, configure, configure.in: Top-level Makefile.in. Nothing is currently substituted but this is needed for separate build dirs. [e80873cbd201] * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Fix out-of-tree builds [59a35bef07b8] * Merge [386b848047e9] * doc/Makefile.in: We always install sudoreplay in 1.8 [ce52ba6617c9] 2010-04-03 Todd C. Miller <[email protected]> * compat/siglist.in: SIGPOLL is sometimes the same as SIGIO (like on HP-UX) [6d69e1b05faf] 2010-04-02 Todd C. Miller <[email protected]> * configure, configure.in: No need to provide strdup() or strndup(), sudo uses estrdup() and estrndup() [57ec23b72958] 2010-04-04 Todd C. Miller <[email protected]> * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: Free str after using it in the version method. Use sudo_conv, not io_conv since we don't have the IO conversation function pointer in the I/O version method anymore now that io_open is delayed. [f2ed132adeb0] 2010-04-02 Todd C. Miller <[email protected]> * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, compat/siglist.in: Add license to mksiglist.c and note that the bits from pdksh are public domain [d8121a2467e8] * compat/Makefile.in: Fix LIBOBJDIR vs. srcdir wrt the siglist bits [164160148421] * plugins/sudoers/Makefile.in: Add sudoreplay testsudoers and visudo to clean target [138a17e51c0c] * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, compat/siglist.in, compat/strsignal.c, configure, configure.in, include/missing.h, src/script.c: Create our own sys_siglist for systems without it for use by strsignal() [2e5da011ebc3] * compat/Makefile.in: Remove duplicate $(LIBOBJDIR) [adf9abc9432f] 2010-04-01 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c: Main sudo should not block signals; the plugin should do this in check_policy. [3f3736a7c5ed] 2010-03-31 Todd C. Miller <[email protected]> * src/script.c: Fix a sizeof(ptr) vs. sizeof(*ptr) [aa1bcf5afcce] * src/script.c: Unlike most operating systems, HP-UX select() is not interrupted by SIGCHLD when the signal is registered with SA_RESTART. If we clear SA_RESTART when calling sigaction() for SIGCHLD we get the expected behavior and the code in the select() loops already handles EINTR correctly. [9eba0115e35a] * compat/getprogname.c: progname should be const [130228f062b7] * plugins/sudoers/Makefile.in: Move --tag=disable-static to when we link sudoers.la, not when we install. [ceb5e6c3b78b] * src/load_plugins.c: Load the sudoers I/O plugin by default too now that it is hooked up. [ea38befd0742] 2010-03-30 Todd C. Miller <[email protected]> * src/pty.c: It looks like AIX doesn't need to push STREAMS modules for ptys. [22da618ba0a1] 2010-03-28 Todd C. Miller <[email protected]> * src/parse_args.c, src/sudo.c: Delay calling the I/O plugin open function until the policy plugin returns success. [f3297c325b48] 2010-03-27 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add back io logging (transcript) support. Currently, the open function runs too early and it is not possible to use the io module independently of the policy module. [9bd932f66226] * plugins/sudoers/set_perms.c: Comment out dead code; will be removed when set_perms is rewritten. [af7a995284f8] 2010-03-23 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Fix off by one error when allocating user_groups. [6281fcf9c3bb] 2010-03-22 Todd C. Miller <[email protected]> * configure, configure.in, plugins/sudoers/Makefile.in: Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris. [fbce3e9eda3a] * plugins/sudoers/sudoers.c: Fix typo in preserve groups case [1fd72024fb5a] * plugins/sudoers/sudoers.c: In command_info it is "runas_groups" not "groups". [5c64dce4f285] * src/sudo.c: Fix iteration over runas_groups list. [b3c45a0cd643] * configure, configure.in, plugins/sudoers/env.c, plugins/sudoers/match.c, src/script.c: Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch. [a8108a0776c2] * compat/getgrouplist.c: getgrouplist(3) for those without it [4ab4d21e3b16] * plugins/sudoers/sudoers.c: Set preserve_groups or groups list in command_info [1266119ad654] * src/sudo.c: Fix setting of groups list [e75315e40bd4] * config.h.in, configure, configure.in, include/compat.h, include/missing.h: Add checks for getgrset and getgrouplist and use replacement getgrouplist if the system doesn't support it. [a62b8ba50863] * src/parse_args.c: Pass in preserve_groups when the -P flag is specified as per the design [7420c5d15474] * plugins/sudoers/sudoers.c: Check preserve_groups and ignore_ticket args with atobool instead of assuming they are true if present. [71c905702697] 2010-03-21 Todd C. Miller <[email protected]> * plugins/sudoers/Makefile.in, plugins/sudoers/error.c, plugins/sudoers/plugin_error.c: Rename plugin-specific error.c to plugin_error.c Wire up visudo, sudoreplay and testsudoers in the build [9d581d5fa4d4] * src/Makefile.in, src/term.c: term.c does not needto include sudo.h [f6683cdcd2dd] * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document the -2 return in the check_policy section too [e9cb4c34bbcf] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo.c, src/sudo.h: Fix the -s and -i flags and add support for the "implied_shell" option. If the user does not specify a command, sudo will now pass in the path to the user's shell and set impied_shell=true. The plugin can them either check the command normally or return -2 to cause sudo to print a usage message and exit. [bf889c38f229] 2010-03-19 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, src/load_plugins.c: Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for Darwin where libraries end in .dylib but modules end in .so [2c56aaa38e21] * plugins/sudoers/parse.c: Better prefix determination now that we can't rely on len==0 to tell the beginning on an entry. [622bf18179e9] * plugins/sudoers/ldap.c: display_bound_defaults() stub should return 0, not 1 since it is a count, not a boolean. [0327a6c3d55d] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document progname in settings [42031d56a2e3] * compat/getprogname.c, include/compat.h, plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: Rewrite compat/getprogname.c and add setprogname(). The progname is now passed to the plugin via the settings array. [25d8663e6006] * configure, configure.in, plugins/sudoers/Makefile.in: Fix --with-ldap [b64b633f426d] * plugins/sudoers/sudo_nss.c: Add missing whitespace for Runas and Command-specific defaults [65f4ddf5545e] * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: Use embedded newlines in lbuf instead of multiple calls to lbuf_print. [eed3af9cc3e1] * src/lbuf.c: Add support for embedded newlines. [e11f79b18deb] 2010-03-18 Todd C. Miller <[email protected]> * compat/getprogname.c: If system doesn't support getprogname or __programe and we are building a shared object don't bother with Argc/Argv, just return "sudo" [aebde9062be7] * config.h.in, configure, configure.in, src/load_plugins.c: Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool appears to always install a shared object with the .so suffix. [f9bbd0c0e9d3] * compat/Makefile.in, configure, configure.in, plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: Play more nicely with libtool and let it build libreplace (was libmissing) for us. [a4c6ebb2495c] * include/missing.h: Include stdarg.h for va_list rather than requiring all consumers of missing.h to include stdarg.h themselves. [37382df948de] * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, src/parse_args.c: Pass in output function to lbuf_init() instead of writing to stdout. A side effect is that the usage info can now go to stderr as it should. [6d261261a072] 2010-03-17 Todd C. Miller <[email protected]> * include/lbuf.h, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, src/parse_args.c, src/sudo.c: Use number of tty columns that is passed in user_info instead of getting it directly in the lbuf code. [8a16635c2638] * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/env.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/match.c, plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c: Kill __P in sudoers [63601e6cb171] * config.h.in, configure, configure.in, src/load_plugins.c: Set the sudoers plugin name in configure so we get the extension right. [edad89924cd1] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document lines/cols in user_info [a808872394f3] * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c: Add tty size to user info [23f3d27e77a7] * src/script.c: Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ [a2208dd09051] 2010-03-16 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c: Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error out if we fail to lookup the user's name that is passed in [e4e3728ed482] * plugins/sudoers/error.c: Pass the error value back via siglongjmp. [667b8ad575ce] * plugins/sudoers/check.c: Use conversation function for lecture. [1ab4719f509b] * plugins/sudoers/check.c: Don't update ticket file if verify_user returns FALSE. [2bbc46a39a2b] 2010-03-15 Todd C. Miller <[email protected]> * plugins/sudoers/sudoers.c, src/sudo.c: Wire up invalidate and validate methods for sudoers [c0630c7bca47] * plugins/sudoers/check.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: Add support for -k flag with a command. [edad239b098b] * src/parse_args.c: Allow -k to be specified with a command. [43a45add9974] * plugins/sudoers/sudoers.c: Wire up policy_list [27cc35699eca] * plugins/sudoers/error.c: Add newline at the end of message and space after the colon in warning message [5a591aa8e744] * plugins/sudoers/auth/sudo_auth.c: Add missing newline after pass password warning [337dba3870a7] * plugins/sudoers/sudoers.c: Set user_groups and user_ngroups based on user_info [61bee85128c8] * plugins/sudoers/error.c: Make this compile [7041c441e1c8] * plugins/sudoers/error.c, plugins/sudoers/sudoers.c: Make _warning in error.c use the conversation function and remove commented out warning/warningx in sudoers.c. [7c9b09024b63] * plugins/sudoers/logging.c: Use siglongjmp() in log_error for fatal errors [b50e26f1c73f] * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in: Quiet a libtool warning [b2331fb006bc] * Makefile: Build sudoers plugin [5cdf06e66978] * plugins/sudoers/gram.c, plugins/sudoers/gram.y: Use warningx in yyerror() so the conversation function gets used when built as part of sudoers. [85f964215eef] 2010-03-14 Todd C. Miller <[email protected]> * plugins/sudoers/auth/pam.c: Rename sudo_conv to conversation to avoid a namespace conflict. [1ad359d36be9] * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, plugins/sudoers/defaults.c, plugins/sudoers/env.c, plugins/sudoers/error.c, plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: Initial bits of sudoers plugin; still needs work. [af2a2c59a952] * config.h.in: Add HAVE_STRDUP and HAVE_STRNDUP [50a3c0dd510f] * compat/Makefile.in, configure, configure.in: Build libmissing in two flavors (one PIC one non-PIC) and link with the appropriate one. [b62f411a4c18] * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in: Build libmissing in two flavors (one PIC one non-PIC) and link with the appropriate one. [e1e04972b5fe] 2010-03-13 Todd C. Miller <[email protected]> * include/missing.h: Add strdup and strndup and fix strsignal [c159babe2896] 2010-03-12 Todd C. Miller <[email protected]> * compat/strdup.c, compat/strndup.c, configure, configure.in, plugins/sample/Makefile.in, src/Makefile.in: Add strdup and strndup to compat [25c9fd399a4d] * plugins/sample/sample_plugin.c: Need to include compat.h before missing.h [c94f7aad380f] * compat/strsignal.c: Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if it doesn't exist configure will set it to 0. [384580566389] * compat/glob.c: Fix botched ANSI C coversion of globexp2() [4a344b8cbe49] * configure, configure.in: Remove redundant getgroups check [0b16ec210c81] * configure, configure.in, src/lbuf.c, src/script.c, src/term.c: Require either termios or termio, no more sgtty. [9b2fa2f17a1c] * compat/strsignal.c, config.h.in, configure, configure.in: Change the sys_siglist check to use AC_CHECK_DECLS and also check for _sys_siglist and__sys_siglist [2e078fed2408] 2010-03-11 Todd C. Miller <[email protected]> * configure, configure.in, src/Makefile.in: Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now use SUDO_OBJS for the main driver as part of OBJS. [9ae4a80a5ade] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Mention in the conversation function section that a newline is not implicit. [04a233b6c491] * include/compat.h: Add definition of WCOREDUMP for systems without it. This is known to work on AIX and SunOS 4, but may be incorrect on other systems that lack WCOREDUMP. [c85b3ce6b77d] 2010-03-09 Todd C. Miller <[email protected]> * plugins/sample/sample_plugin.c, src/conversation.c: conversation function no longer puts a newline at the end of info or error messages. [c534cae1ac4a] 2010-03-07 Todd C. Miller <[email protected]> * src/script.c: Use parent process group id instead of parent process id when checking foreground status and suspending parent. Fixes an issue when running commands under /usr/bin/time and others. [564f528c3bb7] 2010-03-06 Todd C. Miller <[email protected]> * aclocal.m4: transcript option is now --with not --enable [0646fac4cf93] * plugins/sample/sample_plugin.c: Add support to -u and -g flags Check fmt_string retval Add timeout for debugging purposes [cfefa4fa60b5] * src/script.c, src/sudo.c: Wire up SIGALRM handler Set close on exec flag for child side of the socketpair Fix signal handling when not doing I/O logging [379581ec7272] * src/sudo.c: g/c unused SIGCHLD handler [0afa03912dce] * src/fmt_string.c, src/parse_args.c, src/sudo.c: Don't use emalloc() in fmt_string(); we want to be able to use it from a plugin. [ade64d368147] * include/list.h: tq_remove not list_remove [0e0e1fd5c31c] * configure, configure.in: AUTH_OBJS should contain .lo files not .o files. [c64c82c9d5a2] 2010-03-05 Todd C. Miller <[email protected]> * src/parse_args.c: Simplify conversion of command line args to name=value pairs. [75ab127c6a94] * plugins/sample/sample_plugin.c: Handle NULL reply from conversation function [6ce09b6cb204] * compat/getline.c: Don't depend on emalloc/erealloc [73df09e2109f] * plugins/sample/Makefile.in: Use $(OBJS) instead of sample_plugin.lo [2d995db9aa99] * plugins/sample/sample_plugin.c: runas_user is in settings not user_info [7ee12068bc57] * src/parse_args.c: Fix a mismatch between sudo_settings and settings_pairs that causes some settings to get the wrong values. [b1bc6d81a65f] 2010-03-04 Todd C. Miller <[email protected]> * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c, src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c: Convert to ANSI C [d03b6e4a3b75] * src/load_plugins.c: Fix strlcpy() return value check. [7cd66999a374] * INSTALL, configure, configure.in: No longer need to substitute in script.o and pty.o; I/O logging support is always built. [45250024c5dc] 2010-02-28 Todd C. Miller <[email protected]> * src/script.c: Add fallback to /bin/sh when execve() fails with ENOEXEC. [7684a15a1352] * include/alloc.h, src/alloc.c: Add estrndup() [47621c83bed9] 2010-02-27 Todd C. Miller <[email protected]> * src/script.c, src/sudo.c: Refactor script_execve() a bit so that it can be used in non-script mode. Needs more cleanup. [f09e022d547c] * src/sudo.c: Ignore empty entries in command_info list [1eea9a8de21c] * include/list.h, src/list.c: Add tq_remove [40908a617cb2] * src/conversation.c: Pass timeout to tgetpass() [9e66c918b771] * Makefile: Add ChangeLog target [da4a39150838] * README, WHATSNEW: Bump version and update things slightly for sudo 1.8.0 [4b73cc45e2d4] * configure, configure.in: Sudo now requires an ANSI/ISO C compiler [1e51f72e6964] * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c, src/sudo_noexec.c: Convert to ANSI C [5cbd315dbde8] * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, include/list.h, include/missing.h: Convert to ANSI C [3f5016ff64f4] * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/utime.h, compat/utimes.c: Convert to ANSI C [0d635c85461c] 2010-02-24 Todd C. Miller <[email protected]> * src/sudo.c, src/tgetpass.c: Make user_details extern so tgetpass can get at the uid and gid. Set uid/gid to user before executing askpass program. Check environment for SUDO_ASKPASS and use that if set. TODO: a way for the policy to set the askpass program itself [d33606396176] * src/sudo.c: No longer need sudo_usage.h in sudo.c [063e2946c382] * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c, src/sudo_usage.h.in: Document -D level command line flag which maps to the debug_level setting. [61f1e2ab3ac1] * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Document debug_level in plugin doc. Still need to document the -D flag in sudo itself. [8c62daea3e9b] 2010-02-21 Todd C. Miller <[email protected]> * plugins/sample/sample_plugin.c: include missing,h for vasprintf [92503de49b39] * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: Rename plugin.pod -> sudo_plugin.pod and wire into Makefile [14cfb4775238] * plugins/sample/sample_plugin.c: Need to include limits.h [bda7f74343d2] * compat/glob.c: No more sudo_getpw* [232e52907634] * plugins/sample/Makefile.in, src/Makefile.in: Add missing compat bits [4843dd000e08] * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in: compat files should not include sudo.h wire up compat in sample plugin [a175b8185e0f] * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in: Fix up compat dependencies. Fix distclean target in doc/Makefile.in [57e49bc20857] * configure, configure.in: Fix typo [333655e3d5fe] * plugins/sample/sample_plugin.c: Log input and output to temp files for proof of concept. [ae1dfc34f7d6] * Makefile, configure, configure.in, doc/Makefile.in: Add doc Makefile.in and wire it up [6a310443c87d] * src/script.c: Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with suspending a shell with the "suspend" builtint. [3d65f182819a] * src/script.c: In child, handle parent side of the pipe going away. [a29c14d78cd9] * src/script.c: No longer need to check for explicit death of the child (process #2) since if it dies we will get EPIPE from the socketpair. Fix a sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to sudo_debug. [24c55dd4ff60] * src/sudo.c: Make sudo_debug do a single vfprintf() which will result in a single write call on most systems. Avoids problems with interleaved debug printf from different processes. Also remove an extraneous error case since recv() can't return a short read and add some more XXX. [b37a8533ef1e] 2010-02-20 Todd C. Miller <[email protected]> * src/script.c: Fix uninitialized variable. [e012a0a30890] * src/Makefile.in: Fix sudo install target [1417fa4b4ab9] * src/parse_args.c, src/sudo.c, src/sudo.h: Wire up debug_level [144fab289c73] * src/Makefile.in: Fix dependencies [5170940af2ce] * configure, configure.in: Fix setting of plugin dir [144eda170a72] * Makefile: add clean targets [d53f6f6f5c3a] * src/atobool.c: Add missing source for sudo front end [42487de9c489] * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c: Sample plugin demonstrating the sudo plugin API [f1fd62d7644f] * Makefile, configure, configure.in, install-sh, pathnames.h.in, plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c, src/fileops.c, src/fmt_string.c, src/load_plugins.c, src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c, sudo_usage.h.in: Modular sudo front-end which loads policy and I/O plugins that do most the actual work. Currently relies on dynamic loading using dlopen(). See doc/plugin.pod for the plugin API. [924f6eb2fbba] * doc/plugin.pod, include/sudo_plugin.h: Sudo plugin API [374ccbbd24ae] * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c, plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/fileops.c, src/sudo_edit.c: Replace emul/include.h with compat/include.h to match new source tree layout. [7eccd10449a1] * src/lbuf.c: Include missing.h for memrchr() proto [03abd63a8a33] * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING, TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c, alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c, closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c, compat/getline.c, compat/getprogname.c, compat/glob.c, compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, compat/timespec.h, compat/utime.h, compat/utimes.c, def_data.c, def_data.h, def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE, doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod, doc/license.pod, doc/sample.pam, doc/sample.sudoers, doc/sample.syslog.conf, doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat, doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod, doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h, emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c, error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c, getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod, include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, include/list.h, include/missing.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c, interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod, list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h, mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c, nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in, plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp, plugins/sudoers/alias.c, plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/boottime.c, plugins/sudoers/check.c, plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, plugins/sudoers/env.c, plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, plugins/sudoers/gram.h, plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh, plugins/sudoers/insults.h, plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, plugins/sudoers/logging.h, plugins/sudoers/match.c, plugins/sudoers/mkdefaults, plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h, plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers, plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, plugins/sudoers/toke.c, plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers, sample.syslog.conf, schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c, selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c, src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h, src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c, src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat, visudo.man.in, visudo.pod, zero_bytes.c: Rework source layout in preparation for modular sudo. [7fc1978c6ad5] 2010-02-13 Todd C. Miller <[email protected]> * Avoid a duplicate fclose() of the sudoers file. [5dba851088c1] * Fix size arg when realloc()ing include stack. From Daniel Kopecek [0a2935061e33] * Use setrlimit64(), if available, instead of setrlimit() when setting AIX resource limits since rlim_t is 32bits. [353db89bac61] * Fix use after free when sending error messages. From Timo Juhani Lindfors [e50dbd902382] * ChangeLog, Makefile.in: Generate the ChangeLog as part of "make dist" instead of having it in the repo. [251b70964673] 2010-01-17 Todd C. Miller <[email protected]> * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, closefrom.c, compat.h, configure.in, defaults.c, defaults.h, emul/charclass.h, emul/timespec.h, env.c, error.c, error.h, fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c, mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in, pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers, sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in, sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod, term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c: Remove CVS $Sudo$ tags. [de683a8b31f5] 2010-01-18 convert-repo <convert-repo> * .hgtags: update tags [9b7aa44ae436] 2009-12-26 Todd C. Miller <[email protected]> * sudo_usage.h.in: make this match sudoers SYNOPSIS [c74ba66944c2] * lbuf.c, parse.c: Print a newline between Runas and Command-specific defaults in sudo -l. [b5bdfcc9ce4b] * term.c: Use SET and CLR macros in term_raw [50ca42609d6c] * sudoreplay.c: Set stdin to non-blocking mode early instead of in check_input. Use term_raw instead of term_cbreak since the data we get has already been expanded via OPOST. [51c47e803d62] 2009-12-23 Todd C. Miller <[email protected]> * script.c, term.c: Enable/disable all postprocessing instead of just nl->crnl processing since things like tab expansion matter too. However, if stdout is a tty leave postprocessing on in the pty since we run into problems doing it only on the real stdout with .e.g nvi. [62666e309673] 2009-12-19 Todd C. Miller <[email protected]> * check.c: If tty_tickets is enabled and there is no tty, prompt for a password. Do not lecture user for "sudo -k command" if user has a timestamp. [5880200c5f6b] * INSTALL: Document missing options: --with-efence and --with-bsm-audit [d83afcdf9ff3] * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat, visudo.man.in, visudo.pod: username -> user name groupname -> group name hostname -> host name [10c85646f45d] * INSTALL, README.LDAP, sudoers.pod: filename -> file name like the rest of the docs [1ef8ab5a9018] 2009-12-17 Todd C. Miller <[email protected]> * parse.c: Fix printing of entries with multiple host entries on a single line. [226ceaf91d8d] 2009-12-14 Todd C. Miller <[email protected]> * sudoers.pod: Mention that targetpw affects the timestamp file name. [a26e22e4f72e] * def_data.c, def_data.h, def_data.in, defaults.c, script.c, sudoers.pod: Add compress_transcript option. [6e94f8cb9dfb] 2009-12-13 Todd C. Miller <[email protected]> * configure, configure.in: bump to 1.7.3b2 [906d7e347d15] * pwutil.c, set_perms.c, sudo.c, sudo_nss.c: Better split of membership vs. traditional group check in user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails. [6ebc55d4716b] 2009-12-12 Todd C. Miller <[email protected]> * pwutil.c: Fix pasto and add default return value. [7973b5e4599c] * check.c, match.c, pwutil.c, sudo.h: refactor group member checking into user_in_group() [48ca8c2eddf8] * check.c, config.h.in, configure, configure.in, match.c, sudo.c, sudo.h: Add support for mbr_check_membership() as present in darwin. [5501aed02b9f] 2009-12-10 Todd C. Miller <[email protected]> * match.c: Rename label to be accurate [3af17dd960f7] * Makefile.in, boottime.c, check.c, config.h.in, configure, configure.in, sudo.h: Treat timestamp files from before we booted as old. Idea from and Apple patch. [5c96e484c05a] 2009-12-09 Todd C. Miller <[email protected]> * sudo.c, sudo.pod, sudo_usage.h.in: Allow the -u flag to be used in conjunction with the -v flag as per older versions of sudo. [591e9fc13c1a] * logging.c: fix typo in last commit [4fd0c692dcf0] 2009-12-08 Todd C. Miller <[email protected]> * logging.c: Convert fmt_first and fmt_confd into macros. [32e870158b29] * sudoers.pod: timeouts can be floats now [89de639a9679] * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c, defaults.h, mkdefaults: Add support for floating point timeout values (e.g. 2.5 minutes). [210ffa291733] 2009-12-07 Todd C. Miller <[email protected]> * sudo.pod: The -L flag will be removed in sudo 1.7.4 [ffd026084333] 2009-12-06 Todd C. Miller <[email protected]> * sudoreplay.c: Fix a bug due to order of operators. [938d34464283] 2009-11-23 Todd C. Miller <[email protected]> * match.c: cmnd_matches() already deals with negation so _cmndlist_matches() does not need to do so itself. Fixes a bug with negated entries in a Cmnd_List. [71c845f6ce73] 2009-11-22 Todd C. Miller <[email protected]> * sudo.c: Don't exit() from open_sudoers, just return NULL for all errors. [8cfa832f972a] * script.c: Can't rely on the shell sending us SIGCONT when transitioning from backgroup to foreground process. [3c6c5b6cb4b3] * toke.c, toke.l: Add missing extern def for parse_error [45b7b59d03b7] 2009-11-21 Todd C. Miller <[email protected]> * toke.c, toke.l: Avoid a parse error when #includedir doesn't find any files. Closes bug #375 [1ce1b850e9e6] * Makefile.in: Include sudo.man.pl and sudoers.man.pl in the distribution tarball. [6a22e32da108] 2009-11-15 Todd C. Miller <[email protected]> * script.c: Start command out in foreground mode if stdout is a tty. Works around issues with some curses-based programs that don't handle tcsetattr getting interrupted by a signal. Still allows us to avoid hogging the tty if the command is part of a pipeline. [1c32f2b94769] * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c: Use a socketpair to pass signals from parent to child. Child will now pass command status change info back via the socketpair. This allows the parent to distinguish between signals it has been sent directly and signals the command has received. It also means the parent can once again print the signal notifications to the tty so all writes to the pty master occur in the parent. The command is now always started in background mode with tty signals handled by the parent. [c6790b82986d] 2009-11-04 Todd C. Miller <[email protected]> * configure, configure.in: Fix a few typos in the descriptions; from Jeff Makey Only do the check for krb5_get_init_creds_opt_free() taking two arguments if we find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false positive when using our own krb5_get_init_creds_opt_free which takes only a single argument. [845a9ff6f93d] 2009-11-03 Todd C. Miller <[email protected]> * configure, configure.in: Remove a spurious comma in the kerb5 bits. [3433eab083db] * auth/kerb5.c: Call krb5_get_init_creds_opt_init() in our emulated krb5_get_init_creds_opt_alloc() for MIT kerberos. [7ffb40bf43e9] 2009-11-01 Todd C. Miller <[email protected]> * config.h.in: Add HAVE_ZLIB [9297bde61ecc] * script.c: Need to ignore SIGTT{IN,OU} in child when running the command in the background. Also some minor cleanup. [dc208d982319] 2009-10-31 Todd C. Miller <[email protected]> * script.c: Instead of calling sigsuspend when waiting for SIGUSR[12] from parent, install the signal handlers w/o SA_RESTART and let them interrupt waitpid(). [759c7d18203b] * script.c: Pass along SIGHUP and SIGTERM from parent to child. [035b0e254568] * script.c: Close unused bits of script_fds in processes that don't need them. Restore default SIGCONT handler in child. [e037378ab0c1] * script.c: Update foreground/background status in SIGCONT handler in parent process. [3f7f91333264] 2009-10-25 Todd C. Miller <[email protected]> * script.c: Defer setting terminal into raw mode until just before we fork() and only do it if sudo is the foreground process. If we get SIGTT{IN,OU} and sudo is already in the foreground be sure to set raw mode before continuing the child. [1102ef40832c] 2009-10-24 Todd C. Miller <[email protected]> * script.c: Fix handling of SIGTTOU/SIGTTIN in program being run. We now only give the command the controlling tty if the main sudo process is the foreground process. [cf3a91cb5682] * script.c: Don't bother with sudo_waitpid() here for now. [9086de480c2d] * script.c: fix non-zlib case [a258bff0f9a6] 2009-10-23 Todd C. Miller <[email protected]> * script.c: Remove non-wroking code that crept into rev 1.55 [2802dd55cff5] 2009-10-22 Todd C. Miller <[email protected]> * INSTALL, configure, configure.in, script.c, sudoreplay.c: First pass at zlib support for transcript data files [5d10260807da] * Makefile.in: remove vestiges of ZLDFLAGS [1fa0caf1c0fb] * script.c: Add missing variable declaration for when TIOCSCTTY is not defined. Need to include sys/termio.h for TIOCSCTTY on some systems. [ee7f41ac2709] * script.c: when resuming command, send SIGCONT to its pgrp not just pid [5cd63c1d565b] * selinux.c: remove unused variable [df67df4be228] * script.c: include selinux.h for is_selinux_enabled() proto [85ebaa880cc1] * script.c: Don't use log_error() in the child process. [def65fe2a433] * script.c: Do I/O in parent instead of child since the parent can have both /dev/tty as well as the pty fds open. The child just sets things up and waits for its grandchild and writes the signal description to the pty master if the command was killed by a signal. [95e473208982] 2009-10-18 Todd C. Miller <[email protected]> * missing.h, sudo.h: Move two struct forward declarations from sudo.h to missing.h [90ad28294a8c] * script.c: Make comment at the top of script_exec() match reality. [c5042d27dbe0] * sudo.c: if neither stdin nor stdout is a tty, check stderr [c532ff20c8d8] * Makefile.in: Add back dependecy of gram.h on gram.y [c58382b7fcca] * script.c: Make transcript mode work as long as we can figure out our tty, even if it is not stdin. We'd like to use /dev/tty but that won't be valid after the setsid(). [7b8bba8d99e7] 2009-10-17 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, pty.c: Add support for IRIX-style dynamic ptys [bedc9bac44c1] * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c: Move alloc.c protos into alloc.h [b6a90649617d] * missing.h: Move prototypes for missing libc functions to missing.h [dda9ae1ccaf8] * Makefile.in, sudo.h, sudoreplay.c: Move prototypes for missing libc functions to missing.h [7483166b577b] 2009-10-16 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in: Disable transcript support if no tcsetpgrp until we support older BSD-style job control. [27ac1d8163df] * configure, configure.in, pty.c, script.c: Break out pty code into pty.c [e85509b25d41] * compat.h, config.h.in, configure, configure.in: add killpg macro if no killpg function [3a125f4a51f0] * config.h.in, configure, configure.in, script.c: Push ptem and ldterm for STERAMS-based systems when allocating a pty. [36bb39b30ff2] 2009-10-15 Todd C. Miller <[email protected]> * script.c: Sprinkle some more O_NOCTTY and call grantpt() before unlockpt() [d94bd5c9bf4e] * script.c: Call tcgetpgrp() in the parent, not the child and have the child spin until it is granted. Fixes a race on darwin. [6e8d435339ce] * script.c: Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just reopen slave. [0bdc63c019ca] 2009-10-14 Todd C. Miller <[email protected]> * script.c: In script mode, if the command is killed by a signal, print the signal description as well as a core dump notification like the shell does. [9df61738df07] * Makefile.in, config.h.in, configure, configure.in, strsignal.c, sudo.h: Add check for strsignal() and a simple implementation if it is not there but sys_siglist is [61421a188ef4] * script.c: Add missing WUNTRACED and store the signal that stopped the grandchild in suspended, not signo. [df65042b200e] * script.c: g/c unused code [40d8cb5c9203] * script.c: Associate the grandchild's pgrp with the tty instead of the child's and just get suspend notifications via SIGCHLD instead of directly. This fixes a hang with programs that try to set terminal attributes and is more consistent with how the shell handles things. [6865abff7e94] 2009-10-12 Todd C. Miller <[email protected]> * script.c: Move setpgid() of child into the parent side of the fork() where it belongs. [3defa782777c] 2009-10-11 Todd C. Miller <[email protected]> * script.c: fix typo [b6a612b3622c] * script.c: Run command in its own pgrp (like the shell does) for easier signalling. No need to relay SIGINT or SIGQUIT to parent, just send to grandchild. Don't want grandchild stopped events in the child (only termination). Flush output after suspending grandchild before signalling parent. [db556bf2176f] * script.c: Back out revision 1.34; the problem lies elsewhere. [85f590a03275] * script.c: Don't set stdout to blocking mode when flushing remaining output. It can cause us to hang when trying to exit. Need to investigate why. [6f803a3e33ca] * script.c: Handle SIGTTOU and remove some debugging. [52d17279053e] * term.c: Back out revision 1.10 as the signal that interrupts us may be SIGTTOU or SIGTTIN which the caller must handle. [7e2fa9107975] * script.c: Apparently we need to send SIGSTOP to the command as well as ourself when we get SIGTSTP, the kernel doesn't automatically stop the process for us. [1a936e9309c4] * script.c: Use an extra process to act as the glue bewteen the sessions associated with the user's controlling tty (what the shell uses) and the tty that sudo is using to do its logging. Basically, this means that if we get, e.g. SIGTSTP from the process sudo is running, we relay the signal to the parent so it's shell can do the job control. [6dd296988060] * term.c: Handle getting/setting terminal attributes when the fd is in non- blocking mode. [ae5ae535ea7b] 2009-10-07 Todd C. Miller <[email protected]> * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: Add support for pausing and changing the speed in interactive mode. [72a2063780a7] * script.c: Already define O_NOCTTY in compat.h, don't need it here [b5d80ed3e5ce] 2009-10-06 Todd C. Miller <[email protected]> * sudoreplay.c: Add missing protos [c4cb4e7f4d8a] 2009-09-30 Todd C. Miller <[email protected]> * sudo_edit.c: Always update the stashed mtime of the temp file instead of using what we have for the original because the time resolution of the filesystem the temporary is on may not match that of the filesystem that holds the original. Should fix bz #371 found by Philippe Levan. [c86ca4bec60c] * sudoreplay.c: Use cbreak mode instead of raw mode and add signal handlers to restore the tty on interrupt. [84dd283da41c] * script.c, sudo.h, term.c: Retain NL to NLCR conversion on the real tty and skip it on the pty we allocate. That way, if stdout is not a pty there are no extra carriage returns. [32e4f570414e] * script.c: Fix log_output(); just pass in a string and a length. [ca980cc0a3fb] 2009-09-28 Todd C. Miller <[email protected]> * script.c: do not use errno when complaining out lack of a tty [8f9b8c55ab8e] 2009-09-27 Todd C. Miller <[email protected]> * Makefile.in, sudoreplay.c, term.c: Instead of messing with line endings, just set terminal to raw mode in sudoreplay. [90943fa87acb] * term.c: When copying the terminal attributes to the pty, be sure not to set ONLCR. This prevents extra carriage returns from ending up in the script output file. [e6b5475ac2aa] * script.c: Convert a do {} while into a while [e461310d2c77] * Makefile.in: Use if then instead of test && when installing binaries that may not exist. [ad4f9490d971] * script.c: Add O_NOCTTY when opening a tty device. Explicitly disconnect from old tty before associatng with new one. [0e0ca634b80c] * script.c, selinux.c, sudo.c, sudo.h: First cut at refactoring some of the selinux code so it can be used in conjunction with sudo's transcript support. [779b0d8f9d29] 2009-09-26 Todd C. Miller <[email protected]> * aclocal.m4, configure, configure.in: Fix default case of transcript_enabled being unset. [f8aa96186e6b] * script.c, sudoreplay.c: Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR [2844a7a851fa] * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c: Hook up --disable-transcript and --enable-transcript=DIR [b3fa7e6b2480] 2009-09-25 Todd C. Miller <[email protected]> * aclocal.m4, configure, configure.in, pathnames.h.in: _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable- transcript=DIR option to specify the directory [b0bb76d43cda] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen [c7a8a0a9027c] * configure, configure.in, sudoers.man.pl, sudoers.pod: Substitute in default value for secure_path [c8f9ac6dbf93] * sudo.pod: Mention that the password must be followed by a newline with the -S option. [2fc589a3ee7e] 2009-09-20 Todd C. Miller <[email protected]> * script.c: Go back to dropping out of the select() loop when the process dies; Linux ptys apparently don't behave the same as BSD in regards to select(). No need to flush remaining output to the transcript, only to stdout. Add back code to check the master pty for additional data when we exit the main select loop. [abed9a9cbc6b] 2009-09-19 Todd C. Miller <[email protected]> * Makefile.in: Add getline.o to COMMON_OBJS [04ef7643cbc2] * Makefile.in: sudoreplay depends on libsudo.a [142bd0472631] * Makefile.in: More pwutil.o into COMMON_OBJS [4a016b933629] * pwutil.c, testsudoers.c, tsgetgrpw.c: Remove my_* redirection in pwutil.c for testsudoers and just use the normal libc get{pw,gr}* names. [9b76d637d86b] * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: More time and date examples [c6ee0175ec56] * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c: Move nanosleep() emulation into its own file Check librt.a for nanosleep if we don't find it in libc [4da0cc26aad7] * Makefile.in, configure, configure.in: Build libsudo with the common bits and link things against that. [2b53bc0b081a] * script.c: Fix final flush. [6da287d833da] * script.c: Keep reading from the pty master -> log file until read returns <= 0. Do our best to write everything to stdout when flushing any remaining bits. [2a45d4ae280c] * sudoreplay.c: Use unbuffered I/O when writing to stdout and make sure we write the entire buffer. [f39ef9844a47] 2009-09-18 Todd C. Miller <[email protected]> * sudoreplay.c: Only use max_wait if it is non-zero [f6c10604d2e8] * getdate.c, getdate.y, getline.c: Need compat.h here [5d6722e225a0] * sudoreplay.c: Fix nanosleep emulation [34e5e5d72a76] * script.c: Fix comment after #endif [bd1347718b25] * sudoreplay.c: Add protos for missing libc bits [644f496427a2] * configure, configure.in: add missing line continuation char [db13c0d402cd] * config.h.in, configure, configure.in, getline.c: Implement getline() in terms of fgetln() if we have it. [3ab786eaadc5] * sudoreplay.c: Print year when formatting log line [90be669e3443] * sudoreplay.pod: Document cwd, attempt to document time/date formats. [6290fb9b65c6] * sudoreplay.c: Fix getline return value check. [d696d6657261] * Makefile.in, config.h.in, configure, configure.in, getline.c, sudoreplay.c: Use getline() if the system has it, else use provide our own for sudoreplay. [afca1d6fbe5e] * script.c: Refactor code to update output and timing files. [361491332b1a] 2009-09-17 Todd C. Miller <[email protected]> * sudoreplay.c: Make sudo_getln() behave more like glibc getline. [40c9f2ea29e6] * script.c: When flushing remaining output, also update timing file. [5a9a5a627549] * sudoreplay.c: Use get_timestr() and make the -l output look like the regular sudo log. [452ba9d436c9] * logging.c, sudo.h, timestr.c: Make get_timestr() take a time_t so we can use it properly in sudoreplay. [82e67cc53c9c] * script.c: Create session dir earlier now that we update the seq number early. [797fe8d6dc61] 2009-09-16 Todd C. Miller <[email protected]> * sudoreplay.c: Use fromdate and todate as the keywords instead of from and to; the short forms will still be accepted. [d14d9b116df4] * sudoreplay.c: Fix reading long liensin sudo_getln() [58dadd74118c] * script.c, sudoreplay.c: Log the cwd in the script log file. Add sudo_getln() to read arbitrarily long lines. [faceb802ab8f] * Makefile.in, logging.c, sudo.h, timestr.c: Move get_timestr() into its own source file so sudoreplay can use it. [99b054bfa20a] 2009-09-15 Todd C. Miller <[email protected]> * sudoreplay.c: Add to and from perdicates (date ranges); needs documentation [1d629174dcf4] 2009-09-14 Todd C. Miller <[email protected]> * Makefile.in, getdate.c, getdate.y: Fix warning and add generated getdate.c [b877a86b5a03] * Makefile.in, getdate.y: Add getdate.y to be used for sudoreplay date parsing. [b8e26fbb7a40] 2009-09-13 Todd C. Miller <[email protected]> * sudoreplay.c: Check more than just the first character of a predicate [4fe53728adb1] * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: Add examples, sort predicates [70f8075cbccc] * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: Implement search expressions in sudoreplay similar in concept to what find or tcpdump uses. TODO: date ranges [f7ce4fb4cf3a] 2009-09-07 Todd C. Miller <[email protected]> * script.c: Remove vhangup as it was hanging up the wrong tty. Should really vhangup in the child after it as set its tty. [2eed9df73010] * sudoers.pod: Fix cut at documenting transcript support. [e6c533a5568a] * logging.c: ID= -> TSID= for transcript ID [1bf755a35333] 2009-09-06 Todd C. Miller <[email protected]> * sudoers.pod: Move fast_glob description to where it belongs in sorted order [5901cfb0d25f] * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, parse.c, parse.h, sudo.c: Rename script -> transcript [e06cf823122c] 2009-09-03 Todd C. Miller <[email protected]> * compat.h: Add timeradd and timersub for those without them [929f8aa06c2b] * script.c: Sanity check sessid before using it. [aa8ca5211d43] * sudo.c: Only set the session id if we are running a command or editing a file. [7205d717c098] * script.c: Actually. qsort is fine since most versions fal back to a cheaper sort when the number of elements to sort is small (like in our case). [d11c7cd352fe] * config.h.in, configure, configure.in, script.c: Check for dup2 and use dup instead if we don't have it. [98bd89830f8a] * script.c, sudo.c, sudo.h: Move the code to dup2 the script fds to low numbered descriptors into script_duplow() and fix the fd sorting. [9453fdc5fba6] * script.c, sudo.c, sudo.h: Move script_setup() back to immediately before we drop privs and call the new script_nextid() in its place, which will set sudo_user.sessid for the logging functions. [8434d0c8ff08] 2009-09-01 Todd C. Miller <[email protected]> * Makefile.in: Install sudoreplay [6acf2cdb4d3f] * sudoreplay.c: remove unused variable [2316360bb992] 2009-08-30 Todd C. Miller <[email protected]> * logging.c, script.c, sudo.c, sudo.h: Log the session ID, if there is one. Currently logs ID=XXXXXX, perhaps should be SESSIONID or SESSID. [53976905b0a6] * Makefile.in, configure, configure.in, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: Add sudoreplay docs [da4f14f0e64c] * sudoreplay.c: add -V (version) flag [b5e743639ee3] * sudoreplay.c: Hook up max_wait. [2ec5697a92ba] * script.c, sudoreplay.c: Use base36 number for the ID and store script files with paths like /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6 (2,176,782,336) unique IDs. [6aab019d07aa] 2009-08-23 Todd C. Miller <[email protected]> * config.h.in, configure.in: Add check for regcomp [44c3ebd7ff34] * sudoreplay.c: Add support for selecting by pattern and tty when listing. [66189f840c52] 2009-08-17 Todd C. Miller <[email protected]> * sudoreplay.c: The beginnings of a list mode. [8d0150b4a52c] 2009-08-16 Todd C. Miller <[email protected]> * Makefile.in: fix pasto [616b4640b8a8] * Makefile.in, config.h.in, configure.in: Add scaffolding for building sudoreplay [a32958505dbe] * sudoreplay.c: include error.h first arg to nanotime is const [fe5a7bb31bc5] * sudoreplay.c: Initial cut at sudoreplay; replay a sudo session. [f149fba372bd] 2009-08-08 Todd C. Miller <[email protected]> * script.c: Fix wait() usage and use correct wait status. [f4745ed7ad05] * sudo.c, sudo.h, tgetpass.c: Add protos for term_* to sudo.h [14fe1abd7e7b] * script.c: Fix detection of the child process exiting. Since the child is in its own session we should only ever get SIGCHLD for that process but better safe than sorry. [7edfdadd8505] * config.h.in: Add UNIX98 pty support. [82f4b53a0e8f] * configure, configure.in, script.c: Add UNIX98 pty support. [795b8bb0a3a1] 2009-08-07 Todd C. Miller <[email protected]> * term.c: For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC if it is defined. [40f8b83baf69] * auth/pam.c: Set PAM_RUSER and PAM_RHOST early so they can be used during authentication. Based on a patch from Jamie Beverly. [3d567b453a6a] * match.c: Close dir before returning if strlcpy() reports overflow. From Martynas Venckus. [6a82f96473e5] * config.h.in, configure, configure.in, script.c: On Linux, the openpty proto libes in pty.h [98643a018d1c] * script.c: Call vhangup on exit if the system has it Use setpgrp() if no setsid() [3a9e13149829] 2009-08-06 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in: Add checks for revoke and vhangup if we don't have openpty [fcb04572e994] * script.c: Session logging guts that got forgotten in the previous commit. [c2af08a63ea9] * Makefile.in, aclocal.m4, compat.h, config.h.in, configure, configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, tgetpass.c: First cut at session logging for sudo. Still need to write get_pty() for Unix 98 and old-style BSD ptys. Also needs documentation and general cleanup. [77e3f5e25738] 2009-08-05 Todd C. Miller <[email protected]> * sudo.c, sudo_edit.c: Fix a bug introduced with def_closefrom. The value of def_closefrom already includes the +1. [7291c136300d] 2009-07-29 Todd C. Miller <[email protected]> * Makefile.in: Generate sudo distributions with pax in ustar mode. No longer need to use a temp file or have the source dir name match the version. [9778177a8272] 2009-07-18 Todd C. Miller <[email protected]> * toke.c, toke.l: Fix expansion of %h in #include names. Fixes bugzilla 363 [6e346879ba24] 2009-07-12 Todd C. Miller <[email protected]> * mkdefaults: If no arg assume def_data.in [c1dd28c0e675] * README, WHATSNEW: Update for 1.7.2 [f5ad45f69f05] [SUDO_1_7_2] * ChangeLog: sync [6283549396ff] 2009-06-30 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in, sudoers.pod: Add missing single quotes around a colon in Runas_Spec definition. From Elias Benali. [ccc6ee4fca83] 2009-06-29 Todd C. Miller <[email protected]> * sudo.man.in, sudoers.man.in: regen [546e75304ebf] * redblack.c: In rbrepair, re-color the root or the first non-block node we find to be black. Re-coloring the root is probably not needed but won't hurt. [34d01ebe241b] * sudo.cat, sudoers.cat: regen [bebf5a39f54f] 2009-06-26 Todd C. Miller <[email protected]> * redblack.c: When repairing the tree, don't touch the root node. [9841f0d5d789] 2009-06-25 Todd C. Miller <[email protected]> * set_perms.c: Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID. Reported by Josef Schmid. [ed044b1eb879] 2009-06-23 Todd C. Miller <[email protected]> * sudoers.pod: Document that we accept env_pam-style environment files [e3b545456352] * env.c: Adapt to accept pam_env-style /etc/environment which allows shell- style lines such as: export EDITOR="/usr/bin/vi" [752eb75bf007] * sudoers.pod: Make it clear that env_delete only works when !env_reset. From Lo??c Minier [3bd3f8e351ba] 2009-06-15 Todd C. Miller <[email protected]> * sudo.pod, sudoers.pod: Add non-unix group bits, adapted from Quest [8ce427de8dea] * Makefile.in: build the .cat page in the current working dir, not the src dir [00e87a307674] * env.c: Return EINVAL in setenv() if var is NULL or the empty string to match glibc behavior. [23fd7c247142] 2009-06-13 Todd C. Miller <[email protected]> * configure, configure.in: Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE [fedd4a3e2a85] 2009-06-11 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen [7b9f461a40b3] 2009-06-09 Todd C. Miller <[email protected]> * INSTALL: Document --with-libvas and --with-libvas-rpath [a071e6d96c89] 2009-05-29 Todd C. Miller <[email protected]> * ldap.c, sudoers.ldap.pod: For netscape-derived LDAP SDKs the cert and key paths may be a directory or a file. However, version 5.0 of the SDK only seems to support using a directory. If ldapssl_clientauth_init fails and the cert or key paths look like they could be files, strip off the last path element and try again. [ac4e49d83043] * Makefile.in: Add non-Unix group .o to COMMON_OBJS and substitute in path to flex. [4547cc1a335f] 2009-05-27 Todd C. Miller <[email protected]> * configure, configure.in, match.c, sudo.c, vasgroups.c: Update non-Unix group support from Quest, as reworked by me. [1abafce29dc6] * toke.c: regen [01bfca9148b7] * toke.l: Add support for escaped hex chars in names, e.g. \x20 for space. [3c7be8e58a39] 2009-05-25 Todd C. Miller <[email protected]> * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c, auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c, fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c, logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c, set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h, sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c, tgetpass.c, toke.l, visudo.c: Update copyright years. [e615f676c764] 2009-05-24 Todd C. Miller <[email protected]> * interfaces.c, lbuf.c: Minor fixes for Minix-3 [898c510d23f9] 2009-05-22 Todd C. Miller <[email protected]> * set_perms.c: Handle getgroups() returning 0. Also add missing check for HAVE_GETGROUPS. [d73b958f9ffd] 2009-05-19 Todd C. Miller <[email protected]> * Makefile.in, config.h.in, configure, configure.in, sudo.c, version.h, visudo.c: Replace version.h with PACKAGE_VERSION set via AC_INIT in configure. [5050579a264d] 2009-05-18 Todd C. Miller <[email protected]> * set_perms.c: Remove group setting code in setusercontext case, we will do it ourselves later on in runas_setup. Set the gid after initgroups/setgroups is called, since on Mac OS X it seems to change the egid. [09dc21d8b42d] 2009-05-17 Todd C. Miller <[email protected]> * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c, vasgroups.c: Initial bits of non-unix group support using Quest Authentication Services [1eecab0ff27e] * toke.c, toke.l: Accept %:foo as a non-Unix group [4c4b5dd899a6] * toke.c, toke.l: Allow user/group to be double quoted in the case of non-Unix groups which contain spaces. [47a3d568b7e8] 2009-05-11 Todd C. Miller <[email protected]> * match.c: Don't allow the user to specify the default runas user if their sudoers entry only allows them to run as a group. [4d726177227c] 2009-05-10 Todd C. Miller <[email protected]> * sudo.c: Must call audit_success before we change uids. [04a9e6ce6e55] * logging.c, set_perms.c, sudo.h, testsudoers.c: Add option for set_perm to not exit on failure and use this in the logging routines. [833dce7b7f42] * parse.c: In -l mode, if the user is only allowed to run as a group, display the user's name, not root's before the allowed group. [ef92ff99d265] * sudo.c: Fix -g mode, broken by rev 1.503 which had the side effect of setting the runas user to root unilaterally. [50a2f7df4385] 2009-05-08 Todd C. Miller <[email protected]> * fileops.c: When unlocking a file with fcntl, use F_SETLK, not F_SETLKW. [30fbe832dcf3] * pwutil.c: Only cache by the method we fetched for pwd and grp lookups. Previously we cached both by namd and id but this can cause problems for entries that share the same id. Also add more info in the error message in case the insert fails (which should now be impossible). [ef95a4f0bab5] 2009-04-30 Todd C. Miller <[email protected]> * sudoers.pod: Add a clarification from Nick Sieger [1eadad329561] 2009-04-25 Todd C. Miller <[email protected]> * env.c: Inline the setting of the environment string. [9515d11c6295] 2009-04-24 Todd C. Miller <[email protected]> * env.c: setenv(3) in Linux treats a NUL value as the empty string setenv(3) in BSD doesn't return an error if the name has '=' in it, it just treats the '=' as end of string. [941260bf94d2] 2009-04-22 Todd C. Miller <[email protected]> * toke.c, toke.l: Not all systems have d_namlen [e377b18d8e2d] 2009-04-20 Todd C. Miller <[email protected]> * sudoers.pod: Fix up some pod2html issues. [823a1f10ab60] 2009-04-19 Todd C. Miller <[email protected]> * interfaces.c: Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from Quest Software. [73de36653131] * sudoers.pod: Ignore files ending in '~' in sudo.d (emacs backup files) [7871fad702db] * toke.c, toke.l: Ignore files ending in '~' in sudo.d (emacs backup files) [53fded2a469f] 2009-04-18 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: For #includedir, ignore any file containing a dot [a7daa1bce6c2] * Makefile.in, version.h: Bump version [ef60f14ffc44] * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l, visudo.c: Implement #includedir directive. Files in an includedir are not edited by visudo unless they contain a syntax error. [3923d85a6c79] * ChangeLog: sync [8741ed61a78b] [SUDO_1_7_1] * WHATSNEW: Forgot umask_override [7c86a21a5504] * ChangeLog, TODO: sync [57339ca6bccf] 2009-04-16 Todd C. Miller <[email protected]> * visudo.c: Rewind stream if we fdopen sudoers since it may not be at the beginning. Set the keepopen flag on already-open files too so the lexer doesn't close them out from under us. [61292d819aff] * visudo.c: Print the proper file name when there is a parse error in an include file. [b0e85d4aedde] 2009-04-11 Todd C. Miller <[email protected]> * WHATSNEW: Sync [997e5d485ea3] 2009-04-10 Todd C. Miller <[email protected]> * configure, configure.in: Fix a warning when --without-ldap is specified. [d91fd9481b30] 2009-04-05 Todd C. Miller <[email protected]> * alias.c, parse.h, visudo.c: Store aliases that we remove during check_aliases in a freelist and free them at the end so we don't leak memory. [805e2272f6a3] 2009-03-28 Todd C. Miller <[email protected]> * visudo.c: Check aliases in -c mode too. [9199e188d9f2] * alias.c, parse.h, visudo.c: Make alias_remove return the alias struct instead of freeing it directly. Fixes a use after free in alias_remove_recursive, the only consumer. [a04b61804800] * alias.c, match.c, parse.c, parse.h, visudo.c: Rename find_alias -> alias_find for consistency. [48b0a82924f3] 2009-03-27 Todd C. Miller <[email protected]> * visudo.c: When checking for unused aliases, recurse if the alias points to another alias. [2d4d1a7f3a41] 2009-03-16 Todd C. Miller <[email protected]> * ldap.c: Back out rev 1.105 for now. Real ldapux_client.conf support will be done later after some refactoring. [8ad72e69b277] 2009-03-14 Todd C. Miller <[email protected]> * ldap.c: Treat ldap_hostport the same as "host" for ldapux. [3281dcc66da8] * configure, configure.in: Only check for ldap_sasl_interactive_bind_s if we can find sasl.h. Fixes compilation with ldapux. [ca1ed585ef0e] 2009-03-12 Todd C. Miller <[email protected]> * fileops.c: fix char subscript [41e51f080d00] 2009-03-11 Todd C. Miller <[email protected]> * Makefile.in: remove errant carriage returns [e9e258a31c7b] * audit.c, env.c: fix K&R compilation [d182e8920f13] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen [791a5cbf04e5] 2009-03-10 Todd C. Miller <[email protected]> * config.h.in: Add missing HAVE_BSM_AUDIT [49ad1bb96f04] * WHATSNEW: Add 1.7.1 features [f107f1604c61] * INSTALL: Mention --with-netsvc [d1e90d147795] * sudoers.ldap.pod: Document netsvc.conf support [e78f8abce6af] * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, sudo_nss.h: Add support for AIX netsvc.conf (like nsswitch.conf). [1df56a84dee5] 2009-03-08 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, env.c: Add --enable-env-debug flag to enable environment sanity checks. [128cdd8832e7] * sudoers.ldap.pod, sudoers.pod: Work around some pod2html issue. [e733b9609bd2] 2009-03-07 Todd C. Miller <[email protected]> * env.c: Only sync environ for putenv, setenv, and unsetenv. We need to make sure that sudo_putenv and sudo_setenv only modify env.envp, not environ. [be3ac732243c] 2009-03-02 Todd C. Miller <[email protected]> * env.c: Really fix UNSETENV_VOID [08ab7e882507] * env.c: Fix unsetenv when UNSETENV_VOID [d3038b3f2f15] * aclocal.m4, configure: Fix SUDO_FUNC_PUTENV_CONST [de35569c572b] * ldap.c: tivoli-based ldap does not have ldapssl_err2string [c63fd90d5e99] * configure: regen [f38f1ee828ad] 2009-03-01 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, ldap.c: Add support for Tivoli-based LDAP start TLS as seen in AIX. Untested. [8f8771829f85] * env.c: Add sanity checks for setenv/unsetenv [adbd1d95856b] * Makefile.in: Include bsm_audit.h in the tarball [4a4aa02b2c32] * Makefile.in, version.h: bump version for sudo 1.7.1 [362c71d21595] * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in, env.c, ldap.c, sudo.h: Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and provide our own setenv/unsetenv/putenv that operates on own env pointer. Make sync_env() inline in setenv/unsetenv/putenv functions. [276edcd23032] 2009-02-25 Todd C. Miller <[email protected]> * sudo.c: Make "sudoedit -h" work as expected [2bcbbb45d389] * auth/pam.c: Make sure def_prompt is always defined. This is a workaround for pam configs that prompt for a password in the session but don't have an auth line. A better fix is to expand the sudo prompt earlier and set def_prompt to that when initializing. [ee073c04aec3] * sudo.pod: Mention that the helper for -A may be graphical. [b64a940c4082] * TROUBLESHOOTING: Document what happens if there is no tty. [313d58a856a5] * sudo.c: cosmetic changes [894f5e3b0c3e] * term.c: Fix term_restore [6c6315ff14bc] * sudo.c: Fix "sudo -k" with no other args [59e94dc419c6] 2009-02-24 Todd C. Miller <[email protected]> * check.c, sudo.c, sudo.pod, sudo_usage.h.in: Allow the -k flag to be specified in conjunction with a command or another option that may require authentication. [5960ff20355d] 2009-02-23 Todd C. Miller <[email protected]> * configure, configure.in: Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes' [e86ab69c4a57] * Makefile.in: Parallel make fix. From Diego E. 'Flameeyes' [1289d7ee27db] 2009-02-21 Todd C. Miller <[email protected]> * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: Implement umask_override [8b87a3f7c5aa] * toke.c: regen [79d7ca9ac873] * sudoers.pod, toke.l, visudo.c: Implement %h escape in sudoers include filenames. [a7f288dd64f0] * audit.c: Need to include compat.h [c0dc07ce2f70] * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c: Make audit_success and audit_failure generic functions in preparation for integrating linux audit support. [7df020a8fd6f] * term.c: remove duplicate include [1dfcd01a7e46] 2009-02-20 Todd C. Miller <[email protected]> * bsm_audit.c: Add missing include [fb56e08c37ee] * sudo.c: May need to update the runas user after parsing command-based defaults. [246f130d7802] 2009-02-18 Todd C. Miller <[email protected]> * glob.c: Add missing pair of braces introduced with character class support. [0e2afa2e03e9] 2009-02-15 Todd C. Miller <[email protected]> * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: Rename pwstars to pwfeedback [a9f85a57ebac] 2009-02-11 Todd C. Miller <[email protected]> * bsm_audit.c, bsm_audit.h: Add const to make MacOS happy. [4274432d6627] * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure, configure.in, sudo.c: Add bsm audit support from Christian S.J. Peron [bef61cd8693d] * term.c: This is new code, no DARPA notice. [ec6ad09b9c23] 2009-02-10 Todd C. Miller <[email protected]> * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Rename simple_glob -> fast_glob [68d9ed803cc1] * match.c: g/c unused var [693fa0464eb6] * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Add simple_glob option to use fnmatch() instead of glob(). This is useful when you need to specify patterns that reference network file systems. [77ba634f6949] * tgetpass.c: add term_* proto [520f5149d073] * sudoers.pod: mention glob() [ddaab8e03c52] 2009-02-09 Todd C. Miller <[email protected]> * tgetpass.c: Delete any pwstars we wrote after the user hits return. That way there is no record on screen as to the user's password length. [fae25cda762b] 2009-02-08 Todd C. Miller <[email protected]> * term.c: Move terminal setting bits from tgetpass.c to term.c [03d43325ee99] * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: Add pwstars sudoers option that causes sudo to print a star every time the user presses a key. [7aab417e184d] 2009-02-03 Todd C. Miller <[email protected]> * Makefile.in: Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in. [64f70e879816] 2009-01-27 Todd C. Miller <[email protected]> * ldap.c: For ldap_search_ext_s() the sizelimit param should be 0, not -1, to indicate no limit. From Mark Janssen. [e2c5732d54f5] 2009-01-17 Todd C. Miller <[email protected]> * toke.c, toke.l: Comments that begin with #- should not be parsed as uids. [a72a50f12f41] 2009-01-09 Todd C. Miller <[email protected]> * sudo.c: Do not try to set the close on exec flag if we didn't actually open sudoers. [ece3ca256904] 2008-12-19 Todd C. Miller <[email protected]> * ChangeLog: regen [e11f0e4c1bdd] [SUDO_1_7_0] 2008-12-14 Todd C. Miller <[email protected]> * TODO: sync [5b8954462bb3] 2008-12-09 Todd C. Miller <[email protected]> * auth/pam.c: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the password prompt. [8563601cb3de] * configure, configure.in: Don't try to build sudo_noexec.so on HP-UX with the bundled compiler as it cannot generate shared objects. [6d4262ef9669] * emul/charclass.h, glob.c, lbuf.c, tgetpass.c: K&R compilation fixes [77921678d17c] * parse.c: Use tq_foreach_fwd when checking pseudo-commands to make it clear that we are not short-circuiting on last match. When pwcheck is 'all', initialize nopass to TRUE and override it with the first non- TRUE entry. [96b209f4778f] 2008-12-08 Todd C. Miller <[email protected]> * parse.c: Do not short circuit pseudo commands when we get a match since, depending on the settings, we may need to examine all commands for tags. [fdbaf89d6f35] 2008-12-03 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in: regen [1ecce7c1b841] * sudoers.pod: hostnames may also contain wildcards [82b76695601c] * Makefile.in: remove stamp-* files and linux core files in clean target [22003f091467] 2008-12-02 Todd C. Miller <[email protected]> * auth/sudo_auth.h, config.h.in, configure, configure.in: Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX [6905bede8410] 2008-11-26 Todd C. Miller <[email protected]> * configure, configure.in: correctly enable SIA on Digital UNIX [a51881d13995] * TODO: checkpoint [af0fe8d94d42] * ChangeLog: sync [831f623cf99c] 2008-11-25 Todd C. Miller <[email protected]> * check.c, sudo.h, tgetpass.c: Even if neither stdin nor stdout are ttys we may still have /dev/tty available to us. [20f306ba883b] 2008-11-24 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in: regen [76d97c4c318f] * sudoers.pod: fix typos; Markus Lude [bff8bc1e2066] * ChangeLog: sync [f108552531cd] * toke.c: regen [de828413c67e] * toke.l: Fix matching of a line that only consists of a comment char [09c953d8d5ca] 2008-11-22 Todd C. Miller <[email protected]> * auth/pam.c: MacOS pam will retry conversation function if it fails so just treat ^C as an empty password. [d056058930bc] * visudo.c: When checking for alias use, also check defaults bindings. [2647f82c7dbd] * redblack.c: unused var [b7ff71c17c18] * redblack.c: Replace my rbdelete with Emin's version (which actually works ;-) [21b133dd0c72] 2008-11-19 Todd C. Miller <[email protected]> * testsudoers.c: malloc debugging [0fb446fa3279] * visudo.c: malloc options in devel mode for visudo too [98d06c6afeef] 2008-11-18 Todd C. Miller <[email protected]> * sudo.c: fix compilation on non-C99; from Theo [7c304e16c536] * visudo.c: fix check_aliases [83f30a3b1765] * alias.c: when destroying an alias, free the correct data pointer [6e1a8bd86c01] * auth/sudo_auth.h: add proto for aixauth_cleanup; from Dale King [eba94ffc8f63] 2008-11-15 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [409fa57fff83] * sudo.pod, sudoers.pod, visudo.pod: standardize on the term 'option' for command line options (not flag) [228caefc2e36] 2008-11-14 Todd C. Miller <[email protected]> * INSTALL: Add note on configuring HP-UX pam [f7674a581baf] 2008-11-11 Todd C. Miller <[email protected]> * check.c, sudo.c: Move tty checks into check_user() so we only do them if we actually need a password. [7d997d7106d6] * sudo.c: Don't error out if no tty or askpass unless we actually need to authenticate. [9f23b83ed66c] 2008-11-10 Todd C. Miller <[email protected]> * ChangeLog: regen [23f9aef32da6] * pathnames.h.in, sudo.c: s/overriden/overridden/; from Tobias Stoeckmann [9f7459a8fac5] 2008-11-09 Todd C. Miller <[email protected]> * WHATSNEW, visudo.c: check sudoers owner and mode in strict mode [a3468c5ac1c4] * gram.c, toke.c: regen [7d6b515a5443] * sudo.man.in, sudoers.man.in, visudo.man.in: Update copyright years. [52d340cb8cba] * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c, interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h, parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod, testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c: Update copyright years. [b4e6bf2beafa] * emul/charclass.h, fnmatch.c, glob.c: add my copyright [28681385014a] 2008-11-08 Todd C. Miller <[email protected]> * toke.c, toke.l: The loop in fill_cmnd() was going one byte too far past the end, resulting in a NUL being written immediately after the buffer end. [a5a49d603cd7] * UPGRADE, WHATSNEW: add sections on tgetpass changes [2e6929b6a102] * tgetpass.c: Treat EOF w/o newline as an error. [aa02b1db9240] 2008-11-07 Todd C. Miller <[email protected]> * parse.c: Fix "sudo -v" when NOPASSWD is set. [f4914711ea80] * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h: No longer treat an empty password at the prompt as special. To quit out of sudo you now need to hit ^C at the password prompt. [980f760ad419] * sudoers.cat, sudoers.man.in: regen [6ca21a2cd869] * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: Sudo will now refuse to run if no tty is present unless the new visiblepw sudoers flag is set. [0cc56943252e] 2008-11-06 Todd C. Miller <[email protected]> * aix.c: just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not defined [24fc6f712d5c] * aix.c: fix fallback value for RLIM_SAVED_MAX [e09e04e1af89] * auth/aix_auth.c, auth/sudo_auth.h: Move clearing of AUTHSTATE into aixauth_cleanup. [e14ae7bd259c] * auth/aix_auth.c, env.c: Unset AUTHSTATE after calling authenticate() as it may not be correct for the user we are running the command as. [d14f68f1b0ab] * isblank.c: Add isblank() function for systems without it. Needed for POSIX character class matching in fnmatch.c and glob.c. [16cba30b283f] 2008-11-05 Todd C. Miller <[email protected]> * TROUBLESHOOTING: expound on sudo and cd [8e0fa9033637] 2008-11-04 Todd C. Miller <[email protected]> * ChangeLog: regen [40cf320a10fc] * sudoers.cat, sudoers.man.in: regen [7cac761ae2c6] * sudoers.pod: mention defauts parse order [4e2ce86d1394] 2008-11-03 Todd C. Miller <[email protected]> * Makefile.in, aclocal.m4, compat.h, configure: Add isblank() function for systems without it. Needed for POSIX character class matching in fnmatch.c and glob.c. [a1ab55da8424] * Makefile.in: add emul/charclass.h to HDRS [7e8a019dcaa4] 2008-11-02 Todd C. Miller <[email protected]> * TODO: checkpoint [afeb9bc1baed] * defaults.c, parse.c, testsudoers.c, visudo.c: Move update_defaults into defaults.c and call it properly from visudo and testsudoers. [f4dbb369461f] * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c, tsgetgrpw.c: use zero_bytes() instead of memset() for consistency [4cee0465f4a8] * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c, visudo.c: Zero out sigaction_t before use in case it has non-standard entries. [120092225459] * match.c: quiet gcc [098a1df49b23] * match.c: Short circuit glob() checks if basename(pattern) != basename(command). Refactor code that checks for a command in a directory and use it in the glob case if the resolved pattern ends in a '/'. [3c46fd317acb] 2008-11-01 Todd C. Miller <[email protected]> * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: Defer setting runas defaults until after runaspw/gr is setup. [12e75ee49c0c] 2008-10-29 Todd C. Miller <[email protected]> * match.c, sudo.c, testsudoers.c: Use MAXHOSTNAMELEN+1 when allocating host/domain name since some systems do not include space for the NUL in the size. Also manually NUL-terminate buffer from gethostname() since POSIX is wishy-washy on this. [7266ab3296a3] 2008-10-26 Todd C. Miller <[email protected]> * sudo.c, sudoers.pod: When setting the umask, use the union of the user's umask and the default value set in sudoers so that we never lower the user's umask when running a command. [4e804b004e38] * sudo.c: Don't try to read from a zero-length sudoers file. Remove the bogus Solaris work-around for EAGAIN. Since we now use fgetc() it should not be a problem. [bb8e5f68d944] 2008-10-25 Todd C. Miller <[email protected]> * parse.c: In update_defaults() check the return value of user*_matches against ALLOW so we don't inadvertantly match on UNSPEC. [4e422fa1527e] 2008-10-24 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen man pages; no more hyphenation [15de4fe2fe01] * sudo.c: Don't error out on a zero-length sudoers file. With the advent of #include the user could create a situation where sudo is unusable. [6eb461319fa5] 2008-10-23 Todd C. Miller <[email protected]> * auth/kerb5.c, config.h.in, configure, configure.in: Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at all. Add configure tests to handle all the cases. [4b554a98470d] 2008-10-08 Todd C. Miller <[email protected]> * sudo.pod: resort ENVIRONMENT [f4f20f40653e] * sudoers.pod: document sudoers_locale [0bffd2dbe806] * sudo.pod, sudo_edit.c: add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL or EDITOR [0ef8cb248cee] * toke.c, toke.l: In fill_cmnd(), collapse any escaped sudo-specific characters. Allows character classes to be used in pathnames. [5685244c8e44] 2008-10-03 Todd C. Miller <[email protected]> * lbuf.c: fix typo in non-C89 function declaration [99a7113b3a05] * sudoers.pod: Mention POSIX characters classes now that out fnmatch() and glob() support them. [9c916f1230c3] * sample.sudoers, sudoers.pod: Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is locale agnostic. [a60a62bec244] * parse.h: use __signed char if we are going to assign a negative value since on Power, char is unsigned by default [2877b319df17] * config.h.in, configure, configure.in: Add tests for __signed char and signed char. [5eb874fdf1d4] * aix.c: Fix AIX limit setting. getuserattr() returns values in disk blocks rather than bytes. The default hard stack size in newer AIX is RLIM_SAVED_MAX. From Dale King. [3db67415ecc3] 2008-09-26 Todd C. Miller <[email protected]> * emul/charclass.h, fnmatch.c, glob.c: Add character class support to included glob(3) and fnmatch(3). [6b5b4ad77899] 2008-09-16 Todd C. Miller <[email protected]> * emul/fnmatch.h: Remove UCB advertising clause and some compatibility defines. [2ade7bee74e1] 2008-09-14 Todd C. Miller <[email protected]> * sudo_edit.c: Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself or sudo. This allows one to set EDITOR to sudoedit without getting into an infinite loop of sudoedit running itself until the path gets too big. [aa49ab68f82d] * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: Add sudoers_locale Defaults option to override the default sudoers locale of "C". [0639886a35bf] 2008-09-13 Todd C. Miller <[email protected]> * sudo.c: Set locale to system default except for during sudoers parse. [016dd2736728] 2008-09-12 Todd C. Miller <[email protected]> * match.c: Redo change in 1.34 to use pointer arithmetic. [f9e7b63bb450] 2008-09-11 Todd C. Miller <[email protected]> * match.c: Fix a dereference (read) of a freed pointer. Reported by Patrick Williams. [69877b633753] 2008-08-23 Todd C. Miller <[email protected]> * sudo.c: Set locale to "C" to avoid interpretation issues with character ranges in sudoers. May want to make the locale a sudoers option in the future. [098a95de1746] 2008-08-20 Todd C. Miller <[email protected]> * config.h.in: we no longer use setproctitle [c7f20fb747ea] * sudo.h: remove #if 1 [a368ee6816c6] * LICENSE, mkstemp.c: Use my replacement mkstemp() from the mktemp package. [d07c2beb0f9e] 2008-07-12 Todd C. Miller <[email protected]> * gram.c: regen with yacc skeleton bug fixed [24784571cbb8] * sudoers.pod: Remove duplicate "as root". From Martin Toft. [97241acfee5e] 2008-07-02 Todd C. Miller <[email protected]> * pwutil.c, sudo.c, sudo.h, testsudoers.c: Flesh out the fake passwd entry used for running commands as a uid not listed in the passwd database. Fixes an issue with some PAM modules. [a6648227f3f2] 2008-07-01 Todd C. Miller <[email protected]> * sudo.c: Error out in -i mode if the user has no shell. This can happen when running commands as a uid with no password entry. [0c174bef36ff] 2008-06-26 Todd C. Miller <[email protected]> * toke.c, toke.l: Better fix for line continuation inside double quotes. Now accepts whitespace between the backslash and the newline like the main lexer. [64efcdf86d31] 2008-06-25 Todd C. Miller <[email protected]> * toke.c, toke.l: Fix line continuation in strings. It was only being honored if preceded by whitespace. [96c21271a3e4] 2008-06-22 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, logging.c: Replace the double fork with a fork + daemonize. [328505441e67] 2008-06-21 Todd C. Miller <[email protected]> * env.c, sudo.c: The -i flag should imply env_reset. This got broken in sudo 1.6.9. [3caedfeaec87] * logging.c, sudo.c, sudo_edit.c, visudo.c: Change how the mailer is waited for. Instead of having a SIGCHLD handler, use the double fork trick to orphan the child that opens the pipe to sendmail. Fixes a problem running su on some Linux distros. [b59ce60a393d] 2008-06-20 Todd C. Miller <[email protected]> * configure, configure.in: Fix configure test for dirfd() on Linux where DIR is opaque. [b8f729cdfecc] 2008-06-17 Todd C. Miller <[email protected]> * tgetpass.c: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has this problem we'll need to revisit this again. [c17fee8ad530] 2008-06-11 Todd C. Miller <[email protected]> * logging.c: Ignore SIGPIPE instead of blocking it when piping to the mailer. If we only block the signal it may be delivered later when we unblock. Also, there is no need to block SIGCHLD since we no longer do the double fork. The normal SIGCHLD handler is sufficient. [e94a49e992e5] 2008-06-08 Todd C. Miller <[email protected]> * configure, configure.in: Add description for NO_PAM_SESSION, from a redhat patch. [b9e4c939ec09] 2008-06-06 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudo.pod: Fix typos in -i usage [2d7ce5de0235] 2008-05-18 Todd C. Miller <[email protected]> * configure, configure.in: Redo the test for dgettext() in a way that hopefully will work around the libintl_dgettext() undefined problem. [d27beb0cf85e] 2008-05-11 Todd C. Miller <[email protected]> * schema.ActiveDirectory: change filename in comment [733da4ee9ac5] 2008-05-10 Todd C. Miller <[email protected]> * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Reference schema.ActiveDirectory [d6aec537800e] 2008-05-09 Todd C. Miller <[email protected]> * schema.OpenLDAP, schema.iPlanet: Mark sudoRunAs as deprecated. [00c50df807af] * schema.ActiveDirectory: add sudoRunAsUser and sudoRunAsGroup [19bcce6f72fb] * schema.ActiveDirectory: Active Directory schema by Chantal Paradis and Eric Paquet [06a09c92c6a5] 2008-05-08 Todd C. Miller <[email protected]> * parse.c: remove an XXX that was fixed [b88038062fa2] * ChangeLog: sync [8fc27c17270e] * parse.c: Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This fixes a problem where the tag value printed was influenced by defaults set in the first pass through the parser. [588ccd630367] 2008-05-04 Todd C. Miller <[email protected]> * Makefile.in, sudo.psf: No point in packaging the TODO file [9590248fffe1] * ChangeLog: sync [152acf4c6813] 2008-05-03 Todd C. Miller <[email protected]> * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: Add env_file Defaults option that is similar to /etc/environment on some systems. [1daf53d51e18] 2008-05-02 Todd C. Miller <[email protected]> * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, version.h, visudo.cat, visudo.man.in: change version to 1.7.0 [d41d126b9bd8] * UPGRADE: initial valgrind pass done [c59c3876d8ca] 2008-04-23 Todd C. Miller <[email protected]> * ldap.c: Fix typo/think in sudo_ldap_read_secret() when storing the secret. [830d246c09b0] 2008-04-11 Todd C. Miller <[email protected]> * ldap.c: define LDAPS_PORT if the system headers do not [247b12325701] 2008-04-10 Todd C. Miller <[email protected]> * gram.c, gram.y: Fix another memory leak in init_parser(). [7bba47deba11] * configure, configure.in: There was a missing space before the ldap libs in SUDO_LIBS for some configurations. [7524cfc93759] * alias.c, gram.c, gram.y, toke.c, toke.l: Clean up some memory leaks pointed out by valgrind. [a965866ece1a] 2008-04-07 Todd C. Miller <[email protected]> * sudo.c: fix "sudo -s" broken by mode/flags breakout [acffe984d408] * configure, configure.in: remove duplicate check for dgettext [58145529133c] 2008-04-05 Todd C. Miller <[email protected]> * aix.c: Fall back to default stanza if no user-specific limit is found. [7b8cb29123ee] 2008-04-02 Todd C. Miller <[email protected]> * snprintf.c: include stdint.h if present [f0ec38529306] * snprintf.c: Use LLONG_MAX, not the old QUAD_MAX [01041ce508fb] 2008-04-01 Todd C. Miller <[email protected]> * sudoers.ldap.pod: fix cut and pasto [34240fdef5ab] 2008-03-31 Todd C. Miller <[email protected]> * pwutil.c: Add #ifdef PURITY [ce1b571ad526] 2008-03-30 Todd C. Miller <[email protected]> * auth/bsdauth.c: remove useless cast [494f8a862e1d] 2008-03-27 Todd C. Miller <[email protected]> * ChangeLog: sync [f5c97ffaabcc] * TODO: sync [96ff1c44c182] * sudo.h: Split MODE_* defines into primary and flags. [c02ee3027cb9] 2008-03-26 Todd C. Miller <[email protected]> * aix.c: It turns out the logic for getting AIX limits is more convoluted than I realized and differs depending on whether the soft and/or hard limits are defined. [cf8d3f85d395] 2008-03-23 Todd C. Miller <[email protected]> * Makefile.in, configure, configure.in: Back out AIX-specific change to set the sudo_noexec path to the .a file, we do really want to use the .so file. Since libtool doesn't do that correctly, just install the .so file ourselves in the Makefile. [05c6f33177d9] * install-sh: If the file given to install is a path, only use the basename of the file when building the destination path. [695ba4e429ce] 2008-03-18 Todd C. Miller <[email protected]> * sudo.c: parse_args() cleanup: Sort command line options in the getopt() switch The -U option requires a parameter Normalize a few ISSET calls Split mode into mode and flags and retire the now-obsolete excl variable [0d156835f861] * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in: Add -n (non-interactive) flag. [e3e50400d32d] * sudo.c: Move version printing, etc. into a separate function. [18c91b476e2c] * sudo.c: Don't try to cleanup nsswitch if it has not been initialized. [aeb1ca1b399d] 2008-03-17 Todd C. Miller <[email protected]> * logging.c: Block SIGPIPE in send_mail() so sudo is not killed by a problem executing the mailer. [f130e7924cca] 2008-03-14 Todd C. Miller <[email protected]> * configure, configure.in: AIX shared libs end in .a, not .so. [a5deb07020d8] 2008-03-13 Todd C. Miller <[email protected]> * env.c: Preserve HOME by default too. Matches documentation and previous behavior. [c16f17f1047c] 2008-03-12 Todd C. Miller <[email protected]> * sudo.c: Use getopt() to parse the command line. We need to be able to intersperse env variables and options yet still honor "--"" which complicates things slightly. [60f271ce5c16] 2008-03-06 Todd C. Miller <[email protected]> * ChangeLog: sync [685e67964eda] * acsite.m4, configure, ltmain.sh: update to libtool-1.5.26 [4c9a8c3d3b40] * config.guess, config.sub: update from libtool-1.5.26 distribution [c6641aef2527] * aix.c, sudo.h: attempt to fix compilation errors on AIX [edb13e5b2184] * Makefile.in: fix typo in last commit [25ba7f7ceae4] * Makefile.in: Add WHATSNEW file to the distribution [213f4115de8f] * visudo.c: use warningx instead of fprintf(stderr, ...) [a3494b8ccb19] * list.c: add DEBUG to list2tq [115d24a3000c] * ChangeLog, TODO: sync [60e6f4d1fac0] * WHATSNEW: mention mailfrom [e2498f9e18d6] * Makefile.in, aix.c, config.h.in, configure, configure.in, set_perms.c, sudo.h: Add aix_setlimits() to set resource limits on AIX using a combination of getuserattr() and setrlimit(). Currently untested. [9b1441fd89ca] 2008-03-05 Todd C. Miller <[email protected]> * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat, sudoers.man.in, sudoers.pod: Add mailfrom Defaults option that sets the value of the From: field in the warning/error mail. If unset the login name of the invoking user is used. [029b9f05d3d9] * defaults.c: store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable [a90e407d5e00] * gram.c, gram.y: When adding a default, only call list2tq() once to do the list to tq conversion. It is not legal to call list2tq multiple times on the same list since list2tq consumes and modifies the list argument. [fbc25d245c4a] * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: comment out XXXs for now [595a1d43309d] * WHATSNEW: mention askpass [b993e0837c22] 2008-03-04 Todd C. Miller <[email protected]> * sudo.c: Error out if both -A and -S are specified Error out if -A is specified but no askpass is configured [24f1df2638f6] * configure, configure.in: we are not going to ship a sudo-specific askpass [61949e7a3943] 2008-03-03 Todd C. Miller <[email protected]> * sudo.h: fix definition of TGP_ASKPASS [0447c57ba4c3] * def_data.c, def_data.in: make askpass boolean-capable [e0885893a325] * INSTALL: document --with-askpass [c76e15ba97cf] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.man.in, visudo.cat: regen [8d16242980b7] 2008-03-02 Todd C. Miller <[email protected]> * sudo.pod, sudo_usage.h.in, sudoers.pod: document -A and askpass [02c07505a78c] * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c, def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h, sudo_usage.h.in, tgetpass.c: Add support for running a helper program to read the password when no tty is present (or when specified with the -A flag). TODO: docs. [05780f5f71fd] * def_data.c, def_data.in: add missing printf format to SELinux role and type strings [2b32774715e7] 2008-02-27 Todd C. Miller <[email protected]> * INSTALL, configure, configure.in: Disable use of gss_krb5_ccache_name() by default and add --enable-gss-krb5-ccache-name configure option to enable it. It seems that gss_krb5_ccache_name() doesn't work properly with some combinations of Heimdal and OpenLDAP. [f61ebd3b19bd] 2008-02-22 Todd C. Miller <[email protected]> * selinux.c: Ignore setexeccon() failing in permissive mode. Also add a call to setkeycreatecon() (though this is probably insufficient). From Dan Walsh. [52564fc1c069] * auth/pam.c: Only set std_prompt for the PAM_PROMPT_* cases. The conversation function may be called for non-password reading purposes so we must be careful not to use def_prompt in cases where it may not be set. [29d88ca575ba] 2008-02-20 Todd C. Miller <[email protected]> * selinux.c: Don't free the new tty context, we need to keep it around when we restore the tty context after the command completes [5b4bd39b6ea8] 2008-02-19 Todd C. Miller <[email protected]> * selinux.c: s/newrole/sudo/ [21b8a96ff8df] * sudo.man.pl, sudo.pod: Only put login_cap(3) in SEE ALSO section if we have login.conf support [05250ddff2c0] 2008-02-18 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen [301e5c5ccdbe] * sudoers.pod: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [c1c98fa163ce] * sudoers.man.pl: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [6c88f30b878a] * sudo.pod: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [acdbdfd24e1d] * sudo.man.pl: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [0c56d4750ac3] * Makefile.in, configure, configure.in: Substitute in comment characters for lines partaining to login.conf, BSD auth and SELinux and only enable them if pertinent. [9a02bd6a6658] * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: Remove the =cut on the first line (above the copyright notice) to quiet pod2man. Also remove the hackery in the FILES section and just deal with the fact that there will a newline between each pathname. [2ac1ab191835] 2008-02-17 Todd C. Miller <[email protected]> * Makefile.in: run sudo.man.pl when generating sudo.man.in [859727369168] * configure, configure.in, sudo.man.pl: comment out SELinux manual bits unless --with-selinux was specified [97ff4212b649] * sudoers.pod: document role and type defaults for SELinux [870f303366b3] * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in: Document "sudo -ll" and make "sudo -l -l" be equivalent. [3ce6dc429ea3] 2008-02-15 Todd C. Miller <[email protected]> * configure, configure.in: Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on Debian GNU/kFreeBSD. [c4efa567a328] 2008-02-13 Todd C. Miller <[email protected]> * auth/kerb5.c: Avoid Heimdal'isms introduced in the rev 1.32 rewrite of verify_krb_v5_tgt() [f80538e5a6fa] * logging.c, logging.h, sudo.c: Remove dependence on VALIDATE_NOT_OK in logging functions. Split log_auth() into log_allowed() and log_denial() Replace mail_auth() with should_mail() and a call to send_mail() [58aac9997557] 2008-02-10 Todd C. Miller <[email protected]> * ldap.c: Add debugging so we can tell if the krb5 ccache is accessible [c679322527bb] * INSTALL: mention --with-selinux [9efbe0b52194] 2008-02-09 Todd C. Miller <[email protected]> * configure: regen [467a834f867c] * selinux.c: add Sudo tag [d004ee669bed] * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, testsudoers.c, toke.c, toke.l: Add support for SELinux RBAC. Sudoers entries may specify a role and type. There are also role and type defaults that may be used. To make sure a transition occurs, when using RBAC commands are executed via the new sesh binary. Based on initial changes from Dan Walsh. [1d4abfe2c004] * sesh.c: Add support for SELinux RBAC. Sudoers entries may specify a role and type. There are also role and type defaults that may be used. To make sure a transition occurs, when using RBAC commands are executed via the new sesh binary. Based on initial changes from Dan Walsh. [1e3b395ce049] * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, pathnames.h.in, selinux.c: Add support for SELinux RBAC. Sudoers entries may specify a role and type. There are also role and type defaults that may be used. To make sure a transition occurs, when using RBAC commands are executed via the new sesh binary. Based on initial changes from Dan Walsh. [6b421948286e] 2008-02-08 Todd C. Miller <[email protected]> * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: Add long list (sudo -ll) support for printing verbose LDAP and sudoers file entries. Still need to update manual. [2875be37935c] 2008-02-03 Todd C. Miller <[email protected]> * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: Unify the -l output for file and ldap based sudoers and use lbufs for both. The ldap output does not currently include options that cannot be represented as tags. This will be remedied in a long list output mode to come. [b2e429456596] 2008-01-27 Todd C. Miller <[email protected]> * set_perms.c: Use a specific error message for errno == EAGAIN when setuid() et al fails. On Linux systems setuid() will fail with errno set to EAGAIN if changing to the new uid would result in a resource limit violation. [08d0aecd9f03] * sudo.c: Unlimit nproc on Linux systems where calling the setuid() family of syscalls causes the nroc resource limit to be checked. The limits will be reset by pam_limits.so when PAM is used. In the non-PAM case the nproc limit will remain unlimited but there doesn't seem to be a way around that other than having sudo parse /etc/security/limits.conf directly. [df024b415a8d] * env.c, sudo.c, sudo.pod: Only read /etc/environment on Linux and AIX [90669e2aefdb] 2008-01-23 Todd C. Miller <[email protected]> * configure, configure.in: Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent ldap.conf and ldap.secret paths from going into config.h. Avoid single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED since in some versions of bash they will end up literally in the resulting define. [25390f3ef10a] 2008-01-21 Todd C. Miller <[email protected]> * README.LDAP: mention --with-nsswitch=no [c509df927263] * configure, configure.in: ldap_ssl.h depends on ldap.h being included first [d96d90e9b21f] * config.h.in, configure, configure.in, ldap.c: Include ldap_ssl.h if we can find it. Needed for the ldapssl_set_strength defines on HP-UX at least. [9e530470948a] * sudoers.ldap.pod: sync [b9d101f4673a] * TODO: sync [2ce951b2ecd0] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: regen [b61d793987e0] * Makefile.in: Use 78n line length when formatting cat pages. [761bee9d5759] * README.LDAP: Remove redundant info that is now in sudoers.ldap.pod [01828dcce59e] 2008-01-20 Todd C. Miller <[email protected]> * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Reorganize the first section a bit. Substitute the proper path for /etc/sudoers. [11ae165e065d] * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move schema into EXAMPLES [ab6509d1dde7] * configure, configure.in: Substitute values for ldap.conf, ldap.secret and nsswitch.conf into sudoers.ldap.man. [6e689972f465] * configure, configure.in: substitute for sudoers.ldap.man [5a4a25766dee] * Makefile.in: Fix cut & pasto introduced when adding sudoers.ldap man page. [a7b069af8894] * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Fill in some of the missing pieces. Still needs some reorganization and editing. [5e7331722166] 2008-01-19 Todd C. Miller <[email protected]> * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: Beginnings of a sudoers.ldap man page. Currently, much of the information is adapted from README.LDAP. [aad28c8a922d] 2008-01-18 Todd C. Miller <[email protected]> * pwutil.c: When copying gr_mem we must guarantee that the storage space for gr_mem is properly aligned. The simplest way to do this is to simply store gr_mem directly after struct group. This is not a problem for gr_passwd or gr_name as they are simple strings. [af58fc76f1ed] * ldap.c: Fix a typo/thinko in one of the calls to sudo_ldap_check_user_netgroup(). From Marco van Wieringen. [70b2eb8097f5] 2008-01-17 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, ldap.c: include <mps/ldap_ssl.h> in ldap.c if available [34346206ef16] 2008-01-16 Todd C. Miller <[email protected]> * gram.c, gram.y: Make sure we define SIZE_MAX for yacc's skeleton.c [d8a45c7a3c42] * tgetpass.c: Use TCSAFLUSH when restoring terminal settings (and echo) to guarantee that any pending output is discarded [549a184479e5] 2008-01-15 Todd C. Miller <[email protected]> * sudoers: no longer need to specify SETENV when user has sudo ALL [3051b41f8032] * testsudoers.c: sync user_args size calculation with sudo.c Add -g group option, renaming old -g to -G Add set_runasgr() and set_runaspw() and use them [0850325180f0] * sudo.c, sudo.h: Make set_runaspw static void [5d44d7a340ce] * testsudoers.c, visudo.c: g/c set_runaspw stub [79ebb5e2cc38] * configure, configure.in: Don't add -llber twice. [4356d302eef4] 2008-01-14 Todd C. Miller <[email protected]> * ldap.c: fix typo [249cecc557e9] 2008-01-13 Todd C. Miller <[email protected]> * gram.c: regen [2f94ea375b67] * configure, configure.in: Fix check that determines whether -llber is required. [6afa99523379] * README.LDAP, config.h.in, configure, configure.in, ldap.c: For netscape-based LDAP, use ldapssl_set_strength() to implement the checkpeer ldap.conf option. [16ae24d73795] * auth/kerb5.c: Delay krb5_cc_initialize() until we actually need to use the cred cache, which is what krb5_verify_user() does. Better cleanup on failure. [d12e5f1695b8] 2008-01-12 Todd C. Miller <[email protected]> * auth/kerb5.c: Rewrite verify_krb_v5_tgt() based on what heimdal's krb5_verify_user() does. [05b5815f86c9] 2008-01-09 Todd C. Miller <[email protected]> * gram.c: The U suffix on constants is an ANSI feature [c6dfce3167f1] * configure, configure.in: Add check for ber_set_option() in -llber [43d0c0566074] 2008-01-07 Todd C. Miller <[email protected]> * README.LDAP: default if no nsswitch.conf is files only [c13001d9c998] 2008-01-06 Todd C. Miller <[email protected]> * README.LDAP: don't tell people to mail aaron about LDAP stuff [8165ec1ef0c6] * README.LDAP: timelimit and bind_timelimit [44f74cbed167] * ChangeLog: sync [aba1a0ab02bd] * ldap.c: Move ldap.secret reading into a separate function. [1948acc9f7a4] * check.c: user_runas -> runas_pw [334490fc2bae] 2008-01-05 Todd C. Miller <[email protected]> * TODO: sync [c7b165cc47c6] * check.c, sudo.pod, sudoers.pod: Add and document the %p escape in the password prompt. Based on a patch from Patrick Schoenfeld. [3972d4f31ffa] * ldap.c: Check strlcpy() return values. [9b42f3ae8ff1] * ldap.c: refactor ldap binding code into sudo_ldap_bind_s() [cb0c66a4d955] * README.LDAP: Make it clear that host and uri can take multiple parameters. URI is now supported for more than just openldap nsswitch.conf does't accept "compat" [f610dea656d6] * sudo.c: comment cleanup and update (c) year [6cd69c810ca5] * parse.c, sudo_nss.c: Move display_privs() and display_cmnd() from parse.c to sudo_nss.c. This should make it possible to build an LDAP-only sudo binary. [61c3f27066a0] * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: Improve chaining of multiple sudoers sources by passing in the previous return value to the next in the chain [2c0b722b1b2d] * gram.y: Free up parser data structures in sudo_file_close(). [2251531d4519] * gram.c, parse.c: Free up parser data structures in sudo_file_close(). [8371f130f401] * ldap.c: Parse uri ourself if no ldap_initialize() is present Use ldap_create() instead of deprecated ldap_init() Use ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s() [85d3825b1953] * config.h.in, configure, configure.in: Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from CFLAGS [240524512bc5] 2008-01-04 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in: add check for ldap_create [3089badd73b8] 2008-01-03 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, ldap.c: Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's dn using the mechanism appropriate for the LDAP SDK in use. Use ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them. [6deeca3d00cc] * lbuf.c: include unistd.h [8419ed0bae7f] * config.h.in, configure.in: fix typo in mtim_getnsec [2d5f21230a60] 2008-01-02 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in: add check for st__tim in struct stat as used by SCO [587060ea2a89] * ldap.c: use ldap_search_ext_s instead of deprecated ldap_search_s [5fc44fe3b44c] * Makefile.in, TODO, sudo.cat, sudo.man.in: add sudo_nss.h to HDRS [86f01a70ff29] * ldap.c: Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and ldap_rdn2str(). [aa217002cfae] 2008-01-01 Todd C. Miller <[email protected]> * ldap.c: Use ldap_get_values_len()/ldap_value_free_len() instead of the deprecated ldap_get_values()/ldap_value_free(). [e22dceb85e57] * ChangeLog: sync [adad27b36107] * TODO: sync [c449eb47e0ef] * gettime.c, sudo.c: Remove some already fixed XXXs [532788d0e6da] * ldap.c: Same return value as non-existent sudoers if LDAP was unable to connect. [5819810e8e4e] * sudo.pod: mention /etc/environment [ea8e6102f853] * README.LDAP, UPGRADE, WHATSNEW: Update to reflect recent developments. [ed1fb026fe77] * sudo.c: Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output. [55b68a58260d] * ldap.c: When building up a query don't list groups in the aux group vector that are the same as the passwd file group. On most systems the first gid in the group vector is the same as the passwd entry gid. [4bb51e297e0d] * env.c, ldap.c: Define LDAPNOINIT before calling ldap_init(), etc. to disable user ldaprc and system defaults that could affect how LDAP works. [ce5036440db2] * INSTALL, configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, sudo_nss.h: Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it. If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf- file and --with-ldap-secret-file [ea5d7704381f] * parse.c: Honor def_ignore_local_sudoers [f38e1121fae1] 2007-12-31 Todd C. Miller <[email protected]> * ldap.c: no longer need to check def_ignore_local_sudoers here [fce2a72f96fb] * parse.c: Refactor group vector resetting into a function and also call it from display_cmnd. Stop after the first sucessful match in display_cmnd. Print a newline between each display_privs method. [981b37b5adff] * parse.c: fix double free introduced in rev 1.218 [c574b02d8747] * ldap.c: belt and suspenders; zero out result after freeing it [7732988d4620] * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: Refactor line reading into a separate function, sudo_parseln(), which removes comments, leading/trailing whitespace and newlines. May want to rethink the use of sudo_parseln() for /etc/ldap.secret [61d9068f0645] * parse.c, sudo.c: Make the inability to read the sudoers file a non-fatal error if there are other sudoers sources available. sudoers_file_lookup now returns "not OK" if sudoers was not present [643babf597a8] * ldap.c: make it clear that the global options are from LDAP [9ff950349463] * logging.c: allocate proper amount of space for error string [8bebb7d46d19] * sudo_nss.c, sudo_nss.h: actual sudo nss code [5bd7d52d7738] * ldap.c, parse.c, sudo.c, sudo.h: nss-ify display_privs and display_cmnd. [cccfdd3253f2] * defaults.c, parse.c, testsudoers.c, visudo.c: move update_defaults() to parse.c [ace144b958a9] * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h: Use nsswitch to hide some sudoers vs. ldap implementation details and reduce the number of #ifdef LDAP TODO: fix display routines and error handling [6225edde89a6] 2007-12-28 Todd C. Miller <[email protected]> * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h: First cut at nsswitch.conf support. Further reorganizaton and related changes are forthcoming. [717f59d0790b] 2007-12-21 Todd C. Miller <[email protected]> * env.c, pathnames.h.in, sudo.c, sudo.h: Add support for reading and /etc/environment file. Still needs to be documented and should probably only applies to OSes that have it (AIX and Linux, maybe others). [15d3edae27e4] * ldap.c: include limits.h [e19875ef0f82] 2007-12-20 Todd C. Miller <[email protected]> * WHATSNEW: reword LDAP SASL [7ec3c4ec31b5] 2007-12-19 Todd C. Miller <[email protected]> * TODO: sync [87c5a7aea7bf] * README.LDAP: Add an example sudoRole, clarify netscape vs. openldap a bit more [6f96c0ca8107] * README.LDAP: Be clear on what is OpenLDAP vs. Netscape-derived [a33c8314dec5] * config.h.in, configure, configure.in, ldap.c: Use ldapssl_init() for ldaps support instead of trying to do it manually with ldap_init() + ldapssl_install_routines(). Use tls_cert and tls_key for cert7.db and key3.db respectively. Don't print debugging info for options that are not set. Add warning if start_tls specified when not supported. [abb62dc7e4a3] * ldap.c: fix compilation on solaris [03d449684e80] * Makefile.in: add missing .h and .c files for missing lib objs [8b37825bdfc7] 2007-12-18 Todd C. Miller <[email protected]> * ldap.c: fix LDAP_OPT_NETWORK_TIMEOUT setting [226eba89c0ad] * ldap.c: fix compilation on Solaris [917d47639eb6] 2007-12-17 Todd C. Miller <[email protected]> * configure, configure.in: fix typo [009d5c81b225] * README.LDAP: try to clear up which variables are for OpenLDAP and which are for netscape-derived SDKs [f8d9823ee73c] * config.h.in, configure, configure.in, ldap.c: Add support for "ssl on" in both netscape and openldap flavors. Only the OpenLDAP flavor has been tested. [952745829ec5] * logging.c, sudo.c, sudo.h: Call cleanup() before exit in log_error() instead of calling sudo_ldap_close() directly. ldap_conn can now be static to sudo.c [da02d1b67a2c] * sudo.c: ld -> ldap_conn [01afa6d927cc] 2007-12-16 Todd C. Miller <[email protected]> * logging.c, sudo.c, sudo.h: Better ldap cleanup. [25b9abe2d617] * ldap.c: Distinguish between LDAP conf settings that are connection-specific (which take an ld pointer) and those that are default settings (which do not). [d48dc6c9c3b4] 2007-12-14 Todd C. Miller <[email protected]> * ldap.c: Improved warnings on error. [c8dce7b4feb4] * ldap.c: Make ldap config table driven and set the config *after* we open the connection. [d9698b5a2681] 2007-12-13 Todd C. Miller <[email protected]> * ldap.c: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define [598c6df06660] * configure, configure.in: some operating systems need to link with -lkrb5support when using krb5 [8896365dde9e] 2007-12-10 Todd C. Miller <[email protected]> * WHATSNEW: minor update [acfeeb7f4886] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen [a3c6699674f9] 2007-12-08 Todd C. Miller <[email protected]> * ChangeLog, TODO: sync [138e99b925ee] * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: add -g support for LDAP [8fc27dbe9287] 2007-12-03 Todd C. Miller <[email protected]> * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: The -i and -s flags can now take an optional command. [6afec104ee77] 2007-12-02 Todd C. Miller <[email protected]> * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod, sudoers.pod: Add passprompt_override flag to sudoers that will cause the prompt to be overridden in all cases. This flag is also set when the user specifies the -p flag. [e4c5402131a6] * sudo.c: Move setting of login class until after sudoers has been parsed. Set NewArgv[0] for -i after runas_pw has been set. [62a48c8c56fa] * configure, configure.in: Move the dgettext check. [5fd8a4712d1c] 2007-12-01 Todd C. Miller <[email protected]> * auth/pam.c, config.h.in, configure, configure.in: Add basic support for looking up the string "Password: " in the PAM localized text db. This allows us to determine whether the PAM prompt is the default "Password: " one even if it has been localized. TODO: concatenate non-std PAM prompts and user-specified sudo prompts. [81c25a415d41] 2007-11-27 Todd C. Miller <[email protected]> * Makefile.in, config.h.in, configure, configure.in, parse.c, set_perms.c, sudo.c, sudo.h: Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. [1cce6ec1a91e] * acsite.m4, configure, interfaces.c, memrchr.c: Fix typos; Martynas Venckus [be1233cca11a] 2007-11-26 Todd C. Miller <[email protected]> * set_perms.c: Don't assume runas_pw is set; it may not be in the -g case. [aa11bd2193ac] 2007-11-25 Todd C. Miller <[email protected]> * logging.c, set_perms.c: Set aux group vector for PERM_RUNAS and restore group vector for PERM_ROOT if we previously changed it. Stash the runas group vector so we don't have to call initgroups more than once. Also add no-op check to check_perms. [53837fc755f7] 2007-11-21 Todd C. Miller <[email protected]> * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h, pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c, visudo.cat, visudo.man.in: Add support for runas groups. This allows the user to run a command with a different effective group. If the -g option is specified without -u the command will be run as the current user (only the group will change). the -g and -u options may be used together. TODO: implement runas group for ldap improve runas group documentation add testsudoers support [9019309df6d0] * configure, configure.in: fix setting of mandir [2c60f269399f] * sudo.pod, sudoers.pod: document that ALL implies SETENV [bcc8e5b703b9] * ldap.c: s/setenv_ok/setenv_implied/g [f005df2c2eea] * ldap.c: hostname_matches() returns TRUE on match in sudo 1.7. [c3d4377b6e8b] * ldap.c: use strcmp, not strcasecmp when comparing ALL [e486024574a1] * ldap.c: Make sudo ALL imply setenv. Note that unlike with file-based sudoers this does affect all the commands in the sudoRole. [bc12f54321d1] * gram.c, gram.y, parse.c, parse.h: sudo "ALL" now implies the SETENV tag but, unlike an explicit tag, it is not passed on to other commands in the list. [026e2cb40680] * visudo.c: Add missing sudo_setpwent() and sudo_setgrent() calls. Also use sudo_getpwuid() instead of getpwuid(). [86f30a8fbd49] 2007-11-15 Todd C. Miller <[email protected]> * sudoers: Expand on the dangers of not using visudo to edit sudoers. [e434e8057d02] 2007-11-08 Todd C. Miller <[email protected]> * parse.c: Don't quote *?[]! on output since the lexer does not strip off the backslash when reading those in. [561da4a13afa] 2007-11-07 Todd C. Miller <[email protected]> * glob.c: expand "u_foo" types to "unsigned foo" to avoid compatibility issues. [b0d7c64d78c3] 2007-11-04 Todd C. Miller <[email protected]> * logging.c: Refactor log line generation in to new_logline(). [6a9b9730615d] 2007-10-25 Todd C. Miller <[email protected]> * TROUBLESHOOTING: fix typo [9e19d4f86e47] 2007-10-24 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, interfaces.c, interfaces.h, match.c: Add configure check for struct in6_addr instead of relying on AF_INET6 since some systems define AF_INET6 but do not include IPv6 support. [e24082c416bd] 2007-10-21 Todd C. Miller <[email protected]> * configure, configure.in: Fix block to add -lutil for FreeBSD and NetBSD when logincap is in use. [76a9df4a63be] 2007-10-20 Todd C. Miller <[email protected]> * configure, configure.in: POSIX states that struct timespec be declared in time.h so check there regardless of the value of TIME_WITH_SYS_TIME. [e42c55ec9daf] 2007-10-17 Todd C. Miller <[email protected]> * tgetpass.c: Instead of defining a macro to call the appropriate method for turning on/off echo, just define tc[gs]etattr() and the related defines that use the correct terminal ioctls if needed. Also go back to using TCSAFLUSH instead of TCSADRAIN on all but QNX. [5dfb2379d995] 2007-10-09 Todd C. Miller <[email protected]> * Makefile.in: g/c @ALLOCA@ [e6946c2e3820] * configure: regen [9bac7159a138] * INSTALL, auth/pam.c, config.h.in, configure.in: Add --disable-pam-session configure option to disable calling pam_{open,close}_session. May work around bugs in some PAM implementations. [273d0fdb4a9d] 2007-10-08 Todd C. Miller <[email protected]> * tgetpass.c: quiet gcc warnings [325565c5a579] * tgetpass.c: Avoid printing the prompt if we are already backgrounded. E.g. if the user runs "sudo foo &" from the shell. In this case, the call to tcsetattr() will cause SIGTTOU to be delivered. [db2139a8d8b8] 2007-09-15 Todd C. Miller <[email protected]> * def_data.c, def_data.h, def_data.in: Reorder things such that the definition of env_reset come right before the env variable lists. [e0d8e22a581a] * parse.h: Shrink type and seqno in struct alias from int to u_short [9425263dd565] * alias.c, match.c, parse.c, parse.h: Add a sequence number in the aliases for loop detection. If we find an alias with the seqno already set to the current (global) value we know we've visited it before so ignore it. [301a0548ffff] 2007-09-13 Todd C. Miller <[email protected]> * TODO, auth/pam.c, sudo.c, sudo.h: PAM wants the full tty path so add user_ttypath which holds the full path to the tty or is NULL if no tty was present. [c7c1dd4b36c8] * auth/pam.c: Set PAM_RHOST to work around a bug in Solaris 7 and lower that results in a segv. [3a8865b3a357] 2007-09-11 Todd C. Miller <[email protected]> * gram.c: regen [5647be127950] * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, parse.h, testsudoers.c, visudo.c: rename lh_ -> tq_ [8f500c542c4a] 2007-09-10 Todd C. Miller <[email protected]> * alloc.c: remove some useless casts [409a448b23f5] * alloc.c: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h predates the final C99 spec and the standard specifies that it shall include stdint.h anyway [ae478fdef61a] 2007-09-06 Todd C. Miller <[email protected]> * Makefile.in, alloca.c, configure.in: Since we ship with a pre-generated parser there is no need to ship a bogus alloca implementation. [3f611a7cc0e5] * configure: regen [771eccf5269c] * configure.in: remove initial setting of CHECKSIA, we require that it be unset if not used [a2e91adc5aa2] * Makefile.in: add list.c to SRCS [7db0e56cf5b9] * configure: regen [3716ec30172e] * configure.in: only do SIA checks on Digital Unix [6a96e1af2597] 2007-09-05 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in: regen [ac1dc29de72b] * ChangeLog, TODO: sync [781effce0a2d] * auth/kerb5.c: Remove call to krb5_cc_register() as it is not needed for modern kerb5. [351b8b764f16] * configure: regen [ac21dbcc9c2c] * aclocal.m4, configure.in: New method for setting the default authentication type and avoiding conflicts in auth types. [5fb15be11f78] * match.c, parse.c, testsudoers.c: Each entry in a cmndlist now has an associated runaslist so no need to keep track of the most recent non-NULL one. [582e015786b0] 2007-09-04 Todd C. Miller <[email protected]> * ldap.c: back out partial ldaps support mistakenly committed [357703e94b2d] * ldap.c: Add support for unix groups and netgroups in sudoRunas [2f04eb91c6d0] 2007-09-03 Todd C. Miller <[email protected]> * sudo_edit.c: Fix sudoedit of a non-existent file. From Tilo Stritzky. [a5488a03bddd] 2007-09-02 Todd C. Miller <[email protected]> * configure: regen [541177376ee1] * INSTALL: update --passprompt escape info [6d57db4cd538] * configure.in: remove now-bogus comment and update copyright date [6a4af45fa331] * configure.in: Fix up use of with_passwd [7c79d8640f77] * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh: Update to autoconf-2.61 andf libtool-1.5.24 [045259b0b439] * Makefile.in: "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61 [f5b6a7afb817] 2007-09-01 Todd C. Miller <[email protected]> * gram.c: regen [b5b78e71d2cb] * gram.y: move tags and runaslist propagation to be earlier [94f7805f4489] * visudo.c: If -f flag given use the permissions of the original file as a template [9303d22bddb0] * gram.y: prevent a double free() when re-initing the parser [5b3907c4de5a] 2007-08-31 Todd C. Miller <[email protected]> * configure: regen [49a90b19a17d] * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in, configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c, sudo.h, testsudoers.c, visudo.c, zero_bytes.c: Remove support for compilers that don't support void * [35e1d01ae197] * gram.c: regen [70ce412a458a] * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, parse.h, testsudoers.c, visudo.c: Move list manipulation macros to list.h and create C versions of the more complex ones in list.c. The names have been down-cased so they appear more like normal functions. [9cea0e281148] * Makefile.in: Fix cmp command when regenerating parser. Make gram.o the first dependency for all programs so gram.h will be generated before anything that needs it. [429ea065abf1] * gram.y, parse.h: Convert NEW_DEFAULT anf NEW_MEMBER into static functions. [2f3433833589] * match.c, parse.c, testsudoers.c: Use LH_FOREACH_REV when checking permission and short-circuit on the first non-UNSPEC hit we get for the command. This means that instead of cycling through the all the parsed sudoers entries we start at the end and work backwards and quit after the first positive or negative match. [881474532f3e] * gram.c: regen [9152a19d4188] * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c: Change list head macros to take a pointer, not a struct. [054f1dcce4cc] * gram.c: regen [be154aae6235] * gram.y: Propagate the runasspec from one command to the next in a cmndspec. [4957b1cb03a3] 2007-08-30 Todd C. Miller <[email protected]> * match.c: Replace has_meta() with a macro that calls strpbrk(). [a2e58846a542] * regen [5a932a5c9451] * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, testsudoers.c, visudo.c: Use a list head struct when storing the semi-circular lists and convert to tail queues in the process. This will allow us to reverse foreach loops more easily and it makes it clearer which functions expect a list as opposed to a single member. Add macros for manipulating lists. Some of these should become functions. When freeing up a list, just pop off the last item in the queue instead of going from head to tail. This is simpler since we don't have to stash a pointer to the next member, we always just use the last one in the queue until the queue is empty. Rename match functions that take a list to have list in the name. Break cmnd_matches() into cmnd_matches() and cmndlist_matches. [7c37b271607a] * parse.c: Fix pasto, append "!" not negated (which is an int) for sudo -l output. [93a444c3997f] * Makefile.in: Remove the dependency of gram .h on gram.y, the .c dependency is enough. Only move y.tab.h to gram.h if it is different; avoids needless rebuilding. [67bf4ea2a2e5] 2007-08-27 Todd C. Miller <[email protected]> * sudoers.pod: Defaults lines may be associated with lists of users, hosts, commands and runas users, not just single entries. [795effacb6be] 2007-08-26 Todd C. Miller <[email protected]> * Makefile.in: Revert the "cmp" portion of the last diff, it doesn't make sense. [26f34bf4e2e3] * Makefile.in: Remove *.lo for clean: When generating the parser, only move the generated files into place if they differ from the existing ones. [84673fea371b] 2007-08-25 Todd C. Miller <[email protected]> * toke.c, toke.l: Replace IPV6 regexp with a much simpler (readable) one and add an extra check when it matches to make sure we have a valid address. [592e9f690556] * match.c: Fix thinko introduced when merging IPV6 support. [da38cd5eb8c7] 2007-08-24 Todd C. Miller <[email protected]> * HISTORY, LICENSE: regen [0d7b27b90634] * license.pod: add 2007 [510e5048ae1a] * UPGRADE: mention #uid vs. comment pitfall [4d2861898bcc] * acsite.m4: Merge in a patch from the libtool cvs that fixes a problem with the latest autoconf. From Stepan Kasal. [0c279ae7df3e] * parse.h: Back out he XOR swap trick, it is slower than a temp variable on modern CPUs. [91c4b024e317] * gram.c: regen [cb6d4106fb74] * gram.y, parse.h: Convert the tail queue to a semi-circle queue and use the XOR swap trick to swap the prev pointers during append. [8bf4d9fbee58] 2007-08-23 Todd C. Miller <[email protected]> * parse.h: remove useless statement [421ec1dd73e6] * toke.c, toke.l: Refactor #include parsing into a separate function and return unparsed chars (such as newline or comment) back to the lexer. [64166917aa3d] 2007-08-22 Todd C. Miller <[email protected]> * WHATSNEW: mention better uid support [56f510e7f2ec] * sudoers.pod: Users may now consist of a uid. [5fd31b2c55ed] * gram.c, gram.h, toke.c: regen [599e58af6dc1] * parse.c: Use lbuf_append_quoted() for sudo -l output to quote characters that would require quoting in sudoers. [3132d05c990a] * lbuf.c, lbuf.h: Add lbuf_append_quoted() which takes a set of characters which should be quoted with a backslash when displayed. [ab09bebb1d65] * toke.l: Require that the first character after a comment not be a digit or a dash. This allows us to remove the GOTRUNAS state and treat uid/gids similar to other words. It also means that we can now specify uids in User_Lists and a User_Spec may now contain a uid. [461fe01f8392] * gram.y, toke.l: Replace RUNAS token with '(' and ')' tokens to make the runas portion of the grammar more natural. [e0c383b4684d] * BUGS: The BUGS file is history [4d9a809585c7] * Makefile.in, README: The BUGS file is history [d9500e261172] 2007-08-21 Todd C. Miller <[email protected]> * toke.c, toke.l: Allow comments after a RunasAlias as long as the character after the pound sign isn't a digit or a dash. [d7f3bd94eeda] * WHATSNEW: Glob support was back-ported to 1.6.9 [d1d5cfd46228] 2007-08-20 Todd C. Miller <[email protected]> * Makefile.in: remove sudo_usage.h in distclean [df05ce9c4127] * parse.c: If a Defaults value contains a blank, double-quote the string. [9057a910daad] * toke.c, toke.l: Properly deal with Defaults double-quoted strings that span multiple lines using the line continuation char. Previously, the entire thing, including the continuation char, newline, and spaces was stored as-is. [4a4e8eacefe6] * sudo.c: Be consistent when using single quotes and backticks. [d010b83a0fa1] 2007-08-19 Todd C. Miller <[email protected]> * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c, sudo.c, sudo_usage.h.in: Add new linebuf code to do appends of dynamically allocated strings and word-wrapped output. Currently used for sudo's usage() and sudo -l output. Sudo usage strings are now in sudo_usage.h which is generated at configure time. [4dfd0ee8d961] 2007-08-18 Todd C. Miller <[email protected]> * parse.c, sudo.c, sudo.h: Fix line wrapping in usage() and use the actual tty width instead of assuming 80. [700eab37c5a6] 2007-08-17 Todd C. Miller <[email protected]> * history.pod: some more info [8140112a8ae1] * history.pod: Mentioned Chris Jepeway's parser and also the new one that is in sudo 1.7. [2132d00f0597] 2007-08-16 Todd C. Miller <[email protected]> * sudo.pod, visudo.pod: For the options list, add flag args where appropriate and increase the indent level so there is room for them. [2b60fb572e12] 2007-08-15 Todd C. Miller <[email protected]> * parse.c: Fix some spacing in "sudo -l" and add a comment about some bogosity in the line wrapping. [b59b056f5ee2] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [5fb719f18ebc] * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod, testsudoers.c, toke.c, toke.l: Remove monitor support until there is a versino of systrace that uses a lookaside buffer (or we have a better mechanism to use). [61ff76878e4a] * config.h.in, configure, configure.in, sudo.c: use getaddrinfo() instead of gethostbyname() if it is available [cc33c136aa6a] 2007-08-14 Todd C. Miller <[email protected]> * parse.c, sudo.c: Deal with OSes where sizeof(gid_t) < sizeof(int). [130a89cbdfba] * interfaces.c: repair non-getifaddrs() code after ipv6 integration [7ae7a89e2236] * sudo.c: If we can open sudoers but fail to read the first byte, close the file stream before trying again. [6f31272fae7b] 2007-08-13 Todd C. Miller <[email protected]> * toke.c: regen [4d7afe0aa6fa] * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l: Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki [4e6ff2965a42] * sudo.pod, sudoers.pod, visudo.pod: Add some missing markup Update copyright [7e6d3c686b5e] 2007-08-12 Todd C. Miller <[email protected]> * configure, configure.in: fix sudo_noexec extension which got broken in the libtool update [3a5b447df861] 2007-08-10 Todd C. Miller <[email protected]> * Makefile.in: explicitly specify -Tascii to nroff [45c8da4cbefe] 2007-08-08 Todd C. Miller <[email protected]> * logging.c: remove an ANSI-ism that crept in [29086f87b2ca] 2007-08-07 Todd C. Miller <[email protected]> * sudo.pod: Adjust list indents Prevent -- from being turned into an em dash Use a list for the environment instead of a literal paragraph [c3abcd8f76f4] * visudo.pod: Use a list for the environment instead of an indented literal paragraph. [0ffcfcb7349f] * sudoers.pod: Adjust list indentation [615c89e3123a] * license.pod: add =head3 [8b2e0d38c0bd] 2007-08-06 Todd C. Miller <[email protected]> * sudo.pod: mention that when specifying a uid for the -u option the shell may require that the # be escaped [3e3a17bff150] 2007-08-02 Todd C. Miller <[email protected]> * match.c: Fix off by one in group matching. [b529602b7fba] 2007-07-31 Todd C. Miller <[email protected]> * env.c: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause. [ffbf8907c6e7] 2007-07-30 Todd C. Miller <[email protected]> * configure, configure.in: Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the -lgssapi_krb5 case. [2b85a89c2252] * aclocal.m4, configure, configure.in: Fix link tests such that new gcc doesn't optimize away the test. [83484ec95cba] 2007-07-29 Todd C. Miller <[email protected]> * sudo.pod, sudoers.pod, visudo.pod: add missing over/back [251a12c89b91] * sudo.pod, sudoers.pod, visudo.pod: Change FILES section to use =item [60b9efc3a0b2] * env.c: Add back allocation of the env struct in rebuild_env but save a copy of the old pointer and free it before returning. [1100cd4fa997] * env.c: Don't init the private environment in rebuild_env() since it may have already been done implicitly sudo_setenv/sudo_unsetenv. Multiply length by sizeof(char *) in memcpy/memmove when copying the environment so we copy the full thing. Add missing set of parens so we deref the right pointer in sudo_unsetenv when searching for a matching variable. [9086a8f756b1] 2007-07-26 Todd C. Miller <[email protected]> * sudo.pod, sudoers.pod, visudo.pod: Use file markup for paths in the FILES section [940d99f731f2] * sudo.pod, sudoers.pod, visudo.pod: Don't capitalize sudo/visudo [f067a455d44b] * sudoers.pod: Sort sudoers options; based on a diff from Igor Sobrado. [a9b9befe85ac] 2007-07-25 Todd C. Miller <[email protected]> * sudo.pod, sudoers.pod, visudo.pod: Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the latter confuses pod2man. The Makefile rules for the .man.in file will add @mansectsu@ and @mansectform@ back in after pod2man is done anyway. [b50ea0db727c] 2007-07-22 Todd C. Miller <[email protected]> * LICENSE, Makefile.in, license.pod: Move license info to pod format [25bdd82e592b] * configure, configure.in, sudoers.pod: Substitute value of path_info into sudoers man page. [9ba661a82798] * WHATSNEW: remove features that were back-ported to 1.6.9 [e76d756cbe65] * sudo.c, sudo.pod, visudo.c, visudo.pod: Sort SYNOPSIS and sync usage. From Igor Sobrado. [4970386c9e54] * env.c: Only need sudo_setenv/sudo_unsetenv if we are going to use ldap_sasl_interactive_bind_s() but don't have gss_krb5_ccache_name(). [f1a73d8b35c5] * ChangeLog: rebuild without branch info [5d5a33494677] * Makefile.in: Add ChangeLog target [a702034fdd89] * auth/pam.c: Run cleanup code if the user hits ^C at the password prompt. [9cf87768e921] * auth/pam.c: Some versions of pam_lastlog have a bug that will cause a crash if PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty string. [5b63f6c88866] 2007-07-20 Todd C. Miller <[email protected]> * Makefile.in: ChageLog not Changelog [1243d8473ceb] * ChangeLog: sync [d887df98c6b0] * Makefile.in: CHANGE -> Changelog [917738df30dd] * TODO: sync [cd382f7d1948] 2007-07-19 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, ldap.c: Add configure hooks for gss_krb5_ccache_name() and the gssapi headers. [139606209991] 2007-07-18 Todd C. Miller <[email protected]> * env.c, sudo.c: rebuild_env() and insert_env_vars() no longer return environment pointer, they set environ directly. No longer need to pass around an envp pointer since we just operate on environ now. Add dosync argument to insert_env() that indicates whether it should reset environ when realloc()ing env.envp. Use an initial size of 128 for the environment. [4735fd5fddb8] * env.c: Split sudo_setenv() into an external version and a version only for use by rebuild_env(). [fda7d655adb1] 2007-07-16 Todd C. Miller <[email protected]> * ldap.c: Add support for using gss_krb5_ccache_name() instead of setting KRB5CCNAME. Also use sudo_unsetenv() in the non- gss_krb5_ccache_name() case if there was no KRB5CCNAME in the original environment. TODO: configure setup for gss_krb5_ccache_name() [fcafa5a49caf] * README.LDAP: add krb5_ccname [fceb8f883886] * README.LDAP, ldap.c: Add support for sasl_secprops in ldap.conf [1f06f4bf7347] * env.c, sudo.h: Add sudo_unsetenv() and refactor private env syncing code into sync_env(). [045ecb3fd22b] * README.LDAP, ldap.c: The ldap.conf variable is sasl_auth_id not sasl_authid. [a5f98491311b] 2007-07-15 Todd C. Miller <[email protected]> * ldap.c, sudo.c, sudo.h: Add support for krb5_ccname in ldap.conf. If specified, it will override the default value of KRB5CCNAME in the environment for the duration of the call to ldap_sasl_interactive_bind_s(). [b08a10c3045b] * env.c, sudo.h: Remove format_env() Add sudo_setenv() to replace most format_env() + insert_env() combinations. insert_env() no longer takes a struct environment * [131da52f43f3] * ldap.c: Fix use_sasl vs. rootuse_sasl logic. [0c0417b6918c] * README.LDAP, config.h.in, configure, configure.in, ldap.c: Add support for SASL auth when connecting to an LDAP server. Adapted from a diff by Tom McLaughlin. [a6285f1356ea] 2007-07-14 Todd C. Miller <[email protected]> * configure, configure.in: Only enable AIX or BSD auth if no other exclusive auth method has been chosen. Allows people to e.g., use PAM on AIX without adding --without-aixauth. A better solution is needed to deal with default authentication since if a non-exclusive method is chosen we will still get an error. [83f7afdc0ec3] 2007-07-11 Todd C. Miller <[email protected]> * HISTORY, Makefile.in, history.pod: Generate HISTORY from history.pod (which is also used for web pages) [60bcd5164931] 2007-07-09 Todd C. Miller <[email protected]> * sudo.man.in, sudoers.man.in: regen [63956a366191] * sudo.pod: Better explanation of environment handling in the sudo man page. [6c247742f7ee] * env.c, sudo.c: Defer setting user-specified env vars until after authentication. [4750b79323ee] * env.c: honor def_default_path for PATH set on the command line [6db31d9b6d65] * env.c, sudo.c, sudo.pod, sudoers.pod: Allow user to set environment variables on the command line as long as they are allowed by env_keep and env_check. Ie: apply the same restrictions as normal environment variables. TODO: deal with secure_path [26c0da3840cf] 2007-07-08 Todd C. Miller <[email protected]> * sudo.c, sudo_edit.c: Call rebuild_env() in call cases. Pass original envp to sudo_edit(). Don't allow -E or env var setting in sudoedit mode. More accurate usage() when called as sudoedit. [a4af20658361] * ldap.c: warn -> warning [d87d1192b048] * sudo.pod: add -c option to sudoedit synopsis [15b596a7e2db] * TODO: udpate to reality [e2f8fde89db1] * parse.c: Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return value from {user,host,runas,cmnd}_matches(). Rename *matches variables -> *match. Purely cosmetic. [e54a44c00a88] * parse.c: Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change in behavior. [c6272b4f2127] * sudoers: add SETENV tag [3a3066bb6788] 2007-07-06 Todd C. Miller <[email protected]> * parse.c: Make pwcheck local to the pwflag block. Use pwcheck even if user didn't match since Defaults options may still apply. [45da9efbbafd] * check.c, sudo.c: Do not update timestamp if user not validated by sudoers. [a4a9d4364827] * set_perms.c: for PERM_RUNAS, set the egid to the runas user's gid and restore to the user's original in PERM_ROOT [1514bfb32847] * logging.c, mon_systrace.c, set_perms.c, sudo.h: PERM_FULL_ROOT is now no different than PERM_ROOT so remove PERM_FULL_ROOT [b9d047a3178c] * check.c: don't check timestamp mtime if we are just going to remove it [5d2470bc6cbd] * sudoers.pod: Move sudoers defaults parameters into their own section. [54701fbc0ff3] * testsudoers.c: Reduce a level of indent by a few placed continue statements. [5d5a9838c8ef] * parse.c: Make matching but negated commands/hosts/runas entries override a previous match as expected. Also reduce some levels of indent by a few placed continue statements. [dd59fa4b91a1] 2007-07-05 Todd C. Miller <[email protected]> * parse.c: Print default runas in "sudo -l" if sudoers don't specify one. [07d408c400bd] * match.c: Less hacky way of testing whether the domain was set. [a537059776e5] 2007-07-04 Todd C. Miller <[email protected]> * INSTALL: Mention pam-devel and openldap-devel for Linux [9e708c54ecc3] 2007-07-03 Todd C. Miller <[email protected]> * README.LDAP: or vs. are [abe8c0f3a410] 2007-07-01 Todd C. Miller <[email protected]> * sudo.c: fix typo in Solaris project support [2ffeb2d80959] * HISTORY: update [df162b36f120] * sudo.c: Make -- on the command line match the manual page. The implied shell case has been simplified as a result. [cd217a1f6694] 2007-06-28 Todd C. Miller <[email protected]> * sudoers2ldif: add simplistic support for sudoRunas; note that if a sudoers entry contains multiple Runas users, all will apply to the sudoRole [65b11421f5c8] * sudoers2ldif: honor SETENV and NOSETENV tags [2c0d5ba7a09b] 2007-06-24 Todd C. Miller <[email protected]> * mon_systrace.c: Redo setting of user_args. We now build up a private copy of argv first and then replace the NULs?with spaces. [ccbba72ea112] * mon_systrace.c: getcwd() returns NULL on failure, not 0 on success [88cd9e66e530] * mon_systrace.c: allow chunksiz to reach 1 before erroring out [619d68f14964] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [8db512d3caf0] 2007-06-23 Todd C. Miller <[email protected]> * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y, logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod, toke.c, toke.l: Add support for setting environment variables on the command line. This is only allowed if the setenv sudoers options is enabled or if the command is prefixed with the SETENV tag. [5744caebd969] * README.LDAP: replace Aaron's email address with the sudo-workers list [2ffce5f9afc0] * configure: regen [8013dff82c0c] 2007-06-22 Todd C. Miller <[email protected]> * schema.OpenLDAP, schema.iPlanet: Break schema out into separate files. [15e598e4c60b] * Makefile.in, README.LDAP: Break schema out into separate files. [1a53966ca1fa] 2007-06-21 Todd C. Miller <[email protected]> * auth/aix_auth.c: free message if set by authenticate() [849c220c1236] * match.c: deal with NULL gr_mem [49e4d74f0bbe] 2007-06-20 Todd C. Miller <[email protected]> * config.h.in: regen [fead999ad3e9] * configure.in: add template for HAVE_PROJECT_H [e6c42c2eaad1] * closefrom.c: include fcntl.h [54d98b382f03] 2007-06-19 Todd C. Miller <[email protected]> * INSTALL: mention --with-project [d3ea3baad7c5] * config.h.in, configure.in, sudo.c: Add Solaris 10 "project" support. From Michael Brantley. [f14f3c8c6554] * sudoers.pod: fix typo [50db81a19787] * configure: regen [ea71afd3e564] * configure.in: Fix preservation of LDFLAGS in the LDAP case. [40a3a47e8059] * memrchr.c: Remove dependecy on NULL [c957ae5e1733] * configure: regen [4955ce0c6912] * aclocal.m4, configure.in: Can't use the regular autoconf fnmatch() check since we need FNM_CASEFOLD so go back to our custom one. [f10d76237486] * env.c: Fix preserving of variables in env_keep. [d040049d6b84] * env.c: add XAUTHORIZATION [0d589a5fe015] * UPGRADE: expand upon env resetting and mention that it began in 1.6.9 not 1.7. [dba251655c76] * sudoers.pod: Update descriptions of env_keep and env_check to match current reality. [dba77357954b] 2007-06-18 Todd C. Miller <[email protected]> * env.c: Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table. [eec4632bd190] * env.c, logging.c: Treat USERNAME environemnt variable like LOGNAME/USER [09f52dcfd70c] * env.c: Don't need to populate keepenv table with the contents of the checkenv table. [527a14afd973] * sudo.c: Don't force sudo into the C locale. [8a5bd301ef96] * env.c: Make env_check apply when env_reset it true. Environment variables are passed through unless they contain '/' or '%'. There is no need to have a variable in both env_check and env_keep. [840c802721e4] 2007-06-16 Todd C. Miller <[email protected]> * visudo.c: Remove an duplicate lock_file() call and add a comment. [5af9dcdf0eb6] * UPGRADE: Add sudo 1.6.9 upgrade note. [1585149f2914] 2007-06-14 Todd C. Miller <[email protected]> * interfaces.c: Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too small. From Klaus Wagner. [d6899fc44f77] * logging.c, sudo.h: Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. Include memrchr() for systems without it. [66a50e8d553a] * memrchr.c: Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. Include memrchr() for systems without it. [2f6702b7d41b] * Makefile.in, config.h.in, configure, configure.in: Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. Include memrchr() for systems without it. [407a46190921] * configure.in: Since we need to be able to convert timespec to timeval for utimes() the last 3 digits in the tv_nsec are not significant. This makes the sudoedit file date comparison work again. [9d0258849fa9] 2007-06-13 Todd C. Miller <[email protected]> * aclocal.m4, configure, configure.in: Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS. This deals with exclusive authentication methods in a simple way. [7d70072c0f35] 2007-06-12 Todd C. Miller <[email protected]> * LICENSE: mkstemp.c is BSD code too. [29e236d98162] * sudo.pod, sudoers.pod, visudo.pod: No commercial support for now. [7c76b3e192dd] 2007-06-11 Todd C. Miller <[email protected]> * sudo.c: cleanenv() is no more. [518080514408] 2007-06-10 Todd C. Miller <[email protected]> * ChangeLog: Display branch info in Changelog [44e3b27427c7] * utimes.c: Include config.h early so we have it for TIME_WITH_SYS_TIME [4bf1a00d0703] * ChangeLog: Fix Changelog generation and update. [6e960dbcbece] 2007-06-09 Todd C. Miller <[email protected]> * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd Move old-style fd closing into closefrom_fallback() and call that if /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails [faa7e4810758] * auth/kerb5.c, config.h.in, configure.in: o use krb5_verify_user() if available instead of doing it by hand o use krb5_init_secure_context() if we have it o pass an encryption type of 0 to krb5_kt_read_service_key() instead of ENCTYPE_DES_CBC_MD5 to let kerberos choose. [df7acf72bd7c] * env.c: Check TERM and COLORTERM for '%' and '/' characters. From Debian. [f92d05197e40] * configure.in: Fix closefrom() substitution in the Makefile [b642b13fcc5c] * TROUBLESHOOTING: Mention alternate sudo pronunciation. [7c71dc73409f] 2007-06-07 Todd C. Miller <[email protected]> * env.c: Remove KRB5_KTNAME from environment. Allow COLORTERM. [70f35a79f780] * auth/kerb5.c: If we cannot get a valid service key using the default keytab it is a fatal error. Fixes a bug where sudo could be tricked into allowing access when it should not by a fake KDC. From Thor Lancelot Simon. [a3ae6a47cb23] 2007-05-12 Todd C. Miller <[email protected]> * aclocal.m4, configure, configure.in: Update long long checks to use AC_CHECK_TYPES and to cache values. [047318eaaeb2] * aclocal.m4, configure.in: Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't use AC_REPLACE_FNMATCH since that assumes replacing with GNU fnmatch. [80513a1003ea] 2007-05-11 Todd C. Miller <[email protected]> * configure, configure.in: Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we need it for visudo now too. [50837c7c2b5e] 2007-04-24 Todd C. Miller <[email protected]> * sudoers.pod: Attempt to clarify the bit talking about network numbers w/o netmasks. [211e68c1d034] * sudo.pod: Clarify timestamp dir ownership sentence. [9178f132c7f7] 2007-04-20 Todd C. Miller <[email protected]> * auth/pam.c: Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From Dmitry V. Levin. [81fce91667bc] 2007-04-16 Todd C. Miller <[email protected]> * sudo.c: -i is also one of the mutually exclusive options to list it in the warning message. Noted by Chris Pepper. [7da73fb248e9] 2007-04-12 Todd C. Miller <[email protected]> * visudo.pod: The sudoers variable is env_editor, not enveditor. From Jean- Francois Saucier. [2a86ec09a6db] 2007-03-29 Todd C. Miller <[email protected]> * redblack.c: I tracked down the original author so credit him and include his license info. [3733553a1bba] 2007-02-06 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod: Fix typos; from Jason McIntyre. [1ee4ce2512f2] * logging.c: Restore signal mask before calling reapchild(). Fixes a possible race condition that could prevent sudo from properly waiting for the child. [9ee4192385dc] 2007-01-31 Todd C. Miller <[email protected]> * pwutil.c: Don't declare pw_free() if we are not going to use it. [adb79a4289ca] * env.c: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and LDR_PRELOAD64. The 64-bit version is not currently supported. Remove zero_env() prototype as it no longer exists. [b4fe65027fb6] 2006-12-11 Todd C. Miller <[email protected]> * logging.c: Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834. [78002ad90f7b] 2006-09-29 Todd C. Miller <[email protected]> * auth/pam.c: If the user enters ^C at the password prompt, abort instead of trying to authenticate with an empty password (which causes an annoying delay). [da3f27b747c7] 2006-08-17 Todd C. Miller <[email protected]> * closefrom.c, config.h.in, configure, configure.in: Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by Darren Tucker. [0331b7780759] * pwutil.c: pw_free() is only used by sudo_freepwcache() so ifdef it out too. [0014c0d9eeba] 2006-08-04 Todd C. Miller <[email protected]> * config.guess, config.sub: Update to latest versions from cvs.savannah.gnu.org [aa0143101c20] 2006-07-31 Todd C. Miller <[email protected]> * pwutil.c, sudo_edit.c: Move password/group cache cleaning out of sudo_end{pw,grp}ent() so we can close the passwd/group files early. [559074bd7eb7] * config.h.in, configure, configure.in, set_perms.c: Add seteuid() flavor of set_perms() for systems without setreuid() or setresuid() that have a working seteuid(). Tested on Darwin. [508d8da99189] 2006-07-30 Todd C. Miller <[email protected]> * mon_systrace.c: systrace_read() returns ssize_t [9f97d1d1a59d] * configure, configure.in: Fix typo, -lldap vs. -ldap; from Tim Knox. [a8cc43c3bb2a] 2006-07-28 Todd C. Miller <[email protected]> * HISTORY: Fix typo; Matt Ackeret [86964ee3dfbd] 2006-07-17 Todd C. Miller <[email protected]> * sudo.c: Print sudoers path in -V mode for root. [dc43f2d75bd9] 2006-06-15 Todd C. Miller <[email protected]> * ldap.c: Do a sub tree search instead of a base search (one level in the tree only) for sudo right objects. This allows system administrators to categorize the rights in a tree to make them easier to manage. [6d2d9abf996e] 2005-12-28 Todd C. Miller <[email protected]> * sudo.pod: fix typo [1473413bcbda] 2005-12-04 Todd C. Miller <[email protected]> * ldap.c: Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and bind_timelimit support; adapted from gentoo. [afc816093026] 2005-11-23 Todd C. Miller <[email protected]> * ldap.c: Support comments that start in the middle of a line [c25df6ee3db8] * configure, configure.in: Define LDAP_DEPRECATED until we start using ldap_get_values_len() [ee249bfe230a] 2005-11-18 Todd C. Miller <[email protected]> * closefrom.c: Silence gcc -Wsign-compare; [email protected] [28769ce6418d] * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: cleanup() now takes an int as an arg so it can be used as a signal handler too. [2bb0df34d09c] * sudo.c: Make a copy of the shell field in the passwd struct for NewArgv to avoid a use after free situation after sudo_endpwent() is called. [5dcc9ffd362e] 2005-11-17 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in: Add mkstemp() for those poor souls without it. [5fdd02e863e0] * mkstemp.c: Add mkstemp() for those poor souls without it. [c99401207860] * Makefile.in: Add mkstemp() for those poor souls without it. [9c1cf2678f24] 2005-11-15 Todd C. Miller <[email protected]> * env.c: Add PERL5DB to list of environment variables to remove. [7375c27ecf75] 2005-11-13 Todd C. Miller <[email protected]> * mon_systrace.c, mon_systrace.h: Instead of calling the check function twice with a state cookie use separate check/log functions. Check more ioctl() calls for failure. systrace_{read,write} now return the number of bytes read/written or -1 on error. [3dc8946d90e9] * env.c: Add more environment variables to remove; from gentoo linux Add some comments about what bad env variables go to what (more to do) [6918110a6b82] 2005-11-11 Todd C. Miller <[email protected]> * sudo.c, sudo_edit.c: Move sudo_end{gr,pw}ent() until just before the exec since they free up our cached copy of the passwd structs, including sudo_user and sudo_runas. Fixes a use-after-free bug. [54de3778bad0] * visudo.c: Close all fd's before executing editor. [4fcc05e1bec8] * sudo.c: Enable malloc debugging on OpenBSD when SUDO_DEVEL is set. [ef0e8ffa5c9f] * check.c: Fix fd leak when lecture file option is enabled. From Jerry Brown [ce97f9207cd8] 2005-11-07 Todd C. Miller <[email protected]> * env.c: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of environment variables to remove. From Charles Morris [c96e1367d1c1] 2005-11-01 Todd C. Miller <[email protected]> * env.c: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 [72a6a1571226] 2005-10-28 Todd C. Miller <[email protected]> * env.c: add PS4 and SHELLOPTS to initial_badenv_table for bash [89dfb3f318f3] 2005-08-15 Todd C. Miller <[email protected]> * sudoers.pod: Fix typo; Toby Peterson [b7a3222b23f4] 2005-08-02 Todd C. Miller <[email protected]> * tsgetgrpw.c: Make return buffers static so they don't get clobbered [13323a39b9f5] 2005-07-28 Todd C. Miller <[email protected]> * auth/securid5.c: Fix securid5 authentication, was not checking for ACM_OK. Also add default cases for the two switch()es. Problem noted by ccon at worldbank [14091e418333] 2005-06-27 Todd C. Miller <[email protected]> * ldap.c: Remove ncat() in favor of just counting bytes and pre-allocating what is needed. [25b8712adb61] 2005-06-26 Todd C. Miller <[email protected]> * ldap.c: Fix up some comments Add missing fclose() for the rootbinddn case [ae95c8a89711] * ldap.c: align struct ldap_config [35d0d64c76f8] * ldap.c: use LINE_MAX for max conf file line size [da116cb8853d] * pathnames.h.in: add _PATH_LDAP_SECRET [128b04ecfab7] * README.LDAP: Mention rootbinddn Give example ou=SUDOers container [852edc69bd1c] 2005-06-25 Todd C. Miller <[email protected]> * INSTALL, configure, configure.in, ldap.c: Support rootbinddn in ldap.conf [1615c91522a1] * env.c, sudo.pod, sudoers.pod: Preserve DISPLAY environment variable by default. [05f503d5f438] * acsite.m4, configure: set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD [18a04dea8d05] * acsite.m4, configure: set need_version=no for all cases; this is safe for LD_PRELOAD [b542560e1a73] * aclocal.m4: typo [c040df0fcd5a] * configure, configure.in: Add dragonfly [f13794618636] * auth/pam.c: Fix call to pam_end() when pam_open_session() fails. [0be47cdfdef1] * configure: regen [7f5c13b4b800] * acsite.m4: rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 [a7ba9fd1a2ab] * config.guess, config.sub, ltmain.sh: merge in local changes: config.guess: o better openbsd support config.sub: o hiuxmpp support ltmain.sh o remove requirement that libs must begin with "lib" o don't print a bunch of crap about library installs o don't run ldconfig [f4149f2c720f] * config.guess, config.sub, ltmain.sh: libtool 1.9f [82a534e7121f] * configure.in: Update with autoupdate and make minor changes for libtool 1.9f [11b5ae5c1428] 2005-06-23 Todd C. Miller <[email protected]> * parse.c: don't call sudo_ldap_display_cmnd if ldap not setup [8bcf6c094ffe] * sudo_edit.c, visudo.c: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [b95c333299a0] * gettime.c: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [021b4569cc0c] * fileops.c: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [dd8573b2ee7d] * emul/timespec.h: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [f95137771564] * check.c, compat.h: Move declatation of struct timespec to its own include files for systems without it since it needs time_t defined. [2ef2ace8fe85] * ldap.c: Don't set safe_cmnd for the "sudo ALL" case. [ad7fa9e07da0] 2005-05-27 Todd C. Miller <[email protected]> * auth/pam.c: Call pam_open_session() and pam_close_session() to give pam_limits a chance to run. Idea from Karel Zak. [fed46d471350] 2005-04-24 Todd C. Miller <[email protected]> * check.c, sudo.c: Add explicit cast from mode_t -> u_int in printf to silence warnings on Solaris [17bb961fe22d] * parse.c: include grp.h to silence a warning on Solaris [14386fbab640] 2005-04-23 Todd C. Miller <[email protected]> * parse.c: Fix printing of += and -= defaults. [a667604c56cd] 2005-04-17 Todd C. Miller <[email protected]> * mon_systrace.c: Sanity check number of syscall args with argsize. Not really needed but a little paranoia never hurts. [6bb455a2c2d6] * mon_systrace.c, mon_systrace.h: Don't do pointer arithmetic on void * Use int, not size_t/ssize_t for systrace lengths (since it uses int) [3cafccffcffd] 2005-04-16 Todd C. Miller <[email protected]> * mon_systrace.c: Add some memsets for paranoia Fix namespace collsion w/ error Check rval of decode_args() and update_env() Remove improper setting of validated variable [3d385158354d] 2005-04-12 Todd C. Miller <[email protected]> * parse.c, sudo.c, sudo.h: In -l mode, only check local sudoers file if def_ignore_sudoers is not set and call LDAP versions from display_privs() and display_cmnd() instead of directly from main(). Because of this we need to defer closing the ldap connection until after -l processing has ocurred and we must pass in the ldap pointer to display_privs() and display_cmnd(). [1dfc2e8c9f2b] * ldap.c: Reorganize LDAP code to better match normal sudoers parsing. Instead of storing strings for later printing in -l mode we do another query since the authenticating user and the user being listed may not be the same (the new -U flag). Also add support for "sudo -l command". There is still a fair bit if duplicated code that can probably be refactored. [e9568f19bde5] 2005-04-11 Todd C. Miller <[email protected]> * ldap.c: Replace pass variable with do_netgr for better readability. [1bba841b6e79] * ldap.c: use DPRINTF macro [02b159b66bb5] * ldap.c: estrdup, not strdup [22cdee7973c1] 2005-04-10 Todd C. Miller <[email protected]> * parse.c: Add macro to test if the tag changed to improve readability. [4e11b4819556] * parse.c: Avoid printing defaults header if there are no defaults to print... [41a28627df03] * glob.c: Fix a warning on systems without strlcpy(). [6814e0f0e4f4] * pwutil.c: Use macros where possible for sudo_grdup() like sudo_pwdup(). [30f201ff35cd] 2005-04-08 Todd C. Miller <[email protected]> * utimes.c: It is possible for tv_usec to hold >= 1000000 usecs so add in tv_usec / 1000000. [794ac4d53a65] 2005-03-30 Todd C. Miller <[email protected]> * auth/kerb5.c: The component in krb5_principal_get_comp_string() should be 1, not 0 for Heimdal. From Alex Plotnick. [fefa351c5044] 2005-03-29 Todd C. Miller <[email protected]> * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c, redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c: Add efree() for consistency with emalloc() et al. Allows us to rely on C89 behavior (free(NULL) is valid) even on K&R. [7876bb80d87c] * parse.c, sudo.c: Move initgroups() for -U option into display_privs() so group matching in sudoers works correctly. [b074428ad2ca] 2005-03-27 Todd C. Miller <[email protected]> * ldap.c: Removed duplicate call to ldap_unbind_s introduced along with sudo_ldap_close. [19acc1c20f7c] * parse.c: Add missing space in Defaults printing [95d2935bf6d4] 2005-03-25 Todd C. Miller <[email protected]> * pwutil.c: Sync sudo_pwdup with OpenBSD changes: use macros for size computaton and string copies. [6b6b241495e5] 2005-03-19 Todd C. Miller <[email protected]> * pwutil.c: Zero old pw_passwd before replacing with version from shadow file. [3251b349dfe1] * configure, configure.in: Only attempt shadow password detection if PAM is not being used Add shadow_* variables to make shadow password detection more generic. [d498a3423ac9] * configure.in: Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS [04d55bbd5e35] 2005-03-13 Todd C. Miller <[email protected]> * sudoers.pod: use a non-breaking space to avoid a double space after e.g. [11cdb54bdf7b] * sudo.pod: commna, not colon after e.g. [8d5875ff72e0] 2005-03-12 Todd C. Miller <[email protected]> * sudo_noexec.c: Add __ variants of the exec functions. GNU libc at least uses __execve() internally. [d1880473d790] * indent.pro: Match reality a bit more. [633e3fa875a7] * pwutil.c: Missed piece from rev. 1.6, fix sudo_getpwnam() too. [128f7b21c2ee] * pwutil.c: Store shadow password after making a local copy of struct passwd in case normal and shadow routines use the same internal buffer in libc. [f806052a6ffc] 2005-03-11 Todd C. Miller <[email protected]> * alloc.c, logging.c: Make varargs usage consistent with the rest of the code. [3d45affc9851] 2005-03-10 Todd C. Miller <[email protected]> * sudo_noexec.c: Wrap more of the exec family since on Linux the others do not appear to go through the normal execve() path. [8167769b4e19] * visudo.c: make print_unused static like proto says [ecf10e1bae55] * glob.c: silence a warning on K&R systems [2e00425f1a5c] * alias.c, error.c: make this build in K&R land [156f65f8525a] * parse.c: make this build in K&R land [6fc9276889cb] 2005-03-08 Todd C. Miller <[email protected]> * toke.c: regen [3b349748cd21] 2005-03-06 Todd C. Miller <[email protected]> * ldap.c: return(foo) not return foo optimize _atobool() slightly [11d09d154ed5] * ldap.c: Use TRUE/FALSE [53999320d98f] * ldap.c: Reformat to match the rest of sudo's code. [1bd0f2afa0e7] * sudo.pod: I am the primary author [5d311ecd85c6] 2005-02-23 Todd C. Miller <[email protected]> * Makefile.in, README, RUNSON: The RUNSON file is toast--it confused too many people and really isn't needed in a configure-oriented world. [96a6ef7bbc08] * INSTALL: alternate -> alternative [b65015c5d0a2] * tgetpass.c: Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with TCSAFLUSH. [c66b4763ffdc] * toke.l: Allow leading blanks before Defaults and Foo_Alias definitions [2add513d9277] * Makefile.in: fix rules to build toke.o and gram.o in devel mode [96cbb414ebd3] 2005-02-20 Todd C. Miller <[email protected]> * sudoers.pod: env_keep overrides set_logname [401877193a15] * env.c: Fix disabling set_logname and make env_keep override set_logname. [0906e7a5ed93] * compat.h, config.h.in, configure, configure.in: No longer need memmove() [43bdb6efe3f2] * env.c, sudo.c: Just clean the environment once. This assumes that any further setenv/putenv will be able to handle the fact that we replaced environ with our own malloc'd copy but all the implementations I've checked do. [11658fe92ba2] 2005-02-16 Todd C. Miller <[email protected]> * env.c, sudo.c: In -i mode, base the value of insert_env()'s dupcheck flag on DID_FOO flags. Move checks for $HOME resetting into rebuild_env() [8365b0bd0c71] 2005-02-13 Todd C. Miller <[email protected]> * env.c, sudo.c: Move setting of user_path, user_shell, user_prompt and prev_user into init_vars() since user_shell at least is needed there. [37e22dce66e9] 2005-02-12 Todd C. Miller <[email protected]> * Makefile.in: fix devel builds [9fbb15ef164c] * sudo.c: Fix some printf format mismatches on error. [ffc1c3f11740] * check.c: Fix some printf format mismatches on error. [7b3b508adf50] * configure, gram.c, toke.c: regen [aa76f9d8b02a] * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, closefrom.c, compat.h, configure.in, defaults.c, defaults.h, emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c, interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c, parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod, testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c: Update copyright years. [0610c3654739] * Makefile.binary.in: Update copyright years. [d78ffc9f2e2b] * LICENSE: Update copyright years. [f60473bca4b1] * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: version 1.7 [aa977a544ca1] * WHATSNEW: What's new in sudo 1.7, based on the 1.7 CHANGES entries. [ecfcf7269c14] 2005-02-11 Todd C. Miller <[email protected]> * compat.h, logging.h, sudo.h: Add __printflike and use it with gcc to warn about printf-like format mismatches [b192ad4a0548] 2005-02-10 Todd C. Miller <[email protected]> * CHANGES, ChangeLog: Replaced CHANGES file with ChangeLog generated from cvs logs [d9ace9dab98f] * set_perms.c: Use warning/error instead of perror/fatal. [e33259df7738] * config.guess: Update OpenBSD section [9d2c23de6801] * UPGRADE: Add upgrading noted for 1.7 [1fb6b6d6df07] * env.c, sudo.c, sudoers.pod: Instead of zeroing out the environment, just prune out entries based on the env_delete and env_check lists. Base building up the new environment on the current environment and the variables we removed initially. [fc192df8fd15] * config.h.in, configure, configure.in, sudo.c: Set locale to "C" if locales are supported, just to be safe. [91fbaa98f02e] * toke.c, toke.l: Cast?argument to ctype functions to unsigned char. [e096b4d65796] 2005-02-08 Todd C. Miller <[email protected]> * env.c: correct value for DID_USER [b5b05d36ec15] * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: #include <compat.h> not "compat.h" [7a0ad9a0ccd7] * defaults.c: Reset the environment by default. [4ecc6423e0f0] * sudo.c: Alloc an extra slot in NewArgv. Removes the need to malloc an new vector if execve() fails. [83dfb6f584a7] 2005-02-07 Todd C. Miller <[email protected]> * INSTALL, config.h.in, configure, configure.in, sudo.c: Use execve(2) and wrap the command in sh if we get ENOEXEC. [c0c6af4e2a21] 2005-02-06 Todd C. Miller <[email protected]> * sudo_noexec.c: Only include time.h on systems that lack struct timespec which gets defind in compat.h (using time_t). [e373e518b4cb] * sudo_noexec.c: Include time.h for time_t in compat.h for systems w/o struct timespec. [a34b5637e458] * compat.h, config.h.in, configure, configure.in: use bcopy on systems w/o memmove [f835eafd78c6] * compat.h: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its use to gcc >= 2.8. [1cb9a4e58566] * Makefile.in: Add explicit rule to build sudo_noexec.lo [df1dfcf8dd77] 2005-02-05 Todd C. Miller <[email protected]> * INSTALL.configure, Makefile.in: No longer depend on VPATH; pointed out a bunch of missed dependencies. [601a45d4af6b] * TROUBLESHOOTING: Help for PAM when account section is missing [9b8221256756] * auth/pam.c: Give user a clue when there is a missing "account" section in the PAM config. [2529625c0495] * auth/pam.c: Better error handling. [518c9bda23d8] * config.h.in, configure, configure.in: Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as possible. Silences a warning about isblank() on linux. [19c94d7ecdc8] * auth/pam.c: Fix typo (missing comma) that caused an incorrect number of args to be passed to log_error(). [0099dfec560f] 2005-02-01 Todd C. Miller <[email protected]> * pwutil.c: Don't try to destroy a tree we didn't create. [d43c4fe03aa4] 2005-01-27 Todd C. Miller <[email protected]> * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c: Add __unused to rcsids [ad6b4ac45705] 2005-01-21 Todd C. Miller <[email protected]> * configure, configure.in: Fix error message when mixing invalid auth types [68069b3ff5bc] * INSTALL: PAM, AIX auth, BSD auth and login_cap are now on by default if the OS supports them. [4e44e9098cf0] * auth/sudo_auth.h, config.h.in: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g [2d569b43b23e] * configure.in: Better checking for conflicting authentication methods Display the authentication methods used at the end of configure Rename --with- authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth, --with-pam, --with-logincap by default on systems that support them unless disabled. Add OSMAJOR variable that replaces old OSREV; now OSREV has full version number [a21115b6fe9f] 2005-01-18 Todd C. Miller <[email protected]> * def_data.c, def_data.in, sudo.c, sudoers.pod: s/-O/-C/ [ee73f1b81923] 2005-01-14 Todd C. Miller <[email protected]> * configure.in: Replace: test -n "$FOO" || FOO="bar" With: : ${FOO='bar'} [37552d9054fc] 2005-01-09 Todd C. Miller <[email protected]> * pwutil.c, testsudoers.c, tsgetgrpw.c: Use function pointers to only call private passwd/group routines when using a nonstandard passwd/group file. [215908681dfb] 2005-01-06 Todd C. Miller <[email protected]> * CHANGES: sync [2e55c03f5790] * tsgetgrpw.c: Can't use strtok() since it doesn't handle empty fields so add getpwent()/getgrent() functions and call those. [bdaa5b0db70e] 2005-01-05 Todd C. Miller <[email protected]> * Makefile.in: Fix dummied out toke.c and gram.c dependencies. [4b909c8b2ebe] * Makefile.in: Rename PARSESRCS -> GENERATED since it is only used in the clean target Add devdir variable and use it to specify the path to parser sources [f27b3f41ca23] * configure: regen [22c6435dbd46] * configure.in: Add a devdir variables that defaults to $(srcdir) and is set to . if --devel was specified. Allows for proper dependecies building the parser. [a36d694c6d21] * testsudoers.c: Add support for custom passwd/group files. [296549ff4b87] * Makefile.in: Build private copy of pwutil.o for testsudoers with MYPW defined so it uses our own passwd/group routines. [bafa54ec78ca] * visudo.c: Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent stubs instead. We can now just use the caching sudo_*{pw,gr}* functions in pwutil.c Add comment about wanting to call sudo_endpwent/sudo_endgrent in cleanup() [7e59d6b5510d] * tsgetgrpw.c: Remove caching; we will just use what is in pwutil.c Use global buffers for passwd/group structs Rename functions from sudo_* to my_* [8c1e068f574c] * logging.c, sudo.c: g/c pwcache_init/pwcache_destroy [60a24909b947] * sudo.h: Undo last commit and add sudo_setspent and sudo_endspent instead. [bac80db08296] * getspwuid.c, pwutil.c: Move all but the shadow stuff from getspwuid.c to pwutil.c and pwcache_get and pwcache_put as they are no longer needed. Also add preprocessor magic to use private versions of the passwd and group routines if MYPW is defined (for use by testsudoers). [a16b8678a426] * tsgetgrpw.c: zero out struct passwd/group before filling it in so if there are fields we don't handle they end up as 0. [274cb6a93301] * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Adapt to pwutil.c [43ebd04c8b82] * Makefile.in: Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better readability. [7f88c6061e2d] * tsgetgrpw.c: Passwd and group lookup routines for testsudoers that support alternate passwd and group files. [d7803101d34e] * getspwuid.c, pwutil.c: Split off pw/gr cache and dup code into its own file. This allows visudo and testsudoers to use the pw/gr cache too. [ef333d3ffedf] 2005-01-02 Todd C. Miller <[email protected]> * parse.c: Print Defaults info in "sudo -l" output and wrap lines based on the terminal width. [e559eae4250e] 2005-01-01 Todd C. Miller <[email protected]> * match.c, testsudoers.c, visudo.c: Only check group vector in usergr_matches() if we are matching the invoking or list user. Always check the group members, even if there was a group vector. [d0c7ceb2a041] 2004-12-17 Todd C. Miller <[email protected]> * LICENSE, Makefile.in, fnmatch.3: No longer bundle fnmatch.3 [72db4a4ff4e1] * CHANGES, TODO: checkpoint [e92781bfd99c] 2004-12-16 Todd C. Miller <[email protected]> * sudo.c: sort usage [15e3b876ec2c] * sudo.pod: Sort command line options [c1fa56584bc4] * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c, sudo.pod, sudoers.pod: Add closefrom sudoers option to start closing at a point other than 3. Add closefrom_override sudoers option and -C sudo flag to allow the user to specify a different closefrom starting point. [370652b099d1] * pathnames.h.in: Add _PATH_DEVNULL for those without it. [0c4c3e0ceb8b] * LICENSE: no more UCB strcasecmp [397a6298e07f] * strcasecmp.c: replace BSD licensed one with version derived from pdksh [d7cfda8c57a2] 2004-12-10 Todd C. Miller <[email protected]> * sudo.c: Fix last commit. [7afb9a180532] * sudo.c: Make sure stdin, stdout and stderr are open and dup them to /dev/null if not. [590f387068bd] 2004-12-03 Todd C. Miller <[email protected]> * ldap.c, mon_systrace.c, sudo.c, sudo.h: add sudo_ldap_close [4273a36765a7] * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c: Use TIME_WITH_SYS_TIME [c32b59bf15fb] * config.h.in, configure, configure.in: Add TIME_WITH_SYS_TIME_H [57cb146f451d] 2004-12-02 Todd C. Miller <[email protected]> * env.c: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set unconditionally on darwin. From Toby Peterson. [d69959681c87] * getspwuid.c: Check rbinsert() return value. In the case of faked up entries there is usually a negative response cached that we need to overwrite. In pwfree() don't try to zero out a NULL pw_passwd pointer. [00b32d1a48c1] * mon_systrace.c: Use the double fork trick to avoid the monitor process being waited for by the main program run through sudo. [e0ce556712ff] 2004-11-29 Todd C. Miller <[email protected]> * sudo.c: Call initgroups() in -U mode so group matches work normally. [2235bea15283] * def_data.h, mkdefaults: Don't print a trailing comma for the last entry in enum def_tupple [c43a96bb31df] 2004-11-28 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in, sudoers.pod: Mention values when lecture, listpw and verifypw are used in boolean context. [a0b5c0abaccf] * def_data.c, def_data.in: verifypw when used in a boolean TRUE context should be "all", not "any". [2eb076ddd5e2] 2004-11-26 Todd C. Miller <[email protected]> * def_data.in, defaults.c: Allow tuples that can be used as booleans to be used as boolean TRUE. In this case the 2nd possible value of the tuple is used for TRUE. [bd99aa77e88b] 2004-11-25 Todd C. Miller <[email protected]> * configure, configure.in: Correct the test for 2-parameter timespecsub [d41c9cb26b97] * sudo.h: Add strub struct definitions for passwd, timeval and timespec [c4ce5c43d8c5] * config.h.in, configure, configure.in, sudo_edit.c, visudo.c: Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS) and fix a typo in the gettimeofday check. [8ac9893057ce] 2004-11-24 Todd C. Miller <[email protected]> * match.c, testsudoers.c: Deal with user_stat being NULL as it is for visudo and testsudoers. [3605a6ff64d0] * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: Add -U option to use in conjunction with -l instead of -u. Add support for "sudo -l command" to test a specific command. [99638789d415] * gram.c, gram.y, sudo.c: Set safe_cmnd after sudoers_lookup() if it has not been set. Previously it was set by sudo "ALL" in the parser but at that point the fully-qualified pathname has not yet been found. [ac30d98f8225] 2004-11-23 Todd C. Miller <[email protected]> * parse.c, testsudoers.c: Correctly handle multiple privileges per userspec and runas inheritence. [a98a965181af] 2004-11-21 Todd C. Miller <[email protected]> * defaults.c: Zero out sd_un for each entry in sudo_defs_table in init_defaults. [031d3cd4a848] 2004-11-19 Todd C. Miller <[email protected]> * toke.c, toke.l: make per-command defaults work with sudoedit [e56fe33db916] * ldap.c, parse.c, sudo.c, sudo.h: Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, we just set the approriate defaults variable. [756eeecc1d86] * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: Document per-command Defaults. [92a0f84b91c1] * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c, sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: Add support for command-specific Defaults entries. E.g. Defaults!/usr/bin/vi noexec [be3d52bf01cf] * defaults.c, match.c, parse.c, parse.h, testsudoers.c: Change an occurence of user_matches() -> runas_matches() missed previously runas_matches(), host_matches() and cmnd_matches() only really need to pass in a list of members. user_matches() still needs to pass in a passwd struct because of "sudo -l" [833b22fc6fa0] * parse.c: Check def_authenticate, def_noexec and def_monitor when setting return flags. XXX May be better to just set the defaults directly and get rid of those flags. [b6db22b59d69] * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c: Use: #include <config.h> Not: #include "config.h" That way we get the correct config.h when build dir != src dir [97e5670a442b] * Makefile.in: Back out part of rev 1.263; fix -I order [197ea01cad5d] * toke.c, toke.l: More robust parsing if #include; could be much better still. [31bc3cd8f045] * sudo_edit.c, visudo.c: Make arg splitting in visudo and sudoedit consistent. [7bc74485f246] * Makefile.in, alias.c, gram.c, gram.y, parse.h: Split alias routines out into their own file. [d90f633cf9ae] * error.h: __attribute__ is already defined in compat.h [676ed3fe9203] * visudo.c: quit() should not be __noreturn__ as it is non-void on some platforms. [e528c2b6ba10] * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c: Add local error/warning functions like err/warn but that call an additional cleanup routine in the error case. This means we no longer need to compile a special version of alloc.o for visudo. [e78e8aae882e] * parse.h: Clarify comments about the data structures [ae894e266701] 2004-11-18 Todd C. Miller <[email protected]> * visudo.c: Add support for VISUAL and EDITOR containing command line args. If env_editor is not set any args in VISUAL and EDITOR are ignored. Arguments are also now supported in def_editor. [ff7303b8e298] 2004-11-17 Todd C. Miller <[email protected]> * parse.h: alias_matches() is no more [b59825e28084] * CHANGES, TODO: sync [2b8f5f63c1de] * Makefile.in: When regenerating the parser, don't replace gram.h unless it has changed. [819949668018] * Makefile.in: remove Makefile.binary for distclean [351eec8d00b2] * env.c: Preserve KRB5CCNAME in zero_env() and add a paranoia check to make sure we can't overflow new_env. [3284d17b9c6d] * sudo_edit.c: paranoia when stripping trailing slashes from tempdir. [012f1aa2b81f] * sudo.c: Set user_ngroups to 0 if getgroups() returns an error. [c46d43e9449a] 2004-11-16 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, sudo.c: Add configure check for getgroups() [5d8a214e2cef] * ldap.c: Use supplementary group vector in struct sudo_user. [3d0c463c034d] * match.c: Only do string comparisons on the group members if there is no supplemental group list. [be1c8362f7ef] * CHANGES, TODO: sync [db188bc5b975] * sudo_edit.c: On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so chop off any trailing slashes we see and add an explicit one. [e1b477dafee1] * match.c: remove bogus XXX comment [8aecb8a28d40] * match.c: Get rid of alias_matches and correctly fall through to the non-alias cases when there is no alias with the specified name. [2cd555246f09] * getspwuid.c: Cache non-existent passwd/group entries too. [8de9a467d271] * gram.c: regen [9ece18c58f36] * getspwuid.c: fix typo [9a7ae371eac1] * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c, mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c: Implement group caching and use the passwd and group caches throughout. [f1d8c5015169] 2004-11-15 Todd C. Miller <[email protected]> * match.c: Properly negate the return value of alias_matches() when appropriate. [ce59c4ce77ad] * match.c: Make hostname_matches() return TRUE for a match, else FALSE like the caller expects. [1dc03902d3a2] * Makefile.in: Add missing dependencies on gram.h [4f94bbb1d50c] * match.c: Use runas_matches in alias_matches() now that we have it. [284d22e91178] * parse.c, parse.h: Expand aliases in "sudo -l" mode [f67a38b79c44] * gram.y, match.c: Use ALIAS for the member type when storing an alias instead of HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the more generic type. Expand runas_matches instead of calling user_matches() inside of it since user_matches() looks up USERALIASes, not RUNASALIASes. [52004d75232b] * CHANGES, getspwuid.c: Paranoia; zero out pw_passwd before freeing passwd entry. [bd1b22638f00] * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure, configure.in, defaults.c, emul/err.h, env.c, err.c, error.c, error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c, sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c: Add local error/warning functions like err/warn but that call an additional cleanup routine in the error case. This means we no longer need to compile a special version of alloc.o for visudo. [25000b676cfe] * match.c: Use userpw_matches() to compare usernames, not strcmp(), since the latter checks for "#uid". [fcbe4b859f66] * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: Cache passwd db entries in 2 reb-black trees; one indexed by uid, the other by user name. The data returned from the cache should be considered read-only and is destroyed by sudo_endpwent(). [ee2418ff3f86] * match.c: add cast to uid_t [eb6415302d84] * gram.y: missing free in alias_destroy [572ecb680ad8] * redblack.c: Can't use rbapply() for rbdestroy since the destructor is passed a data pointer, not a node pointer. [11ce713830c0] * getspwuid.c, logging.c, sudo.c, sudo.h: Create and use private versions of setpwent() and endpwent() that set/end the shadow password file too. [616bc76d23bf] * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c: Store aliases in a red-black tree. [ce017d540416] * Makefile.in, redblack.c, redblack.h: red-black tree implementation [cd5586e8f48b] * visudo.c: Edit all sudoers file if there were unused or undefined aliases and we are in strict mode. [b6d5f5bb7262] 2004-11-12 Todd C. Miller <[email protected]> * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: Bring back the "secure_path" Defaults option now that Defaults take effect before the path is searched. [2e52c0e27606] 2004-11-11 Todd C. Miller <[email protected]> * logging.c, parse.c: A user can always list their own entries, even with -u. Better error message when failing to list another user's entries. [e2e24deb0071] * parse.c, sudo.c, sudo.h: The syntax to list another user's entries is now "-u otheruser -l". Only root or users with sudo "ALL" may list other user's entries. [3c0657e8f5fe] * sudo.cat, sudo.man.in, sudo.pod: Update env variable info in SECURITY NOTES [299716071024] * env.c: strip CDPATH too [9b97643b26f9] * env.c: strip exported bash functions from the environment. [9e5090c8284f] 2004-10-27 Todd C. Miller <[email protected]> * sudo.c: Only reset sudo_user.pw based on SUDO_USER environment variables for real commands and sudoedit. This avoids a confusing message when a user tries "sudo -l" or "sudo -v" and is denied. [3ea6d0053274] * gram.c, gram.y, parse.h: Extend LIST_APPEND to deal with appending lists too [d963e42f622f] 2004-10-26 Todd C. Miller <[email protected]> * logging.c: Convert some bitwise AND to ISSET [130dc40d268e] * lex.yy.c, toke.c: toke.c replaces lex.yy.c [048858df79e7] * CHANGES, TODO: sync [d19e7abf251c] * BUGS: new parser fixes most of the outstanding bugs [0891f66e3758] * configure: regen [1a3358cc7283] * visudo.c: Rework for the new parser. Now checks for unused aliases in sudoers. [ad462ede3094] * testsudoers.c: Rewrite for the new parser. Now supports a -d flag (dump) and adds a -h flag (host). It now defaults to the local hostname unless otherwise specified. [1b69685cc601] * sudo.h: Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h) [2e4fb3abfef0] * sudo.c: Update for new parse. We now call find_path() *after* we have updated the global defaults based on sudoers. Also adds support for listing other user's privs if you are root. [cf3db9fc3024] * mon_systrace.c: Working LDAP support; also remove a now-unneeded rewind(). [649ecf1baf6b] * logging.c, logging.h: Add NO_STDERR flag. [6cb935af94e0] * ldap.c: Split sudo_ldap_check() into three pieces: sudo_ldap_open(), udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to connecto to LDAP, apply the default options, find the command in the user's path, and then check whether the user is allowed to run it. The important thing here is that the default runas user may be specified as a default option and that needs to be set before we search for the command. [fc0426abc6f1] * ldap.c: Add casts to unsigned char for isspace() to quiet a gcc warning. [e5358e3df439] * defaults.h: Add prototype for update_defaults() [564dac3db74e] * defaults.c: Don't warn about line numbers now that we operate on a set of data structures (or LDAP) and not a file. [bcd9ffb9b67c] * config.h.in: No long use lsearch() [9d048c587319] * Makefile.in: Update for new and changed file names. [6f424a7c4515] * LICENSE: no more BSD lsearch.c [463a96d89026] * match.c: foo_matches() routines now live in match.c Added user_matches(), runas_matches(), host_matches(), cmnd_matches() and alias_matches() that operate on the parsed sudoers file. [b14da8a0567e] * parse.lex, toke.l: Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer() WORD no longer needs to exclude '@' kill yywrap() [a922294eb7b7] * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: Rewritten parser that converts sudoers into a set of data structures. This eliminates ordering issues and makes it possible to apply sudoers Defaults entries before searching for the command. [30d2ec4d203c] * configure.in, emul/search.h, lsearch.c: We won't be using lsearch() any longer. [29c4d54bfac0] * ldap.c: sudo should not send mail if someone who runs 'sudo -l' has no entry. [6fc27a69fd9c] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [8166347917f3] * visudo.pod: Update warnings to match new visudo [004c0766798f] * sudoers.pod: The new parser doesn't have the old ordering constraints. [ffd43bd08661] * sudo.pod: Document that -l now takes an optional username argument [278f9557de8b] 2004-10-25 Todd C. Miller <[email protected]> * RUNSON: AIX 5.2.0.0 works [523acd29d858] * ldap.c: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes a compilation problem with Solaris 9's native LDAP. Set FLAG_MONITOR when needed. [35824ade672d] 2004-10-23 Todd C. Miller <[email protected]> * mon_systrace.c: Call sudo_goodpath() *after* changing the cwd to match the traced process. Fixes relative paths. [12ee111d0ad7] 2004-10-21 Todd C. Miller <[email protected]> * testsudoers.c: Kill set_perms() stub--it is no longer needed. [116ed702935d] 2004-10-13 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in, sudoers.pod: stay_setuid now requires set_reuid() or setresuid() [8511f67e25d5] * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure, configure.in, set_perms.c, sudo.c, sudo.h: Kill use of POSIX saved uids; they aren't worth bothering with. [b3b1f19f18c1] 2004-10-07 Todd C. Miller <[email protected]> * glob.c: remove call to issetugid() [63f2e492c08f] * sudoers.cat, sudoers.man.in, sudoers.pod: Remove warning about wildcards. Now that we use glob() the bug is fixed. [b15729d32266] * parse.c: Use glob(3) instead of fnmatch(3) for matching pathnames and stat each result that matches the basename of the user's command. This makes "cd /usr/bin ; sudo ./blah" work when sudoers allows /usr/bin/blah. Fixes bug #143. [e31eb6310340] * config.h.in, configure, configure.in: Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and GLOB_BRACE) [677ed6661e17] * config.h.in, configure, configure.in: Check for a glob() that supports GLOB_BRACE and GLOB_TILDE [aaa2329dd266] * LICENSE: reference glob [bedc9a923423] * glob.c: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions removed. [81799451473c] * emul/glob.h: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions removed. [0335cf31fb1e] 2004-10-05 Todd C. Miller <[email protected]> * mon_systrace.c: Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means we are out of space in the stack gap... [5b02b702021e] * CHANGES: sync [be3826273e56] * mon_systrace.c: Take a stab at ldap sudoers support here. [9d023695b0de] * mon_systrace.c, mon_systrace.h: Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot" doesn't cause reboot to inadvertanly kill itself. [d4aab2365610] * mon_systrace.c: put "monitor" in the proctitle, not "systrace" [9a9025767d86] * mon_systrace.c: When modifying the environment, don't replace envp when we can get away with just rewriting pointers in the traced process. [c03622f7a2e2] * mon_systrace.c, mon_systrace.h: Add environment updating via STRIOCINJECT (if available). [037291016870] * sudoers.cat, sudoers.man.in: regen [869acc511046] 2004-10-04 Todd C. Miller <[email protected]> * lex.yy.c: regen [4e61a9bd3c97] * parse.lex: Fix bug introduced in unput() removal; want yyless(0) not yyless(1) [b70d7bd6e147] * mon_systrace.c: Include file is now mon_systrace.h [ead4e36d92ae] * Makefile.in, configure, configure.in, def_data.c, def_data.h, def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod: No longer call it tracing, it is now "monitoring" which should be more a obvious name to non-hackers. [aa811ded0789] 2004-10-01 Todd C. Miller <[email protected]> * mon_systrace.c, mon_systrace.h: Fix some XXX [a271072dacc6] * mon_systrace.c, mon_systrace.h: No need to include syscall.h, use 1024 as the max # of entries (the max that systrace(4) allows). Only need to use SYSTR_POLICY_ASSIGN once Change check_syscall() -> find_handler() and have it return the handler instead of just running it. We need this since handler now have two parts: one part that generates and answer and another that gets called after the answer is accepted (to do logging). Add some missing check_exec for emul execv [a89d243f0525] * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: Add $Sudo$ tags. [6f3fedb0daba] * config.h.in: Add missing HAVE_LINUX_SYSTRACE_H [ff75ab7bfc53] * Makefile.in: add trace_systrace.o dependency [88a408668ab2] 2004-09-30 Todd C. Miller <[email protected]> * configure, configure.in: Also look for systrace.h in /usr/include/linux [98b98b436cf3] * mon_systrace.c, mon_systrace.h: Move all struct defs and prototypes into trace_systrace.h and mark all but systace_attach() static. [85511253b570] * mon_systrace.c, mon_systrace.h: Add support for tracing emulations. At the moment, all emulations are compiled in. It might make sense to #ifdef them in the future, though this impeeds readability. [87bb50abf277] * Makefile.in, configure, configure.in: rename systrace.c -> trace_systrace.c [31cfa4407d93] * parse.yacc, sudo.tab.c: Allow this to build with a K&R compiler again [32876af5bb98] * TODO: sync [46865bd70f7c] * compat.h, sudo.c, visudo.c: Use __attribute__((__noreturn__)) [65bbad71fe89] * visudo.c: Exit() takes a negative value to indicate it was not called via signal. [b93032ed7b60] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [45bcf4661558] * Makefile.in, visudo.c: Define Err() and Errx() that are like err() and errx() but call Exit() instead of exit(). Build private copy of alloc.o for visudo that calls Err() and Errx(). [c6d02bf42edd] 2004-09-29 Todd C. Miller <[email protected]> * lex.yy.c, sudo.tab.c: regen [39de7e7c59da] * CHANGES: sync [ba481d9ed1aa] * visudo.c: Overhaul visudo for editing multiple files: o visudo has been broken out into functions (more work needed here) o each file is now edited before sudoers is re-parsed o if a #include line is added that file will be edited too TODO: o cleanup temp files when exiting via err() or errx() o continue breaking things out into separate functions [80c35cf534eb] * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: Add keepopen arg to open_sudoers that open_sudoers can use to indicate to the caller that the fd should not be closed when it is done with it. To be used by visudo to keep locked fds from being closed prematurely (and thus losing the lock). [f330fe632470] * parse.yacc, sudo.c: Add errorfile global that contains the name of the file that caused the error. [98079c7a37ed] * parse.lex: return COMMENT to yacc grammar for a #include line [2024a8de4fa8] * parse.lex: Remove us of unput() in favor of yyless() which is cheaper. [c61291902beb] * parse.yacc: Allow an empty sudoers file. [62fb111db2e7] 2004-09-28 Todd C. Miller <[email protected]> * mon_systrace.c: Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us. [9e15869ef597] * lex.yy.c, sudo.tab.c: regen [c29bdd43bfad] * visudo.c: Do signal setup before calling edit_sudoers(). Don't shadow the "quiet" global. [74252efd09ff] * visudo.c: If a sudoers file includes other files, edit those too. Does not yes deal with creating the new includes files itself. [06af7b9c173f] * testsudoers.c: init_parser now takes a path [b5ee186eb192] * parse.c, parse.h, parse.lex, parse.yacc: More scaffolding for dealing with multiple sudoers files: o init_parser() now takes a path used to populate the sudoers global o the sudoers global is used to print the correct file in yyerror() o when switching to a new sudoers file, perserve old file name and line number [d9be4970b8bd] * Makefile.in, pathnames.h.in: Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have multiple sudoers files. [6ccc4e921c43] * parse.c, sudo.c: Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so we start at the right file position when reading include files. [91fcb961e7a4] * sudoers.pod: document #include [fbb92a25a726] * lex.yy.c: regen [50cd7a4c9dff] * parse.lex: Add max depth of 128 for the include stack to avoid loops. Since yyerror() doesn't stop parsing, pass return values back to yylex and call yyterminate() on error. [e79dbffb729d] 2004-09-27 Todd C. Miller <[email protected]> * sudoers.pod: document tracing [165a467eadd8] * sudo.pod: Mention PREVENTING SHELL ESCAPES section of sudoers man page [3217ccecd834] * lex.yy.c, sudo.tab.c: regen [fbd58d1d3a76] * parse.lex: Add support for #include in sudoers (visudo support TBD) [a78015ca81af] * parse.yacc: make yyerror()'s argument const [7d8e168c019a] * testsudoers.c, visudo.c: Add open_sudoers() stubs. [087466787198] * sudo.c, sudo.h: Rename check_sudoers() open_sudoers() and make it return a FILE * [142fc511fc65] 2004-09-26 Todd C. Miller <[email protected]> * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, version.h: Crank version [1adc3f839480] * Makefile.in, sudo.psf: Better HP-UX depot construction [2d952b000e63] 2004-09-25 Todd C. Miller <[email protected]> * mon_systrace.c: o Made children global so check_exec() can lookup a child. o Replaced uid in struct childinfo with struct passwd * (for runas) o new_child() now takes a parent pid so the runas info can be inherited o Added find_child() to lookup a child by its pid o update_child() now fills in a struct passwd o Converted the big if/else mess in set_policy to a switch o Syscalls that change uid are now "ask" so we get SYSTR_MSG_UGID events [29b9ea3f09a3] * getspwuid.c: Add flag to sudo_pwdup that indicates whether or not to lookup the shadow password. Will be used to a struct passwd that has the shadow password already filled in. [e19d43dd7238] * mon_systrace.c: add missing increment of addr in read_string() [f9eb0f060cb6] * mon_systrace.c: Remove bogus call to update_child() and some cosmetic fixes [701ab0b97fef] * mon_systrace.c: Don't leak /dev/systrace fd to tracee Make initialized global for simplicity If STRIOCATTACH returns EBUSY we are already being traced Check for user_args == NULL in setproctitle() call Add missing calls to STRIOCANSWER [1956edf9bc3a] * sudo.c: g/c sudo_pwdup proto [b7c4d6249ecb] * Makefile.in, sudo.psf: Add target for building a depot file [357019efd99b] * mon_systrace.c: trim includes [501534428471] 2004-09-24 Todd C. Miller <[email protected]> * lex.yy.c, sudo.tab.c, sudo.tab.h: regen [52fd250c6986] * INSTALL: document --with-systrace [79623927c94e] * config.h.in, configure, configure.in: Add check for setproctitle [1730cf1c26ed] * mon_systrace.c: pass struct str_msg_ask in to syscall checker so it can set the error code [1703fd2fdef6] * mon_systrace.c: systrace(4) support for sudo. On systems with the systrace(4) kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec calls and check the exec args against the sudoers file. In other words, sudo can now control subcommands and shell escapes. [928c9217c386] * sudo.c, sudo.h: Call systrace_attach() if FLAG_TRACE is set. [014ba9402fa5] * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE [a99904db5e56] * parse.c, sudo.c: Don't close sudoers_fp, keep it open and set close on exec flag instead. [43a9fec60bee] * def_data.c, def_data.h, def_data.in: Add trace option [5b643b86730a] * Makefile.in: Add systrace [47a0519c427c] * INSTALL: SunOS /bin/sh blows up with configure [005a23cc5615] * configure, configure.in: Include sys/param.h before systrace.h [9345bc8efecf] * configure: regen [a8f53fcbb254] * pathnames.h.in: _PATH_DEV_SYSTRACE [d2ad1e492a00] * configure.in: line up options in --help [fa51f2821d09] * config.h.in, configure.in: Add --with-systrace [a264d54bc413] 2004-09-23 Todd C. Miller <[email protected]> * configure: regen [a4dad0bcc523] * aclocal.m4, configure.in: make this work with autoconf-2.59 [c4a92b6a684a] 2004-09-16 Todd C. Miller <[email protected]> * sudo_edit.c: Simplify logic around open & stat of files and do sanity on edited file even if we lack fstat (still racable but worth doing). [adda65ade70c] 2004-09-15 Todd C. Miller <[email protected]> * HISTORY: Add support url [bf6590fbde9f] * Makefile.in: versino 1.6.8p1 [b84ebfaf1552] [SUDO_1_6_8p1] * CHANGES: more changes for 1.6.8p1 [e23a9c0393b6] * version.h: 1.6.8p1 [872f14504b5f] * CHANGES, sudo_edit.c: Add sanity check so we don't try to edit something other than a regular file. [350134ec6d4e] 2004-09-15 Aaron Spangler <[email protected]> * CHANGES: sync [3091ca9eae00] * INSTALL: document --with-ldap-conf-file [0e2cd6b896f1] 2004-09-14 Todd C. Miller <[email protected]> * CHANGES, ins_csops.h: political correctness strikes again [428e8bc77f55] * RUNSON: sync [27f44bd423dc] 2004-09-12 Todd C. Miller <[email protected]> * Makefile.binary.in, Makefile.in: Install sudoedit man link [19a55234fc1f] * INSTALL: Update PAM note and mention where HP-UX users can download gcc binaries. [d37cdbbabfd4] * Makefile.in: libtool wants to install stuff from .libs so fake one up for binary installations. [a681bc6fcfba] * Makefile.binary.in: rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly [3e0c4b3372cc] * Makefile.in: Deal with "uname -m" having slashes in it rm -f old sudoedit link instead of using ln -f [cff33fb97e5b] * Makefile.binary, Makefile.binary.in: Makefile.binary -> Makefile.binary.in for config.status substitution Add support for installing noexec bits [37d8bb3483c6] * Makefile.in: Copy noexec bits into binary dists too No longer use my old arch script for making binary dists [e7058bab9e33] * Makefile.binary: Install sudoedit link. [417d1e101711] 2004-09-11 Todd C. Miller <[email protected]> * emul/utime.h: avoid __P so there is no need for compat.h to be included [6d8d1f1abf7d] * utimes.c: Don't use HAVE_UTIME_H before including config.h. [013b7bb61181] 2004-09-10 Todd C. Miller <[email protected]> * compat.h: Fix Solatis futimes macro [d4eda2ca0d29] 2004-09-09 Todd C. Miller <[email protected]> * sudo_edit.c: Rename ots -> omtim for improved readability. [127ca5bb297c] 2004-09-08 Todd C. Miller <[email protected]> * sudo_edit.c: Redo changes in revision 1.7. Don't really need to keep the temp file open; re-opening it with the invoking user's euid is sufficient. [55a883165a95] * CHANGES: sync [9015b291170d] * sudo.cat, sudo.man.in: regen [c0313f6ed783] * sudo.pod: back out revision 1.70; it is no long applicable [b641d503aff6] * env.c: Let the loader initialize nep [bec192139b02] * config.h.in, configure, configure.in: Removed unneed check for fchown Add check for gettimeofday Move autoheader template stuff into separate AH_TEMPLATE lines [bfc0edbd43f2] * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: Use timespec throughout. [1a178a23b69b] * Makefile.in: gettime.[co] [6aeb48a7ab7f] * gettime.c: function to return the current time in a struct timespec [bf8eb12cb63f] * utimes.c: Not a darpa-sponsored file. [121ce5e2036c] 2004-09-07 Todd C. Miller <[email protected]> * compat.h, config.h.in, configure, configure.in: Add a check for struct timespec and provide it for those without. [42124055030d] * config.h.in, configure, configure.in, sudo_edit.c: Add checks for st_mtim and st_mtimespec and add macros for pulling the mtime sec and nsec out of struct stat. These are used in sudo_edit() to better tell whether or not the file has changed. [23debfbb3fab] * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: Add an extra param to touch() for nsec [56f7a4ba8ddb] * sudo_edit.c: Call mkstemp() as the in invoking user so we don't have to chown the file later. Only touch() the temp file if we can do it via the file descriptor. Don't check for modification of the temp file if we lack fstat(). Catch errors read()ing the temp file. [665f52c70836] * fileops.c: If path is NULL and fd == -1 return -1. [757a518a824c] * sudo_edit.c: closefrom() is overkill, the only extra fds are the ones we opened so just close those in the child. [f361c9d2a1f4] * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure, configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c, visudo.c: Use utimes() and futimes() instead of utime() in touch(), emulating as needed. Not all systems are able to support setting the times of an fd so touch() takes both an fd and a file name as arguments. [3d9276f29717] 2004-09-07 Aaron Spangler <[email protected]> * env.c: Rare SEGV [8995f828782d] 2004-09-06 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [b8e9406711c5] * sudo.pod, sudoers.pod, visudo.pod: Add SUPPORT section and re-order some of the sections to match the order we use in OpenBSD. [fa37bd917e2c] 2004-09-06 Aaron Spangler <[email protected]> * env.c: Openldap ~/.ldaprc fix [1a37afe6850f] 2004-09-06 Todd C. Miller <[email protected]> * sudo.pod: Talk about how the editor must write its changes to the original file and not just use rename(2). [c55ed91c5ee9] * CHANGES: sync [62af26bd37a2] * sudo_edit.c: Keep the temp file open instead of re-opening after the editor has exited. [de41eeb6dcf2] * sample.pam: Update for current redhat/fedora core. [8cf083077333] 2004-09-03 Aaron Spangler <[email protected]> * README.LDAP: tls_ examples [ba783d88a034] 2004-09-02 Aaron Spangler <[email protected]> * ldap.c: config tls_* options [0b0e0797b3b9] 2004-08-29 Todd C. Miller <[email protected]> * configure, configure.in: No need for -lcrypt when using pam. [41fff3a53e68] 2004-08-27 Todd C. Miller <[email protected]> * configure: regen [75820aecce2c] 2004-08-27 Aaron Spangler <[email protected]> * configure.in, ldap.c, pathnames.h.in: Allow --with-ldap-conf-file option to override LDAP_CONF [c9909bc484a5] * ldap.c: cleanup debug message [1f6ca4824d8d] 2004-08-26 Aaron Spangler <[email protected]> * README.LDAP: more config info [f2e7147fd507] 2004-08-24 Todd C. Miller <[email protected]> * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c: Add cmnd_base to struct sudo_user and set it in init_vars(). Add cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No longer use gross statics in command_matches(). Also rename some variables for improved clarity. [7169a6c7bea4] 2004-08-21 Todd C. Miller <[email protected]> * INSTALL: document HP's crippled compiler deficiency. [c405ea5a8d4c] * INSTALL: Fix some thinkos in --with-editor and --with-env-editor descriptions. Noticed by Norihiko Murase. [dd781de1c985] * configure, configure.in: --with-noexec takes an optional PATH argument. [8f6ab77f22cc] * INSTALL: document --with-noexec [50cb1fc627ce] 2004-08-17 Todd C. Miller <[email protected]> * RUNSON, TODO: sync [f2503bd13373] [SUDO_1_6_8] * sudo_edit.c: Better warning message when sudoedit is unable to write to the destination file. [f78c18f2ffa8] * sudo.cat, sudo.man.in: regen [7e2bf63d6d9a] * sudo.pod: Don't italicize the string "sudoedit" [c691643bd269] 2004-08-16 Todd C. Miller <[email protected]> * HISTORY: Mention GratiSoft. [dc53de581b2d] 2004-08-11 Todd C. Miller <[email protected]> * sudo.tab.c: regen [8ae0484dfc38] * parse.yacc: Reset used_runas to FALSE when re-intializing the parser. [b7403f353a02] 2004-08-09 Todd C. Miller <[email protected]> * config.guess: Correct OpenBSD mips support [314fc7afc165] * config.guess: Add OpenBSD/mips [ac87d0a773ef] 2004-08-07 Aaron Spangler <[email protected]> * README.LDAP: More behavior notes [13be1d212b47] * README.LDAP: Updates on current behavior [d498a8866d6f] 2004-08-06 Todd C. Miller <[email protected]> * sudoers.pod: =back does not take an indentlevel (makes no difference to formatted files). [9c8523bb382a] * sudo.pod: =back does not take an indentlevel (makes no difference to formatted files). [e5f479e24fa8] * CHANGES: new [2dbd9aba8b33] * sudo.c: Consistency. Use same error for bad -u #uid when targetpw is set as we do when a bad -u username is specified. [922961c4a9d6] * TODO: Add checksum idea from Steve Mancini [e6ece1b766ba] * sudoers.cat, sudoers.man.in: regen [370d2317829f] * sudo.cat, sudo.man.in: regen [f93d41fc38b1] * sudo.pod, sudoers.pod: Document the restriction on uids specified via -u when targetpw is set. [878fedb455db] * sudo.c: Error out when targetpw is enabled and sudo is run with -u #uid but #uid does not exist in the passwd database. We can't do target authentication when the target is not in passwd! [27c5888c86eb] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen [ceb65711050c] * TODO: Some more todo for the next release. [7b7417be7601] * INSTALL: Make it clear that PAM should be used for DCE support when possible. [7502029fd385] * sudoers.pod: o Document problems with wildcards and relative paths. o Make the order requirements more prominent. o Change a "set" to "reset" for clarity. [bacdd181b33f] 2004-08-05 Todd C. Miller <[email protected]> * sudo.pod: Mention --with-secure-path, not SECURE_PATH. [41283ddde5e1] 2004-08-03 Aaron Spangler <[email protected]> * ldap.c: reflect changes to parse.c [8880fe9b724d] 2004-08-02 Todd C. Miller <[email protected]> * sudo.tab.c: regen [a57658ca9177] * parse.c, parse.h, testsudoers.c, visudo.c: Don't pass user_cmnd and user_args to command_matches(), just use the globals there. Since we keep state with statics anyway it is misleading to pretend that passing in different cmnd and cmnd_args will work. [0a2544991fd6] * parse.yacc: Don't pass user_cmnd and user_args to command_matches(), just use the globals there. Since we keep state with statics anyway it is misleading to pretend that passing in different cmnd and cmnd_args will work. [a4910bf6032b] * parse.c: Fix a bug introduced in rev. 1.149. When checking for pseudo- commands check for a '/' anywhere in cmnd, not just the first character. [ce98142f03ca] 2004-07-31 Aaron Spangler <[email protected]> * sudo.man.in, sudo.pod: Clarification thanks to Olivier Blin <[email protected]> [a91800e094b1] * sudoers.man.in, sudoers.pod: Add ignore_local_sudoers [741ddcbf7083] * README.LDAP: Sun One schema definition by [email protected] and [email protected] [742c02e07cd9] 2004-07-29 Todd C. Miller <[email protected]> * CHANGES: typo [e7cdefbd7a9a] 2004-07-23 Todd C. Miller <[email protected]> * CHANGES: sync [734dafc4a85e] * parse.c: Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse. [151b7f593568] 2004-07-08 Todd C. Miller <[email protected]> * CHANGES: PAM change [d8fb6d6a22d0] 2004-07-08 Aaron Spangler <[email protected]> * ldap.c: Better debugging of ALL command [9db3e84029dc] 2004-07-08 Todd C. Miller <[email protected]> * parse.c: When matching for "sudoedit" in sudoers check both the command the user typed *and* the command that is listed in the sudoers entry. [f36ca1f94095] 2004-07-04 Aaron Spangler <[email protected]> * ldap.c: Added !command feature [ed539574611b] 2004-06-28 Todd C. Miller <[email protected]> * auth/pam.c: Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell [2be8e0e8813a] 2004-06-11 Todd C. Miller <[email protected]> * LICENSE: License is ISC-style, not BSD-style [ac0589e1dd5d] * CHANGES: sync [16058a30f404] 2004-06-10 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in: regen [8820eb9c809b] * sudo.pod: o Update some out of date bits to reality o Change the shell promt in examples to bourne-shell style o Clarify some details o Add a CAVEAT about "sudo cd /foo" [b0af373214b6] * check.c: Don't ask for a password if invoking user == target user. [dd5c96141132] * sudo.c: typo in comment [278d20f9b249] 2004-06-08 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in: regen [9036c6f39eff] * sudoers.pod: Expand on NOEXEC a little. [9a13756aebe4] * TODO: sync [8d2c1af48de8] * visudo.cat, visudo.man.in: regen [3921f01607c8] * sudo.tab.c: regen [9338c3d68250] * visudo.pod: Add a check in visudo for runas_default being set after it has already been used. [6700358d7ad8] * CHANGES, parse.yacc, visudo.c: Add a check in visudo for runas_default being set after it has already been used. [803560986a8a] * sudo.tab.c: regen [b60636e2cf63] * parse.yacc: Add a MATCHED macro for testing whether foo_matches has been set to TRUE or FALSE. This is more readable than checking for >=0 or < 0. Doesn't change the actual code generated. [f376da8ccdc8] 2004-06-07 Todd C. Miller <[email protected]> * sudoers.cat: regen [6cceb6d6c9bd] * sudoers.man.in: regen [5acd12b730b3] * sudoers.pod: Correct description of where Defaults specs should go. [6b11ff53d7ad] * sudoers: Correct description of where Defaults specs should go. [868db857630d] * testsudoers.c, visudo.c: update (c) year [272c8a53604c] * logging.h: update (c) year [3cec76d400ce] * ldap.c: update (c) year [f264632488a0] * find_path.c: update (c) year [40c227af9227] * auth/pam.c: update (c) year [87149e0eed50] * auth/bsdauth.c, auth/kerb5.c: update (c) year [d72eb434c068] 2004-06-06 Todd C. Miller <[email protected]> * sudo.tab.c: regen [83408d9e9d2e] * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c: Remove trailing spaces, no actual code changes. [4c3bf2819293] * tgetpass.c: Remove trailing spaces, no actual code changes. [96f6e0a24c26] * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c: Remove trailing spaces, no actual code changes. [c7075d1cbed5] * getcwd.c: Remove trailing spaces, no actual code changes. [776cc0374547] * find_path.c: Remove trailing spaces, no actual code changes. [7ed7099f3c71] * compat.h, defaults.c, env.c: Remove trailing spaces, no actual code changes. [893e83c33795] * check.c: Remove trailing spaces, no actual code changes. [f77750f8803b] * sudo.tab.c: regen [62e0ed883b31] * parse.yacc: Fix a >=0 that should be <0 that was improperly converted when UNSPEC was added. [ad1531a55a49] * parse.yacc: Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not NOMATCH when resetting it. [ae017a12870a] * parse.yacc: Fix pastos introduced in SETNMATCH addition. [6ea1c9d80681] 2004-06-05 Todd C. Miller <[email protected]> * README.LDAP: Update for configure changes [637a635da287] * sudo.tab.c: regen [4753c2788713] * sudo.h: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use these in parse.yacc. Also in parse.yacc initialize the *_matches vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use when setting *_matches to a value that may be NOMATCH/UNSPEC/TRUE/FALSE. [2ba622e15a4d] * parse.yacc: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use these in parse.yacc. Also in parse.yacc initialize the *_matches vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use when setting *_matches to a value that may be NOMATCH/UNSPEC/TRUE/FALSE. [746b519e41a6] * parse.yacc: Initialize runas to -2, not -1 since we need to be able to distinguish between the initialized value and the value of a non- match when passing along the runas value to multiple commands. The result of this is that an unmatched runas is now set to -1, not 0. This is required now that parse.c treats a FALSE value for runas as being explicitly denied. [7791ed3621f6] 2004-06-03 Todd C. Miller <[email protected]> * sudo.c, visudo.c: Error out if argc < 1. [ce6b2a9eda3c] * getprogname.c: Error out if argc < 1. [c566cce8dc78] * configure, configure.in: Add tests for what libs we need to link with for ldap and for whether or not lber.h needs to be explicitly included. [b2e9729cc4e7] 2004-06-03 Aaron Spangler <[email protected]> * ldap.c: Solaris native LDAP build fix [39929e40eb11] 2004-06-01 Todd C. Miller <[email protected]> * ldap.c: Set edn to NULL is ldap_get_dn() fails to avoid potential use of an unset variable. [6a4c20a66f98] * sudo.h: Add prototype for sudo_ldap_list_matches [443b007a8dab] * configure, configure.in: Better check for dirfd macro--we now set HAVE_DIRFD for the macro version too. Added check for dd_fd in `DIR' if no dirfd is found; this is now used to confitionally define the dirfd macro in compat.h. [567656978f7e] * config.h.in: Better check for dirfd macro--we now set HAVE_DIRFD for the macro version too. Added check for dd_fd in `DIR' if no dirfd is found; this is now used to confitionally define the dirfd macro in compat.h. [34eace4faec8] * compat.h: Better check for dirfd macro--we now set HAVE_DIRFD for the macro version too. Added check for dd_fd in `DIR' if no dirfd is found; this is now used to confitionally define the dirfd macro in compat.h. [8d50ff1bbf2a] * closefrom.c: Only check /proc/$$/fd if we have the dirfd function/macro. [15e3ccce7553] * compat.h, config.h.in, configure, configure.in: Add a check for a dirfd() function (like Linux) and add a dirfd macro in compat.h if there is no dirfd() function or macro. [1e95756edb50] * closefrom.c, getcwd.c: dirfd() is now defined in compat.h as needed. [bb1d79271188] * CHANGES: Clarify closefrom() note. [f4e4a5508dda] * parse.c: When checking for a command in the directory, only copy the base dir once. [7a3276808b87] * closefrom.c: If there is a /proc/$$/fd directory, behave like the Solaris closefrom() and only close the descriptors listed therein. [19de23779e84] * alloc.c: compat.h guarantees INT_MAX is defined. [1bf0c79d4606] * compat.h: Add definitions of OPEN_MAX and INT_MAX for those without it and remove definition of RLIM_INFINITY (now unused). [f827d1ebf96e] * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c, sudo.c, sudo.h, visudo.c: Use PATH_MAX, not MAXPATHLEN since the former is standardized. [59788f211c24] 2004-05-31 Todd C. Miller <[email protected]> * CHANGES: sync [d32fa124f1ad] * RUNSON: Add some entries that were mailed in a while ago [ff8d5bfec54e] * closefrom.c: o sysconf returns a long, not an int. o check for negative return value from sysconf/getdtablesize and use OPEN_MAX in this case. o define OPEN_MAX to 256 for those without it (a fair guess...) [ccf81ae6deb2] 2004-05-30 Todd C. Miller <[email protected]> * UPGRADE: Mention change in parse order for RunAs entries. [dc73b0bca617] * configure: regen [07cce8e0534e] 2004-05-29 Todd C. Miller <[email protected]> * INSTALL, README.LDAP, config.h.in, configure.in: o --with-ldap now takes an optional dir as a parameter o added check for ldap_initialize() and start_tls_s() [2b846c7974c6] * README.LDAP: Fix some typos, word choice and formatting issues. [00dc8ca84b10] 2004-05-28 Todd C. Miller <[email protected]> * tgetpass.c: Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use read/write as it is simpler. [30f5446ee8b0] * configure, configure.in: Remove hack overriding cross-compiler check. It should no longer be needed. [22a6cbd88608] * compat.h: Remove select() compat bits since we no longer use select(). [d7bbf7cd36f5] * CHANGES, tgetpass.c: Use alarm() instead of select() for the timeout for systems that don't fully/properly implement select(). [d7cc60f15800] 2004-05-27 Todd C. Miller <[email protected]> * CHANGES: synbc [132a39788e07] * RUNSON: update [61ef508380c6] * set_perms.c: Deal with systems that have no way of setting the effective uid such as nsr-tandem-nsk. [306e00e9b5a4] * configure, configure.in: Define NO_SAVED_IDS if we don't find seteuid() [8588f18345cf] * config.h.in, configure, configure.in: Add back check for setreuid() since NSK doesn't have it. [43127bd703d1] * sudoers.cat, sudoers.man.in: regen [af4f4b20e422] * CHANGES: sync [29ca3b699c24] * BUGS: sync [3593f17f72ed] * parse.c: In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was explicitly denied and the command matched. This fixes a long- standing bug and makes: foo machine = (ALL) /usr/bin/blah foo machine = (!bar) /usr/bin/blah equivalent to: foo machine = (ALL, !bar) /usr/bin/blah [2f5ee244985a] * sudoers.pod: Clarify mail_noperm [3238b2d41989] 2004-05-20 Aaron Spangler <[email protected]> * Makefile.in: Missing DESTDIR in make install for sudo_noexec.la [91431e821525] 2004-05-17 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [cdfde0dcb556] * TODO: sync [4799b7d8b62c] * sudoers.pod: Remove fastboot/fasthalt (who still remembers these?) and add a minimal sudoedit example. [19d299f233cd] * sample.sudoers: Remove fastboot/fasthalt (who still remembers these?) and add a minimal sudoedit example. [b1bca73d6250] * UPGRADE, sudo.c, visudo.c: filesystem -> file system [1e1afaf30469] * TROUBLESHOOTING: filesystem -> file system [39fb594e9338] * CHANGES, INSTALL: filesystem -> file system [85948b608ffe] * sudo.pod, sudoers.pod: Fix some minor typos and formatting goofs [e94d243a0b90] * lex.yy.c: regen [2eed0ab1f4c4] * visudo.pod: remove my email addr [b63262c0389b] * sudo.pod, sudoers.pod, visudo.pod: Use @mansectform@ and @mansectsu@ everywhere Make man page references links with L<> [f459f4b9ddb9] * parse.lex: Accept quoted globbing characters and pass them verbatim for fnmatch() [8248b86e9380] * UPGRADE: Document that /tmp/.odus is gone. [3667b66af5bb] * pathnames.h.in: No longer use /tmp/.odus as a possible timestamp dir unless specifically configured to do so. Instead, if no /var/run exists, use /var/adm/sudo or /usr/adm/sudo. [48d94c9f9ad4] * configure: No longer use /tmp/.odus as a possible timestamp dir unless specifically configured to do so. Instead, if no /var/run exists, use /var/adm/sudo or /usr/adm/sudo. [058d7b8cf07b] * aclocal.m4: No longer use /tmp/.odus as a possible timestamp dir unless specifically configured to do so. Instead, if no /var/run exists, use /var/adm/sudo or /usr/adm/sudo. [cf52c4c2803f] * CHANGES: No longer use /tmp/.odus as a possible timestamp dir unless specifically configured to do so. Instead, if no /var/run exists, use /var/adm/sudo or /usr/adm/sudo. [6058c4cefcec] * set_perms.c, sudo.c, tgetpass.c, visudo.c: Preliminary changes to support nsr-tandem-nsk. Based on patches from Tom Bates. [2e5f81834383] * logging.c: Preliminary changes to support nsr-tandem-nsk. Based on patches from Tom Bates. [934bbe6872b6] * check.c, compat.h: Preliminary changes to support nsr-tandem-nsk. Based on patches from Tom Bates. [390b698b5924] 2004-05-16 Todd C. Miller <[email protected]> * CHANGES: There was no 1.6.7p6. [8013d2e6b062] * BUGS, CHANGES: sync [c38b41f32857] * Makefile.in: add missing files to DISTFILES [e6a80ad03039] * sudo.cat, sudoers.cat, visudo.cat: regen [027bc9746dd5] * sudoers.man.in: regen [f5e85ef686cf] * Makefile.in: Fix some line wrap and update (c) year [bad1f46aa1ca] 2004-04-28 Aaron Spangler <[email protected]> * README.LDAP: Build Note [7a061248249b] 2004-04-07 Aaron Spangler <[email protected]> * Makefile.in: Fix install-dirs [be0726dd92e7] 2004-04-05 Todd C. Miller <[email protected]> * sudo.tab.c: regen [3f4f0d1ab8b9] * visudo.c: In Exit() when used as a signal handler, emsg is a pointer so sizeof() is wrong so make it a #define instead. Also avoid using a negative exit value. Found by Aaron Campbell [78716a3a3fdc] 2004-03-24 Todd C. Miller <[email protected]> * sudoers.pod: Remove bogus sentence about uids in a User_List. Document usernames vs. uid parsing in a Runas_List. [7ca510b5031c] * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: If the user specified a uid with the -u flag and the uid exists in the passwd file, set runas_user to the name, not the uid. When comparing usernames in sudoers, if a name is really a uid (starts with '#') compare it numerically to pw_uid. [8d6935d04673] 2004-03-22 Todd C. Miller <[email protected]> * auth/kerb5.c: krb5_mcc_ops should be const; Johnny C. Lam [aa8c753e426e] 2004-02-28 Aaron Spangler <[email protected]> * CHANGES, config.h.in, ldap.c: Added start_tls support [7ef864c15b69] 2004-02-14 Todd C. Miller <[email protected]> * Makefile.in: Clean up libtool stuff for 'make distclean' and add def_data.c, def_data.h to PARSESRCS. [bf9bb6bb06ab] 2004-02-14 Aaron Spangler <[email protected]> * strlcat.c, strlcpy.c: Un-Fix last license munge [42654b77ac71] 2004-02-13 Todd C. Miller <[email protected]> * configure: regen [e4de6b23a4dc] * CHANGES, RUNSON, TODO: checkpoint [94e1ace84d5c] * lex.yy.c, sudo.tab.c: regen [8ce784505643] * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, emul/search.h, emul/utime.h: More to a less restrictive, ISC-style license. [a31b20e48003] * auth/kerb5.c, auth/pam.c: More to a less restrictive, ISC-style license. [e41f92b41216] * auth/dce.c, auth/fwtk.c, auth/kerb4.c: More to a less restrictive, ISC-style license. [87534c164a52] * auth/bsdauth.c: More to a less restrictive, ISC-style license. [e21be6594b58] * auth/afs.c, auth/aix_auth.c, zero_bytes.c: More to a less restrictive, ISC-style license. [6d234be91c5e] * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod: More to a less restrictive, ISC-style license. [b02aea324fd6] * sudo_noexec.c: More to a less restrictive, ISC-style license. [a6da7631e0b2] * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, sudo_edit.c: More to a less restrictive, ISC-style license. [71cdcc241e94] * sigaction.c, strerror.c: More to a less restrictive, ISC-style license. [4bccdedca58a] * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in, set_perms.c: More to a less restrictive, ISC-style license. [64d772d70ab3] * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h: More to a less restrictive, ISC-style license. [520381c60a54] * find_path.c, getprogname.c: More to a less restrictive, ISC-style license. [f605d5eab6f1] * fileops.c: More to a less restrictive, ISC-style license. [4129a8b38a67] * env.c: More to a less restrictive, ISC-style license. [d5bd859757de] * defaults.h: More to a less restrictive, ISC-style license. [008f5d5743f5] * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h, defaults.c: More to a less restrictive, ISC-style license. [d8d7bfc8a18b] * utime.c, version.h: More to a less restrictive, ISC-style license. [e2e038ad8209] * parse.lex, parse.yacc: More to a less restrictive, ISC-style license. [2f5942e847a1] * Makefile.binary: More to a less restrictive, ISC-style license. [1ed561734535] 2004-02-13 Aaron Spangler <[email protected]> * sudoers2ldif: Merged in LDAP Support [3994c4d05947] * ldap.c, sudo.c, sudo.h: Merged in LDAP Support [547eaa346fcc] * def_data.c, def_data.h, def_data.in: Merged in LDAP Support [8fb255280e42] * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in: Merged in LDAP Support [1038092a161e] 2004-02-08 Todd C. Miller <[email protected]> * sudo.h, sudo_noexec.c: Only do "extern int errno" if errno is not a macro. [b2e02a08be8b] 2004-02-06 Todd C. Miller <[email protected]> * set_perms.c: setreuid(0, 0) fails on QNX if the euid is not already 0 so set the euid first, then just call setuid(0) to set the real uid too. [f08546e2e0ee] * set_perms.c: Use setresuid() and setreuid() for PERM_RUNAS when appropriate instead of seteuid() which may not exist. [ba508581befb] 2004-02-04 Todd C. Miller <[email protected]> * LICENSE: 2004 [37425513a342] * INSTALL, config.h.in, configure, configure.in, ins_classic.h: Add --with-pc-insults configure option [7daa5294c17b] * visudo.man.in: Prefer VISUAL over EDITOR like old vipw did. [996252a4ab65] 2004-02-01 Todd C. Miller <[email protected]> * sudo.man.in, sudoers.man.in: regen [a247f1c52eb9] * sudoers.pod: Add a note that noexec is not a cure-all. [9e7fc535367d] * sudoers.pod: Mention that disabling "root_sudo" is pretty pointless. [f38a415afba0] * configure, configure.in: Substitute for root_sudo in sudoers.pod [ce483cfc86be] * sudo.pod: Add sudoedit to the NAME section [51bc453ec2f6] * sudoers.pod: Document that fact that setting ignore_dot in sudoers has no effect due to the fact that find_path() is called *before* sudoers is read. [6808df7e417c] 2004-01-30 Todd C. Miller <[email protected]> * sudo_edit.c: Do not require _PATH_USRTMP to be set. [546f3270dd10] * BUGS, CHANGES, TODO: sync [4205ddeab781] * sudo.man.in: regen [e2143690a88a] * sudo.pod: Clarify that when sudo is run by root with the SUDO_USER variable set, the sudoers lookup happens for root and not the SUDO_USER user. [47207bec1bdf] 2004-01-29 Todd C. Miller <[email protected]> * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c, set_perms.c, sigaction.c, sudo.c, tgetpass.c: Use the SET, CLR and ISSET macros. [a8b0d7f1e8fd] * fnmatch.c: Use the SET, CLR and ISSET macros. [1afbcba22ba6] * defaults.c, env.c: Use the SET, CLR and ISSET macros. [2f39431e0a49] * interfaces.h: MAIN was replaced with _SUDO_MAIN some time ago. [ea1b38f2ac9d] * sudo.c: Don't look at prev_user until after we've parsed sudoers and done the password check. That way, if sudo/sudoedit is run from a root process that was invoked by sudo, we check sudoers for root, not the previous user. This makes sudoedit much more useful and means that for the sudo case, we get correct logging on who actually ran the command. [431dfbf20552] 2004-01-23 Todd C. Miller <[email protected]> * sudo_edit.c: Add a comment describing why we need to be notified about our child stopping. [0bec3ce4b49d] 2004-01-22 Todd C. Miller <[email protected]> * def_data.c, def_data.in: Update the noexec variable descriptions [9cb7f1aa0e57] * sudoers.man.in, sudoers.pod: noexec now replaces more than just execve() [23cbdc0ee95c] * sudo_noexec.c: Alas, all the world does not go through execve(2). Many systems still have an execv(2) system call, Linux 2.6 provides fexecve(2) and it is not uncommon for libc to have underscore ('_') versions of the functions to be used internally by the library. Instead of stubbing all these out by hand, define a macro and let it do the work. Extra exec functions pointed out by Reznic Valery. [9fa0cd871b0c] * sudo.c, sudo_edit.c: Fix suspending the editor in -e mode. Because we do a fork() first we need to be notified when the child has been stopped and then send that same signal to ourself so the shell can do its job control thing. [773165eb6057] * visudo.c: Use WIFEXITED and WEXITSTATUS macros. If there are systems out there that want to run sudo that still don't support these we can try to deal with that later. [6af68e4aff60] * lex.yy.c: regen [403435317d5d] * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: Document sudo -e / sudoedit [a80f6ea910af] * configure, configure.in: fix typo [5020fcdc27f4] * config.h.in, configure.in: Add SET/CLR/ISSET [03ff57286e7e] 2004-01-21 Todd C. Miller <[email protected]> * sudo.c: Allow non-exclusive flags when invoked as sudoedit. Pretty print the long usage() line to not wrap (assumes 80 char display) [3941fa4004bb] * Makefile.in, sudo.c: If sudo is invoked as "sudoedit" the -e flag is implied and no other flags are permitted. [929670b01293] * sudo.h: Add a new flag, -e, that makes it possible to give users the ability to edit files with the editor of their choice as the invoking user, not the runas user. Temporary files are used for the actual edit and the temp file is copied over the original after the editor is done. [c4051414c1f4] * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: Add a new flag, -e, that makes it possible to give users the ability to edit files with the editor of their choice as the invoking user, not the runas user. Temporary files are used for the actual edit and the temp file is copied over the original after the editor is done. [37ac05c8ac3c] * env.c, sudo.c: If real uid == 0 and the SUDO_USER environment variables is set, use that to determine the invoking user's true identity. That way the proper info gets logged by someone who has done "sudo su" but still uses sudo to as root. We can't do this for non-root users since that would open up a security hole, though perhaps it would be acceptable to use getlogin(2) on OSes where this a system call (and doesn't just look in the utmp file). [c2f9198708a1] * pathnames.h.in: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP [7d9e5768df93] * config.h.in, configure, configure.in: Add check for fchown(2) [a85df18798ed] 2004-01-20 Todd C. Miller <[email protected]> * sudo.c: Back out portions of the -i commit that set NewArgv[0] in set_runaspw. It is far to late to set NewArgv[0] there and will have no effect anyway as cmnd and safe_cmnd have already been set. [c2d343430c1c] * visudo.c, visudo.pod: Prefer VISUAL over EDITOR like old vipw did. [ae32f477cea3] 2004-01-19 Todd C. Miller <[email protected]> * env.c, sudo.c: In -i mode always set new environment based on the runas user's passwd entry. [fa653b7887a8] 2004-01-18 Todd C. Miller <[email protected]> * sudo.man.in, sudo.pod: Document the new -i flag and sync SYNOPSIS section with usage() in sudo.c. Also sort the flags in the OPTIONS section. [6aabc0ffc47e] * sudo.c, sudo.h: o Add -i that acts similar to "su -", based on patches from David J. MacKenzie o Sort the flags in the usage message [c0fe7d6beffd] * sudoers.man.in, sudoers.pod: Add a missing @runas_default@ substitution. [60516fe2d090] 2004-01-17 Todd C. Miller <[email protected]> * sudo.c: Change euid to runas user before calling find_path(). Unfortunately, though runas_user can be modified in sudoers we haven't parsed sudoers yet. [f469fdf2e313] * sudoers.man.in, sudoers.pod: Add missing defintion of Parameter_List and use single pipes in the Defaults EBNF definition. [f7bed6e909bf] * sudo.c: Fix a bug when set_runaspw() is used as a callback. We don't want to reset the contents of runas_pw if the user specified a user via the -u flag. Avoid unnecessary passwd lookups in set_authpw(). In most cases we already have the info in runas_pw. [efc35623ba09] 2004-01-16 Todd C. Miller <[email protected]> * check.c: Add Stan Lee / Uncle Ben quote to the lecture from RedHat [ebd5a76ccd7e] * sudo.h: Update sudo_getepw() proto and add one for set_runaspw() [6ed65795c17f] * parse.c: If we can't stat the command as root, try as the runas user instead. [ae713fca0e15] * testsudoers.c, visudo.c: Add stub set_runaspw() function [42aa37050053] * sudo.c: Add set_runaspw() function to fill in runas_pw. This will be used as a callback to update runas_pw when the runas user changes. [e570aa0088d0] * env.c, sudo.c: PERM_RUNAS -> PERM_FULL_RUNAS [51eec6f9e89a] * set_perms.c, sudo.h: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just changes the euid. [877c6fe4d12c] * getspwuid.c: Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in one chunk for easy free()ing. Also change it from static to extern. [ab503260a7ec] * defaults.c, defaults.h: Add callback support [a61c4ca983fb] * mkdefaults: Add a callback field and use it for runas_default [96b69c27df5e] * def_data.c, def_data.in: Add a callback field and use it for runas_default [d3e9f06872b8] 2004-01-15 Todd C. Miller <[email protected]> * auth/fwtk.c: Add support for chalnecho and display server responses used by fwtk >= 2.0 [b1870f7aaf0d] 2004-01-12 Todd C. Miller <[email protected]> * sudoers.man.in, sudoers.pod: ld.so is ld.so.1 on solaris [2bf9a123fa4c] * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h: Use closefrom() instead of doing the equivalent inline. [7e3ef6072884] * closefrom.c: closefrom(3) for systems w/o it [35caf58bb636] 2004-01-09 Todd C. Miller <[email protected]> * sudoers.man.in: Update from .pod file. [d4c94fc0e0c9] * configure, configure.in: Substitute noexec_file for the sudoers man page [203d3376a551] * sudo.man.in, sudo.pod: Mention noexec [014375ddbb06] * sudoers.man.in, sudoers.pod: Document noexec [49a65d06201f] * auth/pam.c, config.h.in, configure.in: Move PAM_CONST macro definition from config.h to pam.c where it belongs. We can't have this in config.h since that gets included too early. [e64748071637] * auth/pam.c, config.h.in, configure, configure.in: Some PAM implementations put their headers in /usr/include/pam instead of /usr/include/security. [8cc749e9575c] * configure.in: I missed changing the EXEC macro -> EXECV here when I changed this in config.h.in and sudo.c a while ago. [6f5afac7789f] * acsite.m4: OpenBSD vax/m88k/hppa don't do shared libs [e4901d958bb7] * configure, configure.in: o merge the hpux case entries into a single entry w/ its own sub- case statement. o HP-UX >= 11 support getspnam(), use it in preference to getprpwuid() [0caad428894e] * configure, configure.in: eval $shrext so that it expands nicely on MacOS X [40419343eef8] * Makefile.in: Don't lie about making a module, it does the wrong thing on mach [7629b28f5688] * ltmain.sh: Remove requirement that libs must begin with "lib". They don't when we point directly at the lib using LD_PRELOAD or its equivalent. [d66f3de6ec85] * acsite.m4: Disable support for c++, f77 and java. We don't need it, it takes a lot of time, and it hosed our check for shared lib support. [4f5749c52ce4] * configure: regen [160865e9d15f] * configure.in: Call AC_ENABLE_SHARED and check the status of enable_shared to know when shared libs are available. [42504c1668fc] * acsite.m4: Duh, OpenBSD suports shared libs too [8e3cd9417475] * config.h.in, configure.in: Only OpenPAM and Linux PAM use const qualifiers. [b2f76476e866] * configure, configure.in: o No need to check for sed, libtool config does that for us o move check for --with-noexec until after libtool magic is run so we can use $can_build_shared and $shrext [668c656e89cc] * ltmain.sh: Don't print a bunch of crap about library installs since we are not really installing a library. [83fbcad29fe4] * env.c: Make format_env() varargs Add noexec support for Darwin, MacOS X, Irix, and Tru64 [468885d75d10] * acsite.m4, ltconfig, ltmain.sh: Update to libtool 1.5 with local changes: o no ldconfig in the finish step o assume no libprefix or version is needed [4961cffc3797] * sudo_noexec.c: Fix compilation under K&R [8b309bf0b1b2] 2004-01-06 Todd C. Miller <[email protected]> * CHANGES: checkpoint [3c368badab32] * sudo_noexec.c: stub execve() that just returns EACCES; used for noexec functionality [1297acae283a] * sudo.tab.h: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with generated code. [dcab78c49273] * sudo.tab.c: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with generated code. [0a61c735eabe] 2004-01-05 Todd C. Miller <[email protected]> * def_data.c, def_data.h, def_data.in: Move the environment defaults to the end and shorten a few of the descriptions. [66787b9c612c] * configure, configure.in: no shared libs on ultris or convexos [2c5f3c456e32] * Makefile.in, configure, configure.in: Build sudo_noexec shared object using libtool; could use some cleanup. [373f483555dd] * acsite.m4, ltconfig, ltmain.sh: libtool scaffolding [c903a42e3d90] * parse.yacc, sudo.tab.c: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not important. [c6e8a34639a4] * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c: update copyright year [a16372ae1711] * configure, configure.in, defaults.c, env.c, pathnames.h.in: Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option. The default value of noexec_file is set to this. [7d88e1d3c494] * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h: Add support for preloading a shared object containing a dummy execve() function that just sets error and returns -1. This adds a "noexec_file" option to load the filename as well as a "noexec" flag to enable it unconditionally. There is also a NOEXEC tag that can be attached to specific commands and an EXEC tag to disable it. [c8b6712feb91] * mkdefaults: add missing newline to usage statement [e84746618362] * config.h.in, sudo.c: Rename EXEC macro -> EXECV [ddaa0c027299] * logging.c: Don't truncate usernames to 8 characters in the log message. [f62a20f27075] * check.c, sudoers.man.in, sudoers.pod: Update copyright year [ca9964054085] * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in, sudoers.pod: Add a new option, lecture_file, that can be used to point to a custom sudo lecture. [940133231216] 2003-12-31 Todd C. Miller <[email protected]> * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Add a zero_bytes() function to do the equivalent of bzero in such a way that will heopfully not be optimized away by sneaky compilers. [161b6d74bfb4] * zero_bytes.c: Add a zero_bytes() function to do the equivalent of bzero in such a way that will heopfully not be optimized away by sneaky compilers. [d035abf0af94] * Makefile.in, sudo.h: Add a zero_bytes() function to do the equivalent of bzero in such a way that will heopfully not be optimized away by sneaky compilers. [ff136de3e255] * err.c: Use #ifdef __STDC__, not #if __STDC__. [6889dd6bc51a] 2003-12-30 Todd C. Miller <[email protected]> * mkdefaults: Always put at least one space between the def_* macro name and its definition. [6b3ad0e6619a] * configure, configure.in: Adjust code for --without-lecture to match new values. [062aa788a6b9] * visudo.man.in: regen after pasto fix [3deec16906c0] * sudoers.man.in, sudoers.pod: Document that "lecture" has changed from a flag to a tuple. [e2c03062b533] * check.c, def_data.c, def_data.h, def_data.in, defaults.c, defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: Add support for tuples in def_data.in; these are implemented as an enum type. Currently there is only a single tuple enum but in the future we may have one tuple enum per T_TUPLE entry in def_data.in. Currently listpw, verifypw and lecture are tuples. This avoids the need to have two entries (one ival, one str) for pwflags and syslog values. lecture is now a tuple with the following values: never, once, always We no longer use both an int and string entry for syslog facilities and priorities. Instead, there are logfac2str() and logpri2str() functions that get used when we need to print the string values. [5293f946c836] * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c, logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c, sudo.tab.c, visudo.c: Create def_* macros for each defaults value so we no longer need the def_{flag,ival,str,list,mode} macros (which have been removed). This is a step toward more flexible data types in def_data.in. [009c02934106] * TODO: checkpoint [0a99a4bb5d15] 2003-12-23 Todd C. Miller <[email protected]> * sudo.c: If we are in -k/-K mode, just spew to stderr. It is not unusual for users to place "sudo -k" in a .logout file which can cause sudo to be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died. Previously, this would result in useless mail and logging. [d282e7ed63af] 2003-12-16 Todd C. Miller <[email protected]> * visudo.pod: fix pasto in VISUAL description [1c6a6148b5f9] 2003-12-10 Todd C. Miller <[email protected]> * configure: regen [f44312c63799] * CHANGES: checkpoint [0c42e38f78d5] * TROUBLESHOOTING: Some OSes (like Solaris) allow export w/ nosuid too [973ce85ffa12] 2003-08-12 Todd C. Miller <[email protected]> * compat.h: We don't use FD_ZERO anymore so just define FD_SET (if not already there). [d1c8c11905cd] 2003-06-29 Todd C. Miller <[email protected]> * auth/pam.c: Fix a core dump on Solaris by preserving the pam_handle_t we used during authentication for pam_prep_user(). If we didn't authenticate (ie: ticket still valid), we call pam_init() from pam_prep_user(). This is something of a hack; it may be better to change the auth API and add an auth_final() function that acts like pam_prep_user(). [f787de49b175] 2003-06-21 Todd C. Miller <[email protected]> * set_perms.c: Add explicit declaration of printerr variable in function header (was defaulting to int which is OK but oh so K&R :-). From Theo. [492c2358783f] 2003-06-09 Todd C. Miller <[email protected]> * config.h.in, configure.in: s/HAVE_STOW/USE_STOW/ [4b99e1824ece] * logging.c: Also exit waitpid() loop when pid == 0. Fixes a problem where the sudo process would spin eating up CPU until sendmail finished when it has to send mail. [ec3d5792b9b4] 2003-05-30 Todd C. Miller <[email protected]> * fnmatch.c: Remove advertising clause, UCB has disavowed it [43a26bbd6628] * fnmatch.3: Remove advertising clause, UCB has disavowed it [3ff24291bcfa] 2003-05-22 Todd C. Miller <[email protected]> * parse.c: Don't assume that getgrnam() calls don't modify contents of struct passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen. Based on a patch from Kirk Webb. [5574c68f60f3] 2003-05-06 Todd C. Miller <[email protected]> * configure.in: missing ;; [22378f2a9d31] * configure.in: darwin has a broken setreuid() in at least some versions [d572aed930d2] * env.c: Fix an off by one error when reallocating the environment; Kevin Pye [3d98e7cf097a] 2003-04-30 Todd C. Miller <[email protected]> * sudoers.pod: Fix User_Spec definition; SEKINE Tatsuo [49b0da65e090] 2003-04-28 Todd C. Miller <[email protected]> * HISTORY: More info on the early days from Coggs. [9381ca10b06b] 2003-04-21 Todd C. Miller <[email protected]> * auth/kerb5.c: remove errant semicolon that prevented compilation under heimdal [d2f2bb73a598] 2003-04-16 Todd C. Miller <[email protected]> * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod: add DARPA credit on affected files [7020785ee50d] * sudoers.pod: add DARPA credit on affected files [83b46318750b] * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, sudoers.man.in: add DARPA credit on affected files [d8adf1c2ba22] * set_perms.c: add DARPA credit on affected files [3d79fdabb582] * pathnames.h.in: add DARPA credit on affected files [e334cdda422f] * logging.c, parse.c: add DARPA credit on affected files [8f75f822755b] * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c, find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c, interfaces.h: add DARPA credit on affected files [da66e28fb3f5] * auth/kerb5.c, auth/pam.c: add DARPA credit on affected files [15da3021b49c] * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c, version.h: add DARPA credit on affected files [868d54cbddea] * env.c: add DARPA credit on affected files [90239f51ef0a] * defaults.c, defaults.h: add DARPA credit on affected files [6a64205fd1eb] * compat.h: add DARPA credit on affected files [316a735783c4] * Makefile.in, alloc.c, check.c: add DARPA credit on affected files [cd939e05c810] * LICENSE: slightly different wording for the darpa credit [e468909c4a21] 2003-04-15 Todd C. Miller <[email protected]> * LICENSE: Add DARPA credit [8eb20e2cd63e] 2003-04-14 Todd C. Miller <[email protected]> * auth/kerb5.c: Use krb5_princ_component() instead of krb5_princ_realm() for MIT Kerberos like we did before I messed things up ;-) Use krb5_principal_get_comp_string() to do the same thing w/ Heimdal. I'm not sure if the component should be 0 or 1 in this case. #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there should be a configure check for this I guess. [74919a3933fe] 2003-04-13 Todd C. Miller <[email protected]> * sample.sudoers: builtin -> built-in; Jason McIntyre [027f2187923e] * TROUBLESHOOTING, config.h.in, configure, configure.in: builtin -> built-in; Jason McIntyre [70b81ac48943] * sudoers.pod: built in -> built-in; Jason McIntyre [da658ef5138d] 2003-04-09 Todd C. Miller <[email protected]> * CHANGES: checkpoint for 1.6.7p3 [da85f989fadf] * HISTORY: Update info on the early years @ SUNY-Buffalo from Cliff Spencer. Amazingly, sudo source from 1985 is available via groups.google.com [39e0fc85b89f] * sudo.c: Don't change rl.rlim_max for RLIMIT_CORE. We need only set rl.rlim_cur to 0 to turn off core dumps. This may be needed for the RLIMIT_CORE restoration on some OSes. [7e2c1a7adfd8] 2003-04-04 Todd C. Miller <[email protected]> * auth/kerb5.c: Make this compile on Heimdal and MIT Kerberos 5 [44c07d615868] * config.h.in, configure, configure.in: Check for heimdal even if we found krb5-config and define HAVE_HEIMDAL. [aba0126f0059] * auth/kerb5.c: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no longer defined by MIT kerb5 (though it used to be and indeed remains so in Heimdal). [e5a6c64d7cd5] 2003-04-03 Todd C. Miller <[email protected]> * mkinstalldirs: Remove newer stuff that passes multiple (possibly duplicate) directories to "mkdir -p" since that seems to break on Tru64 Unix at least. This basically brings back what shipped with sudo 1.6.6. [f2a1abd872b3] 2003-04-02 Todd C. Miller <[email protected]> * auth/kerb5.c: Correct number of args to krb5_principal_get_realm() and fix an unclosed comment that hid the bug. [0b37f8ce7824] * configure: regen [1876cb840fe0] * configure.in: ++version [480aff7c048e] * README: ++version [488e0bbff613] * Makefile.in: ++version [97ef63cedc38] * INSTALL.binary: ++version [a506204e77d0] * INSTALL: ++version [555aeba5c2bf] * CHANGES, version.h: ++version [f66985a64063] * BUGS: ++version [ea3573432412] * configure.in: use krb5-config to determine Kerberos V details if it exists [7b46bbdaf774] * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c, find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Use warn/err and getprogname() throughout. The main exception is openlog(). Since the admin may be filtering logs based on the program name in the log files, hard code this to "sudo". [9f180d015cfa] * Makefile.in: Add getprogname.c and err.c [d411c54a07dc] * configure: regen [6d585d391acc] * config.h.in, configure.in: Add checks for getprognam(), __progname and err.h [bcbccf61d34a] * emul/err.h: For systems withour err/warn functions. [1b33118884d9] * err.c: For systems withour err/warn functions. [26721f6b041f] * getprogname.c: For systems neither getprogname() nor __progname; uses Argv[0]. [841cf42af1eb] 2003-04-01 Todd C. Miller <[email protected]> * CHANGES: checkpoint for 1.6.7p1 [5bfdaf441dce] * sudo.c, testsudoers.c: fix strlcpy() rval check (innocuous) [e05ac7e0d1f3] * check.c: oflow detection in expand_prompt() was faulty (false positives). The count was based on strlcat() return value which includes the length of the entire string. [086c5a0acb25] 2003-03-31 Todd C. Miller <[email protected]> * RUNSON, TODO: checkpoint for the sudo 1.6.7 release [096bab4da29a] [SUDO_1_6_7] * CHANGES: checkpoint for the sudo 1.6.7 release [87322187ed78] 2003-03-24 Todd C. Miller <[email protected]> * logging.c: g/c unused variable [c57cd4a17765] * configure: regen [e7c1f581dfac] * configure.in: use man sections 8 and 5 for csops [87de581bda88] 2003-03-21 Todd C. Miller <[email protected]> * configure: regen [cb1433a9c7a1] * configure.in: Add -lskey or -lopie directly to SUDO_LIBS instead of having AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. [ac5667978939] * configure: regen [638459118a2a] * configure.in: Add --with-blibpath for AIX. An alternate libpath may be specified or -blibpath support can be disabled. Also change conifgure such that -blibpath is not specified if no -L libpaths were added to SUDO_LDFLAGS. [c7d17b480cad] * aclocal.m4: Add --with-blibpath for AIX. An alternate libpath may be specified or -blibpath support can be disabled. Also change conifgure such that -blibpath is not specified if no -L libpaths were added to SUDO_LDFLAGS. [37022e991575] * INSTALL: Add --with-blibpath for AIX. An alternate libpath may be specified or -blibpath support can be disabled. Also change conifgure such that -blibpath is not specified if no -L libpaths were added to SUDO_LDFLAGS. [4b4bbe5bbe1b] * configure.in: add AIX blibpath support [16ba788bf086] * INSTALL, configure.in: --with-skey and --with-opie now take an option directory argument This obsoletes a --with-csops hack (/tools/cs/skey) Also remove the remaining direct uses of "echo" [5b4986a90c03] 2003-03-20 Todd C. Miller <[email protected]> * configure.in: Detect KTH Kerberos IV and deal with it. Also make -lroken optional for KTH Kerberos IV and V. [119f97b48e18] * aclocal.m4: Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and -R/path/to/dir if $with_rpath) to the specified variable. [e55e49d076ce] * INSTALL, configure.in: Add -R/path/to/libs for Solaris and SVR4. There is a new configure option, --with-rpath to control this behavior. [d4730c5399ab] * configure.in: for kerb4 put libdes after libkrb on the link line [5c566100eab6] * auth/kerb4.c: typo [6541b72b64a3] * configure.in: fix kerberos lib check when a path is specified [ae833a914c6f] * logging.c: Fix boolean thinko in SIGCHLD reaper and call reapchild after sending mail instead of doing a conditional sudo_waitpid. [86fa9a35df5a] 2003-03-19 Todd C. Miller <[email protected]> * configure: regen [e6275cf528ba] * configure.in: replace =DIR with [=DIR] where sensible [c39a59173b38] * configure.in: o Use AC_MSG_* instead of "echo" o New Kerberos include/lib detection based on openssh's configure.in [5b7a340912df] * INSTALL: --with-kerb4 and --with-kerb5 now take an optional argument. [71ed87fc9c64] 2003-03-16 Todd C. Miller <[email protected]> * auth/securid.c: Kill remaining strcpy(), the programmer's guide says username is 32 bytes. [bdba70fcd08d] * auth/kerb4.c: trat uid_t as unsigned long for printf and use snprintf, not sprintf [8072f5f8966d] * auth/rfc1938.c: use snprintf [fc0c70c665fe] 2003-03-15 Todd C. Miller <[email protected]> * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/sudo_auth.c: update copyright year [b0a10ccb1d0e] * sudo.man.in, sudoers.man.in, visudo.man.in: update copyright year [8fce0034eb51] * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h, configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod, sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod: update copyright year [d541e75fe520] * check.c, env.c, sudo.c: Cast [ug]ids to unsigned long and printf with %lu [2ede64d3592b] * configure: regen [c7c3245bdf3e] * configure.in: correct error messages for --with-sudoers-{mode,uid,gid} [77fc15b1c9db] * alloc.c: make the malloc(0) error specific to each function to aid tracking down bugs. [a58c34374b4b] * alloc.c: deal with platforms where size_t is signed and there is no SIZE_MAX or SIZE_T_MAX [7192abb4ab4e] * auth/kerb5.c: Make this compile w/ Heimdal and fix some gcc warnings. [f52f026f31c2] * sudo.c: Use stat_sudoers macro so --with-stow can work [c3674735c139] * INSTALL, config.h.in, configure, configure.in: Add support for --with-stow based on patches from Robert Uhl [b274cc1dd52c] * env.c: fix indentation [110d9f1721b1] * configure.in: back out rev 1.352 [1eee91c83f11] * lex.yy.c: regen [72fba1c9590b] * parse.lex: use strlcpy, not strncpy [4faccbaeccef] * set_perms.c: Fix typo; check pw_uid, not pw_gid after setusercontext() failure. [33bf0d18fdc1] * logging.c: use pid_t [3e0536993d2c] 2003-03-14 Todd C. Miller <[email protected]> * strlcat.c, strlcpy.c: Make gcc shutup about unused rcsid [1669a0c74e9e] * interfaces.c: Move the n == 0 check for the non-getifaddrs cas [2460be061b2a] * auth/rfc1938.c: skeychallenge() on NetBSD take a size parameter [05acc2012801] * configure: regen [24bccf4749e8] * configure.in: put -ldl after -lpam, not before; fixes static linking on Linux [7f06b7b2b4d8] * interfaces.c: Avoid malloc(0) and fix the loop invariant for the getifaddrs() case. [239a55068646] * sudo.cat, sudoers.cat, visudo.cat: regen [4a2eed3981ca] * sudo.man.in, sudoers.man.in, visudo.man.in: regen [2c96ea2cf930] * Makefile.in: Preserve copyright notice from .pod file in .man.in file [519fbd09aebc] * visudo.pod: Add sudoers(5) to SEE ALSO [77ecfe3aedf1] 2003-03-13 Todd C. Miller <[email protected]> * lex.yy.c: regen [6f5751ce0b74] * parse.lex: Don't assume libc can realloc() a NULL string. If malloc/realloc fails, make sure we just return; yyerror() is not terminal. [1b8618623708] * lex.yy.c: regen [5d31b46191c6] * parse.lex: simplify fill_args a little and use strlcpy for paranoia [0ea35a55542b] * sudo.tab.c: regen [5a8d508d708b] * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c, testsudoers.c: Use strlc{at,py} for paranoia's sake and exit on overflow. In all cases the strings were either pre-allocated to the correct size of length checks were done before the copy but a little paranoia can go a long way. [e73d28f1d14e] * sudo.h: Add strlc{at,py} protos [748ffc7fc7f4] * env.c, interfaces.c: Use erealloc3() [47f2cb46aba8] * configure: regen [e7e2fb79f935] * alloc.c: Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use memcpy() instead of strcpy() in estrdup() so this is strcpy()-free. [7e0fa4d6fc1d] * sudo.c: snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in configure. [09ea4d3959e9] * aclocal.m4: In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned. [31b4fdfdb8bf] 2003-03-12 Todd C. Miller <[email protected]> * sudo.c: Use snprintf() for paranoia [a2659ceb46de] * parse.yacc: Use emalloc2 and erealloc3 [90a069842401] * Makefile.in: strlc{at,py} for those w/o it [bac82dc916ee] * strlcat.c, strlcpy.c: stlc{at,py} for those w/o it. [ce7254f5db09] * config.h.in, configure, configure.in: Add stlc{at,py} for those w/o it. [00f08219657a] * alloc.c, sudo.h: Add erealloc3(), a realloc() version of emalloc2(). [c96eaf08bbed] * interfaces.c, sudo.c: Use emalloc2() to allocate N things of a certain size. [1e0aba365555] * alloc.c, sudo.h: Add emalloc2() -- like calloc() but w/o the bzero and with error/oflow checking. [292150bc4153] * alloc.c: Error out on malloc(0); suggested by theo [995279e81326] 2003-03-10 Todd C. Miller <[email protected]> * configure, configure.in: fix a typo; David Krause [f161213a17ab] 2003-03-07 Todd C. Miller <[email protected]> * sudo.pod: fix typo [3ae5ad9a351a] 2003-03-04 Todd C. Miller <[email protected]> * env.c: Remove DYLD_ from the environment for MacOS X; from bbraun [38caad5a3935] 2003-03-01 Todd C. Miller <[email protected]> * config.h.in, configure.in: not not; Anil Madhavapeddy [d4f4f0bfc66b] 2003-01-23 Todd C. Miller <[email protected]> * sudo.pod, sudoers.pod, visudo.pod: typos; [email protected] [868c0f09bf9e] 2003-01-20 Todd C. Miller <[email protected]> * parse.yacc: Add some missing ';' rule terminators that bison warns about. [535b0b8dcce5] * config.sub: fix typo I introduced in last merge [81db4e4f43fe] * configure: regenerate with autoconf 2.57 [ca0c1e9564f8] * config.h.in: Add missing "$HOME" [209186197ad1] * configure.in: Add some more square backets to make autoconf 2.57 happy [b5639c14faf7] * config.sub, mkinstalldirs: Updates from autoconf-2.57 [36be35eb331b] * config.guess: Updates from autoconf-2.57 [ea0f8ca622af] 2003-01-17 Todd C. Miller <[email protected]> * sudo.tab.h: regen [13a65a421567] * lex.yy.c, sudo.tab.c: regen [0b529db7cb6d] * parse.lex, parse.yacc, sudoers.pod: Add support for Defaults>RunasUser [20d726373175] 2003-01-07 Todd C. Miller <[email protected]> * visudo.c: fclose() yyin after each yyparse() is done and use fopen() instead of using freopen(). [587f8a2df857] * parse.lex: Better fix for sudoers files w/o a newline before EOF. It looks like the issue is that yyrestart() does not reset the start condition to INITIAL which is an issue since we parse sudoers multiple times. [920f8326968a] 2003-01-06 Todd C. Miller <[email protected]> * parse.lex: Work around what appears to be a flex bug when dealing with files that lack a final newline before EOF. This adds a rule to match EOF in the non-initial states which resets the state to INITIAL and throws an error. [b94943bb1f81] * visudo.c: o The parser needs sudoers to end with a newline but some editors (emacs) may not add one. Check for a missing newline at EOF and add one if needed. o Set quiet flag during initial sudoers parse (to get options) o Move yyrestart() call and always use freopen() to open yyin after initial sudoers parse. [12d12f9b07aa] 2002-12-15 Todd C. Miller <[email protected]> * set_perms.c: Fix pasto/thinko in setresgid()/setregid() usage. Want to set effective gid, not real gid, when reading sudoers. [c7d18b810fcd] * set_perms.c: don't compile set_perms_posix if we have setreuid or setresuid [b9cea7a81a29] 2002-12-14 Todd C. Miller <[email protected]> * sudo.pod, sudoers.pod: document new prompt escapes [2f088076b640] * check.c: Add %U and %H escapes and redo prompt rewriting. "%%" now gets collapsed to "%" as was originally intended. This also gets rid of lastchar (does lookahead instead of lookback) which should simplify the logic slightly. [4b707b77b3c7] 2002-12-13 Todd C. Miller <[email protected]> * tgetpass.c: Write the prompt *after* turning off echo to avoid some password characters being echoed on heavily-loaded machines with fast typists. [d38c57775915] * config.sub: Add support for mipseb; [email protected] [cfdac87ed5c8] * configure.in: Fix IRIX fallout from name changes in man dir/sect Makefile variables. Patch from erici AT motown DOT cc DOT utexas DOT edu [9a7618755c23] * auth/pam.c: Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to the global copy. Problem noted by Peter Pentchev. [d0a3e189cb06] 2002-11-28 Todd C. Miller <[email protected]> * sudo.tab.c: regen [23b931359087] * parse.yacc: Add missing yyerror() calls; YYERROR does not seem to call this for us. [0be7aeb3ac57] 2002-11-26 Todd C. Miller <[email protected]> * sudo.c: fix typo in comment; Pedro Bastos [d7406c460e99] 2002-11-22 Todd C. Miller <[email protected]> * INSTALL: document --disable-setresuid [fbd03d03a027] * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Sprinkle some volatile qualifiers to prevent over-enthusiastic optimizers from removing memset() calls. [5370ac0e6129] * logging.c, parse.yacc: minor sign fixes pointed out by gcc -Wsign-compare [db872438337f] * set_perms.c, sudo.c, sudo.h: Revamp set_perms. We now use a version based on setresuid() or setreuid() when possible since that allows us to support the stay_setuid option and we always know exactly what the semantics will be (various Linux kernels have broken POSIX saved uid support). [523bc212396c] * config.h.in, configure: regen from configure.in [351877ea2624] * configure.in: Add checks for setresuid() and a way to disable using it [a5b21653d169] * compat.h: No long need to emulate set*[ug]id() via setres[ug]id() or setre[ug]id(). The new set_perms stuff only uses things it knows are there. [47884bd5d1d9] * sudo.c: Before exec, restore state of signal handlers to be the same as when we were initialy invoked instead of just reseting to SIG_DFL. Fixes a problem when using sudo with nohup. Based on a patch from Paul Markham. [f8f5a1484faa] * sudo.c: o timestamp_uid should be uid_t, not int o clarify error message when sudo is run by root and no_root_sudo is set [19dda0734264] 2002-09-19 Todd C. Miller <[email protected]> * README: update ftp link for bison [98bc191016e3] 2002-07-20 Todd C. Miller <[email protected]> * set_perms.c: Error out if setusercontext() fails and the runas user is not root. [089f9ade4686] 2002-05-20 Todd C. Miller <[email protected]> * auth/securid5.c: Fix rcsid [07e9e85dcc2f] * configure.in: Fix SecurID API test [5ec201f454a5] 2002-05-17 Todd C. Miller <[email protected]> * env.c: typo in comment [9d385c9ac533] * configure.in: securid5 stuff needs pthreads. Just adding -lpthread is suboptimal but I don't see a better way at the moment. [f89e55cbb313] * Makefile.in, auth/securid5.c: SecurID API version 5 support from Michael Stroucken [68500ac7e531] * configure.in: Add check for SecurID 5.0 API [1ee242e6de6b] 2002-05-08 Todd C. Miller <[email protected]> * strerror.c: We actually do still need config.h to get the 'const' definition for K&R C. [d9c982032d85] 2002-05-05 Todd C. Miller <[email protected]> * configure: regen with autoconf 2.5.3 [c71fc086eef5] * configure.in: Don't set sysconfdir to '/etc' if the user has specified a --prefix. [d90da1efafd9] * configure.in: Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug [dd67afefa90d] * env.c, sudo.c, sudo.h: No need for dump_badenv() now that dump_defaults() knows how to dump lists. [6bcda468501d] * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, version.h: ++version [44e3b8f95f0b] * sudoers.pod: document timestampowner [37ebd69e9dd1] * check.c: Don't call set_perms() when doing timestamp stuff unless timestamp_uid != 0. [63a63d41d18c] * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c, sudo.h, testsudoers.c: g/c second arg to set_perms--it is no longer used [7ac4ce50c612] 2002-05-03 Todd C. Miller <[email protected]> * check.c, set_perms.c, sudo.c, sudo.h: Add support for non-root timestamp dirs. This allows the timestamp dir to be shared via NFS (though this is not recommended). [faa83dd2b7fb] * def_data.c, def_data.h, def_data.in: Add timestampowner, "Owner of the authentication timestamp dir" [d47640d4c86a] 2002-05-02 Todd C. Miller <[email protected]> * env.c: Don't try to pre-compute the size of the new envp, just allocate space up front and realloc as needed. Changes to the new env pointer must all be made through insert_env() which now keeps track of spaced used and allocates as needed. [39bc934a9f2c] 2002-04-26 Todd C. Miller <[email protected]> * configure: regen [0e12c09bb790] * configure.in: Fix two typo/pastos; from [email protected] [b718a4bf1181] 2002-04-25 Todd C. Miller <[email protected]> * INSTALL.binary, README: ++version [a1e33027278c] [SUDO_1_6_6] * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: regen [19eb2be283ef] * CHANGES, RUNSON, TODO: Sync with 1.6.6 [2ff9a9087f63] * check.c: The the loop used to expand %h and %u, the lastchar variable was not being initialized. This means that if the last char in the prompt is '%' and the first char is 'h' or 'u' a extra copy of the host or user name would be copied, for which space had not been allocated. [b2e27197857d] 2002-04-18 Todd C. Miller <[email protected]> * BUGS, INSTALL, Makefile.in, configure.in, version.h: crank version to 1.6.6 [cfd08689e597] * auth/afs.c: #undef VOID to get rid of an AFS warning [b40760564dc1] * env.c: Use easprintf instead of emalloc + sprintf for some things. [e7bfe2e69a03] 2002-03-16 Todd C. Miller <[email protected]> * lex.yy.c, sudo.tab.c: regen [35327104383d] * parse.c, parse.lex, parse.yacc, testsudoers.c: Remove Chris Jepeway's email address so people don't bug him ;-) [c03410747a69] 2002-03-12 Todd C. Miller <[email protected]> * sudo.c: Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call endgrent() at the same time. [28b6097d5d1a] 2002-02-22 Todd C. Miller <[email protected]> * INSTALL: Make it clear which configure options take arguments. [38529e7efad0] 2002-01-25 Todd C. Miller <[email protected]> * compat.h: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no RLIM_INFINITY, just pretend it is -1. This works because we only check for RLIM_INFINITY and do not set anything to that value. [53173d34e6eb] 2002-01-22 Todd C. Miller <[email protected]> * auth/pam.c: Zero and free allocated memory when there is a conversation error. [e342133db579] * auth/bsdauth.c: Use sigaction() not signal() [126c2790561f] * INSTALL: Mention that some linux kernels have broken POSIX saved ID support [571ef1a893d3] * CHANGES: checkpoint for 1.6.5p2 [9e9e456f7f43] * configure: regen [d53703a46708] * configure.in: Add --disable-setreuid flag [3b9f2679cb55] * INSTALL: Document new --disable-setreuid option and change description for --disable-saved-ids to match new error message. [14fd3e5f60a5] * set_perms.c: fatal() now takes an argument that determines whether or not to call perror(). [d826b25e62ff] * TROUBLESHOOTING: Update for new error messages from set_perms() [78007c3f76a9] * PORTING: Update for new error messages from set_perms() [60c545a6bcff] 2002-01-21 Todd C. Miller <[email protected]> * auth/pam.c: Make this compile w/o warnings [b90843a29af5] * auth/pam.c: Mention that we can't use pam_acct_mgmt() [1dfc5a6e0479] * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c: The user's password was not zeroed after use when AIX authentication, BSD authentication, FWTK or PAM was in use. [b18fff30b1e7] 2002-01-20 Todd C. Miller <[email protected]> * auth/pam.c: Avoid giving PAM a NULL password response, use the empty string instead. This avoids a log warning when the user hits ^C at the password prompt when PAM is in use. [c3315805e4e4] * auth/pam.c: Don't check the return value of pam_setcred(). In Linux-PAM 0.75 pam_setcred() returns the last saved return code, not the return code for the setcred module. Because we haven't called pam_authenticate(), this is not set and so pam_setcred() returns PAM_PERM_DENIED. [73db145fa179] * Makefile.in: Don't need a '/' between $(DESTDIR) and a directory. [0901ca618176] * Makefile.binary: Don't need a '/' between $(DESTDIR) and a directory. [cd7eb6098b87] 2002-01-18 Todd C. Miller <[email protected]> * configure: regen [41b12c039282] * configure.in: o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus setreuid() o new NetBSD has a real setreuid() o add check for freeifaddrs() if getifaddrs() exists. [a82ee3b01733] * config.h.in, interfaces.c: Older BSDi releases lack freeifaddrs() so add a test for that and if it is not present just use free(). [6270671ea9d5] 2002-01-17 Todd C. Miller <[email protected]> * CHANGES, RUNSON: Checkpoint for 1.6.5p1 [26134ecf9b36] * auth/passwd.c: Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access to normal passwords, not AUTH_FATAL (which just causes an exit). [785e0f4bc0e2] * visudo.c: Don't use memory after it has been freed. [c60492739fdb] * auth/passwd.c: skeyaccess() wants a struct passwd * not a char *; Patch from Phillip E. Lobbes [65a1d3806fcd] [SUDO_1_6_5] * BUGS: ++version [b2e1825e692e] * CHANGES, RUNSON, TODO: checkpoint for sudo 1.6.5 [d730945622e7] 2002-01-16 Todd C. Miller <[email protected]> * configure: regen [49744c403ac9] * INSTALL, INSTALL.binary, Makefile.in, README, configure.in: version 1.6.5 [ec30a5f7fc45] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: sudo version 1.6.5 [458a3bed535d] * logging.c: o when invoking the mailer as root use a hard-coded environment that doesn't include any info from the user's environment. Basically paranoia. o Add support for the NO_ROOT_MAILER compile-time option and run the mailer as the user and not root if NO_ROOT_MAILER is defined. [4df351ec92ce] * set_perms.c, sudo.h: Bring back PERM_FULL_USER [edb6039bb284] * configure: regen [3eb2943afa03] * version.h: version 1.6.5 [044fc9a0c72b] * INSTALL, config.h.in, configure.in: Add --disable-root-mailer option to run the mailer as the user and not root. [e9f805397963] * CHANGES: checkpoint for 1.6.4p2 [b58aae5aa98a] * PORTING: Mention the "seteuid(0): Operation not permitted" problem here too just for good measure. [90135b37a691] 2002-01-15 Todd C. Miller <[email protected]> * env.c, getspwuid.c, sudo.c: The SHELL environment variable was preserved from the user's environment instead of being reset based on the passwd database when the "env_reset" option was used. Now it is reset as it should be. [300066ef3c71] * configure: regen [a47d779e6552] * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c, sudo.c: Add a configure option to turn off use of POSIX saved IDs [fb18cc8e94d0] * configure: regen [d4f2f20025b6] * configure.in: add --with-efence option [45c4f33a8e88] * sudo.c: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where "sudo -l" would not work if always_set_home was set. [c3a6de6c4800] * lex.yy.c: regen [417424452998] * parse.lex: Quoted commas were not being treated correctly in command line arguments. [753415541b37] * sudo.c: o Move the call to rebuild_env() until after MODE_RESET_HOME is set. Otherwise, the set_home option has no effect. o Fix use of freed memory when the "fqdn" flag is set. This was introduced by the fix for the "segv when gethostbynam() fails" bug. Also, we no longer call set_fqdn() if the "fqdn" flag is not set so there is no need to check the "fqdn" flag in set_fqdn() itself. [4b6a4245c04e] * env.c: Add 'continue' statements to optimize the switch statement. From Solar. [a82c76975ae5] 2002-01-13 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in: Regen from new sudoers.pod [6ecc07b3d0e1] [SUDO_1_6_4] * sudoers.pod: Add caveat about stay_setuid flag [9d228a7bea1b] * sudo.c: If set_perms == set_perms_posix and the stay_setuid flag is not set, set all uids to 0 and use set_perms_fallback(). [c4e54d1ec86f] * set_perms.c, sudo.h: Remove PERM_FULL_USER (which is no longer used) and add PERM_FULL_ROOT (used when exec'ing the mailer). [15406c522ea2] * logging.c: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we never want to run the mailer setuid. [2294853e0666] 2002-01-12 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in, visudo.pod: Use sudo.ws instead of courtesan.com in URLs [55204002a308] * Makefile.binary, Makefile.in: Fix mansect substitution [b7b5cbc3aa91] * Makefile.in: Substitute man sections in Makefile.binary [040deb785e56] * Makefile.binary: Sync install targets with Makefile.in and substitute in man sections. [77882a275281] * INSTALL, INSTALL.binary: version is 1.6.4 [0f87aabbcb70] * Makefile.in: Repair bindist target [8d43bfe7e2d1] * CHANGES: sync for 1.6.4 [13ca3d4a0a72] 2002-01-10 Todd C. Miller <[email protected]> * install-sh: Fix case where neither whoami nor id are found [424dd270bc47] 2002-01-09 Todd C. Miller <[email protected]> * install-sh: If neither whoami nor id exists, just assume we are root. [2d2644e42c53] * alloc.c: Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed on AIX which for some reason isn't pulling in the malloc prototype. [231440d2ee3b] 2002-01-08 Todd C. Miller <[email protected]> * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: (c) 2002 [700e3b41a68e] * CHANGES: checkpoint [33e604bd8d5b] * sudo.c: Defer assigning new environment until right before the exec. [f13c49e75c1c] * parse.c: kill extra blank line [12ef22e9dae3] 2002-01-07 Todd C. Miller <[email protected]> * configure: regen [a6cd2d788f74] * configure.in: Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived compiler doesn't recognise -O2. [5234aa543692] * HISTORY: Clarify origins of Root Group sudo a bit based on info from [email protected] [4deef01c4208] 2002-01-03 Todd C. Miller <[email protected]> * LICENSE: 2002 [6c8e089dbd1a] * CHANGES: checkpoint for 1.6.4rc1 [3349eb87a49f] 2002-01-02 Todd C. Miller <[email protected]> * config.h.in: now generated via autoheader [84657d303cb9] * configure: regen [207bfa6a13f6] * compat.h: Move in some stuff that was previously in config.h. [e576d8b6480f] * aclocal.m4, configure.in: Add info for autoheader. [0549cd5da27c] 2002-01-01 Todd C. Miller <[email protected]> * Makefile.in: o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g to facilitate non-root installs [619216038f56] * install-sh: Add -M option (like -m but only for root) If we can't find "whoami", use "id" w/ some sed. [b39121c8b792] * configure: regen [b39b93ff9804] * configure.in: allow user to always override mansectsu and mansectform [0fca5e63bd90] 2001-12-31 Todd C. Miller <[email protected]> * mkinstalldirs: update from autoconf 2.52 [07bd75a508c3] * config.guess, config.sub: Update from autoconf 2.52 [857b90fe31b7] * configure: regen with autoconf 2.52 [08e7d1ea2aeb] * configure.in: o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI mode o Remove compiler-specific checks for HP-UX now that we use AC_PROG_CC_STDC [d433a70b6208] * RUNSON: Checkpoint [babf6d2235d1] * auth/pam.c: o Add pam_prep_user function to call pam_setcred() for the target user; on Linux this often sets resource limits. o When calling pam_end(), try to convert the auth->result to a PAM_FOO value. This is a hack--we really need to stash the last PAM_FOO value received and use that instead. [6ad6f340dd2a] * set_perms.c, sudo.h: o Add pam_prep_user function to call pam_setcred() for the target user; on Linux this often sets resource limits. [67795421ac82] * env.c: Fix off by one error in number of bytes allocated via malloc (does not affected any released version of sudo). [5f5915360111] 2001-12-30 Todd C. Miller <[email protected]> * lex.yy.c: regen [8208c0277775] * parse.lex: Allow '@', '(', ')', ':' in arguments to a defaults variable w/o requiring that they be quoted. [ae59bc8f68dd] * sudoers.cat, sudoers.man.in, sudoers.pod: Mention that no double quotes are needed when adding/deleting/assigning a single value to a list. [25efc940a1f0] * Makefile.in: Don't rely on mkdefaults being executable, call perl explicitly. [6edc97ba5f1d] * sudo.tab.c: regen [49130b2e7e4d] * parse.yacc: Remove some XXX that are no longer relevant. [d460ac0d3767] * defaults.c: o Roll our own loop instead of using strpbrk() for better grokability o When adding to a list we must malloc() and use memcpy(), not strdup() since we must only copy len bytes from str. [649bef08e1f0] 2001-12-21 Todd C. Miller <[email protected]> * sudo.tab.c: regen [f0bbf2c38c0e] * parse.yacc: typo in comment [2563711ff593] 2001-12-19 Todd C. Miller <[email protected]> * CHANGES: checkpoint [a6d8a29fb30e] * configure: regen [bdfcaaf3bd13] * configure.in: avoid the -g flag unless --with-devel was specified [a976707bef30] * Makefile.in: mkdefaults, def_data.in and sigaction.c were missing from the tarball [6917ffbaa412] * Makefile.in: def_data.c was missing [87c78b11453d] 2001-12-18 Todd C. Miller <[email protected]> * env.c: Fix setting of $USER and $LOGNAME in the non-reset_env case. Also allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env [fc8698e6a45e] * TODO: Another TODO item [6f251d6cd466] * sudoers: Add comment for Default section so folks know where it should go. [7edba626f392] 2001-12-17 Todd C. Miller <[email protected]> * tgetpass.c: Use TCSETAF, not TCSETA to set terminal in termio case [fbd172f6c5d3] * sudoers.cat, sudoers.man.in: regen from sudoers.pod [64edd2de816e] * sudoers.pod: o Typo, Runas_User_List should be Runas_List o a User_List can not contain a uid o mention that the Defaults section should come after Alias definitions but before the user specifications [54070ba2092b] 2001-12-15 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man.in: regen [e62d1d97693c] * sudoers.pod: Fix listpw and verifypw sections, they were not being formatted properly. [123868c2f3e9] * sudoers.cat, sudoers.man.in: regen [f94841f8b374] * sudoers.pod: fix typos [f278f1c1184e] * configure: regen [d2270049ba9f] * config.h.in, configure.in: use AC_SYS_POSIX_TERMIOS instead of rolling our own [c1a13f1354b9] * README: Reference sudo.ws not courtesan.com [ca13be67ebd7] * PORTING: Add notes on shadow passwords [aa13863f2314] * BUGS: In list mode (sudo -l), characters escaped with a backslash are shown verbatim with the backslash. [1a75a2858be2] * sudoers: Add simple examples from OpenBSD (Marc Espie) [3ae9a9ae4125] * tgetpass.c: Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP. [f8817699ee10] * CHANGES: minor prettyification [f523587929b9] * CHANGES: Updated change log [39d9010ee7a8] * testsudoers.c: Fix CIDR handling here too. [c91db8344c32] * auth/pam.c: Apparently a NULL response is OK [83bae61078d9] * TODO: Checkpoint for upcoming beta release [efb95c09df2a] * TROUBLESHOOTING: Many people believe that adding a runas spec should obviate the need for the -u flag. It does not. [c698bad85b0e] * RUNSON: checkpoint update for upcoming 1.6.4 beta [009e465a0a45] * config.h.in: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even if HAVE_STRING_H is defined -- this is safe now [d27c035f4e14] * PORTING: Add signals section [2d24c13cb3c8] * configure: regen [2b80a939e2ed] * configure.in: Fix check for sigaction_t [6fa41c89ab20] * sudo.c: XXX - should call find_path() as runas user, not root. Can't do that until the parser changes though. [f0b4f85651bd] * sudo.c: If find_path() fails as root, try again as the invoking user (useful for NFS). Idea from Chip Capelik. [e03fa7872692] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: Regenerate after pod file changes [48e4bd75ec21] * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h, sudo.pod, sudoers.pod: Add new sudoers option "preserve_groups". Previously sudo would not call initgroups() if the target user was root. Now it always calls initgroups() unless the -P command line option or the "preserve_groups" sudoers option is set. Idea from TJ Saunders. [4f730359f101] 2001-12-14 Todd C. Miller <[email protected]> * compat.h, config.h.in: Use new HAVE_SIGACTION_T define [dfb25f3cae5b] * logging.c: Fix compilation on K&C [7355e3275e34] * configure: regen [a710584f92f0] * configure.in: Add check for sigaction_t -- IRIX already defines this so don't redefine it. [df9c5737f6da] * snprintf.c: fix typo [3d782b8134c8] * interfaces.c: need stdlib.h here too [c789d8973ab2] * configure: regen [44822856bf46] * configure.in: Remove redundant checks for string.h, strings.h and unistd.h [933c94f8bbf4] * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: Regen from pod files [ad18c590f638] * BUGS: Update for 1.6.4 [26bc88b69d22] * configure, lex.yy.c, sudo.tab.c: regen [bef89fd6fa2d] * strerror.c: Return EINVAL if errnum > sys_nerr [0512374e6661] * auth/sudo_auth.h: o Update copyright year [a877016db6e2] * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h, config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, sudo.pod: o Update copyright year [e15a1b39039f] * configure.in: o Don't define STDC_HEADERS unconditionally for IRIX o Update copyright year [82a8cb819e07] * README: update version [d82e523a16b4] * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [fe39f76b3795] * lsearch.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [764ba3d4fa13] * getspwuid.c, goodpath.c, interfaces.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [fb46d46140d4] * getcwd.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [b199d70ac7ab] * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c, fnmatch.c: o Reorder some headers and use STDC_HEADERS define properly o Update copyright year [dab8f192a3ed] * configure: regen [156658f25cea] * tgetpass.c: flags set in signal handlers should be volatile sig_atomic_t [c22931a5535e] * config.h.in, configure.in: Add checks for volatile and sig_atomic_t [b03b3341381d] * configure, lex.yy.c: regen [ed9daba88217] * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c, sudo.c, sudoers.pod: Remove "secure_path" Defaults option since it cannot work with the existing parser. [c9e54a0f5971] * find_path.c, sudo.c: Unset "secure_path" if user_is_exempt() [fb7544565ae8] * env.c, pathnames.h.in: o Remove assumption that PATH and TERM are not listed in env_keep o If no PATH is in the environment use a default value o If TERM is not set in the non-reset case also give it a default value. [c987eb7df268] * aclocal.m4, configure.in, defaults.c, pathnames.h.in: _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on systems that define in paths.h [51865b0cdebf] * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h: Add support for skeyaccess(3) if it is present in libskey. [8add77c7d3e7] 2001-12-13 Todd C. Miller <[email protected]> * sudo.c: Only need to do 'lc = login_getclass(NULL)' if lc == NULL [5a3d3cbf2c6d] * parse.lex: '\\' is a perfectly legal character to have in a command line argument. [c15a466ef00e] * sudo.c: o Defer call to set_fqdn() until it is safe to use log_error() o Don't print errno string value if gethostbyname fails, it is not relevant [c0c6bcf08bcb] * parse.c: Fix CIDR -> in_addr_t conversion. [2f307ebeb63f] 2001-12-12 Todd C. Miller <[email protected]> * sudoers.pod: Remove an extra "User_List" in the User_Spec definition From ybertrand AT snoopymail.com [97bde59ea280] * parse.c: Make 'listpw=never' work for users who are not explicitly mentioned in sudoers. [258f0f30a428] * sudoers.pod: Remove gratuitous '=' in EBNF grammar; era AT iki.fi [4b0f03872ee1] * sudoers.pod: Document new list Defaults type and convert env_keep and env_delete to lists. Document new env_check option. [a07f1f079fe3] * lex.yy.c, sudo.tab.c, sudo.tab.h: regen parser [e39ac6c6581b] * parse.lex: Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec to #[0-9-]+. [69c5388908f3] * configure: regen [0f1877b88cb3] * aclocal.m4: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK [6545503ae361] * config.h.in, configure.in: Add check for skeyaccess(3) [6caf69fe6359] * visudo.pod: Document new -c, -f, and -q options [13d0203c21d3] * visudo.c: o Add -f option (alternate sudoers file) o Convert to use getopt(3) [4c2b664d617d] * configure: regen [6d5bd932e7b5] * aclocal.m4, config.h.in, configure.in: Add check for isblank and a replacement macro if it doesn't exist. [b524f5e4f953] 2001-12-11 Todd C. Miller <[email protected]> * visudo.c: In check-only mode, don't create sudoers if it does not already exist. [c748a2d5acad] * parse.yacc: o Add a new token, DEFVAR, to indicate a Defaults variable name o Add support for "+=" and "-=" list operators o replace some 1 and 0 with TRUE and FALSE for greater legibility. [554cb174b37e] * parse.lex: o Use exclusive start conditions to remove some ambiguity in the lexer. Also reorder some things for clarity. o Add support for "+=" and "-=" list operators. o Use the new DEFVAR token to denote a Defaults variable name. [3a2cf8323e26] * sudo.h: Prototype init_envtables() [b74916469dab] * env.c: o Convert environment handling to use lists instead of strings. This greatly simplifies routines that need to do "foreach" type operations. o Add new init_envtables() function to set env_check and env_delete defaults based on initial_badenv_table and initial_checkenv_table (formerly sudo_badenv_table). [0a8b404658b6] * defaults.c, defaults.h: o Add a new LIST type and functions to manipulate it. o This is for use with environment handling variables. o Call new init_envtables() routine inside init_defaults() to initialize the environment lists. [ae73e64f0902] * def_data.c, def_data.h, def_data.in: Convert environment options to use the new LIST type and add a new one, env_check that only deletes if the sanity check fails. [3019503936de] * testsudoers.c: Add dummy version of init_envtables() [9d9e3ee609d9] * parse.yacc: honor quiet mode [8330fba6167c] * visudo.c: Add check-only mode [dab411bc8c35] * mkdefaults: Fix generation of entries with NULL descriptions. [ea75b9fed02e] 2001-12-09 Todd C. Miller <[email protected]> * tgetpass.c: Use sigaction_t and quiet a gcc warning. [6f67d719c452] * sudo.c: Must reset signal handlers before we exec [300418120e1a] * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Be carefule now that tgetpass() can return NULL (user hit ^C). PAM version needs testing. Set SIGTSTP to SIG_DFL during password entry so user can suspend us. [00304aa58747] * tgetpass.c: Add support for interrupting/suspending tgetpass via keyboard input. If you suspend sudo from the password prompt and resume it will re- prompt you. [4af2b5101d32] * sudo.c: Don't block keyboard interrupt signals, just set them to SIG_IGN. [d46d7f67ef6b] 2001-12-08 Todd C. Miller <[email protected]> * config.h.in: add back HAVE_SIGACTION [c9c7702c603e] * configure: regen [09fe669d337f] * config.h.in, configure.in, logging.c, sudo.c, visudo.c: Kill POSIX_SIGNALS define and old signal support now that we emulate POSIX ones Also be sure to correctly initialize struct sigaction. [4bc2a6dbb2be] * strerror.c: Don't need config.h or "#ifndef HAVE_STRERROR" wrapper. [1ad64a19f328] * compat.h: Add scaffolding for POSIX signal emulation [945861d4c93b] * sigaction.c: o Add missing ';' so this compiles o Can't use NULL since we don't include stdio.h [04d0cac7438f] * sigaction.c: Emulate sigaction() using sigvec() [d0b54a989875] 2001-11-13 Todd C. Miller <[email protected]> * sudoers.pod: Document new behavior of negative values of timestamp_timeout Fix a typo [4c0716570d01] * sudo.pod: Add security note about command not being logged after 'sudo su' and friends. [43294851a33c] * sudo.pod: Mention that -V prints default values when run as root, including the list of environment variables to clear. [d9e5e550a8c3] * Makefile.in: Run pod2man with --quotes=none to avoid stupid quoting of C<> entries. [997b23c35dbe] 2001-11-12 Todd C. Miller <[email protected]> * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod: Add mail_badpass option Also modify mail_always behavior to also send mail when the password is wrong [838d40ccafce] * env.c, sudo.c, sudo.h: Dump default bad env table when 'sudo -V' is run by root. [f67f1b8048b0] * sudoers.pod: document env_delete [d74f893663a2] * env.c: Add support for '*' in env_keep when not resetting the environment (ie: the normal case). [fd4fb62ea8fd] * env.c: Add env_delete variable that lets the user replace/add to the bad_env_table. Allow '*' wildcard in env_keep entries. [aa728bc35e29] 2001-11-06 Todd C. Miller <[email protected]> * mkinstalldirs: Force umask to 022 to guarantee sane directory permissions. [9ab3cfe70569] 2001-11-02 Todd C. Miller <[email protected]> * Makefile.in: add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency [671010465e6f] * mkdefaults: fix breakage in last commit [8318f8851e56] * Makefile.in: acsite.m4 -> aclocal.m4 [30c146873a01] * check.c: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit [4dc8b39954da] * def_data.c: regenerated from def_data.in [915ea16ce1eb] * check.c, defaults.c, defaults.h: Add new T_UINT type that most things use instead of T_INT If timestamp_timeout is < 0 then treat the ticket as never expiring (to be expired manually by the user). [3a3a636a2a5d] * def_data.in: change most T_INT -> T_UINT [a2228d2457af] * mkdefaults: fix warning when no args [ca70a5394af5] * visudo.c: Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if we are a signal handler. We no longer print the signal number but the user can just check the exit value for that. [dc424f631fef] 2001-10-16 Todd C. Miller <[email protected]> * logging.c: when setting up pipes in child process check for case where stdin == pipe fd 0 [518112d76184] 2001-10-11 Todd C. Miller <[email protected]> * visudo.c: Ignore editor exit value since XPG4 says vi's exit value is the count of editing errors made (failed searches, etc). [b9d952284865] 2001-10-05 Todd C. Miller <[email protected]> * configure: regen [cb3aa586f03b] * configure.in: sco now is identified by config.guess as *-sco-* [46664bbdea61] * configure.in: Check for getspnam() in -lgen if not in -lc for UnixWare. [0f152ad1ba93] 2001-09-18 Todd C. Miller <[email protected]> * sudoers.pod, visudo.pod: "upper case" -> "uppercase" [f9151f232326] * sudoers.pod: fix typos and grammar; [email protected] [2855d73d0237] 2001-08-28 Todd C. Miller <[email protected]> * sudoers.pod: Missing word (specify); [email protected] [65523eb37a2c] 2001-08-23 Todd C. Miller <[email protected]> * sudo.c: If we fail to lookup a login class, apply the default one. [d4869faa6816] * logging.c: In log_error() free message, not logline unconditionally, then free logline if it is not the same as message. No function change but this mirrors how they are allocated. [565e5f6cc643] 2001-07-17 Todd C. Miller <[email protected]> * configure: regenerate [834a48f548a2] * configure.in: remove some backslash quotes that are unneeded [50d401d6e2ca] * configure.in: o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have to AC_DEFINE things manually. [f502c5f15f92] * config.guess, config.sub: Updated from autoconf-2.50 [6140205915ef] 2001-05-22 Todd C. Miller <[email protected]> * README: Update mailing list section. We use mailman now, not majordomo. [b9a8ca45e6dc] 2001-05-10 Todd C. Miller <[email protected]> * getspwuid.c, logging.c, sudo.c: Use setpwent()/endpwent() + all the shadow variants to make sure we don't inadvertantly leak an fd to the child. Apparently Linux's shadow routines leave the fd open even if you don't call setspent(). Reported by [email protected]; different patch used. [d33792ef6c01] 2001-04-13 Todd C. Miller <[email protected]> * sudoers.pod: s/eg./e.g./ [bd32a0acaf93] * tgetpass.c: select() may return EAGAIN. If so, continue like we do for EINTR. [5f202c943818] * logging.c: Fix a non-exploitable buffer overflow in the word splitting code. This should really be rewritten. [4c724363863a] * Makefile.in: FAQ link goes away [1d26dd6c8972] * INSTALL: Tell people to look in sample.syslog.conf for examples, not FAQ [affcae3f43ca] * TROUBLESHOOTING: Update list of env vars that are cleared [234e56f1435a] * sudo.c: remove struct env_table decl since that stuff has all moved to env.c [5dd923148777] 2001-04-04 Todd C. Miller <[email protected]> * fileops.c: Fix a pasto in flock-style unlocking and include <sys/file.h> for flock on older systems; [email protected] [d5420d9d2861] * configure: regen to get NeXT lockf/flock fix [d3ba6ed70e15] * configure.in: force NeXT to use flock since lockf is broken [bd5391dca1bb] 2001-03-30 Todd C. Miller <[email protected]> * check.c: Use stashed user_gid when checking against exempt gid since sudo sets its gid to a a value that makes sudoers readable. Previously if you used gid 0 as the exempt group everyone would be exempt. From Paul Kranenburg <[email protected]> [0b140cc3a817] 2001-03-29 Todd C. Miller <[email protected]> * configure: regen [cc455408f32b] * aclocal.m4: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines some types (such as ssize_t) therein. [b6aee85ca331] 2001-03-02 Todd C. Miller <[email protected]> * defaults.c: Fix negation of paths in a boolean context. Problem found by [email protected] [8aee217a7cdf] 2001-02-23 Todd C. Miller <[email protected]> * visudo.c: pasto [ad32b277bf68] 2001-02-17 Todd C. Miller <[email protected]> * visudo.c: SA_RESETHAND means the opposite of what I was thinking--oops To block all signals in old-style signals use ~0, not 0xffffffff [6ecdd793590a] 2001-02-04 Todd C. Miller <[email protected]> * defaults.c: coerce difference of pointers to int when used in a string length printf format; [email protected] [a9d10f07180d] 2001-01-17 Todd C. Miller <[email protected]> * visudo.c: Block all signals in Exit() to avoid a signal race. There is still a tiny window but I'm not going to worry about it. [6661805c0458] 2001-01-07 Todd C. Miller <[email protected]> * env.c: glibc uses the LANGUAGE env var so clear that too; Solar Designer [d4ba95628afb] * lex.yy.c: Regenerate with a fix to flex.skl that preserves errno from clobbering by isatty(). [607eec736e19] 2000-12-31 Todd C. Miller <[email protected]> * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sia.c, auth/sudo_auth.c: Some defaults I_ defines got renamed. [ec19b23caaf3] * Makefile.in, check.c, def_data.c, def_data.h, def_data.in, defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, set_perms.c, sudo.c, sudo.tab.c: Move defaults info into its own files from which we generate .h and .c files. This makes adding or rearranging variables much simpler. [e91b880b5043] 2000-12-30 Todd C. Miller <[email protected]> * configure, configure.in: fix typo in last commit [10a6ee2bae71] * compat.h, config.h.in, configure, configure.in: Add check + emulation for setegid (like seteuid). [29492092bd2f] * env.c: Make env_keep override badenv_table as documented Fix traversal of badenv_table (broken in last commit) [37c9f0d22673] * set_perms.c, sudo.c, sudo.h: Don't try and build saved uid version of set_perms on systems w/o them. Rename set_perms_saved_uid() -> set_perms_posix() Make set_perms_setreuid simply be set_perms_fallback() and simply include the appropriate function at compile time (setreuid() vs. setuid()). [3107333c062c] * sudoers.cat, sudoers.man.in, sudoers.pod: PATH is also preserved when env_reset is in effect [90e45c5711ff] * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure, configure.in, defaults.c, defaults.h, env.c, find_path.c, getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c, visudo.cat, visudo.man.in: New Defaults options: o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2) o env_reset - reset the environment to a sane default o env_keep - preserve environment variables that would otherwise be cleared No longer use getenv/putenv/setenv functions--do environment munging by hand. Potentially dangerous environment variables can be cleared only if they contain '/' pr '%' characters to protect buggy programs. Moved environment routines into env.c (new file) [c2f97651db4c] * INSTALL: Clear up --without-passwd description [2f336dab6733] * putenv.c, sudo_setenv.c: We now build up a new environment from scratch and assign it to "environ". [6ae6152f2238] 2000-12-19 Todd C. Miller <[email protected]> * sudo.pod, visudo.pod: Grammatical fixes from Paul Janzen [e03ead2e56f8] 2000-12-15 Todd C. Miller <[email protected]> * visudo.c: If there was a syntax error and the user just wants to quit, unlink sudoers if it is zero length. [74ba7921f520] * visudo.c: 'Q' means ignore parse error, not 'q' [e8d0e4491fe6] * visudo.c: Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric <[email protected]> [b24990a72491] 2000-12-13 Todd C. Miller <[email protected]> * set_perms.c: Add missing #ifdef HAVE_LOGIN_CAP_H; [email protected] [41a8db10e076] 2000-12-09 Todd C. Miller <[email protected]> * config.guess, config.sub: Darwin / Mac OS X support from Wilfredo Sanchez <[email protected]> [6052da895d2e] 2000-11-03 Todd C. Miller <[email protected]> * sudo.c, visudo.c: Use exit(127), not exit(-1) [9ff0c3eada34] * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c: Move set_perms() to its own file and use POSIX saved uid or setreuid() if available. Added stay_setuid option for systems that have libraries that perform extra paranoia checks in system libraries for setuid programs (ie: anything with issetugid(2)). [28960f842698] * sudo.c: strip more bits from the environment and add a facility for stripping things only if they contain '/' or '%' to address printf format string vulnerabilities in other programs. [b98d6375f299] 2000-11-02 Todd C. Miller <[email protected]> * configure: regen [7e74e5c91049] * configure.in: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of strcasecmp(). [a418e9e70442] * configure: regen [bbff244a52bc] * configure.in: Check for strcasecmp(3) in -lc89 for NCR Unix [361c99576681] 2000-11-01 Todd C. Miller <[email protected]> * config.h.in: Define HAVE_INNETGR #ifdef HAVE__INNETGR [473cdb92b6db] * configure: regen [4e6364a195e0] * compat.h, config.h.in, configure.in: Add check for _innetgr(3) since NCR systems have that instead of innetgr(3). [25e6852e7494] 2000-10-31 Todd C. Miller <[email protected]> * auth/securid.c: check return value of creadcfg() call sd_close() after sd_auth() store username in sd->username so we don't rely on the USER env variable [d106b4f42722] 2000-10-30 Todd C. Miller <[email protected]> * INSTALL: document --with-bsdauth [f1518ecc2ee9] * configure: regen [dceb35071ea8] * configure.in: --with-bsdauth assumes --with-logincap [4200778083fd] * auth/bsdauth.c, auth/fwtk.c: When prompting for a response to a challenge, if the user just hits return then reprompt with echo turned on. [a539b6474a97] 2000-10-29 Todd C. Miller <[email protected]> * sudo.c: Remove debugging code that should not have been committed, oops. [9862607b77a7] * auth/bsdauth.c: Use lower-level routines and get the password ourselves. Checks for a challenge and if there is one echo is not turned off. [2d8fcd166baa] * auth/pam.c, auth/sudo_auth.h: minor housekeeping, no real code changes [d0074a277fb4] 2000-10-27 Todd C. Miller <[email protected]> * sudo.c: Fix a coredump in the logging functions if gethostname(2) fails by deferring the call to log_error() until things are better setup. Fix return value of set_loginclass() in non-BSD-auth case. Hard-code 'sudo' in the usage message so we can fit more options on a line [d9d1b7579818] * logging.c: Fix errant ';' (typo) that broken MSG_ONLY [849b2276a470] 2000-10-26 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in: regen [bb3c8c6704d1] * sudo.pod: Document -a flag [e18316cebaac] * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in, configure, configure.in, getspwuid.c, sudo.c: Add support for BSD authentication. [f374cfd9ca0d] 2000-10-19 Todd C. Miller <[email protected]> * sudoers.pod: Fix typo; from [email protected] [3085fee9766e] 2000-10-12 Todd C. Miller <[email protected]> * sudoers.pod: Mention negating umask [c9e410294dae] * defaults.c: Allow user to specify umask of 0777 (same as !umask) [bb771daa96fe] 2000-10-09 Todd C. Miller <[email protected]> * sudo.pod, visudo.pod: Fix a typo and give a URL for the sudo history. [77f73199aedb] 2000-10-08 Todd C. Miller <[email protected]> * defaults.c, sudo.pod: fix typos; [email protected] [5532c7421340] 2000-09-14 Todd C. Miller <[email protected]> * sudo.c, sudo.h, sudo_setenv.c: sudo_setenv() now exits on memory alloc failure instead of returning -1. [71f1cf18f47b] 2000-09-07 Todd C. Miller <[email protected]> * sudo.c: Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD and possibly others. [b69d985b0d22] * logging.c: Don't use vsyslog(3) since HP-UX (and others?) lack it. This means that "%m" won't be expanded but we don't use that anyway since the logging routines may splat to stderr as well. [8d37a544d0c0] * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in, sudoers.pod: Add always_set_home variable [dbcaff646e07] * configure, configure.in: Have to hard code default values in help since the defaults are set _after_ the help stuff. [7b5d6d72f55c] 2000-08-31 Todd C. Miller <[email protected]> * lex.yy.c, parse.lex: Allow special characters (including '#') to be embedded in pathnames if quoted by a '\\'. The quoted chars will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'. [3ed33cf09977] 2000-08-13 Todd C. Miller <[email protected]> * install-sh: Better path searching for programs we need. [60517cb1f0d6] * TROUBLESHOOTING: Add section on "C compiler cannot create executables" errors. [e4ada6eaee59] * Makefile.binary, Makefile.in, version.h: Crank version [93d1bd5b7f5e] * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Substitute values from configure into man pages. [619854c356c1] 2000-08-12 Todd C. Miller <[email protected]> * parse.c, sudo.c: The listpw and verifypw sudoers options would not take effect because the value of the default was checked *before* sudoers was parsed. Instead of passing in the value of PWCHECK_* to sudoers_lookup(), pass in the arg for def_ival() so the check can be deferred until after sudoers is parsed. [4f596e358f72] 2000-08-11 Todd C. Miller <[email protected]> * tgetpass.c: When writing prompt, no need to write the NUL as well; [email protected] [fbcdd7b431ee] 2000-06-09 Todd C. Miller <[email protected]> * install-sh: When looking for chown, check in /sbin too [657ba6653f8c] 2000-06-05 Todd C. Miller <[email protected]> * visudo.c: Remove extraneous call to init_defaults() and set runas_user to NULL betweem parses so init_defaults will reset it each time, thus avoiding a reference to free()d data. [7421fcd692af] 2000-06-04 Todd C. Miller <[email protected]> * config.h.in, interfaces.c, interfaces.h, sudo.c: Add support for using getifaddrs() to get the list of ip addr / netmask pairs. Currently IPv4-only. [a35bc4f7306d] * visudo.c: Add a missing check for UserEditor == NULL Add missing '+' before line number when invoking editor to fix a syntax error [f0d4635f6082] 2000-05-12 Todd C. Miller <[email protected]> * sudo.c: Call clean_env very early in main() for paranoia's sake. Idea from Marc Esipovich. [f8d72ebd0115] 2000-05-10 Todd C. Miller <[email protected]> * sudo.h: Update proto for evasprintf and easprintf [d147d6e58419] * alloc.c: Make easprintf() and evasprintf() return an int. [b2ca5d089667] * check.c: If the targetpw flag is set, use target username as part of the timestamp path. If tty tickets are in effect cat the tty and the target username with a ':' as the separator. [de11abc693c2] 2000-05-09 Todd C. Miller <[email protected]> * auth/pam.c: Backout part of last change; setting PAM_USER to the invoking user breaks things like targetpw. [427218a7387f] * auth/pam.c: set tty and username via pam_set_item [85d1922dbcc9] * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h: Fix root, runas, and target authentication for non-passwd file auth methods. [a14535e7b30c] 2000-04-22 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use B<-Z> not C<-Z> for command line flags in all places. This is more consistent and works around a bug in Pod::Man. [64b5a05f30c5] * sudoers.cat, sudoers.man.in, sudoers.pod: Fix an occurence of 'semicolon' that should be 'colon' [4ea5aacae3fb] 2000-04-19 Todd C. Miller <[email protected]> * configure, configure.in: Fix --with-badpri help line [3cc40977c043] 2000-04-17 Todd C. Miller <[email protected]> * defaults.c, logging.c, sudo.c: Bracket calls to syslog with an openlog() and closelog() since some authentication methods (like PAM) may do their own logging via syslog. Since we don't use syslog much (usually just once per session) this doesn't really incur a performance penalty. It also Fixes a SEGV with pam_kafs. [fe1cc28529f6] 2000-04-15 Todd C. Miller <[email protected]> * sudo.c: Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS, mode) [ce9b1c6f68a6] 2000-04-12 Todd C. Miller <[email protected]> * INSTALL: Clarify the fact that insults are not enabled just by including them in the binary. [d5a31d48320c] 2000-04-07 Todd C. Miller <[email protected]> * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, visudo.man.in: Regenerated with perl 5.6.0 pod2man [21751433768b] * Makefile.in: Give date string to pod2man since its default is ugly and it ain't got no alibi. [0080b2f6298f] * Makefile.in: Do section substitution on the output of pod2man and remove hack needed for old pod2man. [1ef843d5c78b] * sudo.pod, sudoers.pod, visudo.pod: Put back real man sections, we will do the substitution later. [f728c1abad7e] 2000-04-02 Todd C. Miller <[email protected]> * configure, configure.in: Don't bother checking for the path to vi if user specified --with- editor [bf698487e0d5] 2000-04-01 Todd C. Miller <[email protected]> * CHANGES, visudo.c: Visudo now does its own fork/exec instead of calling system(3). [99bbcd88863b] * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: Visudo now checks for the existence of an editor and gives a sensible error if it does not exist. The path to the editor for visudo is now a colon-separated list of allowable editors. If the user has $EDITOR set and it matches one of the allowed editors that editor will be used. If not, the first editor in the list that actually exists is used. [cc86eb9f5440] * sudo.cat, sudo.man.in, sudo.pod: Clear up confusion wrt sudo's return value. [9385b12d8e79] 2000-03-27 Todd C. Miller <[email protected]> * Makefile.in: Strip sudo and visudo for bindist target [a995ddd79177] * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use @mansectsu@ and @mansectform@ in the man page bodies as well. [5eb9e60a726f] [SUDO_1_6_3] * visudo.cat, visudo.man.in, visudo.pod: Typo: @sysconf@ -> @sysconfdir@ [f07f52fcd099] * Makefile.in: 'make dist' should not cause any files to be modified so remove its dependencies. [7f44a2666a9c] * CHANGES: Whoops, forgot to add release marker [16c0f16b35b8] 2000-03-26 Todd C. Miller <[email protected]> * CHANGES: Final change for 1.6.3 (or so I hope) [473c89da6123] * sudo.cat, sudoers.cat, visudo.cat: Use SYSV man sections since BSD systems will have nroff... [0a6bd154324e] 2000-03-24 Todd C. Miller <[email protected]> * parse.yacc, sudo.tab.c: When checking to see if the host/user matches in a defaults spec, check against TRUE, not just non-zero since it might be -1. [41f2b7ad3fdd] * configure, configure.in: OSF/1 puts file formats in section 4, not 5. [d77c1301afa9] * CHANGES, INSTALL, sudo.c: Make login class support work on BSD/OS [e9bbe3c08ade] * RUNSON: Update for 1.6.3 [c40ce1d76c4d] * configure, configure.in: If there is no inet_addr but there *is* an __inet_addr that's ok since inet_addr is probably just a macro then. The better thing to do would be to look for the macro, but this is fine for now. [1b8865ae4d68] * configure, configure.in: Don't use shlicc for BSD/OS 4.x [83fbf6dedd2c] * Makefile.in, configure, configure.in: *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@ configure variable so we can deal with this. Also, only remove *.man for 'distclean' not 'clean'. [30d56e6de214] * sudo.c: set_loginclass() should be static like the proto says [d570a2d55fb8] 2000-03-23 Todd C. Miller <[email protected]> * fnmatch.c: Add #ifdef __STDC__ around the rangematch function header to avoid promotion of test to int, thus violating the prototype. Gcc handles this gracefully but more std ANSI compilers will complain. [7d98c3e332b2] * emul/fnmatch.h: Pull in newer fnmatch(3) that supports FNM_CASEFOLD [4e1320852f8b] * aclocal.m4, configure, fnmatch.3, fnmatch.c: Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for FNM_CASEFOLD in configure [9ef952bf1896] * CHANGES, TODO: update for 1.6.3 [e4ba6368a0c5] * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c: Fully qualified hosts w/ wildcards were not matching the FQHOST token type. There's really no need for a separate token for fully- qualified vs. unqualified anymore so FQHOST is now history and hostname_matches now decides which hostname (short or long) to check based on whether or not the pattern contains a '.'. [fbd2887d9811] * parse.h: Fully qualified hosts w/ wildcards were not matching the FQHOST token type. There's really no need for a separate token for fully- qualified vs. unqualified anymore so FQHOST is now history and hostname_matches now decides which hostname (short or long) to check based on whether or not the pattern contains a '.'. [dd7bbe223461] * lex.yy.c, parse.c, parse.lex, parse.yacc: Fully qualified hosts w/ wildcards were not matching the FQHOST token type. There's really no need for a separate token for fully- qualified vs. unqualified anymore so FQHOST is now history and hostname_matches now decides which hostname (short or long) to check based on whether or not the pattern contains a '.'. [630d9d205397] * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c: Add support for wildcards in the hostname. [d8d821ed4238] * Makefile.in: Add targets for *.man.in, using config.status to generate *.man from *.man.in [640e50ede485] * sudoers.cat, sudoers.man.in, sudoers.pod: Document set_logname option and enbolden refs to sudo and visudo. [9622b3a48707] * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Add FreeBSD login.conf support (untested on BSD/OS) based on a patch from Michael D. Marchionna. configure now does substitution on the man pages, allowing us to fix up the paths and set the section correctly. Based on an idea from Michael D. Marchionna. [463e928a0a2f] * auth/passwd.c: Better fix for handling HP-UX aging info. [3950f42d8549] * sudo.c: Add support for set_logname run-time default [c6a7cc76b8b4] * sudo.man.in, sudoers.man.in, visudo.man.in: configure does substitution on these to produce *.man [b83fc3c1bfc9] * sudo.man, sudoers.man, visudo.man: These files now get generated from *.man.in at configure time. [c499061f79e0] 2000-03-22 Todd C. Miller <[email protected]> * defaults.c, defaults.h: Add set_logname option so users can turn off setting of LOGNAME/USER environment variables. [6316869180b8] * lsearch.c, parse.c, testsudoers.c: kill register [6e104e653748] 2000-03-13 Todd C. Miller <[email protected]> * auth/passwd.c: HP-UX adds extra info at the end for password aging so when comparing the result of crypt to pw_passwd we only compare the first len(epass) bytes *unless* the user entered an empty string for a password. [3d24d4e4e889] * logging.c: Get rid of grandchild hack, it was causing problems and there is really no need for it. This fixes a bug where we spin eating up CPU when the user runs a long-running process like a shell. [5743b10b1e81] 2000-03-07 Todd C. Miller <[email protected]> * sudo.c: User can always specify a login class if he/she is already root. [710d160cef9f] * config.h.in, configure, configure.in, defaults.c, defaults.h, sudo.c, sudo.h: FreeBSD login class (login.conf) support. [026b981d6328] 2000-03-06 Todd C. Miller <[email protected]> * auth/sudo_auth.c: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support [9cd4929f1a78] 2000-03-03 Todd C. Miller <[email protected]> * auth/passwd.c: Truncate unencrypted password to 8 chars if encrypted password is exactly 13 characters (indicateing standard a DES password). Many versions of crypt() do this for you, but not all (like HP-UX's). [a9d0259cb193] 2000-03-02 Todd C. Miller <[email protected]> * INSTALL, RUNSON: Mention that gcc on dynix may have problems [77b97fa5bf1b] 2000-02-29 Todd C. Miller <[email protected]> * Makefile.in: Link visudo with NET_LIBS since we now call syslog via defaults.c [9e3830b277cc] * defaults.c: Use Argv[0] as the first arg to openlog() since visudo uses this too. [e61078f328ec] 2000-02-28 Todd C. Miller <[email protected]> * sudo.c: Stash coredumpsize resource limit and retsore it before the exec() Otherwise the child ends up with a coredumpsize of 0. [f6a4783835a3] 2000-02-27 Todd C. Miller <[email protected]> * sudo.cat, sudo.man, sudo.pod: document -S flag [3ebd805b7142] * sudo.c: fix usage string [66b2dfa47fe8] * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c: Added -S flag (read passwd from stdin) and tgetpass_flags global that holds flags to be passed in to tgetpass(). Change echo_off param to tgetpass() into a flags field. There are currently 2 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(), abstract the echo set/clear via macros and if (flags & TGP_ECHO) but echo is not set on the terminal, but sure to set it. [a4fcbb712cd0] * tgetpass.c: Fixed a bug that caused an infinite loop when the password timeout was disabled. [2be1ffc5a39f] 2000-02-18 Todd C. Miller <[email protected]> * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h, sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add rootpw, runaspw, and targetpw options. [2d4563e46df7] * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod, visudo.c: enveditor -> env_editor [ddc5f856e583] 2000-02-16 Todd C. Miller <[email protected]> * BUGS, INSTALL, Makefile.in, README, configure, configure.in, sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: crank versino to 1.6.3 [a5f7d3e74360] * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add 'editor' and 'enveditor' sudoers defaults and make visudo honor them. This means that visudo will now parse the sudoers file *before* it is edited so a bogus sudoers file will cause a warning to go to stderr. Also, visudo checks the variables once--it does not check them after each editor run since that could be confusing. [9f5af18e9212] 2000-02-15 Todd C. Miller <[email protected]> * RUNSON: 1.6.2 -> 1.6.2p1 [e25b74f1d1af] * check.c, sudo.c, sudo.h: Move user_is_exempt prototype into sudo.h [daf26a6ded8a] 2000-02-13 Todd C. Miller <[email protected]> * configure, configure.in: Fix thinko, some && should have been || in the last commit [4b9b2d487ded] * configure, configure.in: Don't initialized Makefile variables to be NULL since the user may want to import variables from their environment. [7be019f4422c] 2000-02-04 Todd C. Miller <[email protected]> * configure, configure.in: typo [38f4d8971f0a] 2000-01-28 Todd C. Miller <[email protected]> * sudo.tab.c: fix a yacc (skeleton.c) warning [a2da228a937b] 2000-01-27 Todd C. Miller <[email protected]> * INSTALL, RUNSON, configure, configure.in: Make pam work on HP-UX 11.0;[email protected] [b94de0ff6f42] * CHANGES: recent changes; prepare for 1.6.2p1 [b291635ea141] * find_path.c: Don't apply SECURE_PATH if user is example; [email protected] [4306285c4f6e] 2000-01-26 Todd C. Miller <[email protected]> * sudo.tab.c: Regen with yacc that has a memory leak plugged. [e26383a04eb7] * sudoers.cat, sudoers.man, sudoers.pod: Expanded docs on sudoers 'defaults' options based on INSTALL file info. [54c3d62d6c74] * INSTALL: Fix some while lies [d15311782150] 2000-01-24 Todd C. Miller <[email protected]> * Makefile.in: When making a bindist, link FAQ to TROUBLESHOOTING instead of copying. [2d88a6ac88cf] * sudoers.cat, sudoers.man, sudoers.pod: Add netgroup caveat [28d119f466e3] [SUDO_1_6_2] * RUNSON: Last minute updates [89fb4ed22d52] * TROUBLESHOOTING: PAM entry [a9fd59f39457] * auth/pam.c: correct a comment [a29627225ba9] * CHANGES, RUNSON: update for 1.6.2 [b7f1c40ea732] * auth/pam.c: Better detection of PAM errors and fix custom prompts with PAM. Based on patches from "Cloyce D. Spradling" <[email protected]> [ff69234b94a5] 2000-01-20 Todd C. Miller <[email protected]> * snprintf.c: Cast ULONG_MAX to unsigned long long when comparing to an unsigned long long value. [9d918c3a2ecd] 2000-01-19 Todd C. Miller <[email protected]> * CHANGES, config.h.in, configure, configure.in, visudo.c: Fix sudoers locking in visudo. We now lock the sudoers file itself, not the temp file (since locking the temp file can foul up editors). The previous locking scheme didn't work because the fd was closed too early. [de2011bb11ed] * config.h.in, configure, configure.in: Don't need test for ftruncate() any more. [e5f71c848104] * configure, configure.in: Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with the unbundled HP-UX cc. [2c373612c644] 2000-01-18 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.man, sudoers.pod: "a a" -> "a"; Aaron Campbell <[email protected]> [05360d2c314e] 2000-01-17 Todd C. Miller <[email protected]> * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h, parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c, version.h, visudo.c: update copyright year on changed files [5792a2a28a4c] * RUNSON: updates [edf8f19aa403] * CHANGES: aix fix [4d4a243b31e2] * INSTALL: Crank version to 1.6.2 [bcb5cb411624] * configure: Crank version to 1.6.2 [32a19f33427f] * sudo.c: When using rlimit check for RLIM_INFINITY When computing the value of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) [8c16166802e5] * CHANGES: recent changes [09fc7112e44d] * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: Crank version to 1.6.2 [055fa61a7c61] * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: Add 'shell_noargs' runtime option back in. We have to defer checking until after the sudoers file has been parsed but since there are now other options that operate that way this one can too. Based on a patch from [email protected]. [231db7a007a6] * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: Add "listpw" and "verifypw" options. [190683bac878] * sudoers.cat, sudoers.man, sudoers.pod: o Fix some typos/omissions o Add section on verifypw and listpw o Define how NOPASSWD interacts with the -v and -l flags [6feb7350eb79] 2000-01-14 Todd C. Miller <[email protected]> * configure, configure.in: For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add -D_HPUX_SOURCE to CPPFLAGS. [06cc35d89dc8] * defaults.c, defaults.h: In struct sudo_defs_types, move the union to the end and don't initialize the union member since that only works with an ANSI compiler. We set the value of the union by hand in init_defaults() anyway. This allows sudo to compile on a K&R compiler again. [623487e1fcfa] 2000-01-11 Todd C. Miller <[email protected]> * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c: netgr_matches needs to check shost as well as host since they may be different. [3f43ace23d3e] * tgetpass.c: End on \r as well as \n [cb7c6e6f4202] 2000-01-03 Todd C. Miller <[email protected]> * sudo.c: Update statbuf.st_mode based on SUDOERS_MODE when we are chaning from 0400 to whatever SUDOERS_MODE is (converting from the old sudoers mode). Assumes that SUDOERS_MODE is less restrictive than 0400 which should always be the case. [34cd83d49d20] * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l w/o a passwd if there is *any* entry for the user on the host with a NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for the user on the host w/ the specified runas user have the NOPASSWD flag set. [4b3b85697653] * Makefile.in: add check target [3d24d34a76fd] 1999-12-16 Todd C. Miller <[email protected]> * visudo.c: Treat EOF at whatnow prompt like 'x' instead of looping. [5deffc27114c] 1999-12-10 Todd C. Miller <[email protected]> * CHANGES: recent changes [5836a9452568] [SUDO_1_6_1] 1999-12-09 Todd C. Miller <[email protected]> * config.h.in, configure, configure.in, sudo.c: Add check for initgroups() since old SYSV lacks this. [657a6005a569] * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in, parse.c, testsudoers.c: o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h> exists. [17d081e917d6] 1999-12-06 Todd C. Miller <[email protected]> * auth/sudo_auth.c: Don't allow insults to be enabled if the insults[] array is empty. Otherwise there would be division by zero. [b20c14db6029] * insults.h: Don't allow insults to be enabled if the insults[] array is empty. Otherwise there would be division by zero. [028f130204b0] * CHANGES, RUNSON: Don't allow insults to be enabled if the insults[] array is empty. Otherwise there would be division by zero. [974f4780254b] * insults.h: Don't care about USE_INSULTS #define since the insult stuff may be overridden at runtime. [b873df8b299c] * auth/sudo_auth.c: Honor insults flag. [756111640fdc] * CHANGES, parse.c: Don't ask the user for a password if the user is not allowed to run the command and the authenticate flag (in sudoers) is false. [cea9fdc09c76] * CHANGES, RUNSON, lex.yy.c, parse.lex: o Whenever we get a bare newline we change to the INITIAL state. o Enter GOTRUNAS when we see Runas_Alias This allows #uid to work in a RunasAlias. [a475513e7c7a] 1999-12-05 Todd C. Miller <[email protected]> * CHANGES, parse.yacc, sudo.tab.c: fix parsing of runas lists: o oprunasuser and runaslist now return a value o in a runasspec, if a runaslist does not return TRUE, set runas_matches to FALSE. Normally, a runaslist only returns FALSE for explicitly denied users. o since runaslist does not modify the stack there is no need for a push/pop in runasalias. [82b305b34a8c] * check.c, sudo.c: Don't kill the user's tickets until after sudoers has been parsed since tty_tickets and ticket_dir could be set in sudoers. [f43e25367f3a] * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON, configure, configure.in, sudo.cat, sudo.man, sudoers.cat, sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: crank version to 1.6 [95f8bdcf9bb2] * testsudoers.c: add set_fqdn() stub [bbc81af5b41a] 1999-12-02 Todd C. Miller <[email protected]> * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat, sudoers.man, sudoers.pod, visudo.c: o Kill shell_noargs option, it cannot work since the command needs to be set before sudoers is parsed. o Fix the "set_home" sudoers option (only worked at compile time). o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which gets called when the "fqdn" option is set in sudoers. o Move the openlog() to store_syslogfac() so this gets overridden correctly from the sudoers file. [3dca861f0f5d] * auth/securid.c: SecurID support should compile now. [a544e5c6ea34] 1999-11-29 Todd C. Miller <[email protected]> * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat, visudo.man, visudo.pod: fix some syntactic goofs [b3451f0d5239] 1999-11-28 Todd C. Miller <[email protected]> * Makefile.in, sudo.html, sudoers.html, visudo.html: No longer need the .html files as they are generated automatically on the web site. [1b4aa4204584] * CHANGES, LICENSE: kill characters that made wml unhappy [b988fbc6da56] * HISTORY: typo [a418963f7fce] 1999-11-25 Todd C. Miller <[email protected]> * README: [email protected] -> [email protected] [5d151e8ffd3b] * Makefile.in, configure: Wrap script execution w/ /bin/sh for the benefit of ctm [3a9c4766b2c3] 1999-11-24 Todd C. Miller <[email protected]> * sudo.c: Make the -s flag be exclusive too. Also reorder the flags in the exclusive usage message so they are alphabetical. [4c7af200db34] 1999-11-23 Todd C. Miller <[email protected]> * auth/pam.c: make pam errors other than PAM_PERM_DENIED fatal [64bcb3fd2baf] * auth/API: fix typo [f3134c88b12e] * INSTALL: make it clear that /etc/pam.d/sudo is required on linux [213cc3eaad82] * auth/pam.c: fix a warning on redhat and spew an error if pam_authenticate() returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED [7e46dd19da89] * sudo.cat, sudo.html, sudo.man, sudo.pod: Be very clear that the password required is the user's not root's [a6da127347e5] 1999-11-20 Todd C. Miller <[email protected]> * Makefile.in: add sample.syslog.conf to DISTFILES and BINFILES [8661c27c007e] 1999-11-19 Todd C. Miller <[email protected]> * RUNSON: updates from Brian Jackson + some formatting [6d31c6fa63f8] 1999-11-18 Todd C. Miller <[email protected]> * INSTALL.binary, Makefile.binary, README, RUNSON: o One RUNSon update o Changes for automating real binary releases [dd9585f4406c] * Makefile.in: Add bindist target [546ed3fa94bb] 1999-11-16 Todd C. Miller <[email protected]> * TROUBLESHOOTING: talk about run-time options in addition to compile-time options [1eb813ff0a9a] [SUDO_1_6_0] * CHANGES: fix typos [65e92bb70a7b] * sudo.c: need sys/time.h if HAVE_SETRLIMIT [ce31655a8a60] * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man, sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: get rid of references to sudo-bugs. Now mention the web site or the sudo@ alias [a9db861fd8c6] * sudoers.html: repair pod2html damage [62ece4277f1f] * RUNSON, TODO: Update for 1.6 release [98569c57ba2a] * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Add warning about using ALL in a command context. [6c77685ab280] 1999-11-09 Todd C. Miller <[email protected]> * visudo.c: Call yyrestart() on a parse error to reset the lexer state. [1370a27acdb2] * lex.yy.c, parse.lex: Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c since it might not get called in yywrap if we get a parse error (and we only reread the file on error anyway). [37f4b449e28e] * lex.yy.c, parse.lex: Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that might still exist. Call yyrestart() instead of using the deprecated YY_NEW_FILE macro. [7d0d873046c6] * lex.yy.c, parse.lex: flex doesn't need %N table size declarations [268b020fd60a] * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Mention what characters need to be escaped in names. [72ccbb6b0f31] 1999-11-08 Todd C. Miller <[email protected]> * configure: regen [65827abb5c7b] * INSTALL: clarify Mac OS X entry [8da1549a71f5] * RUNSON: update [0cff8df7459f] * configure.in: o Use AC_MSG_ERROR throughout o Check syslog configure options for danity [4cb81e642e5c] 1999-11-05 Todd C. Miller <[email protected]> * defaults.c: Fix printing of type T_MODE in dump_defaults() [a868bb6f5515] * strcasecmp.c: missing sys/types.h [ca694ca325b6] * INSTALL: Break out options that may be overridden at run time into their own section. Add a not about Max OS X and correct some lies. [d8bcfd120593] 1999-11-04 Todd C. Miller <[email protected]> * CHANGES, config.h.in, configure, configure.in, sudo.c: o Now use getrlimit to find the highest fd when closing all non-std fd's o Turn off core dumps via setrlimit for the sake of paranoia [dd9f651b6def] * RUNSON: updates [f581841fe615] 1999-11-01 Todd C. Miller <[email protected]> * CHANGES: updates [553baa1d44c7] * tgetpass.c: When read()'ing, do a single character at a time to be sure we don't go oast the newline. [907d33f55bb4] * sudo.c: For the sudo_root option, check against user_uid, not getuid() since at this point, ruid == euid == 0. [92d5c51939b4] * RUNSON: some updates [e3ed0c1f312b] * logging.h: Fix compilation problem when --with-logging=file was specified. This means that syslog is now required to build sudo but that should not be a problem. If it is it can be fixed trivially with a configure check for syslog() or syslog.h. [839a4b069190] * tgetpass.c: Make this work again for things like "sudo echo hi | more" where the tty gets put into character at a time mode. We read until we read end of line or we run out of space (similar to fgets(3)). [c8f746df2e63] 1999-10-20 Todd C. Miller <[email protected]> * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: change ital to bold [f860978e530a] * RUNSON: update [9bcfbb405568] 1999-10-16 Todd C. Miller <[email protected]> * defaults.c: Error out if syslog parameters are given without a value. For Ultrix or 4.2BSD "syslog" is allowed without a value since there are no facilities in the 4.2BSD syslog. [69e7a686f5f0] 1999-10-15 Todd C. Miller <[email protected]> * defaults.c: Ignore the syslog facility for systems w/ old syslog like Ultrix. [5c250adbbb84] * TROUBLESHOOTING: people with "." early in their path can have problems running sudo from the build dir ;-) [20a1744a24a4] 1999-10-13 Todd C. Miller <[email protected]> * sudo.cat, sudo.html, sudo.man, sudo.pod: Remove -r realm option [127caa537f95] * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure, configure.in, sudo.c: New krb5 code from Frank Cusack <[email protected]>. [7177a3893a62] * CHANGES: update to reality [766cfbb512d6] 1999-10-12 Todd C. Miller <[email protected]> * auth/fwtk.c: include <auth.h> to get function prototypes. [d6c7c12d09fe] * sudo.cat, sudo.html, sudo.man, sudo.pod: document -L flag [dc803e1ce0d7] 1999-10-11 Todd C. Miller <[email protected]> * sudo.c: in set_perms(), always call setuid(0) before changing the ruid/euid so we always know it will succeed. [8cced1b862bf] * defaults.h: #undef T_FOO to avoid conflicts with system defines (like on ULTRIX). [d9f0aac092b0] * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Docuement "Defaults" lines in /etc/sudoers. Still needs some fleshing out but this is a start. [521a1e629bbc] 1999-10-10 Todd C. Miller <[email protected]> * use strtol, not strtoul since not everyone has not strtoul [988462f093cc] * defaults.c: use strtol, not strtoul since not everyone has not strtoul [fce835ce62e3] * lex.yy.c, parse.lex: last {WORD} rule should only apply in the INITIAL state [9b57570bfa83] * lex.yy.c, parse.lex: o Add support for escaped characters in the WORD macro o Modify fill() to squash escape chars [87572d59e4e0] * defaults.c, defaults.h: o Add T_PATH flag to allow simple sanity checks for default values that are supposed to be pathnames. o Fix a duplicate free when visudo finds an error. [bdc6855a6c6d] 1999-10-09 Todd C. Miller <[email protected]> * defaults.c, defaults.h, logging.c: mail_if_foo -> mail_foo [cbee9415875d] 1999-10-08 Todd C. Miller <[email protected]> * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: o Add requiretty option o Move O_NOCTTY to compat.h [65b8bf0e1795] * logging.c: The exit() in log_error() was mistakenly removed in a previous version. Put it back... [9473449130a4] 1999-10-07 Todd C. Miller <[email protected]> * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in, configure, configure.in, defaults.c, defaults.h, find_path.c, getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c: o Change defaults stuff to put the value right in the struct. o Implement mailer_flags o Store syslog stuff both in int and string form. Setting the string form magically updates the int version. o Add boolean attribute to strings where it makes sense to say !foo [4698953f9a36] * tgetpass.c: add O_NOCTTY when opening /dev/tty just in case [4c6d1d1bb300] 1999-10-06 Todd C. Miller <[email protected]> * auth/API: cleanup function no longer takes a status arg [0819edbfe7f8] * INSTALL: the the [19aadb65ea28] 1999-09-15 Todd C. Miller <[email protected]> * TODO, config.h.in, configure, configure.in, logging.c: Use strftime() instead of ctime() if it is available. [fb60ea63b514] 1999-09-14 Todd C. Miller <[email protected]> * defaults.c: fix copyright date [4a53b54aa72f] * RUNSON: update ReliantUNIX entry [de618a4f67d9] * defaults.c, defaults.h, logging.c: add log_year option [251a9e20568a] * configure, configure.in: add --without-sendmail to help output [93162f199902] * configure, configure.in: enforce an otctal arg for --with-suoders-mode [45e1b04ccad3] 1999-09-08 Todd C. Miller <[email protected]> * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c, auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in, configure, configure.in, defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, testsudoers.c, version.c, visudo.c: Add support for "Defaults" line in sudoers to make configuration variables changable at runtime (and on a global, per-host and per- user basis). Both the names and the internal representation are still subject to change. It was necessary to make sudo_user.runas but a char ** instead of a char * since this value can be changed by a Defaults line. There is a similar (but more complicated) issue with sudo_user.prompt but it is handled differently at the moment. Add a "-L" flag to list the name of options with their descriptions. This may only be temporary. Move some prototypes to parse.h Be much less restrictive on what is allowed for a username. [f71abf7ba80c] * sample.syslog.conf: Add more info [e952e6f42d4d] 1999-09-04 Todd C. Miller <[email protected]> * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c, strcasecmp.c: UCB has dropped the advertising clause from their license. [a5602b36a341] 1999-08-31 Todd C. Miller <[email protected]> * auth/sudo_auth.h: move dce_verofy proto to correct section [972c815af558] * auth/dce.c: remove XXX [820631855be0] 1999-08-28 Todd C. Miller <[email protected]> * emul/fnmatch.h: Add fnmatch() prototype [79e84576d92a] * fnmatch.c, parse.c, testsudoers.c: Move inclusion of emul/fnmatch.h to be after sudo.h for __P [1182c89fa811] * sudo.h: add strcasecmp proto [512d1d8a6a0c] * auth/sudo_auth.c: add check for case where there are no auth methods [e4af2b91b43e] * configure, configure.in: Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on SunOS4 w/ gcc [746ce8bcec23] * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c: include strings.h everywhere we include string.h [6f7d5d437e7b] * version.c: nicer output when showing auth methods [0eac4b977f9d] * version.c: Add support for SEND_MAIL_WHEN_NO_HOST [9f20a3a3fae6] * config.h.in, configure, configure.in: Add _GNU_SOURCE for Linux [c7bd8c511847] * lex.yy.c, parse.lex: fix definition of OCTECT [4af30e63244d] * configure, configure.in: aix_auth.o not authenticate.o [fe95dfb08df4] 1999-08-27 Todd C. Miller <[email protected]> * sudo.c: Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the keyboard). Since we run with ruid/euid == 0 the user can't really signal us in nasty ways. [a7f6487c0f48] * visudo.c: Don't need to worry about catching too many signals since we do locking on the tmp file. If a lockfile is really stale, it will be detected and overwritten. [28983db3e749] * INSTALL, Makefile.in: include auth/API in tarball [014991600252] * auth/sudo_auth.c: move memset() of plaintext pw outside of verify loop and only do the memset if we are *not* in standalone mode. [66f8e87567e2] * auth/sudo_auth.c, auth/sudo_auth.h: DCE is not a standalone method [34963e2d8a1b] * sudo.c: fix --enable-noargs-shell [4234062abbb0] * snprintf.c: "#ifdef __STDC__" not "#if __STDC__" (I missed one) [c430b80454c6] * auth/fwtk.c, auth/sia.c: _cleanup() function returns an int. [d1a1cc071ec1] * auth/dce.c: there were still some return(0)'s hanging around, make them AUTH_FAILURE [1002aa1962c3] * parse.c: typo in comment [5abc410dbfd2] * version.c: add missing semicolon [a262283b52a5] * auth/sudo_auth.h: missing backslash [bf89f6bd2900] 1999-08-26 Todd C. Miller <[email protected]> * CHANGES, config.h.in, configure, configure.in: Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes [f1a9bca0cf67] * Makefile.in: add parse.h to HDRS [a3d054987766] * Makefile.in, configure, configure.in: Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and network libs like -lsocket, -lnsl go in NET_LIBS. This allows testsudoers to build on Solaris and is a bit cleaner in general. [4e6239e97002] * UPGRADE: mention ptmp -> sudoers.tmp [ec3baa0fe8a1] * config.h.in, configure, configure.in: Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE [6f93dc7f39f5] * RUNSON: add 2 reports [ce0fcc00ee4e] * auth/kerb5.c: Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to return a value more like a system function [0dd56aa21424] * auth/dce.c: Add an XXX [58fc8562c212] * TODO: more things todo! [5a459d0cf339] * sample.sudoers: update based on what is in the man page [1a0477db96fa] * parse.yacc, sudo.tab.c: minor change to first line printed in -l mode [69eb57d96952] * sudo.cat, sudo.html, sudo.man, sudo.pod: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more standard and add "EXAMPLES" section [7e543335ebe1] * visudo.cat, visudo.html, visudo.man, visudo.pod: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more standard [f82d87ed65c2] * logging.c, parse.c, sudo.h: add FLAG_NO_CHECK [c7d69176a2d7] * lex.yy.c, parse.lex: make an OCTET really be limited to 0-255 [6ee568dd6a02] * UPGRADE: mention timestamp changes [e44d5302bf60] * PORTING: cosmetic cleanup [36fa3a2664dd] * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: new sudoers(8) man page [e674d06283d0] 1999-08-24 Todd C. Miller <[email protected]> * version.c: Update comments about syslog name tables [63830a782dcb] * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc, strcasecmp.c, sudo.tab.c: include strcasecmp() for those without it [a0d8e2488bbc] * sample.sudoers: Use the : operator some more and fix a typo [18804c70da86] * HISTORY: update the history of sudo [9d9b3d5279b3] * parse.c, parse.lex, testsudoers.c: CIDR-style netmask support [768644467353] * CHANGES: recent changes [a4319e9d07cb] * sudo.tab.c, sudo.tab.h: these should be generated with byacc, not bison [f57b9489b752] * lex.yy.c: regen [522461f95dfa] * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: In "sudo -l" mode, the type of the stored (expanded) alias was not stored with the contents. This could lead to incorrect output if the sudoers file had different alias types with the same name. Normal parsing (ie: not in '-l' mode) is unaffected. [823fe2bc4b79] 1999-08-23 Todd C. Miller <[email protected]> * configure, configure.in: define _XOPEN_SOURCE to get at crypt() proto on some systems [1b3769b86fb9] 1999-08-22 Todd C. Miller <[email protected]> * snprintf.c: fix comment [fc1264df00f7] * tgetpass.c: don't need limits.h [f1631829af45] * snprintf.c: kill bogus reference to vfprintf [a0b99b25d389] * sample.sudoers, sudoers: better examples [b4d87ea64cc8] * snprintf.c: Add some const in the K&R defs. This is safe since we define const away if the compiler doesn't grok it. [614d6e83d45e] * aclocal.m4, configure: Better test for working long long support. Ultrix compiler supports basic long long but not all operations on them. [5da1508710ed] * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c, snprintf.c, sudo.c: Add check for LONG_IS_QUAD #undef MAXINT before including hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX in snprintf.c and use LONG_IS_QUAD [a1f7993367fc] 1999-08-21 Todd C. Miller <[email protected]> * LICENSE, aclocal.m4, config.h.in, configure, configure.in, snprintf.c: UCB-derived snprintf + asprintf support. Supports quads if the compiler does. No floating point yet, perhaps later... [0caf05aba945] 1999-08-20 Todd C. Miller <[email protected]> * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c, goodpath.c, logging.c, parse.c, sudo.c: Run most of the code as root, not the invoking user. It doesn't really gain us anything to run as the user since an attacker can just have an setuid(0) in their egg. Running as root solves potential problems wrt signalling. [408e530dda01] * sudo.tab.c: regen [f8cfb37e37de] 1999-08-19 Todd C. Miller <[email protected]> * logging.c, sudo.c: Don't wait for child to finish in log_error(), let the signal handler get it if we are still running, else let init reap it for us. The extra time it takes to wait lets the user know that mail is being sent. Install SIGCHLD handler in main() and for POSIX signals, block everything *except* SIGCHLD. [d2b6ab0ef3be] * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c, parse.yacc, sudo.c, sudo.h: sudoers_lookup() now returns a bitmap instead of an int. This makes it possible to express things like "failed to validate because user not listed for this host". Some thigns that were previously VALIDATE_FOO are now FLAG_FOO. This may change later on. Reorganized code in log_auth() and sudo.c to deal with above changes. Safer versions of push/pushcp with in the do { ... } while (0) style parse.yacc now saves info on the stack to allow parse.c to determine if a user was listed, but not for the host he/she tried to run on. Added --with-mail-if-no-host option [63326cb01efc] 1999-08-17 Todd C. Miller <[email protected]> * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o NewArgv and NewArgc don't need to be externally visible. o If pedantic > 1, it is a parse error. o Add -s (strict) option to visudo which sets pedantic to 2. [5d7d81b55cd5] * HISTORY, INSTALL: Just have sudo-bugs contact info in one place [e7f6588ea683] * sudo.cat, sudo.html, sudo.man, sudo.pod: Add BUGS section [6607d96ea510] * Makefile.in, configure, configure.in: Add testsudoers to default build target if --with-devel Don't clean generated parser files unless "distclean". [5827b769dc57] * parse.yacc, sudo.tab.c: In pedantic mode we need to save *all* the aliases, not just those that match, or we get spurious warnings. [24f5b1f0e1de] * TROUBLESHOOTING: reference samples.sylog.conf [11841668380a] 1999-08-14 Todd C. Miller <[email protected]> * sample.syslog.conf: Sample entries for syslog.conf [0f7697d878a1] * CHANGES: recent changes [8bca8810c6bd] * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h: In struct sudo_auth, turn need_root and configured into flags and add a flag to specify an auth method is running alone (the only one). Pass auth methods their sudo_auth pointer, not the data pointer. This allows us to get at the flags and tell if we are the only auth method. That, in turn, allows the method to be able to decide what should/should not be a fatal error. Currently only rfc1938 uses it this way, which allows us to kill the OTP_ONLY define and te hackery that went with it. With access to the sudo_auth struct, methods can also get at a string holding their cannonical name (useful in error messages). [b7e320fc6511] * INSTALL, Makefile.in, README, config.h.in, configure, configure.in, getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c, sudo.tab.h: o --with-otp deprecated, use --without-passwd instead o real dependencies in the Makefile o --with-devel option to enable yacc, lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes back to being a token, not a string but don't leak memory o rename hsotspec -> host in parse.yacc [912c45226cb2] 1999-08-12 Todd C. Miller <[email protected]> * BUGS, CHANGES: recent changes [801fa6e55687] * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c, sudo.c, sudo.h: o Digital UNIX needs to check for *snprintf() before -ldb is added to LIBS since -ldb includes a bogus snprintf(). o Add forward refs for struct mbuf and struct rtentry for Digital UNIX. o Reorder some functions in snprintf.c to fix -Wall o Add missing includes to fix more -Wall [8d207203e126] * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure, configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c, visudo.c: o Add a "pedentic" flag to the parser. This makes sudo warn in cases where an alias may be used before it is defined. Only turned on for visudo and testsudoers. o Add --disable-authentication option that makes sudo not require authentication by default. The PASSWD tag can be used to require authentication for an entry. We no longer overload --without-passwd. [f307e09adf98] * lex.yy.c, parse.lex: Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a username can contain just about anything so be very permissive. Also drop the unused \. punctuation. [06a50614ff89] 1999-08-09 Todd C. Miller <[email protected]> * parse.yacc, sudo.tab.c: o add a 'val' element to aliasinfo struct and move -> parse.h o find_alias() now returns an aliasinfo * instead of boolean o add_alias() now takes a value parameter to store in the aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now return: 1) positive match 0) negative match (due to '!') -1) no match This means setting $$ explicitly in all cases, which I should have done in the first place. It also means that we always store a value that is != -1 and when we see a '!' we can set *_matches to !rv if rv != -1. The upshot of all of this is that '!' now works the way it should in lists and some of the rules are more uniform and sensible. [ad8e73b5d581] * Makefile.in: add parse.h dependency [4ccccd464d30] * parse.h: kill unused *_matched macros [02cba6dcb732] * parse.yacc: Allow a list of users as the first thing in a user spec, not just a single entry. This makes things more uniform, though it does allow you to write user specs that are hard to read. [3c4c91c508ca] * sudo.tab.c: parse.yacc [feca81881bb6] * configure: regen [6f247010bb3b] * configure.in: fix check for crypt() in libufc [82770736f4b0] 1999-08-07 Todd C. Miller <[email protected]> * README: sudo-users list now exists [4716d2bb0bbf] * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: Update to reality. [1eda2d57e42a] * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h, config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h, version.c, visudo.c: o Move lock_file() and touch() into fileops.c so visudo can use them o Visudo now locks the sudoers temp file instead of bailing when the temp file already exists. This fixes the problem of stale temp files but it does *require* that you not try to put the temp file in a world-writable directory. This shoud not be an issue as the temp file should live in the same dir as sudoers. o Visudo now only installs the temp file as sudoers if it changed. [2517cd06c070] 1999-08-06 Todd C. Miller <[email protected]> * logging.c: add fcntl locking [c304adeaf515] * config.h.in, configure, configure.in, logging.c: Lock the log file. [d8652704fbdf] * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c, visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP [68cad8975807] 1999-08-05 Todd C. Miller <[email protected]> * INSTALL, check.c, config.h.in, configure, configure.in, version.c: o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to root sudo -V config reporting [cdd2613a9dcf] * configure, configure.in: aix_auth.o not authenticate.o [d972e35f6730] * config.h.in: Add --with-goodpri and --with-badpri configure options to specify the syslog priority to use. [2595ae50ab86] * INSTALL, configure, configure.in, logging.h: Add --with-goodpri and --with-badpri configure options to specify the syslog priority to use. [8276ee9b2b49] * compat.h: kill crufty AIX stuff [a4f35ef9854e] * Makefile.in: Sigh, some versions of make (like Solaris's) don't deal with $< like I would expect. Both GNU and BSD makes get this right but... So, we just expand $< inline at the cost of some ugliness. [b1b456f8801f] * version.c: If the invoking user is root, sudo will now print configure info in -V mode. Currently just prints logging info, to be expanded later. [392f7ed99267] * logging.c, logging.h, sudo.c, sudo.h: o new defines for syslog facility and priority o use new print_version() functino for -V mode [78abc5142985] * check.c: Don't need version.c [db9a830ad893] * aclocal.m4, config.h.in, configure, configure.in: Add check for syslog facilities and priorities tables in syslog.h [b86213e5fc5c] * Makefile.in: o authenticate -> aix_auth o add version.c [44b6b9a8d0f5] * auth/sudo_auth.c: Missed a prompt -> user_prompt conversion [e4c60b1f210c] 1999-08-04 Todd C. Miller <[email protected]> * TODO: sudo should lock its logfile [6d2830b28b07] * parse.yacc, sudo.tab.c: o Add '!' correctly when expanding Aliases. o Add shortcut macros for append() to make things more readable. o The separator in append() is now a string instead of a char. o In append(), only prepend the separator if the last char is not a '!'. This is a hack but it greatly simplifies '!' handling. o In -l mode, Runas lists and NOPASSWD/PASSWD tags are now inherited across entries in a list (matches current behavior). o Fix formatting in -l mode such that items in a list are separated by a space. Greatlt improves readability. o Space for name field in struct aliasinfo is now allocated dyanically instead of using a (big) buffer. o In add_alias(), only search the list once (lsearch instead of lfind + lsearch) [51f7e07addb9] * lex.yy.c, sudo.tab.c, sudo.tab.h: regen [5c19bb05dc21] * configure, configure.in: Solais pam doesn't require anye xtra setup [a25ba03d91d1] * parse.yacc: o Simpler '!' support now that the lexer deals with multiple !'s for us. o In the case of opFOO, have FOO give a boolean return value and set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since it gets fill()'d in parse.lex--fixes a small memory leak. In the long run it may be better to just fix parse.lex and make ALL back into a token. However, having it be a string is useful since it can be easily passed back to the parent rule if we so desire. [b3c64b443018] * parse.lex: o Remove some unnecessary backslashes o collapse multiple !'s by using !+ and checking if yyleng is even or odd. this allows us to simplify ! handling in parse.yacc [76330e8da8e3] * sudo.c: -u flag was being ignored [e30283207585] 1999-08-01 Todd C. Miller <[email protected]> * Makefile.in: correct fix [a0e2377dec8f] * Makefile.in: work around pod2man stupididy [7c755640b67f] * Makefile.in: correct dependencies for .cat [5ed7b0653b68] * sudo.cat, sudo.man, visudo.cat, visudo.man: regen [b74510dd6a0a] * sudo.pod, visudo.pod: Add copyright Update to reality [188e9b046c15] * parse.c, sudo.c, sudo.h: rename validate() to the more descriptive sudoers_lookup() [7a1cb652f379] * auth/aix_auth.c: use tgetpass [b8ba5daec40a] 1999-07-31 Todd C. Miller <[email protected]> * CHANGES: updates [e61460cdf4a0] * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING, configure, configure.in, sudo.c: Sudo, not CU Sudo [9061b3573c0c] * LICENSE: add 4th term to license similar to term 5 in the apache license [92712e895afb] * emul/search.h, emul/utime.h: add 4th term to license similar to term 5 in the apache license [4f93a8b9396e] * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c, logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: add 4th term to license similar to term 5 in the apache license [afae9f2bf9ec] * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: add 4th term to license similar to term 5 in the apache license [c389d3fdafac] * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c, getspwuid.c, goodpath.c: add 4th term to license similar to term 5 in the apache license [969e63dbd38e] * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in, insults.h, logging.c, sudo.c, sudo.h: there was a 1995 release too [5963fd89457a] 1999-07-28 Todd C. Miller <[email protected]> * CHANGES: updates [254b794f16ab] * check.c: Use dirs instead of files for timestamp. This allows tty and non- tty schemes to coexist reasonably. Note, however, that when you update a tty ticket, the mtime on the user dir gets updated as well. [44bfac32f799] * configure, configure.in: Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx" when linking test program, not just -lprot. Also add check for getspnam(). The SCO docs indicate that /etc/shadow can be used but this may be a lie. [2ba21d36cc1e] 1999-07-24 Todd C. Miller <[email protected]> * auth/API: first cut at auth API description [3d10df021eb8] 1999-07-22 Todd C. Miller <[email protected]> * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.c, auth/sudo_auth.h: auth API change. There is now an init method that gets run before the main loop. This allows auth routines to differentiate between initialization that happens once vs. setup that needs to run each time through the loop. [76df1c0d3478] * auth/kerb5.c, logging.c: use easprintf() and evasprintf() [fd97d96dc12f] * alloc.c, sudo.h: add easprintf() and evasprintf(), error checking versions of asprintf() and vasprintf() [f54385de20b7] * TODO: remove 2 items. One done, one won't do. [64513b47bc7a] * lex.yy.c, sudo.tab.c: regen [4aa299de2752] * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat, visudo.html, visudo.man: regen [553c0d1209be] * CHANGES: new changes [d7be00b7e36b] * sudo.pod: o Document -K flag and update meaning of -k flag. o BSD-style copyright o Document clearing of BIND resolver environment variables o Clarify bit about shared libs o suggest rc files create /tmp/.odus if your OS gives away files [4a4092be1455] * visudo.pod: BSD license [ad0bfd0a4630] * version.h: BSD-style copyright [ecc6479325be] * tgetpass.c: o BSD copyright o no need to block signals, we now do that in main() o cosmetic changes [61958beda7ab] * testsudoers.c, visudo.c: o BSD-style copyright o Use "struct sudo_user" instead of old globals. o some cometic cleanup [88c0c6924082] * sudo_setenv.c: BSD-style copyright [df20290129a0] * sudo.h: o BSD copyright o logging and parser bits moved to their own .h files o new "struct sudo_user" to encapsulate many of the old globals. [50fc86bf25cb] * sudo.c: o no longer contains sudo 1.1/1.2 code o BSD copyright o use new logging routines o simplified flow of control o BIND resolver additions to badenv_table [8c53f15bfcb0] * strerror.c: BSD-style copyright [7c906c3a82ac] * snprintf.c: Now compiles on more K&R compilers [07ab1d3231c7] * putenv.c: BSD-style copyright, cosmetic changes [c42371295881] * pathnames.h.in: BSD-style copyright [e5c34ebd4cf1] * parse.c, parse.h, parse.lex, parse.yacc: BSD-style copyright. Move parser-specific defines and structs into parse.h + other cosmetic changes [d3088efb6228] * logging.h: defines for logging routines [13147941c02d] * find_path.c, getspwuid.c, goodpath.c, interfaces.c: BSD-style copyright, cosmetic changes [e8205e91a4fa] * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.h: BSD-style copyright [b9499da7cdce] * configure.in: o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o kill --disable-tgetpass o add --without-passwd o changes to fill in AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and v?asprintf() o replace --with-AuthSRV with --with-fwtk [9a3f39b9c128] * config.h.in: BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF, HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD [9a09054db53a] * compat.h: BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing. [25509c566975] * alloc.c: BSD-style copyright [4967be892363] * TROUBLESHOOTING: no more --with-getpass [afd5b670c196] * TODO: Take out things I've done... [375420c8270e] * README: Refer to LICENSE [c486c8db30f6] * PORTING: --with-getpass no longer exists [db48202df1bb] * Makefile.in: BSD-style copyright. Update to reflect reality wrt new files and new auth modules. [61a2ca7940fb] * INSTALL: Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and --without-passwd. [64e8f9e1c05e] * HISTORY: Update history a bit [df60c0a871b8] * COPYING, LICENSE: Now distributed under a BSD-style license [d1a184ccabe1] * auth/sudo_auth.c: o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD options. o skey/opie replaced by rfc1938 code o new struct sudo_user global [891b57060868] * auth/pam.c, auth/sia.c: BSD-style copyright and use new log functions [65c44445ea84] * auth/kerb5.c: o BSD-style copyright o Use new log functiongs o Use asprintf() and snprintf() where sensible. [1ff0feaacf95] * check.c: Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now done more reasonably--better sanity checks and tty-based stamps are now done as files in a directory with the same name as the invoking user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible to mix tty and non-tty based ticket schemes but this may change in the future (it requires sudo to use a directory instead of a file in the non-tty case). Also, ``sudo -k'' now sets the ticket back to the epoch and ``sudo -K'' really deletes the file. That way you don't get the lecture again just because you killed your ticket in .logout. BSD-style copyright now. [ec3460f85be8] * logging.c: o rewritten logging routines. log_error() now takes printf-style varargs and log_auth() for the return value of validate(). o BSD- style copyright [438292025c4e] * auth.c, check_sia.c, dce_pwent.c, secureware.c: superceded by new auth API [412060590da7] * auth/kerb4.c: BSD-style copyright [cc4e800833c7] * auth/fwtk.c: Use snprintf() where it makes sense and add a BSD-style copyright [1b7502388a74] * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h: BSD-style copyright [42583bedae5c] * emul/utime.h, utime.c: BSD-style copyright [3985c90aba47] * emul/search.h: this has been rewritten so use my BSD-style copyright [176df1b0de6f] 1999-07-15 Todd C. Miller <[email protected]> * snprintf.c: include malloc.h if no stdlib.h [7b123f1d1d03] * snprintf.c: KTH snprintf()/asprintf() for systems w/o them [3ca9aefb9d01] * strerror.c: strerror() for systems w/o it [7f0bd8a1c1b4] 1999-07-12 Todd C. Miller <[email protected]> * visudo.c: stylistic changes [6f99aceb7170] * parse.c, parse.lex, parse.yacc: Add contribution info in the main comment [e50cec10acd6] 1999-07-11 Todd C. Miller <[email protected]> * auth/pam.c: remove missed ref to PAM_nullpw [a43e59692cdb] * auth/sudo_auth.h: pasto [891ff138ab89] * auth/kerb5.c: more or less complete now--still untested [21036732faa0] * auth/afs.c, auth/pam.c: don't use user_name macro, it will go away [def7cf727349] * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h: combine skey/opie code into rfc1938.c [44d88ca93d3e] * auth/dce.c, auth/sudo_auth.h: DCE authentication method; basically unchanged from dce_pwent.c [4d468473dd6f] * auth/aix_auth.c, auth/sudo_auth.h: AIX authenticate() support. Could probably be much better [000013321a33] * auth/sia.c: Fix an uninitialized variable and some cleanup. Now works (tested) [fd6ad88ff055] * auth/sia.c, auth/sudo_auth.h: SIA support for digital unix [5335f3e70eab] * auth/pam.c: don't use prompt global, it will go away [fadd22dd6ce4] * auth/secureware.c: correct copyright years [6aa07c49f51b] * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c, auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c, auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h: New authentication API and methods [9debe9b59c79] 1999-07-08 Todd C. Miller <[email protected]> * sudo.tab.c: regen [84578e82c1a6] * parse.yacc: only save an entry if user_matches && host_matches, even if the stack is empty (fix for previous commit) [00984b078d8a] * sudo.tab.c: regen [66acf160b4b7] * parse.yacc: 1) Always save an entry on the stack if it is empty. This fixes the -l and -v flags that were broken by earlier parser changes. 2) In a Runas list, don't negate FALSE -> TRUE since that would make !foo match any time the user specified a runas user (via -u) other than foo. [f322eb54b015] * testsudoers.c: interfaces and num_interfaces are now auto, not extern [113add5c6518] 1999-07-07 Todd C. Miller <[email protected]> * auth.c: use a static global to keep stae about empty passwords [bc02e30807d8] * check_sia.c: make PASSWORD_NOT_CORRECT logging consistent with other modules [21962549d5fd] 1999-07-05 Todd C. Miller <[email protected]> * auth.c: PAM prompt code was wrong, looks like we have to kludge it after all. [91f246155ead] * auth.c: In the PAM code, when a user hits return at the first password prompt, exit without a warning just like the normal auth code [918f59bacdb7] * configure, configure.in: kludge around cross-compiler false positives [5e5fc8356400] * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: New (correct) PAM code Tgetpass now takes an echo flag for use with PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a useless umask setting Change error from BAD_ALLOCATION -> BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c for consistency [e71397f09dd8] * sudo.c: Some -Wall and kill some trailing spaces [8229b43d5c4e] * configure.in: define -D__EXTENSIONS__ for solaris so we get crypt() proto [7533e4436cab] 1999-06-22 Todd C. Miller <[email protected]> * RUNSON: add Dynix 4.4.4 [b69f773efbce] * INSTALL, config.h.in, configure, configure.in: for kerberos V < version, fall back on old kerb4 auth code [d685ed3a1d8e] * INSTALL: clarify some things [2f5ba2e8e53a] * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: typos [8925a109c093] 1999-06-14 Todd C. Miller <[email protected]> * sudo.c: mention why DONT_LEAK_PATH_INFO is not the default [0346260cb4ec] 1999-06-03 Todd C. Miller <[email protected]> * tgetpass.c: Fix open(2) return value checking, was NULL for fopen, should be -1 for open [355878bf6d8a] * configure: regen [68bf82871862] * configure.in: better wording for solaris pam notice [04e88c7a6c42] * CHANGES: document recent changes [7c922c5622ef] * TROUBLESHOOTING: Update shadow password section [e8448bae7d66] * auth.c: move authentication code from check.c to auth.c [e9f6ecae2399] * Makefile.in, check.c, sudo.h: move authentication code to auth.c [124cded85f46] 1999-05-17 Todd C. Miller <[email protected]> * Makefile.in, check.c, check_sia.c, compat.h, find_path.c, getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c, visudo.c: Move interface-related defines to interfaces.h so we don't have to include <netinet/in.h> everywhere. [e7599d8ea0bf] 1999-05-14 Todd C. Miller <[email protected]> * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c, tgetpass.c: o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It turns out the old DES crypt does the right thing with passwords longert than 8 characters. o Fix common typo (necesary -> necessary) o Update TODO list [ad75007a6f13] 1999-05-03 Todd C. Miller <[email protected]> * sudo.c: set $LOGNAME when we set $USER [391596210fd7] 1999-04-27 Todd C. Miller <[email protected]> * INSTALL: add comment about digital unix and interfaces.c warning with gcc [e20f815901cc] 1999-04-15 Todd C. Miller <[email protected]> * sample.sudoers: use modern paths and give examples for some of the new parser features [e7b2e507c695] 1999-04-10 Todd C. Miller <[email protected]> * parse.c: fix comment [5eb0d005a65f] * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: Function names should be flush with the start of the line so they can be found trivially in an editor and with grep [3c400abde574] * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c: free(3) is already void, no need to cast it [6981e1ebda0f] * logging.c, sudo.c, sudo.h: catch case where cmnd_safe is not set (this should not be possible) [3e1e3038546c] * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c, testsudoers.c, visudo.c: Stash the "safe" path (ie: the one listed in sudoers) to the command instead of stashing the struct stat. Should be safer. [aa2883fcf57e] 1999-04-08 Todd C. Miller <[email protected]> * INSTALL, Makefile.in, UPGRADE: notes on updating from an earlier release [df9fffa4ab2c] * CHANGES: updated [574f5065d15a] 1999-04-07 Todd C. Miller <[email protected]> * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: You can now specifiy a host list instead of just a host or alias. Ie: user = host1,host2,ALIAS,!host3 my_command now works. [e3942bb78021] * testsudoers.c: Quiet -Wall [a3edc8b08c3a] * parse.yacc, sudo.tab.c: Move the push from the beginning of cmndspec to the end. This means we no longer have to do a push at the end of privilege, just reset some values. [8ea66e5860c6] * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can use "!" most everywhere [aadae4d1c9d5] 1999-04-06 Todd C. Miller <[email protected]> * sudoers.pod: modernize paths and update su example based on sample.sudoers one [3f6a37e16c83] * sample.sudoers: New runas semantics [756ee92865b7] * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in, strdup.c, sudo.h: In estrdup(), do the malloc ourselves so we don't need to rely on the system strdup(3) which may or may not exist. There is now no need to provide strdup() for those w/o it. Also, the prototype for estrdup() was wrong, it returns char * and its param is const. [5f1f984da8e3] * getcwd.c: $Sudo tag [e4188a35e68c] * check.c: buf should be prompt; Michael Robokoff <[email protected]> [2aec87c86cde] * CHANGES, TODO, parse.yacc, sudo.tab.c: It is now possible to use the '!' operator in a runas list as well as in a Cmnd_Alias, Host_Alias and User_Alias. [a4fdaabda990] * logging.c, sudo.h: Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM [73d0376785ae] * sudo.h: Definitions of *_matched were wrong--user top, not top-2 as subscript. [5f8350a57362] * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a command but the NOPASSWD flag was set. Make runasspec, runaslist, runasuser, and nopasswd typeless in parse.yacc Add support for '!' in the runas list Fix double printing of '%' and '+' for groups and netgroups respectively Add *_matched macros (no need for local stack variable). Should only be used directly after a pop (since top must be >= 2). [392b1400c4e6] * aclocal.m4, configure.in: Add copyright, somewhat silly [55c2cdd82dca] 1999-04-05 Todd C. Miller <[email protected]> * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c, compat.h, config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man: Crank version to 1.6 and combine copyright statements [0e1c791658ae] * sample.sudoers: Use ! not ^ to do negation [1480a0761730] * lex.yy.c, sudo.tab.c: regen [89ca5a46684b] * parse.lex, parse.yacc: Make runas and NOPASSWD tags persistent across entris in a command list. Add a PASSWD tag to reverse NOPASSWD. When you override a runas or *PASSWD tag the value given becomes the new default for the rest of the command list. [f1bbb4066542] 1999-04-02 Todd C. Miller <[email protected]> * CHANGES, RUNSON: update for 1.5.9 [a1ae9d4a7d54] [SUDO_1_5_9] * visudo.c: Shift return value of system(3) by 8 to get real exit value and if it is not 1 or 0 print the retval along with the error message. [c1ff50d743fb] 1999-03-30 Todd C. Miller <[email protected]> * Makefile.in: testsudoers needs LIBOBJS too [972571b4e4bf] * parse.c, parse.yacc, sudo.tab.c: Fix another parser bug. For a sudoers entry like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls as root. [51968e1eb33d] * CHANGES: new change [271c6110bb62] * parse.yacc, sudo.tab.c: Save entries that match a ! command on the matching stack too [5afb5107116c] * sudo.c: Make sudo's usage info better when mutually exclusive args are given and don't rely on argument order to detect this; [email protected] [2422753c88fd] 1999-03-29 Todd C. Miller <[email protected]> * CHANGES, Makefile.in, RUNSON: updates from CU [b37381e3dafb] * Makefile.in: use gzip [94a64e52a166] * parse.yacc, sudo.tab.c: Fix off by one error introduced in *alloc changes [95ede581153a] * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c, compat.h, config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: ++version [c6d88f024e37] * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, utime.c, visudo.c: Use emalloc/erealloc/estrdup [44221d97361a] * alloc.c: error checking memory allocation routines [5f8c1e7bbc71] * parse.yacc, sudo.tab.c: Still not right, this fixes it for real [ad553b6f5339] * parse.yacc, sudo.tab.c: Fix for previous commit [4d6f989f9bf2] * CHANGES, INSTALL, parse.yacc: Fix a parser bug that was exposed when mixing different runas specs and ! commands. For example: millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root as well as daemon when it should just allow daemon. The problem was that comma-separated commands in a list shared the same entry on the matching stack. Now they get their own entry iff there is a full match. It may be better to just make the runas spec persistent across all commands in a list like the user and host entries of the matching stack. However, since that is a fairly major change it should gets its own minor rev increase. [c4b939cdcc8e] 1999-03-28 Todd C. Miller <[email protected]> * check.c, config.h.in: Simplify PAM code and fix a PAM-related warning on Linux [2468399523b6] 1999-03-26 Todd C. Miller <[email protected]> * CHANGES: updates [29d4a997769c] * sample.sudoers: better su entry [76d8285a72ba] * configure: regen [b7450cc6975d] * check.c, configure.in: new pam code that works on solaris, should work on linux too; [email protected] [84c16c0ff259] 1999-03-19 Todd C. Miller <[email protected]> * RUNSON: more entries [b6bef8660759] * config.h.in: only include strings.h if there is no string.h [b66054a32b00] 1999-03-17 Todd C. Miller <[email protected]> * config.guess: Sinix is now being called ReliantUNIX; [email protected] [c086d2fe63af] 1999-03-13 Todd C. Miller <[email protected]> * sudo.c: shost must be set before log functions are called #ifdef HOST_IN_LOG [d49a7944358f] 1999-03-07 Todd C. Miller <[email protected]> * CHANGES, lex.yy.c, parse.lex: Fix a bug wrt quoting characters in command args. Stop processing an arg when you hit a backslash so the quoted-character detection can catch it. [2281438d7f41] 1999-02-26 Todd C. Miller <[email protected]> * interfaces.c: include sys/time.h; aparently AIX needs it. [email protected] [31118a9e9916] 1999-02-24 Todd C. Miller <[email protected]> * configure, configure.in: add missing case statement so --without-sendmail works [ca25614f7dd9] 1999-02-23 Todd C. Miller <[email protected]> * CHANGES: more [4d70e44f7f93] 1999-02-22 Todd C. Miller <[email protected]> * configure, configure.in: only search for -lsun in irix <= 4.x [e604238317b1] * configure, configure.in: back out last configure.in change now that I've hacked autoconf to fix the real problem and add a missing newline [2dabf59a79b5] * CHANGES: updated [bb35d526552f] * getcwd.c: add def of dirfd() for those without it [95f0173d8441] * configure, configure.in: When falling back to checking for socket() when linking with "-lsocket -lnsl" check for main() instead since autoconf has already cached the results of checking for socket() in -lsocket. This is really an autoconf bug as it should use the extra libs as part of the cache variable name. [a845f8b710ad] * configure.in: typo [a7d62f62a478] 1999-02-21 Todd C. Miller <[email protected]> * configure.in: fix occurrence of $with_timeout that should be $with_password_timeout; [email protected] bochum.de [8c4da2cf73d1] 1999-02-17 Todd C. Miller <[email protected]> * sudo.cat, sudo.html, sudo.man, sudo.pod: fix grammar; [email protected] [7031d9dfbc3e] [SUDO_1_5_8] 1999-02-11 Todd C. Miller <[email protected]> * parse.yacc, sudo.c, testsudoers.c: add cast for strdup in places it does not have it [7ce4478d3b0f] 1999-02-09 Todd C. Miller <[email protected]> * configure, configure.in: define for_BSD_TYPES irix [858337ff4af8] 1999-02-07 Todd C. Miller <[email protected]> * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: Make it clear that it is the user's password, not root's, that we want. [ae0f51b35ee4] * check.c, sudo.h: If the user enters an empty password and really has no password, accept the empty password they entered. Perviously, they could enter anything *but* an empty password. Also, add GETPASS macro that calls either tgetpass() or getpass() depending on how sudo was configured. Problem noted by [email protected] [2fde21ce94c1] 1999-02-03 Todd C. Miller <[email protected]> * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: add explicate copyright [d3b4449834a5] * CHANGES: mention -lsocket, -lnsl configure changes [9140af4ad8ae] 1999-02-02 Todd C. Miller <[email protected]> * sudo.c: Don't clobber errno after calling check_sudoers(). [59bd581b2654] 1999-02-01 Todd C. Miller <[email protected]> * configure, configure.in: When linking with both -lsocket and -lnsl be sure to do so in that order. Also, when we can't find socket() or inet_addr() and have to try linking with both libs, issue a warning. [0ee547163067] * sudo.cat, sudo.man, sudo.pod: clarify bad timestamp and fmt [70e42cf56c75] 1999-01-23 Todd C. Miller <[email protected]> * INSTALL, RUNSON: be clear that pam is linux-only and add a RUNSON entry [7fdeab875e0d] 1999-01-22 Todd C. Miller <[email protected]> * CHANGES, INSTALL, configure, configure.in: fix and correctly document --with-umask; problem noted by [email protected] [11cd0481d63a] 1999-01-20 Todd C. Miller <[email protected]> * configure, configure.in: only use /usr/{man,catman}/local to store man pages if suer didn't override prefix or mandir [781ad2cbe9be] * INSTALL, configure, configure.in: fix typo, make --with-SecurID take an arg [026a9b4014fc] 1999-01-19 Todd C. Miller <[email protected]> * RUNSON: updates from users [2286982b31e6] * CHANGES, INSTALL, check.c, configure, configure.in: FWTK 'authsrv' support from Kevin Kadow <[email protected]> [23aa4e5c6b02] * configure, configure.in: better fix for the problem of unresolved symbols in -lnsl or -lsocket [82fe70fc287f] * configure, configure.in: when checking for functions in -lnsl and -lsocket link with both of them to avoid unresolved symbols on some weirdo systems [1734a591808e] 1999-01-18 Todd C. Miller <[email protected]> * BUGS, CHANGES, RUNSON, TODO: old changes that didn't make it into RCS before the RCS->CVS switch [846eb2b8f9aa] 1999-01-17 Todd C. Miller <[email protected]> * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c, sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c, visudo.pod: add sudo tags [962f81eaa5ab] * sudo.h: testing Sudo tag [e84cbc521129] * version.h: testing Sudo tag [a8c3a3998b88] * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h, config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man: crank version and regen files [23eacf00a1a4] * Makefile.in: kill rcs goop in update_version and fix now that version is a const [e6e50bd8d1e1] * INSTALL, check.c, config.h.in, configure, configure.in, logging.c, sudo.c, sudo.h, sudo.pod: kerb5 support from [email protected] [8134027986e2] * realpath.c, sudo_realpath.c: we no longer use realpath [0f5f64abc646] * qualify.c: replaced by find_path.c [9e32a87e09c4] * options.h: all options are now configure flags [ee6bd9610102] * lex.yy.c: regen [bdbf8a18161f] * getwd.c: superceded by getcwd.c [1e54ee0990b4] * getpass.c: superceded by tgetpass.c [4e0d1edc30e3] * SUPPORTED: superceded by RUNSON [854c5a21cb53] * OPTIONS: No longer used now that we have configure options for everything. [9b1ae1c89259] * configure: regen based on configure.in [3a4d73936973] * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html, sudoers.man, visudo.cat, visudo.html, visudo.man: regen based on sudo.pod, sudoers.pod, and visudo.pod [c267beb90778] 1998-12-11 Todd C. Miller <[email protected]> * check.c: fix tty tickets in remove_timestamp (didn't use ':') [fd964a74a32b] 1998-12-07 Todd C. Miller <[email protected]> * interfaces.c: close sock when we are done with it [95de0380f8a4] 1998-11-28 Todd C. Miller <[email protected]> * parse.yacc: never say "error on line -1" [361db1491121] 1998-11-24 Todd C. Miller <[email protected]> * configure.in: check for -lnsl before -lsocket [8e966d6bbcb5] * configure.in: quote '[', ']' used in ranges correctly [fa4f9c6ff651] 1998-11-21 Todd C. Miller <[email protected]> * config.h.in: add missing NO_ROOT_SUDO noted by [email protected] [c969f25d1667] 1998-11-20 Todd C. Miller <[email protected]> * version.h: 1.5.7 [7a22de0bc148] * INSTALL: more info for 1.5.7 [30ad9e784799] * README: update for 1.5.7 [cd03a0a27cd2] * parse.yacc: make increases of cm_list_size and ga_list_size be similar to increases of stacksize (ie: >= not > in initial compare). [6bd450a896c7] * parse.yacc: when we get a syntax error, report it for the previous line since that's generally where the error occurred. [c4ac84058f0b] 1998-11-18 Todd C. Miller <[email protected]> * config.h.in, configure.in, interfaces.c: add back check for sys/sockio.h but only use it if SIOCGIFCONF is not defined [d197f31fd1e4] [SUDO_1_5_7] * config.h.in: define BSD_COMP for svr4 [87ac1147ff79] * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: more -Wall [d98e2d32db2a] * configure.in: kill check for sockio,h [4399779014c1] * config.h.in: no more HAVE_SYS_SOCKIO_H [67484528e347] * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: -Wall [2b7e83976788] 1998-11-16 Todd C. Miller <[email protected]> * sudo.c: add missing inform_user() [8689528c6d55] 1998-11-14 Todd C. Miller <[email protected]> * find_path.c: return NOT_FOUND if given fully qualified path and it does not exist previously it would perror(ENOENT) which bypasses the option to not leak path info [ccbc3d0130ae] * configure.in: for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for -ldes [c77d3b484ece] 1998-11-13 Todd C. Miller <[email protected]> * INSTALL: tty tickets are user:tty now [a53a303a614d] * check.c: when using tty tickets make it user:tty not user.tty as a username could have a '.' in it [3160b3f5c890] 1998-11-10 Todd C. Miller <[email protected]> * sudo.c: add "ignoring foo found in ." for auth successful case [24257169e0bd] 1998-11-09 Todd C. Miller <[email protected]> * sudo.c: add missing printf param [8c905124f777] 1998-11-08 Todd C. Miller <[email protected]> * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h: go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. [066e118c11e4] * check.c, sudo.c: Only one space after a colon, not two, in printf's [38452f4c8007] 1998-11-05 Todd C. Miller <[email protected]> * sudo.pod: document setting $USER [80557fe6aede] * check.c: fix bugs with prompt expansion [44c4fca5f009] * sudo.c: set $USER for root too [4b525e1c6269] 1998-11-04 Todd C. Miller <[email protected]> * getspwuid.c: typo [5107446f43e0] * configure.in: HP-UX's iscomsec is in -lsec, not libc [03c9f700b795] * configure.in: remove some entries in the OS case statement that did nothing [ea96e7e0f624] * TROUBLESHOOTING: add "cd" section and flush out syslog section [5107f7363b78] * Makefile.in: no more sudo-lex.yy.c [ed50826efbbc] * check_sia.c: add custom prompt support [6a285cea10b7] * testsudoers.c: kill perror("malloc") since we already have a good error messages pw_ent -> pw for brevity [eee31052921e] * sudo.c: kill perror("malloc") since we already have a good error messages pw_ent -> pw for brevity set $USER if -u specified [9f3753461f8a] * parse.yacc: kill perror("malloc") since we already have a good error messages [849459088ac3] * parse.c: kill perror("malloc") since we already have a good error messages pw_ent -> pw for brevity when checking if %group matches, look up user in password file so that %groups works in a RunAs spec. [0489b4ecc59a] * logging.c: kill perror("malloc") since we already have a good error messages [3191a18b3526] * check.c, getspwuid.c, interfaces.c: kill perror("malloc") since we already have a good error messages pw_ent -> pw for brevity [7193fdb38cf9] 1998-11-03 Todd C. Miller <[email protected]> * tgetpass.c: the prompt is expanded before tgetpass is called [0f408f508041] * sudo.h: tgetpass now has the same args as getpass again [b6778cd9d79f] * getspwuid.c: add iscomsec, issecure support [007be7ec7ae7] * check.c: we now expand any %h or %u in the prompt before passing to tgetpass [f3db8c9ee387] * configure.in: add check for syslog(3) in -lsocket, -lnsl, -linet [5a96f902ce00] * config.h.in: add HAVE_ISCOMSEC and HAVE_ISSECURE [f640b0d4cf05] * configure.in: add check for iscomsec in HP-UX [b28b249040f0] * configure.in: check for issecure if we have getpwanam on SunOS some options are incompatible with DUNIX SIA check for dispcrypt on DUNIX [a49d05d9c913] 1998-10-25 Todd C. Miller <[email protected]> * config.h.in: add HAVE_DISPCRYPT [7376d543d8d6] * secureware.c: add back support for non-dispcrypt based checking for older DUNIX [977b98e936be] * INSTALL: sia changes [c5387c06e30f] * configure.in: SIA becomes the default on Digital UNIX now havbe --disable-sia to turn it off... [3b647558ea13] * check.c: move local includes after system ones [b2abad4c4aef] 1998-10-24 Todd C. Miller <[email protected]> * check.c, check_sia.c, sudo.h: add pass_warn() which prints out INCORRECT_PASSWORD or an insult to stderr [547cbf299661] * check_sia.c: fix while loop in sia_attempt_auth() that checks the password. Only the first iteration was working. [1886fd1ac831] 1998-10-22 Todd C. Miller <[email protected]> * aclocal.m4: don't trust UID_MAX or MAXUID [2aeddb1654d8] * configure.in: fix two pastos [c18f0a10b75d] * configure.in: fix typo [1eb3190ef12d] * getspwuid.c, secureware.c: init crypt_type to INT_MAX since it is legal to be negative in DUNX 5.0 [cefbde04822d] * configure.in: for secureware on dunix, use -lsecurity -ldb -laud -lm but check for -ldb since DUNX < 4.0 lacks it [e6b11d971068] 1998-10-21 Todd C. Miller <[email protected]> * check.c, compat.h, config.h.in, configure.in, getspwuid.c, secureware.c, sudo.c, tgetpass.c: getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2 minutes if the shadow files don't exist). [2f297d095004] 1998-10-20 Todd C. Miller <[email protected]> * INSTALL: updated --with-editor blurb [77d8a3ea7328] * TROUBLESHOOTING: tell how to put sudoers in a different dir [456cd20eb1d0] * configure.in: add missing quotes around $with_editor [22881748ab1b] * configure.in: typo in --with-editor bits [ab6964580681] * INSTALL: I don't expect it to work on Solaris [1c2fceaaf56e] * check.c: add back security/pam_misc.h [6ffd30033c1e] 1998-10-19 Todd C. Miller <[email protected]> * INSTALL: remove dunix note since configure checks for this now [e9904512b8e8] * configure.in: add check for broken dunix prot.h (4.0 < 4.0D is bad) [8a4c1e6aef3b] * getspwuid.c, secureware.c, tgetpass.c: new dunix shadow code, use dispcrypt(3) [1b936bc7268c] * config.h.in: add HAVE_INITPRIVS [4369f4c4f914] * sudo.c: call initprivs() if we have it for getprpwuid later on [11cf5915d826] * Makefile.in: clean pathnames.h too [5f1df3262613] * configure.in: quote "Sorry, try again." with [] since it has a comma in it set LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find getprpwuid() so we can check for bigcrypt, set_auth_parameters, and initprivs later. [e226b0a3f250] * INSTALL: update Digital UNIX note about acl.h [80132b71d73a] * INSTALL: add --with-sia --without-root-sudo -> --disable-root-sudo some reordering [198386358818] * secureware.c: add whitespace [4aadaf1a54b0] * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h: add SIA support [fa3ddbb9cc51] * check_sia.c: Initial revision [2968551d40e4] 1998-10-18 Todd C. Miller <[email protected]> * configure.in: when checking for -lsocket, -lnsl, and -linet, check for the specific functions we need from them. [8d33e64362a3] * config.h.in, sudo.h: move Syslog_* defs into sudo.h [03d1774f25c7] * Makefile.in, sudo.h: added check_secureware [e46e3cbb9a97] * configure.in: finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits [dbefe1856503] * insults.h: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets defined. configure now does that for us [e4520ea0581f] * configure.in: move some --with options around change a bunch of echo's to AC_MSG_CHECKING, AC_MSG_RESULT pairs [ffdf6869fdd7] * configure.in: change $with_foo-bar -> $with_foo_bar kill extra " that caused a syntax error add some echo verbage [3278c49bf74b] 1998-10-17 Todd C. Miller <[email protected]> * check.c: moved SecureWare stuff into secureware.c [42d3d3ac35dc] * secureware.c: Initial revision [aa7f72a249cf] * INSTALL: update url to solaris gcc bins [36a3eb668777] * INSTALL: change option formatter and flesh out someentries [6fbd1db4a8ad] * TROUBLESHOOTING, sudo.pod, visudo.pod: environmental variable -> environment variable [6f14d708e32d] * BUGS: everything is now done via configure [c217858f58ab] * README: prev rev was 1.5.6 [7b4177103c35] * Makefile.in: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly [31c6b0a5e0e2] * config.h.in: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile [d406a1ef6d25] * Makefile.in: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid, sudoers_mode from configure [1c509500655a] * configure.in: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into the Makefile, not config.h [d4482f1492fe] * INSTALL: document all --with/--enable options [22d81b312d7f] 1998-10-15 Todd C. Miller <[email protected]> * insults.h: options.h is no more [560946a33f7f] * config.h.in: assimilated options.h [dd8ce74613c1] * configure.in: moved options from options.h to configure [d39662f71b4e] * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod, sudo_setenv.c, visudo.c: no more options.h [43924bf0858d] * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: remove references to options.h [ef3474295395] * dce_pwent.c, interfaces.c, sudo.c: kill sys/time.h [4d833f0034e4] * tgetpass.c: if select return < -1 still prompt for pw [e0009e5c93a2] * options.h: convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into configure options [e60a1e546516] * parse.c: FAST_MATCH is no longer an optino [c448dbb3464b] * check.c: remove_timestamp() if timestamp is preposterous [70d9a86c6ecd] * options.h: convert more options to --with/--enable [34646d9b09dc] * INSTALL, aclocal.m4: logfile -> logpath [42de502bc637] * configure.in: convert more options into --with and --enable [92d0898c9844] * tgetpass.c: catch EINTR in select and restart [f045d2f234d7] * logging.c: sys/errno -> errno [7f0c5beab6f2] 1998-09-24 Todd C. Miller <[email protected]> * sudo.c: UMASK -> SUDO_UMASK. [48f308661514] * check.c, logging.c: time.h, not sys/time.h [91de049c79e4] 1998-09-21 Todd C. Miller <[email protected]> * logging.c: MAILER -> _PATH_SENDMAIL [df65d6896639] * INSTALL, configure.in: no more --with-C2, now it is --disable-shadow [18bfcab3b9ab] * aclocal.m4, check.c, compat.h, config.h.in, configure.in, getspwuid.c, sudo.c, tgetpass.c: new shadow password scheme. Always include shadow support if the platform supports it and the user did not disable it via configure [2135d93bb4a9] 1998-09-20 Todd C. Miller <[email protected]> * configure.in: --with-getpass -> --{enable,disable}-tgetpass [451b33fdd4c7] * Makefile.in: pathnames.h -> pathnames.h.in [b109022eca69] * check.c: fix version string [761b25c314ea] * check.c: move pam_conv to be static to auth function remove pam_misc.h (solaris doesn't have one) [a682e4da987a] * aclocal.m4: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD [e6005d0599b5] * configure.in: munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD [24c0ac2155ef] * pathnames.h.in: convert to pathnames.h.in [013bddf7f684] 1998-09-19 Todd C. Miller <[email protected]> * configure.in: fix typo in sysv4 matching case /. [2994c4f88cf5] 1998-09-18 Todd C. Miller <[email protected]> * check.c: pam stuff needs to run as root, not user, for shadow passwords [d94ff75de503] 1998-09-17 Todd C. Miller <[email protected]> * BUGS, INSTALL, README, configure.in: updated version [775adc7de7ac] * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [5ca599fb6b93] * check.c: user version.h for long message [47a52ac7e542] * check.c: this is version 1.5.6 [8451ac79eee2] 1998-09-16 Todd C. Miller <[email protected]> * Makefile.in: remove errant backslash [0222a8a650ff] 1998-09-15 Todd C. Miller <[email protected]> * options.h, parse.yacc, pathnames.h.in: fix version string [fdee73255d64] [SUDO_1_5_6] * BUGS, CHANGES, TODO: updtaed for 1.5.6 [752443bf7f26] * RUNSON: updated for 1.5.6 [0f878123fe6a] 1998-09-14 Todd C. Miller <[email protected]> * interfaces.c: kill unused localhost_mask var copy if name to ifr_tmp after we zero it [8e89c364cef2] 1998-09-13 Todd C. Miller <[email protected]> * INSTALL: Better description of new vs. old sudoers modes fix some typos better description of /usr/ucb/cc gotchas on slowaris [c00b2a6fc1e8] * Makefile.in: add sample.pam [ec7f6cc19b00] * sudo.c: set NewArgv[0] to user_shell, not basename(user_shell) [1e907cbc9f7b] 1998-09-12 Todd C. Miller <[email protected]> * README: mention TROUBLESHOOTING more fix some typos [2c2e6907d4a4] * configure.in: move --enable/--disable to be after --with [9b30097f76c1] * INSTALL: document --enable/--disable [c522362e38a8] * INSTALL: document --with-pam [7e38932c78ac] 1998-09-11 Todd C. Miller <[email protected]> * configure.in: Add message for pam users [d224f277e3cd] * sample.pam: Initial revision [3a84d7045f54] * config.h.in: fix HAVE_PAM [2f0f303ebd88] * check.c, config.h.in, configure.in: pam support, from Gary Calvin <[email protected]> [ea3e0a72d707] 1998-09-10 Todd C. Miller <[email protected]> * config.h.in: add HOST_IN_LOG and WRAP_LOG [822c36eeb6a8] * logging.c: add WRAP_LOG and HOST_IN_LOG [3cf6052bd27e] * configure.in: add --enable-log-host and --enable-log-wrap [c968cc12b353] * aclocal.m4: use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir [915fef7e11a1] 1998-09-09 Todd C. Miller <[email protected]> * compat.h: add howmany macro [9107a057a7c8] * tgetpass.c: include sys/param.h to get howmany macro [7e908b5e1f32] 1998-09-08 Todd C. Miller <[email protected]> * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: add RUNAS_DEFAULT [1e76398ea3fd] 1998-09-07 Todd C. Miller <[email protected]> * fnmatch.c: bring in stdio.h for NULL [69c016610cbb] * aclocal.m4: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh [15ab2972f8d0] * sudo.c: use HAVE_SET_AUTH_PARAMETERS [8abfdc8c80f7] * config.h.in: add HAVE_SET_AUTH_PARAMETERS [673a5ebd5539] * configure.in: add *-*-hiuxmpp* add test for set_auth_parameters() if secureware [a401f5a7469a] * config.sub: add support for HI-UX/MPP SR220001 02-03 0 SR2201 [cb657b7acaae] * interfaces.c: initialize previfname [26a1902f56dc] * interfaces.c: Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of kludging it [fa5c890c313b] * configure.in: typo [bff579fbe95c] * Makefile.in: don't need special build line for sudo.tab.o [10c0a0a912e4] * Makefile.in: don't clean sudo.tab.[ch] [c40d5968efbb] * sudo.c: Sudo should prompt for a password before telling the user that a command could not be found. [d718c85a0047] * BUGS: for 1.5.6 [0cc1fe5b9129] * INSTALL, README: no longer require yacc [d9096fc5b8b6] * Makefile.in: typo [70feb1aefbd5] * Makefile.in: y.tab -> sudo.tab include pre-yacc'd parse.yacc [cc802025fd44] * parse.lex: include sudo.tab.h, not y.tab.h don't break out of command args if you get a '=' [728ad26dbda5] * insults.h: fix version , [242bbce1b2d4] * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: fix version [2bb9086fea1e] * compat.h: fix version [7e634d498ce6] * getcwd.c: getcwd(3) from OpenBSD for those without it. [6c68d0df8f6c] * sudo.h: HAVE_GETWD -> HAVE_GETCWD [2ad1e64d60c0] * configure.in: pretend sunos doesn't have getcwd(3) since it opens a pipe to getpwd! [677992ba5a6a] * parse.c: use NAMLEN() macro [8f5685aa3165] * fnmatch.c: remove duplicate include of string.h [6024f3051ac3] * configure.in: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T [3d82a9c22cc2] * aclocal.m4: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T [53fbc47282f9] * config.h.in: add dev_t and ino_t [5929bb0c7e1a] 1998-07-28 Todd C. Miller <[email protected]> * check.c: fix OTP_ONLY for opie [7edcfa78f2ec] 1998-06-24 Todd C. Miller <[email protected]> * testsudoers.c, tgetpass.c: include stdlib.h for malloc proto [c9f4b99a2fe9] 1998-05-19 Todd C. Miller <[email protected]> * Makefile.in: make update_version saner [d522f93ee04a] * config.h.in: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid() [c9a2d21dc608] * configure.in: check for waitpid and wait3 or no waitpid [1f18c3224184] * logging.c: used waitpid or wait3 if we have 'em [391c3279ee65] 1998-05-02 Todd C. Miller <[email protected]> * visudo.c: fix some fprintf args, [email protected] (Ariel Faigon) [fbf53b18178f] 1998-04-28 Todd C. Miller <[email protected]> * configure.in: don't need to explicately mention -lsocket -lnsl for sequent [1898dc055352] 1998-04-25 Todd C. Miller <[email protected]> * configure.in: dynix should not link with -linet [278a4b9cfe2a] 1998-04-10 Todd C. Miller <[email protected]> * INSTALL: mention that HP-UX doesn't ship with yacc [bde5147198c0] 1998-04-07 Todd C. Miller <[email protected]> * check.c: ignore kerberos if we can't get the local realm [1e311a091a27] 1998-04-06 Todd C. Miller <[email protected]> * BUGS, INSTALL, README, configure.in: ++version [499ffc746018] * version.h: ++ [35ba1ee01bd3] * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [b4990a513f31] * check.c, sudo.h: fix version [5710795834e8] * getcwd.c: don't use popen/pclose. Do it inline. [29e57b0646a4] * lsearch.c: add rcsid [b2b55c39858d] * sudo.c: typo [d381ac39ed0f] * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h: updated version [462d6e1a2d75] * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: MAX* + 1 -> MAX* [2c2eeb78d34f] * Makefile.in: getwd.c -> getcwd.c [7d718c32fc02] * config.h.in: kill HAVE_GETWD [6ad3d702343f] * configure.in: getcwd, not getwd [33e5b9841f58] * getcwd.c: use MAX* not MAX* + 1 always run pwd as using getwd() defeats the purpose [24e58d340161] 1998-03-31 Todd C. Miller <[email protected]> * OPTIONS, options.h: add STUB_LOAD_INTERFACES [d747cb23ca83] * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [0798229312cc] * configure.in: support *-ccur-sysv4 and fix two typos [24a823ad7cc9] 1998-03-28 Todd C. Miller <[email protected]> * configure.in: don't echo about with_logfile and with_timedir [31e4a1e2d9ad] * INSTALL: document --with-logfile and --with-timedir [674f811a40e0] * aclocal.m4: support --with-logfile and --with-timedir [2fc36b35db12] * configure.in: Add --with-logfile and --with-timedir [09045bf07e29] * sudo.c: change size computation of NewArgv for UNICOS [b50df07da3a1] 1998-02-19 Todd C. Miller <[email protected]> * configure.in: treate -*-sysv4* like *-*-svr4 [471b7ef4dbf2] 1998-02-18 Todd C. Miller <[email protected]> * configure.in: fix spacing for --with-authenticate help [8321cb37c410] * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [dc1ab97312eb] * parse.yacc: fix off by one error in push macro [bece59c8c3a9] 1998-02-17 Todd C. Miller <[email protected]> * configure.in: removed bogus alloca hack [a68dd720462d] * check.c: added AIX 4.x authenticate() support [12985eb448a0] * parse.yacc: include alloca.h if using bison and not gcc and it exists. fixes an alloca problem on hpux 10.x [e3b5c4f26072] * INSTALL: mention --with-authenticate [78a1c96820e7] * configure.in: added AIX authenticate() support [c983193ec252] * config.h.in: add HAVE_AUTHENTICATE [7b0e5f5db5d9] * interfaces.c: dynamically size ifconf buffer [10afb0e9b2f9] * configure.in: quote '[' and ']' [8fc38a4defad] * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [5f66de71ec61] * visudo.pod: add ERRORS section [3df3edb73cf6] 1998-02-16 Todd C. Miller <[email protected]> * TROUBLESHOOTING: add busy stmp file explanation [6c555d469b6f] 1998-02-15 Todd C. Miller <[email protected]> * configure.in: the name of the cached var that signals whether or not you are cross compiling changed. It is now ac_cv_prog_cc_cross [123911c0658c] 1998-02-11 Todd C. Miller <[email protected]> * INSTALL: mention glibc 2.07 is fixed wrt lsearch()\. [ded758524582] 1998-02-07 Todd C. Miller <[email protected]> * sample.sudoers, sudoers.pod: better example of su but not root su [b3199610be21] 1998-02-06 Todd C. Miller <[email protected]> * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: updated version [46922b84e86b] * Makefile.in: correct regexp for updating version [8032728b2a8a] * tgetpass.c: remove bogus flush of stderr spew prompt before turning off echo. Seems to fix a weird problem where if sudo complained about a bogus stamp file the user would sometimes not have a chance to enter a password [7aa1493cc141] * check.c: fix bogus flush of stderr [6d047871c5e8] * sudo.c: close fd's <=2 not <=3 and move that chunk of code up [553e4faac195] * configure.in: support hpux1[0-9] not just hpux10 [5a34a000ff8a] 1998-01-30 Todd C. Miller <[email protected]> * parse.c: set sudoers_fp to nil after closing [221a8b4bbf34] 1998-01-24 Todd C. Miller <[email protected]> * config.guess, config.sub: updated from autoconf 2.12 [6fc86a0fc61b] * configure.in: add *-*-svr4 rule [38f0427f7c9d] 1998-01-23 Todd C. Miller <[email protected]> * tgetpass.c: fix select usage for high fd's (dynamically allocate readfds) [c2d1f76e0321] * check.c: kill extra whitespace [d784b6c9c514] * sudo.c: do an initgroups() before running a command, unless the target user is root. [4ca561287480] 1998-01-22 Todd C. Miller <[email protected]> * TROUBLESHOOTING: tell people to use tabs, not spaces, in syslog.conf [8ae90a205134] 1998-01-21 Todd C. Miller <[email protected]> * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c, parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c: updated version [4d855ff5de26] * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c: updated version [8e007e178b33] * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h: updated version [9ddea5c8814d] * Makefile.in: more tweaks to update_version [047698752855] * Makefile.in: fixed up update_version rule [47b6fa34b77f] * configure.in: ++version [c1ca664e30b7] * Makefile.in: removed supe of check.c [8f340a05296a] * INSTALL: ++version I missed [a298e6c17491] * RUNSON: updated [a14f6057bc15] * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: updated version [02231b1a3ab3] * CHANGES: updated for 1.5.5 [634e5fcaf40b] * Makefile.in: add rules to update version stuff in files so I don't need to do it by hand [3620ad60485a] * sudo.h: sudoers_fp is now extern [88c6e9b9ea84] * sudo.c: in check_sudoers, cache the sudoers file handle in sudoers_fp so we don't have to open it again in the parse. This may help with weird solaris problems where EAGAIN sometime occurrs. [d3c26451ed1d] * parse.c: sudoers file open is now done only in check_sudoers() so we just do a rewind() instead of an open. May help people on solaris who were getting EAGAIN. [c8b8c7722fa5] 1998-01-16 Todd C. Miller <[email protected]> * INSTALL: mention that newer glibc is fixed [20f06f5d3ef3] 1998-01-13 Todd C. Miller <[email protected]> * sudo.c: newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore _RLD* instead of _RLD_* [1e22c588d602] * parse.c: typo [d0b7cb85f08a] * parse.c: fix that bug for real [5a6eeca6d04b] * INSTALL: document Linux's libc6 brokenness. [0246c1aa64ee] * parse.yacc: -Wall [d0e452fb1e2d] * RUNSON: updated [4949a1bbd0a9] [SUDO_1_5_4] * TROUBLESHOOTING: remind people to HUP syslogd [590962faa4f0] * Makefile.in: add -O flag to tar [622d02de339d] * RUNSON: updated [a72930d6e615] * TODO: updated [4a51bd458390] * sudo.pod: remove author's email addr. people should mail sudo-bugs [9b6bbdb3a6d9] * INSTALL: fix version [246274c6c8af] * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [f532ff4ee766] * RUNSON: updated [62d5c71358b5] * INSTALL, Makefile.in: ++version [1a7c7628edfc] * CHANGES: updated fort 1.5.4 [7e4873508c99] * check.c: exit(1) if user enters no passwd [f382c0e35e4e] * BUGS: ++version [fab6a867ab67] * parse.c: commands can start with ./* not just /* -- fixes a serious security hole. [244d2fe35ee3] 1997-12-21 Todd C. Miller <[email protected]> * sudo.c: Don't set the tty variable to NULL when we lack a tty, leave it as "unknown". [193b26daba03] 1997-11-23 Todd C. Miller <[email protected]> * sample.sudoers: fix usage of (username) in conjunction with , and ! [7ae68607f68f] * visudo.c: catch the case where the user is not in the passwd file [31650258deb0] * tgetpass.c: use fileno(input) + 1 instead of getdtablesize() as the nfds arg to select(2) [60ab2d9a9ee8] * sudo.c: define tty global to an initial value to avoid dumping core in logging functions when passwd file is unavailable. [77056c7bc908] * sudo.c: do the set_perms(PERM_USER, sudo_mode) after we have gotten the passwd entry [1fdb8e579a5a] * sudo.pod: talk about problem of ALL [1cd1905c9f6f] 1997-10-10 Todd C. Miller <[email protected]> * README: new web location [d24dc26f6da5] * INSTALL: fdesc bug is fixed in Open/Net BSD [7d4d81b08ac3] * HISTORY: updates from Nieusma [3a43769a1b78] 1997-10-09 Todd C. Miller <[email protected]> * dce_pwent.c: move compat.h after the system includes [5ea43a5968ac] 1997-08-06 Todd C. Miller <[email protected]> * logging.c: save errno from being clobbered by wait(). From Theo [f2d1c48cd592] 1997-05-21 Todd C. Miller <[email protected]> * compat.h: fix an occurence of setresuid -> setreuid (typo) [394de35c9b1c] 1997-03-19 Todd C. Miller <[email protected]> * install-sh: check for path to strip [2b7ef824bd55] 1997-01-16 Todd C. Miller <[email protected]> * logging.c: deal with maxfilelen < 0 case [f0af095178d7] * OPTIONS: fixed descriptin [629f60bd4b5f] 1996-12-12 Todd C. Miller <[email protected]> * sudo.c: correct error message if mode/owner wrong and not statable by owner but is statable by root. [cb631ce2e85e] 1996-11-23 Todd C. Miller <[email protected]> * config.guess, config.sub: autoconf 2.11 [f3cbe59e0756] 1996-11-16 Todd C. Miller <[email protected]> * CHANGES, RUNSON, TODO: sudo 1.5.3. [2be3229b8626] 1996-11-14 Todd C. Miller <[email protected]> * parse.yacc, sudo.h: command_alias -> generic_alias [c404ca8c510d] [SUDO_1_5_3] * sample.sudoers: added Runas_Alias example and fixed syntax errors [c304053f4a8a] * OPTIONS, options.h: updated MAILSUBJECT [18d1573fcd2a] * logging.c: added %h expansion [a4bff9b284fd] * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [211ff20f956f] * BUGS, emul/utime.h: ++version [cde5376579e3] * sudoers.pod: document Runas_Alias [b1a58f28fb2c] * visudo.pod: q (uid) -> Q [d256649a0e6b] * visudo.c: buffer oflow checking q (uit) -> Q if yyparse() fails drop into whatnow [1cb183d15626] * parse.yacc: add size params to sprintf [9228f698921f] * parse.lex: allow trailing space after '\\' but before '\n' [f51dbbf69fdf] * find_path.c: off by one error in path size check [a6d75ccd7632] * check.c: sprintf paranoia [3ffb12d198dd] 1996-11-12 Todd C. Miller <[email protected]> * parse.yacc: fixed more_aliases [aab12f2a50af] * visudo.c: now warns if killed by signal ./ [310c186a0fd7] 1996-11-11 Todd C. Miller <[email protected]> * parse.yacc: fix Runas_Alias stuff Alias's in runas list now get expanded (but it is gross) [45590b83120f] * sudo.c: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400 [d53e01c14c58] * parse.yacc: add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS) [7a4a040aae2d] * parse.lex: Add Runas_Alias and simplify a rule. [6f794a769a37] * parse.yacc: always store User_Alias's since they can be used inside of a runas list. Sigh. Really need a Runas_Alias instead. [3bab058a873e] 1996-10-30 Todd C. Miller <[email protected]> * visudo.c: deal with case where there is no sudoers file [fa38b3bb244d] 1996-10-12 Todd C. Miller <[email protected]> * TROUBLESHOOTING: added one [e61346d06725] 1996-10-11 Todd C. Miller <[email protected]> * HISTORY, testsudoers.c: developement -> development [4df55e293941] * INSTALL: added a note [3845fb83dbc0] * RUNSON: for 1.5.2 [5489b7298942] * CHANGES: updated [0741834929e6] 1996-10-10 Todd C. Miller <[email protected]> * PORTING: removed seteuid() notes [1010a60f281d] [SUDO_1_5_2] 1996-10-09 Todd C. Miller <[email protected]> * compat.h: better seteuid() emulatino [e807623b662c] * configure.in: added check for seteuid [8cf9fabc6f4f] * config.h.in: added HAVE_SETEUID [596db46aa828] 1996-10-08 Todd C. Miller <[email protected]> * configure.in: first stab at sequent support [b85a7bfcac76] * config.h.in: added HAVE_SYS_SELECT_H [93ecdd042463] * compat.h: sequent -> _SEQUENT_ [63a38b6da98c] * compat.h: added seteuid() macro for DYNIX [695bd63c5ea6] * tgetpass.c: _AIX -> HAVE_SYS_SELECT_H [b31221211bc2] 1996-10-07 Todd C. Miller <[email protected]> * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version [8052992fd453] * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h, pathnames.h.in, version.h: ++version [f7ad15e1598a] * sudo.pod: added -H and SUDO_PS1 [bb965241e30c] * configure.in: use SUDO_FUNC_FNMATCH [6a8350d85fb2] * aclocal.m4: added SUDO_FUNC_FNMATCH [45b32c91c4ba] * sudo.c: added -H flag [11ebc6872fd6] * sudo.h: added MODE_RESET_HOME / [67a7f8bcbbd6] 1996-10-05 Todd C. Miller <[email protected]> * INSTALL: mention OPIE [5723515d5bbd] * options.h: SKEY -> OTP [c1d268130bc4] * configure.in: added opie support [123872b41b20] * compat.h, config.h.in: added HAVE_OPIE [528c71afc1e5] * check.c: added HAVE_OPIE and changed to *_OTP_* [4c62f5db872a] * OPTIONS: SKEY -> OTP [bd858e5e9652] 1996-10-04 Todd C. Miller <[email protected]> * check.c: moved fclose() in skey stuff. [11f7dc8431a6] 1996-10-03 Todd C. Miller <[email protected]> * putenv.c: index -> strchr remove unnecesary stuff [af2d05238062] * check.c: now call skeychallenge() to get challenge instead of making one up ourselves. this way, we get extra goodies in the prompt. [49b770d98d3a] 1996-09-10 Todd C. Miller <[email protected]> * CHANGES: added one [3f5149357e2a] [SUDO_1_5_1] * parse.lex: allow logins to start with a number (YUCK!) [7ed7ef324741] 1996-09-08 Todd C. Miller <[email protected]> * TROUBLESHOOTING: added soalris 2.5 vs 2.4 note [16160a251aae] * configure.in: DUNIX doesn't need -lnsl [be924cc322c3] * CHANGES: *** empty log message *** [1b2937521981] * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: courtesan [5f203589bbfe] * PORTING, README, RUNSON: courtesan [d72517f4937e] * INSTALL, Makefile.in, TROUBLESHOOTING: courtesan [5c007e3c7a71] * visudo.pod: *** empty log message *** [37ebe85bd4e1] * sudo.pod, visudo.pod: courtesan [37f02e2130ea] 1996-09-07 Todd C. Miller <[email protected]> * HISTORY: added courtesan ./ [b01435226276] 1996-09-06 Todd C. Miller <[email protected]> * sudo.c: added $SUDO_PROMPT support [cb1fa72c093d] 1996-09-04 Todd C. Miller <[email protected]> * check.c: print long skey challemged to stderr, not stdout [750fc775b3b2] 1996-09-01 Todd C. Miller <[email protected]> * CHANGES: updated for 1.5.1 [9b615f393057] * emul/utime.h: ++version [a94de18deafb] 1996-08-31 Todd C. Miller <[email protected]> * RUNSON: updated for 1.5.1 [4092f20ab634] 1996-08-30 Todd C. Miller <[email protected]> * check.c: use shost, not host for tgetpass [6061c49ff9be] * sudo.pod: documented %u and %h [6d2922d29897] * OPTIONS: documented %u and %h [1a71da13a864] * configure.in: fixed typo [1230dec2b062] * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [65ce8eabf77a] * BUGS: ++version [afecab53aab7] 1996-08-29 Todd C. Miller <[email protected]> * Makefile.in, configure.in, version.h: ++version [fb3ff940d672] * sudo.h: new tgetpass() params [9eccc5b0f8ae] * check.c: pass use and host to tgetpass [c56d9d13c401] * tgetpass.c: added %u and %h escapes [04ae775d3e5d] * OPTIONS, check.c, options.h: added NO_MESSAGE [3927dad19057] * configure.in: added cray (unicos) support [1122210c5fb1] 1996-08-27 Todd C. Miller <[email protected]> * OPTIONS, options.h, sudo.c: added SHELL_SETS_HOME [0b26909b0929] 1996-08-25 Todd C. Miller <[email protected]> * INSTALL: added note about "make install" [7e56ea76d4b4] * parse.yacc: changed length/size params from int to size_t [5654e5ceb1b3] * OPTIONS: now get CSOPS insults as well by default [297323d0179a] * insults.h: use csops insults too by default [07fafc136169] * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h: version = 1.5 [4b8772b11e3b] * sudo.c: added runas_homedir [b0e0d4417a15] * TODO: updated for 1.5 [66259df825d5] * RUNSON: updated for 1.5 [e08bc9ebfe95] * CHANGES: 1.5 release [8c16942fea41] * INSTALL: added "upgrading" notes [210d968964ff] 1996-08-22 Todd C. Miller <[email protected]> * visudo.c: now do chmod and chown after edit of temp file and before rename [de174e34faa7] [SUDO_1_5_0] 1996-08-18 Todd C. Miller <[email protected]> * Makefile.in: ++version added INSTALL.configure [c9e9214f52ae] * configure.in, version.h: ++version [5985abed3eb2] * TROUBLESHOOTING: *** empty log message *** [d65c540ec52e] * parse.yacc: added missing cast [e7247319a7d5] * sudo.c: sets $HOME to pw_dir of runas user [d3f7f4d05752] * sudo.pod: document $HOME change [854454d458c4] 1996-08-17 Todd C. Miller <[email protected]> * sudo.pod: fixed up some wording [b0c8582f2c97] * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version [748be723fd8b] * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h: ++version [acdf8b1b2a1b] * emul/utime.h: ++version [b3f35298ab8d] * sudo.h: name nad type changes [db24ab3da141] * testsudoers.c: now works with new sudo [379346c42cc2] * parse.yacc: fixed some XXX [f5fe4c990052] * parse.yacc: some variable name changes + comment headers for functions. [3dc3bd9aa73d] * tgetpass.c: added extra paren's to make compilers happy [9e4968a34d56] * sudo.c: *** empty log message *** [70c924c1ed69] * parse.c: now uses init_parser() if not in sudoers and tries "list" or "validate" scold but don't be nasty. [c0d8fb3f8c9e] * TROUBLESHOOTING: now can use upper case login names [c772fffcefe5] * visudo.c: now uses init_parser() [b9efae7243fd] * INSTALL, README: updated [27dc8283fdc8] * PORTING: added info about PASSWORD_TIMEOUT [980e15d892f8] * INSTALL.configure: Initial revision [8292e89a08d3] * BUGS: fixed a bug , [c6e46f5624f9] * parse.yacc: now dynamically allocates memory for the stacks -- no more overflows! [8615c35b6ad3] * sudo.pod: -l now explands command aliases [39f45605935d] * parse.yacc: hacks to expand command aliases for `sudo -l' [e4eb752608f9] * sudo.c: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash) [01327ca5084b] * sudo.h: added struct command_alias [dd2f32764082] * sudo.pod: fixed a bug [e708ff08d2eb] * lsearch.c: in compar() key should be first arg [fc14c3fa62ee] 1996-08-15 Todd C. Miller <[email protected]> * BUGS: fixed some bugs [639dfe425bd5] * parse.yacc: can now deal with upcase HOST and USER names [c6aa7bcfb00d] * sudo.c: don't yell too loudly at non-sudoers if they do "sudo -l" [4ef146128d89] * sudo.pod: fixed thinko [830f2f0f22e7] * parse.c: fix comment [d20ce9e17ddc] 1996-08-09 Todd C. Miller <[email protected]> * parse.c, parse.yacc: added support for new `sudo -l' stuff [7dceaef3c733] * sudo.c: now uses list_matches() [293364821b61] * sudo.h: added struct sudo_match [b2684179d179] * configure.in: now more -lgnumalloc [4f8ae42617d8] 1996-08-01 Todd C. Miller <[email protected]> * install-sh: added more paths for chown and whoami [6e685a19426c] 1996-07-31 Todd C. Miller <[email protected]> * check.c: typo [3adfa01c04bc] 1996-07-30 Todd C. Miller <[email protected]> * aclocal.m4: fixed DUNIX check for shadow pw [c25324bcd27b] * tgetpass.c: now only turn off echo if it is already on. this fixes a race when you use sudo in a pipelin [28388c2de21c] * INSTALL: updated [b45ac9366b7e] * configure.in: changed "test -z $foo && do_this" to if; then construct [2183c4426bca] 1996-07-29 Todd C. Miller <[email protected]> * configure.in: added missing defines of SHADOW_TYPE [be89ea68a7f3] 1996-07-26 Todd C. Miller <[email protected]> * check.c: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are only in dunix 4.x [1e7c1c677263] * getspwuid.c: added AUTH_CRYPT_C1CRYPT support [88d6b0058b20] * parse.c: no longer return VALIDATE_NOT_OK if there was a runas that didn't match. Now we can have runas stuff on more than one line. [52b68920d7b7] * getspwuid.c, sudo.c, tgetpass.c: use SHADOW_TYPE instead of HAVE_C2_SECURITY [cf401dfcbc06] * configure.in: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to something [c7a233c4dd93] * config.h.in: removed HAVE_C2_SECURITY added SPW_BSD [8314405e9754] * compat.h: use SHADOW_TYPE instead of HAVE_C2_SECURITY [6f94870df17f] * check.c: SHADOW_TYPE is always defined so just against its value [72c69a55d02f] * aclocal.m4: added SUDO_CHECK_SHADOW_DUNIX [ef025ae9d496] 1996-07-25 Todd C. Miller <[email protected]> * sudoers.pod: * -> ?* in one example added another instance of (runas) and one of NOPASSWD: [d74fe1dcbe7d] 1996-07-24 Todd C. Miller <[email protected]> * configure.in: added back check for config.cache from other host type [0ba87871f585] * parse.lex: removed an instance of \" [1e008d3709f6] * sample.sudoers: added an example [dbfcf68ee330] * sudoers.pod: updated wrt new wildcard matching [193fa44a475b] * configure.in: new check for shadow passwords if we don't know anything [67465df7dc9a] * aclocal.m4: new SUDO_CHECK_SHADOW_GENERIC [3563b16a41b8] * configure.in: added back check for -lsocket (oops) [a80882ee1cb6] * configure.in: better (working) check for shadow passwd type if we know to use C2. [3cdd2a59a641] * configure.in: now uses AC_CANONICAL_HOST to figure out os type [80db7fe6e704] * Makefile.in: added config.{guess,sub} [c6be7e3ca384] * aclocal.m4: removed unused stuff to figure out os type [c9a0f3b57123] * config.sub: added openbsd [bfc6bfec3668] * config.sub: Initial revision [e6e06ce0d17d] * config.guess: Initial revision [99dd06f79199] * testsudoers.c: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a pathname. need to check against sudoers_args even if user_args is nil [66e6cf77f5d6] * parse.c: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a pathname need to check against sudoers_args even if user_args is nil [74374df17311] 1996-07-23 Todd C. Miller <[email protected]> * check.c: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2 [cbb00261c415] * testsudoers.c: now takes command line args and uses cmnd_args [f0c2fd35a527] * parse.lex: fill_args was adding an extra leading space [692fc999b2e8] 1996-07-22 Todd C. Miller <[email protected]> * visudo.c: fixed dummy command_matches() [93d9543db6e2] * parse.yacc: fixed prototype [7b0addfbd429] * sudo.h: added cmnd_args [8f47c4ae65ef] * parse.yacc: now uses flat args string [016e65877da3] * parse.c, parse.lex: now uses flat arg string [5b5f2e3f4c09] * visudo.c: added cmnd_args def [876867134775] * sudo.c: now sets cmnd_args global [e6fee70cb59b] * logging.c: cmnd_args is now exported from sudo.[ch] [7a9cd36e356f] 1996-07-21 Todd C. Miller <[email protected]> * parse.yacc: can't rely on cmnd_matches as much as I thought -- added some $$ stuff back in to prevent namespace pollution problems. [3c45fedb5af3] * parse.yacc: Simplified parse rules wrt runas and NOPASSWD (more consistent). [e6d838c8a4c7] 1996-07-20 Todd C. Miller <[email protected]> * parse.lex: NOPASSWD may now have blanks before the ':' '(' only starts a 'runas' if in the initial state to avoid collision with command args [c5c01172f499] * configure.in: added checks for specific shadow passwd schemes [b7e3d1f7b84f] * aclocal.m4: added routines to check for specific shadow passwd types [e5e1d19960a6] 1996-07-18 Todd C. Miller <[email protected]> * configure.in: added support for ncr boxen [bea9dc5aae7f] * aclocal.m4: added support for detecting ncr boxen [8653a158a924] 1996-07-16 Todd C. Miller <[email protected]> * configure.in: added sinix support [5de2b2173ee1] 1996-07-14 Todd C. Miller <[email protected]> * TROUBLESHOOTING: added info about "config.cache from other other" error. [845b10198e0b] * aclocal.m4: now makes sure you don't have a config.cache file from another OS [4fe32571c021] * configure.in: now sets $LIBS when needed to configure links with libs when doing tests hpux10 now uses SPW_SECUREWARE for C2 added check for bigcrypt(3) if SPW_SECUREWARE [2df6b8ca538f] * getspwuid.c: fixed typo [fe1cb1d792d6] * tgetpass.c: now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH [f71138372c07] * getspwuid.c: no more SPW_HPUX10 [cfdeb18bc16b] * config.h.in: no more SPW_HPUX10 added HAVE_BIGCRYPT [00d296479a61] * compat.h: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE [6c6d9e680417] * check.c: SPW_SECUREWARE now uses bigcrypt [be71fc66690f] 1996-07-13 Todd C. Miller <[email protected]> * sample.sudoers: fixed 2 syntax errors [45eee19ef4ac] * sudoers: root may now run ALL as ALL [1b54c6b9b212] 1996-07-12 Todd C. Miller <[email protected]> * interfaces.c: fixed a typo/thinko that broke BSD's with sa_len [603438360126] 1996-07-08 Todd C. Miller <[email protected]> * check.c, configure.in: updated AFS support [e572eb8d177a] * TROUBLESHOOTING: added entry about /usr/ucb/cc [025b353aa9d3] * INSTALL: prep no longer holds gcc binaries [8b0942958049] * INSTALL: updated AFS note [7af6efd5abe4] * Makefile.in: added @AFS_LIBS@ [97b6fe6ad7d6] * compat.h: AFS allows long passwords [5fb17122c302] * testsudoers.c: fixed -u user support [b1a0c1648639] * parse.c: sudo -v now groks VALIDATE_OK_NOPASS [74fc03fffe7e] * parse.yacc: fixed no_passwd vs. runas_matched [549a9b791a6a] * TROUBLESHOOTING: took out stuff about NFS-mounting since it is no longer an issue [d95ab7fbbc61] * INSTALL: added --with-libraries > --with-libpath --with-incpath [d5d15a7a0f4c] * parse.yacc: was setting runas_matches to -1 in wrong place [db2b1deb8d33] * check.c: removed usersec.h which is not present in new AFS versions [618b016dd17f] * tgetpass.c: now deals with timeout <= 0 [ba53a1257255] * OPTIONS: updated [75093bd8fdca] * configure.in: BSD/OS >= 2.0 now uses shlicc instead of just gcc [ff6dbf7825c2] * sudo.c: fixed backwards compatibility with sudo 1.4 sudoers mode for root readable/writable filesystems [2694ed627221] * Makefile.in: now gives INSTALL -c flag [63db055a2fd1] * parse.yacc: slightly simpler initialization of no_passwd and runas_matches [463a1b5fa323] * testsudoers.c: added -u username support [38b072fcd6b3] * configure.in: improved --with-libraries support [047dbc5f0af2] 1996-07-07 Todd C. Miller <[email protected]> * configure.in: added --with-incpath, --with-libpath, --with-libraries [20f20d6c718c] * parse.yacc: now initializes some fields that weren't getting set to -1 pretty gross -- need a rewrite. [021c160390c6] 1996-06-26 Todd C. Miller <[email protected]> * alloca.c: removed emacs'isms [9d4ec2efe057] * configure.in: no longer add -lPW to *_LIBS since we include alloca.c [a626d1bbea80] * config.h.in: added HAVE_ALLOCA_H [15491e2a6cff] * Makefile.in: added alloca.c [0400f25e1fe4] * alloca.c: Initial revision [06d033aa4882] * configure.in: ++version [f52c0fb98f90] 1996-06-25 Todd C. Miller <[email protected]> * sudo.c: now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is not always set to a valid uid. [c2669f77704d] * OPTIONS: fixed entry for SUDO_MODE [d7272f6035b8] * sudo.c: Fixed NFS-mounted sudoers file under solaris both uid *and* gid were being set to -2. Now beat NFS to the punch and set uid to "nobody" ourselves, preserving group 0 to read sudoers. [b1fbc5dd1e34] * parse.c: moved set_perms(PERM_ROOT) to be before yyparse() [7619d8080735] * logging.c: fixed a typo [318acc48cde0] * configure.in: no longer need AC_PROG_INSTALL [de01b1336dc8] * Makefile.in: always use install-sh to avoid install(1)'s that use get{pw,gr}nam [ea2351986406] * INSTALL: make clean -> make distclean [704a98e8ba10] 1996-06-20 Todd C. Miller <[email protected]> * parse.yacc: removed some unnecsary if's [f00db6508132] * Makefile.in, version.h: ++version [bdb6740b24c8] * parse.c, testsudoers.c: now includes netgroup.h [93f5a06352bc] * interfaces.c: removed cats of ioctl to int since they didn't shut up -Wall [83e9f912cd7a] * interfaces.c: explicately cast ioctl() to int since it it not always declared [2ff9294e469e] * sudo.h: added declarations for yyparse() and yylex() [6071321ab771] * parse.yacc: fixed an occurence of '==' -> '=' [2c46d2e11d57] * config.h.in, configure.in: added check for netgroup.h [73403050f4e3] * sudo.c: fixed 2 compiler warnings [680929b0bd97] * sudo.c: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being initialized [18707ecd07c2] 1996-06-19 Todd C. Miller <[email protected]> * sudo.pod: fixed a typo [e4b5c12aa130] 1996-06-17 Todd C. Miller <[email protected]> * parse.yacc: fixed a formatting thingie [c79327b6f19b] * parse.c, parse.yacc: fixed -u support with multiple user lists on a line [e4d1066adca2] * configure.in: unixware needs -lgen [b5bf9bca63cc] * README: updated ftp location [b25a033f7921] * sudoers.pod: add net_addr/netmask support [674e83516d1e] * sample.sudoers: added net_addr/mask example [774878e89b28] * parse.c, parse.lex: added support for net_addr/netmask [e33de27325d8] 1996-06-16 Todd C. Miller <[email protected]> * sudoers.pod: ^ -> ! [1a084950d6ef] 1996-06-15 Todd C. Miller <[email protected]> * RUNSON: updated for 1.4.3 [c82019025d09] * CHANGES: udpated for 1.4.3 [ceaa81adb8f0] * BUGS, TODO, TROUBLESHOOTING: updated [ff94fae4b853] * sample.sudoers: updated with examples of new stuff [99d0b4cb4c9c] * INSTALL, README: ++version [b763b80fe836] * sudoers.pod: updated wrt -u and NOPASSWD [0b5b722ea0f4] * sudo.pod: updated wrt -u and CAVEATS [71d5d53b5d18] 1996-06-09 Todd C. Miller <[email protected]> * sudo.c: fixed usage() [114c7d09b550] * parse.lex: now use :foo: character classes (makes no diff for generated lexer) [7b0aeb737a02] 1996-06-07 Todd C. Miller <[email protected]> * check.c: fixed LONG_SKEY_PROMPT stuff [0efe78b4bdda] 1996-06-06 Todd C. Miller <[email protected]> * visudo.c: fixed a comment [3d289017104b] * lsearch.c: make more like NetBSD one -- now compiles w/o warnings [932206296a54] * emul/search.h: fixed decls of lsearch() [c58cf4584c45] * config.h.in, configure.in, getspwuid.c: added SPW_HPUX10 [d74e5eaa5f17] * check.c: hpux 10 uses bigcrypt() if C2 [359eb63f4021] 1996-06-04 Todd C. Miller <[email protected]> * parse.c: now always uses fnmatch to match args [a9d91f35256a] * tgetpass.c: back to using stdio instead of raw i/o since that caused some problems [e7ce2bc92974] 1996-05-29 Todd C. Miller <[email protected]> * sudo.c: now give usage warning if use -l,-v,-k with args [6b48180c4fea] 1996-05-28 Todd C. Miller <[email protected]> * sudo.c: NewArgc is now set to 1 for -l, -v, -k [7497cb1416a8] * sudo.c: now sets sudoers to correct group if mode is 0400 [484c43d99718] * install-sh: updated to version used by inn and bind [28683ad8725a] * configure.in: now uses -lgnumalloc if it exists [3651ca4415a2] * Makefile.in: "make install" now sets uid/gid and mode on sudoers if it exists [1f5216191ae9] * sudo.c: rmeoved debugging statements [aeda278e2c26] * parse.yacc: added a missing free() [592c9482a159] * sudo.c: now uses user_gid instead of getegid (which was wrong anyway) to set SUDO_GID Now sets command line args in SUDO_COMMAND envariabled (logging.c depends on args being in the environment) [9f5328a3b942] * logging.c: now uses SUDO_COMMAND envariable to get command args rather than building it up again. [7f8edc5bccb7] * parse.c: now uses user_gid [4b9303ae45fe] * sudo.c: fixed off by one error in allocation NewArgv [921ea1a4e7c6] * parse.c: in sudoers, 'command ""' now means command with no args [a5273648ace2] * configure.in: added check for fnmatch(3) and fnmatch.h [258916a7866f] * config.h.in: added HAVE_FNMATCH [b9860d361e93] * Makefile.in: replaced wildcat.* with fnmatch.* [03ad9ee21a1c] * testsudoers.c: now uses fnmatch() [5a7f7de987a9] 1996-05-27 Todd C. Miller <[email protected]> * parse.c: now uses fnmatch() instead of wildmat a trailing star (*) by itself now matches multiple args added support for wildcards in the pathname in sudoers [1f7fb950b868] 1996-05-25 Todd C. Miller <[email protected]> * fnmatch.c: now includes compat.h and config.h [090206b95cf8] * config.h.in: added HAVE_FNMATCH_H [90eb42150173] * configure.in: now checks for alloca() (if needed by bison or dce) and links with -lPW if it contains alloca() and libv and compiler do not. [cfa2b3cef49a] * emul/fnmatch.h, fnmatch.3, fnmatch.c: Initial revision [20b1f762a32a] 1996-04-29 Todd C. Miller <[email protected]> * sudo.c: now fixes mode on sudoers if set to 0400 to aid in upgrade [d4bdfd521820] 1996-04-28 Todd C. Miller <[email protected]> * Makefile.in: fixed pod2man usage [5adf2ec77b27] * Makefile.in, configure.in, version.h: ++version [b4029de876d0] * testsudoers.c, visudo.c: runas_user is now initialized to "root" [8537d97bff39] * sudo.h: removed PERM_FULL_ROOT [241f8bbf647f] * sudo.c: runas_user defaults to "root" so no more need to PERM_RUNAS [fc0c0dfc72ba] * parse.c: will now only running commands as root if there was no runas list (or if root is in the runas list) [40c587666c81] * logging.c: now logs "USER=%s" [b733504c87fd] * parse.yacc: runas_matches is now set to false if we get a negative match [5495b150b300] * parse.lex: make #uid work + some minor cleanup [07851bbce03a] * sample.sudoers: added support for NOPASSWD and "runas" from [email protected] / [7a9c67b51fa5] * visudo.c: added support for "runas" from [email protected] replaced SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for SUDOERS_MODE [e714209b9885] * testsudoers.c: added support for "runas" from [email protected] [b837f856da10] * sudo.h: added support for NO_PASSWD and runas from [email protected] replaced SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro SUDOERS_MODE [cea6f26679b7] * sudo.c: added support for NO_PASSWD and runas from [email protected] replaced SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro SUDOERS_MODE [61b5434237c5] * parse.yacc: added support for NO_PASSWD and runas from [email protected] [72ebd3056f22] * parse.c, parse.lex: added support for NO_PASSWD and runas from [email protected] [fef6dbdd114d] * logging.c: added support for SUDOERS_WRONG_MODE and "runas" [e794efc2b443] * configure.in: added --with-CC only link with -lshadow on linux (with shadow pw) if libc lacks getspnam() [3ecf4ae21002] * OPTIONS, options.h: removed NO_PASSWD since it is not possible to do this in the sudoers file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE. [2eaa4891ef48] * Makefile.in: now uses SUDOERS_UID and SUDOERS_GID [8d615f0fdb2a] 1996-04-27 Todd C. Miller <[email protected]> * INSTALL: added --with-CC [a1b8286a81b8] 1996-04-06 Todd C. Miller <[email protected]> * parse.lex: added double quote support [a5e4fc7e3a2b] * sudoers.pod: documented double quoting [c6ea47969a44] 1996-04-05 Todd C. Miller <[email protected]> * mkinstalldirs: Initial revision [dcb86d65ad8f] * check.c: fixed some indentation [4d1c5ab8072b] * Makefile.in: fixed a typo [0d27eebc7227] * Makefile.in: added install-dirs . [f499b99b8be7] 1996-04-04 Todd C. Miller <[email protected]> * dce_pwent.c: new version from "Jeff A. Earickson" <[email protected]> [422481be5fbd] 1996-04-03 Todd C. Miller <[email protected]> * configure.in: $CSOPS -> $with_csops (whoops, missed one) [b04c6948130e] * BUGS: updated [c4d5713e227d] * parse.lex: FQHOST now has same constraints as non-FQHOST [e1c3bf2381d1] * INSTALL: added note about OS's w/ shadow passwords turned on by default [166257f43be4] 1996-04-02 Todd C. Miller <[email protected]> * configure.in: fixed a typo [e5c3e2e9a359] * configure.in: added support for --without-THING sanitized shadow pw situtation by adding support for --without-C2 [65dc6bf64cce] * tgetpass.c: fixed a typo wrt placement of an end paren [a8780f818231] * check.c: was closing an fd that may not have been opened [760271c7bdc9] 1996-03-22 Todd C. Miller <[email protected]> * OPTIONS, options.h, sudo.c: added NO_PASSWD [28ff1dc93d7a] 1996-03-20 Todd C. Miller <[email protected]> * configure.in: now always use shadow pw on some arches [069161ccffda] 1996-03-19 Todd C. Miller <[email protected]> * configure.in: added pyramid support [a0eb57a3a531] * configure.in: no longer check for C2 if alternate passwd method is used no longer check for some libs twice [2d0c3c902b40] * parse.yacc: moved fqdn stuff into parse.lex (FQHOST) [d9c9abd481d8] * parse.lex: added FQHOST rules [4a1695acff6d] * tgetpass.c: now define TCSASOFT in necesary [3fac2e21c9ab] * tgetpass.c: now uses read/write instead of stdio string goop to avoid problems with select(2) [67fd174e518c] * OPTIONS, find_path.c, options.h: -DNO_DOT_PATH -> -DIGNORE_DOT_PATH [d05ba5100d28] 1996-03-17 Todd C. Miller <[email protected]> * INSTALL: added note about no shadow auto-detect if using alternate auth schemes [b425592232a3] * configure.in: don't check for C2 if AFS or DCE (unless they said --with-C2) [61342962171a] * testsudoers.c: now groks shost [85dda17303f6] * OPTIONS, find_path.c, options.h: added NO_DOT_PATH [c261ca1fb196] 1996-03-16 Todd C. Miller <[email protected]> * find_path.c: checkdot now works correctly [3bc4835bb3e9] 1996-03-12 Todd C. Miller <[email protected]> * configure.in: can't have DCE and C2 passwords both... [fb9a8ab7ca66] 1996-03-11 Todd C. Miller <[email protected]> * parse.yacc, sudo.c, sudo.h, visudo.c: now uses shost even if not FQDN [87f7498b3a1f] * configure.in: now looks for skey in /usr/lib and doesn't require libskey to be in /usr/local/lib just because skey.h is (for my netbsd box :-) [ceb1763e37d2] * aclocal.m4, config.h.in, pathnames.h.in: _SUDO_PATH_ -> _CONFIG_PATH_ [84d97ad13d75] * aclocal.m4, sudo.pod: /var/run/.odus -> /var/run/sudo [922da220b8f5] * pathnames.h.in: now uses _SUDO_PATH_TIMEDIR [5ecab0155fdf] * OPTIONS: udpated FQDN [361b6f7440c0] * aclocal.m4, configure.in: added SUDO_TIMEDIR [368c95c8c950] * config.h.in: added _SUDO_PATH_TIMEDIR [3879864d808c] * sudo.pod: updated wrt /var/run/sudo [9e14f2a429d3] * sudo.c, sudo.h: added support for shost if FQDN [51a3f51a09a1] * parse.yacc, visudo.c: now uses shost if FQDN [d19da2e92b42] * check.c: Now use skeylookup() instead off skeychallenge() [4c7438bb2ae0] 1996-02-28 Todd C. Miller <[email protected]> * logging.c: mail_argv should not contain ALERTMAIL as it includes "-t" [67ffaaa8f843] 1996-02-22 Todd C. Miller <[email protected]> * INSTALL, Makefile.in, README, configure.in, version.h: ++version [e08fd4a809fc] * compat.h: added more _PASSWD_LEN stuff -- now uses PASS_MAX too [2f20c3153689] * tgetpass.c: now includes limits.h moved _PASSWD_LEN -> compat.h [b1ca3cafdacc] 1996-02-06 Todd C. Miller <[email protected]> * INSTALL, README: ++version [3eacf32803f5] * Makefile.in: ++versoin [3b91c317630a] * Makefile.in: fixed a typo [3661ac4a7803] * configure.in: ++version [60e842973745] 1996-02-05 Todd C. Miller <[email protected]> * RUNSON: updated [def2c3c24195] * CHANGES: done for 1.4.1 (I hope) [2ab543769a40] * sudoers.pod: added info on wildcards [ce3bd41bc063] * sample.sudoers: added wildcard example [762feb0577bd] * Makefile.in: now uses *.pod to build *.man and *.cat & *.html [3ec14962028b] * configure.in: addedSUDO_PROG_BSHELL !ll [3c80b320bf16] * visudo.pod: fixed up some formatting [12166c434526] * sudoers.pod: redid section describing sample sudoers stuff [b8065cceec71] * sudo.pod: fixed some formatting [aa9a681add0f] * getspwuid.c: now treats "" as bourne shell [30194a72ad56] * Makefile.in: TESTOBJS nwo includes wildmat.o [86cc6500f84d] * testsudoers.c: now works with NewArg[cv] [2f72674ce942] * sudo.c: removed an XXX (fixed it in getspwuid.c) [e791ee0d1a68] * aclocal.m4: added check for bourne shell [a2fd51676b8a] * pathnames.h.in: added _PATH_BSHELL [e7c10011d47b] * config.h.in: added _SUDO_PATH_BSHELL [6a1182898de9] 1996-02-04 Todd C. Miller <[email protected]> * visudo.c: unixware vi returns 256 instead of 0 [234ffc7c6786] * INSTALL: added Linux note [5f85efcd2b58] * logging.c: fixed up some XXX's. file log format now looks a little more like real syslog(3) format. [6df55707bfc3] * README, TROUBLESHOOTING: updated wrt lex/flex [eb787d69156b] * Makefile.in: commented out rule to build lex.yy.c from parse.lex since we ship with a pre-flex'd parser [7507e2ce4a95] * parse.c, parse.yacc, visudo.c: path_matches -> command_matches [0bd469424f86] * logging.c: eliminated some strcat()'s [9878a79bc374] * configure.in: no longer checks for lex/flex (now assumes flex) [a086ccc73798] * configure.in: now checks for $kerb_dir_candidate/krb.h instead of just kerb_dir_candidate [9133bc3c5208] 1996-02-03 Todd C. Miller <[email protected]> * parse.yacc: now use a 'hook' expression instead of an iffy one :-) [9560df01b8c0] 1996-02-02 Todd C. Miller <[email protected]> * visudo.c: now works with new sudo arg stuff [310a0d43ddad] * parse.yacc: fixed dereferencing deadbeef [474ef8a8006b] * sudo.c: changed an occurrence of Argv to NewArgv [205b012b7691] * parse.lex: took out support for quoted commands since there is no need... [5c5036d353b1] * parse.c: fixed a typo in a for() loop [7e8d5283c43b] * logging.c: protected against dereferencing rogue pointers [56debd517717] * sudo.c: now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this also allows us to eliminate some kludges in parse_args() and eliminate superfluous code. [5122f66ad150] * logging.c: no longer uses cmnd_args, now uses NewArgv instead. [abddd23cf068] * sudo.h: added struct sudo_command, NewArgc, and NewArgv removed cmnd_args (no longer used) [78410984fb05] * Makefile.in: added wildmat.c to SRCS & SUDOBJS [3800efb41794] * parse.yacc: COMMAND is now a struct containing the path and args [5c32822c5b94] * parse.lex: replaced append() with fill_cmnd() and fill_args. command args from a sudoers entry are now stored in an arrary for easy matching. [a981d7f4eb0d] * parse.c: command line args from sudoers file are now in an array like ones passed in from the command line [1d9e37e84519] 1996-02-01 Todd C. Miller <[email protected]> * parse.c: wildwat stuff now works [49d16488531f] 1996-01-29 Todd C. Miller <[email protected]> * version.h: ++version [53e55463ef89] * Makefile.in: ++version added wildmat.* [0508297a4711] 1996-01-28 Todd C. Miller <[email protected]> * parse.lex: added support for quoted commands (w/ or w/o args) [b9a637155673] 1996-01-22 Todd C. Miller <[email protected]> * sudo.pod, visudo.pod: cleaned up formatting [4591d4195437] * sudo.pod, visudo.pod: Initial revision [7564a8242750] 1996-01-21 Todd C. Miller <[email protected]> * sudoers.pod: looks reasonable, could be mroe readable [a5be2d19d9e0] * sudoers.pod: Initial revision [957888be31a6] 1996-01-16 Todd C. Miller <[email protected]> * RUNSON: updated [633743aa924b] * OPTIONS: updated NO_ROOT_SUDO entry [f1c15b1dec9e] 1996-01-15 Todd C. Miller <[email protected]> * RUNSON: *** empty log message *** [5b63de579ff7] [SUDO_1_4_0] * sudo.c: fixed SECURE_PATH [6002889f606d] * RUNSON: udpa`ted for 1.4 [6014a8592815] * configure.in: AIX aixcrypt.exp now uses $(srcdir) [b0d57674fef4] * TROUBLESHOOTING: added entry for anal ansi compilers [4193cec1c6b1] 1996-01-14 Todd C. Miller <[email protected]> * INSTALL: added info on libcrypt_i for SCO [575497d56698] * TODO: *** empty log message *** [d0aaf67b9913] * sample.sudoers: added comments [a7773f7eda8d] * TODO: 1.4 release [1dade29e9fd9] * CHANGES: ++version [67241be40780] * INSTALL, OPTIONS, README, config.h.in, configure.in: ++version [2e0a37897f68] * BUGS: ++version and fixed ISC [78963f01a0e3] * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version [b6227f29b3d9] * interfaces.c: added STUB_LOAD_INTERFACES ++version [d8150a3fd577] * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc, version.h: ++version [da9e90e69bdc] * PORTING: added info about fd_set in tgetpass added info on interfaces.c [a39902febd17] 1996-01-11 Todd C. Miller <[email protected]> * dce_pwent.c: added sudo header [fc0f2c48682e] * tgetpass.c: fixed a typo [43d40b72ee8f] * Makefile.in: tgetpass.o is now only linked in with sudo (not visudo) [7407c5ff11f8] 1996-01-09 Todd C. Miller <[email protected]> * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, configure.in: ++version [9b82ad805d6b] * emul/utime.h: added copyright notice [4380f16cd075] * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [32717fdb5d05] * tgetpass.c: minor cleanup and now includes sys/bsdtypes for svr4'ish boxen [326864428da2] * configure.in: ISC now gets -lcrypt now check for sys/bsdtypes.h [e064799c054b] * config.h.in: added check for sys/bsdtypes.h [9adb9533c363] 1996-01-07 Todd C. Miller <[email protected]> * parse.yacc: removed debugging stuff (setting freed ptr to NULL) [02fe8eec63a0] * TROUBLESHOOTING: added 2 entries [02884e2733e2] * Makefile.in: added FAQ [074d8dfcf28d] * TROUBLESHOOTING: added section on syslog [e6bc02a22b86] * configure.in: added AC_ISC_POSIX for better ISC support [8436b3e12af2] * config.h.in: fixed typo [f1b3922babf4] * config.h.in: added define for _POSIX_SOURCE [ded6d92b34f9] 1996-01-04 Todd C. Miller <[email protected]> * configure.in: fixed check for lsearch() [75baa5bc28a3] 1995-12-22 Todd C. Miller <[email protected]> * interfaces.c: fixed for AIX now deal if num_interfaces == 0 (should not happen) [ae450e859227] 1995-12-20 Todd C. Miller <[email protected]> * configure.in: now only define HAVE_LSEARCH if there is a corresponding search.h [8ce645c5d17f] * interfaces.c: works on ISC again [ccac920d424c] 1995-12-18 Todd C. Miller <[email protected]> * configure.in: now define HAVE_LSEARCH if we find lsearch() in libcompat [7343e4313a87] * lsearch.c: char * -> const char * [1c0b11c2300a] * configure.in: now looks in -lcompat for lsearch() [a1cc1d6fcd09] * Makefile.in: remove sudo.core visudo.core for clan target [b523456a85df] * aclocal.m4: added UID_MAX support in check for MAX_UID_T_LEN [7ab262b1173f] * Makefile.in: fixed another occurence of sudo_getpwuid.* [fb5809c07da2] * Makefile.in, getspwuid.c: sudo_getpwuid.c -> getspwuid.c [875f2ef808b4] * configure.in: moved the "echo" [ad7b8f966076] * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c, compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: ++version [ee57c6410ffa] * testsudoers.c: added group support [54d8097df8bd] * sample.sudoers: added group entry [50994d31fd49] * sudoers.man: documented group support [0a16707f8fed] * parse.c, parse.lex, parse.yacc, visudo.c: added group support [427218c879c8] 1995-12-15 Todd C. Miller <[email protected]> * check.c: tkfile was too short and overflowed the kerberos realm [53823a1ff5af] 1995-12-11 Todd C. Miller <[email protected]> * sudo.c: now copy command args directly from Argv [77408278b6fd] * sudo.c: replaced code to copy cmnd_args so that is does not use realloc since most realloc()'s really stink [b29a0ff73fb6] 1995-12-08 Todd C. Miller <[email protected]> * configure.in: syslog() fixed in hpux 10.01 [2648e6f0cdb0] 1995-12-06 Todd C. Miller <[email protected]> * configure.in: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate) [8f108b8d8711] * configure.in: better error if cannot find skey incs or libs [5887662ee9d3] * aclocal.m4: now use a temp file for determining max len of uid_t in string form. the old hacky way broke on netbsd [b68f470fa9f8] * sudo.c: added set of parens and a space [8a3d4826d022] 1995-12-05 Todd C. Miller <[email protected]> * dce_pwent.c: fixes from Jeff Earickson <[email protected]> , [bde0f0b756ec] * check.c: modified a comment [e2a97f1afbbe] * Makefile.in: fixed up testsudoers target [d39c4e7bb609] * configure.in: DCE changes from Jeff Earickson <[email protected]> LIBS -> SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS [da7a1c433828] * Makefile.in: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS, VISUDO_LDFLAGS [4b69503e8487] 1995-11-28 Todd C. Miller <[email protected]> * configure.in: fix for C2 on hpux 10 now uses -linet if it exists [8d300112263d] * check.c: LONG_SKEY_PROMPT is less of a klusge / [dcc144abaac3] * configure.in: fixed typos w/ dce stuff [f7dfd6d4e149] * Makefile.in: added dce_pwent.c [79047acdc516] 1995-11-26 Todd C. Miller <[email protected]> * INSTALL: amended section on combining authentication mechanisms [dc5138c7c716] * PORTING: minor updates for 1.3.6 [fe80c13bd994] * TROUBLESHOOTING: added 2 more entries [c7201439a0f5] * BUGS: updated for 1.3.6 [979b414d2a2d] * README: overhauled [3af8b60eb594] * INSTALL: rewrote for sudo 1.3.6 [b16027b9c726] * TROUBLESHOOTING: added 3 entries [934c9ee3f153] 1995-11-25 Todd C. Miller <[email protected]> * find_path.c, getspwuid.c, sudo.c: added explict casts for strdup since many includes don't prototype it. gag me. [3e19a11f2fcc] * sudo.h: removed prototype for sudo_getpwuid() since convex C compiler choked on it. [c3ea74ca67b0] * sudo.c: added prototype for sudo_getpwuid() [4a8e3cdc2b98] * lsearch.c: now compiles on strict ANSI compilers [3ce5d72d0b08] * check.c: added LONG_SKEY_PROMPT support [48a18b8a2332] * Makefile.in: added extra $'s for make to eat up, yum. [2995b214e12b] * OPTIONS, options.h: added LONG_SKEY_PROMPT [f23ae799b5a4] 1995-11-24 Todd C. Miller <[email protected]> * check.c: s/key support now works with normal s/key as well as logdaemon [d67573f523bf] * OPTIONS, options.h: added SKEY_ONLY [bbf07654e0de] * compat.h: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY [205895b96a36] * INSTALL: added DCE note added more AIX notes [6345403b3522] * sudo.c: now include pthread.h for DCE support [6fe02865f679] * check.c: dce_pwent() is ok after all ., [d26a8746a55d] * logging.c: now uses SYSLOG() macro that equates to either syslog() or syslog_wrapper [42ac4cff8045] * dce_pwent.c: minor formatting changes. renamed check() to somthing less generic [71859f217be1] * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c, visudo.c: now uses user_pw_ent and simple macros to get at the contents [f4cbf3e7145a] 1995-11-23 Todd C. Miller <[email protected]> * check.c: simpler dec unix C2 support [86bc8f75250e] * getspwuid.c: now sets crypt_type for DEC unix C2 [99aeadd18266] 1995-11-21 Todd C. Miller <[email protected]> * configure.in: added csops paths for skey [b8ca672e2117] * getspwuid.c: now includes string.h for strdup() prototype [3605259c3620] * getspwuid.c: fixed a few typos [46c97e4ea417] * check.c: now includes skey.h [11e611ce1b61] * getspwuid.c: fixed up comments [223dac56f0c8] * check.c: moved a lot of the shadow passwd crap to sudo_getpwuid() [97d8887fb7d3] * sudo.c: now uses sudo_pw_ent [d014dadbef48] * testsudoers.c: now uses sudo_pw_ent [d92936ed7e34] * visudo.c: now sets sudo_pw_ent [ff75cdfcf8b3] * getspwuid.c: Initial revision [6deb6df9d7bc] * tgetpass.c: moved dce stuff into compat.h [1124284396e7] * logging.c, sudo.h: now uses sudo_pw_ent [404ff20a5067] * Makefile.in: added sudo_getpwuid.c [6666d0644512] * compat.h: added dce support [3c3b36a7ce0e] * parse.yacc: now uses sudo_pw_ent [9f5e8d11bd68] 1995-11-20 Todd C. Miller <[email protected]> * check.c: fixed exempt_group stuff for OS's that don't put base gid in group vector [003f153bd396] * check.c: S/Key support now works with sunos4 shadow passwords [1eb64a5efff1] * Makefile.in: fixed clean rule [5695a2c62816] * config.h.in, configure.in: added DCE support [f53c766c1947] * tgetpass.c: DCE & KERB support [904cf436506a] * check.c: first stab at dce support [aea5ca07b1e3] * dce_pwent.c: now smells like sudo [8b3d609b49cd] * dce_pwent.c: Initial revision [b573555f2399] * check.c: skey'd sudo now works w/ normal password as well [8d038f9f6e94] 1995-11-19 Todd C. Miller <[email protected]> * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: updated version number [ba7e346d7904] * README: updated to reflect version change [1d15cf1d8cc8] * configure.in: --with options now line up ++version [08ebf625fbca] * sudo.h: removed unecesary S/Key stuff [68188cba90af] * configure.in: fixed S/Key support [f6d9cbc36618] * Makefile.in: -I stuff now goes in CPPFLAGS [7b8e53c5b046] * check.c: fixed SKey support [52c1a5cf4435] * README: updated version [bed6498a10bb] * OPTIONS: fixed description of EXEMPTGROUP [cfeead55edc2] * sudo.c: more people use _RLD_ than just alphas... [6a3c7090a6f6] * Makefile.in: replaced $man_prefix with $mandir [dc4b36a550e2] * configure.in: fixed a typo [a38a4acddcaf] * Makefile.in: now use more GNU'ish dir names [c5498391a520] * configure.in: now set *dir correctly (can override from command line) [523ff98fd438] * sudo.c: now deal with situations where we getwd() fails [88a9e61dccbb] 1995-11-17 Todd C. Miller <[email protected]> * Makefile.in: added etc_dir, bin_dir, sbin_dir [75fd08d92842] * configure.in: added sbin_dir [3cb318c0d8d1] * Makefile.in: now ship a flex-generated lex.yy.c [4d083ed70dce] * Makefile.in: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER [4d51dc9c3780] * pathnames.h.in: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile [773fd163d52f] * options.h: no more error for redefining SUDOERS_OWNER [4ba336644c6a] * OPTIONS: expanded SUDOERS_OWNER section [12fae405759e] 1995-11-16 Todd C. Miller <[email protected]> * visudo.c: now warn if chown(2) failed [d0d1db6e3a1f] * logging.c: better default warning for NO_SUDOERS_FILE [5260b458ac64] * sudo.c: added missing set_perms() no more cryptic message if the sudoers file is zero length, now just give a parse error [b81ea724838a] * logging.c: better diagnostics if NO_SUDOERS_FILE [877e878663c5] * sudo.c: check_sudoers() now catches sudoers files that are not readable (but are stat'able). [fea05663b3de] 1995-11-13 Todd C. Miller <[email protected]> * configure.in: now add -D__STDC__ for convex cc (not gcc) [c80fc53ff51b] * configure.in: MAN_PREFIX -> man_prefix now sets prefix and exec_prefix [fe238226a057] * Makefile.in: now uses exec_prefix & prefix from configure [f62fca5f56bd] * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c, utime.c, visudo.c: options.h is now <> instead of "" so shadow build trees can have a custom copy of options.h [e6782676099c] * check.c: user_is_exempt() is no longer a hack, it now uses getgrnam() [287f8d5356f7] * options.h: EXEMPTGROUP is now "sudo" [61487304dbe1] * configure.in: MAN_POSTINSTALL now contains a leading space [eaad4ac34012] * Makefile.in: removed leading tab if @MAN_POSTINSTALL@ not defined now removes testsudoers in clean: [e01711baceb8] * tgetpass.c: includes pwd.h to get _PASSWD_LEN definition [8ec174f263f1] 1995-10-30 Todd C. Miller <[email protected]> * sudo.c: unset the KRB_CONF envariable if using kerberos so we don't get spoofed into using a bogus server [2561a0274fca] 1995-09-29 Todd C. Miller <[email protected]> * parse.yacc: now explicately initialize match[] tp be FALSE [0e45e5c47766] 1995-09-23 Todd C. Miller <[email protected]> * sudo.c: removed unused variable now passes -Wall [3452508bc16d] * parse.yacc: yyerror and dumpaliases are now void's now passes -Wall [2769dfb51993] * parse.lex: added prototype for yyerror [1f3f0c1b4ab4] * check.c, logging.c, parse.c: now passes -Wall [eab57e5e81d2] * interfaces.c: rmeoved unused cruft now passes -Wall [7a47e1866f4b] * Makefile.in: fixed headers that moved to emul dir [e680c1e5049b] * logging.c: fixed deref of nil pointer if no args [973b9bea432f] 1995-09-15 Todd C. Miller <[email protected]> * OPTIONS: added a caveat to FQDN section [dcf6e2a5fff4] 1995-09-13 Todd C. Miller <[email protected]> * Makefile.in: more $srcdir support for install targets [f6eac78436dd] * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c: don't include malloc.h if we include stdlib.h [fca2ff307cd8] * parse.yacc: local search.h now lives in emul [51c458904424] * check.c, utime.c: local utime.h now lives in emul dir [f92fc9e8c8de] * lsearch.c: local search.h now lives in emul [579efc407439] * Makefile.in: added support for building in other than the sourcedir [2ab53a43f7d4] 1995-09-10 Todd C. Miller <[email protected]> * OPTIONS: annotated CSOPS_INSULTS option [9e57d45a0afa] * TROUBLESHOOTING: updated shadow passwords blurb [39b785bc7253] * sudo.c: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and passes along foo as the arguments [a91077aa8fc5] 1995-09-09 Todd C. Miller <[email protected]> * parse.lex: collapsed pathname and dir sections into one -- its now less expensive [89caa03bec25] * parse.lex: fixed spacing quoting [,:\\=] now works correctly append() and fill() now take args to make the above work [09d023d9ef3a] * sudo.c: fixed a typo that caused commands with no tty on fd 0 but a tty on fd 1 to erroneously have "none" as their tty [07d2c0e7977c] 1995-09-04 Todd C. Miller <[email protected]> * check.c: timestampfile is now a global static removed decl of timestampfile in remove_timestamp since we can just use the global one [f0cbdc6aab1c] * check.c: created touch() to update timestamps added USE_TTY_TICKETS support (bit of a kludge) [cee1dd0318f8] * compat.h: added _S_IFDIR and S_ISDIR [b4a51cc9628e] * OPTIONS, options.h: added USE_TTY_TICKETS [b4e22f81f25e] * parse.yacc: removed const from casts for lsearch() & lfind() to placate irix 4.x C compiler [5003081f76ea] 1995-09-03 Todd C. Miller <[email protected]> * sudo.c: now only strip '/dev/' off of a tty if it starts with '/dev/' [7f62bcd24039] * pathnames.h.in: added _PATH_DEV [6375f44d1910] * configure.in: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if have termios.h [9c60391235fd] * tgetpass.c: fixed incorrect #ifdef termio uses "unsigned short" not int for c_?flag [d032e6a29845] * parse.lex, parse.yacc: fixed a spelling error [cad6a944c7b1] * Makefile.in: fixed typo [204a65403e7c] 1995-09-02 Todd C. Miller <[email protected]> * Makefile.in: fixed a comment [268f760e57ad] * parse.yacc: added dotcat() to cat 2 strings w/ a dot effeciently now that we dynamically allocate strings they need to be free()'d [ec2e2152f415] * parse.lex: dynamically allocates space for strings [d10ac3533d66] * sudo.h: no more MAXCOMMANDLENGTH [e2e1219bff8a] * sudo.h: added decl of tty [c8ae81303ee5] * logging.c, sudo.c: moved tty stuff into sudo.c [e028abefeb07] 1995-09-01 Todd C. Miller <[email protected]> * parse.c: fixed a logic bug. Was denying a command if user gave command line args but there were none in the sudoers file which is wrong. [7489a99b8e8a] * sudo.h: MAXCOMMMANDLEN dropped down to 1K [38ef54ba290b] * parse.lex: return foo; -> return(foo); [0e8be1b57001] * parse.yacc: fixed netgr_matches() prototype [e69f15910464] * parse.lex: added support for escaping "termination" characters [8bd4ef50f35c] * parse.c: buf is now of size MAXPATHLEN+1 since it never holds command args [2ce4b763058c] * sudo.c: fixed comments [0c74a3d2ebb0] * goodpath.c: fixed negation problem (doh!) [782814e3a2d1] * parse.yacc: fixed 2nd parameter to lfind() [63d7b1623c08] * parse.lex: now do bounds checking in fill() and append() [54381b563251] * sudo.c: include netdb.h as we should added a missing void cast added SHELL_IF_NO_ARGS support now use realloc() properly. would fail if realloc actually moved the string instead of shrinking it [897ccdec9c06] * sample.sudoers: updated with examples of new features [9b3ed00e8aa6] * goodpath.c: now set errno to EACCES if not a regular file or not executable [2d069548a5ea] * find_path.c: if given a fully-qualified or relative path we now check it with sudo_goodpath() and error out with the appropriate error message if the file does not exist or is not executable [590f89dd8dec] * emul/search.h, lsearch.c: now use correct args for lfind [fccdcdbf020e] * logging.c: added a comment [fab9f49708ea] * insults.h: added in CSOps insults [ad8eb1862adc] * ins_csops.h: Initial revision [de5a475ec018] * tgetpass.c: added RCS id [c3ffd550a482] * sudo.h: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD [aba25c90d08a] * OPTIONS: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS [e27bd62e9ccf] * sudo.c: fixed -k load_interfaces() now gets called if FQDN is set -p now works with -s [07ca2a34bae8] * parse.c: don't try to stat() "pseudo commands" like "validate" [75527045984b] * options.h: added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS [07b157a0eafd] * configure.in: added SecurID support added other insults to --with-csops [6c992ceb244c] * config.h.in: added HAVE_SECURID [e734ff617fe8] * Makefile.in: added clobber target added ins_csops.h now gets CFLAGS from configure [d1e29c7cec25] * aclocal.m4: relaxed SUDO_FULL_VOID [fb4084f27406] * visudo.c: function comment blocks are now in same style as rest of code [04a2931354c5] * testsudoers.c: added support for command line args in /etc/sudoers [bfe4e1bcc655] * sudoers.man: updated to have command args in the sudoers file [1cd34355e9ea] * sudo.man: added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section [930b48023b68] 1995-08-19 Todd C. Miller <[email protected]> * parse.yacc: PATH renamed to COMMAND [4e109a6de3cd] * parse.lex: it is now a parse error for directories to have args attached to them [2ab10a146b54] * logging.c: now say command args if telling user to buzz off [933de26ded8b] * sudo.c: -s no longer indicates end of args sped up loading on cmnd_args in load_cmnd() [eac99a4da862] * parse.c: removed an unreachable statement [634302623c49] * parse.lex: made more efficient by pulling out the terminators when in GOTCMND state and making them their own rule [80798f1e1166] 1995-08-14 Todd C. Miller <[email protected]> * sudo.h: removed MAXLOGLEN since it is no longer used [102824196b71] * parse.lex: now allows command args [d29dfa1e5254] * parse.c: now groks command arguments [6c414cb7f105] * logging.c: now sets tty correctly when piped input [de46a30c0406] * sudo.c: fixed loading of cmnd_args (was including command name too) [15319a425ea6] * logging.c: fixed a core dump due to incorrect if construct [582363c7d7fa] 1995-08-13 Todd C. Miller <[email protected]> * configure.in: only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix [da591fe9b931] * aclocal.m4: fixed check for ISC [52e59f2082a7] * sudo.c: now sets cmnd_args used by log_error() and that will be used by the parse to check against command args [c6804389723b] * sudo.h: added cmnd_args [4d00446b4a8d] * logging.c: now dynamically allocate logline since we can guess at its size [4bed8c8446aa] 1995-08-05 Todd C. Miller <[email protected]> * logging.c: cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove "register" since the compiler knows more than I do now do a "basename" of the tty [3b1bbf0b3da1] 1995-07-31 Todd C. Miller <[email protected]> * configure.in: ++version [5ce552f9a5f1] * sudo.h: added shell extern changed MODE_* to be bit masks to allow for several options together [06f9dc4f400c] * sudo.c: added -s (shell) option made MODE_* masks so we can do bitwise & and | to see if multiple flags are set. [01f8143010ad] * check.c: added securid support [909e078005fe] 1995-07-30 Todd C. Miller <[email protected]> * logging.c: removed a bunch of unnecesary strncpy()'s and replaced with strcat() [644506b57d61] 1995-07-29 Todd C. Miller <[email protected]> * Makefile.in, version.h: ++version [3cd6f1fbc3d9] 1995-07-27 Todd C. Miller <[email protected]> * parse.yacc: fixed free() of an uninitialized pointer (yuck) [8c404ee502ee] * testsudoers.c: added netgr_matches [e7c9fa2f774c] * parse.c: cleaned up netgr_matches [8108f00b810e] 1995-07-26 Todd C. Miller <[email protected]> * RUNSON: updated for 1.3.4 [4741704310a1] 1995-07-25 Todd C. Miller <[email protected]> * Makefile.in: now installs sudoers.man -- really should clean this up though. [455631d45a1d] * Makefile.in: added sudoers.cat and sudoers.man [0bdedd6c7363] * sudo.man: pulled out stuff on the sudoers file format into a separate man page [de215d999cb9] * sudoers.man: Initial revision [f25eafbb7095] * HISTORY: fixed up my email address [254fbf80be74] * configure.in: added checks for innetgr and getdomainname [24a99cb7e97e] * visudo.c: added dummy netgr_matches function [1841ff2c01da] * parse.c: added netgr_matches [ec90db6a97b8] * parse.lex, parse.yacc: added NETGROUP support [c9dd93e3bc4b] * config.h.in: added HAVE_INNETGR & HAVE_GETDOMAINNAME [14abd494d875] 1995-07-24 Todd C. Miller <[email protected]> * sudo.c: rewrote clean_env() that has rm_env() builtin [55cb43818a95] 1995-07-23 Todd C. Miller <[email protected]> * check.c: now cast uid to long in sprintf [b549eea40aeb] * OPTIONS: added _INSULTS suffix to HAL & GOONS end [ed620d0aad30] * options.h: added _INSULTS suffix to HAL & GOONS [9f72e9b83afd] * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: converted to new scheme of insult "unions" end [2f6d2b412132] * sudo.c: now uses MAX_UID_T_LEN [c1df79e0f389] * configure.in: added SUDO_UID_T_LEN !l [195f0b9f5f84] * config.h.in: added MAX_UID_T_LEN [73f42ae4f14d] * check.c: now use MAX_UID_T_LEN [df9c063234cb] * aclocal.m4: added check for max len of uid_t fixed sco vs. isc check [d558f36d2223] 1995-07-19 Todd C. Miller <[email protected]> * configure.in: corrected version [828dd1571e86] * configure.in: added sco support [af1e2f616638] * aclocal.m4: hack to check for sco [549ab99a9a43] * interfaces.c: removed #include <net/route.h> since it was hosing some OS's [ac78a7c04005] 1995-07-18 Todd C. Miller <[email protected]> * find_path.c: fixed prreadlink() prototype [b380fe1f2b11] * check.c: added parens in #if's [e96ade691b82] * configure.in: added SPW_ prefix [a302683a1483] * sudo.h: moved SPW_* to config.h.in [6b3be70e34cf] * sudo.c: added a set of parens [8188d735d695] * config.h.in: added SPW_* [5ead6371cf60] * sudo.h: added SPW_* reordered error codes [dead25b4ed0a] * check.c: moved SPW_* to sudo.h [ca51fb04caf4] 1995-07-17 Todd C. Miller <[email protected]> * sudo.c: SPW_AUTH -> SPW_SECUREWARE [6b512b2bc5dc] * logging.c: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT [defdd0944e2f] * configure.in: AUTH -> SECUREWARE [d1f8a17001dd] * check.c: SPW_AUTH -> SPW_SECUREWARE [af0e8d8b89b2] * check.c: now uses SHADOW_TYPE to make shadow pw support more readable and modular. It's a start... [8c2a59667014] * configure.in: added autodetection of shadow passwords [85f81fa54b1b] * sudo.c: now uses SHADOW_TYPE define [355e5dc09b07] * config.h.in: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines [c0c06e83e483] * aclocal.m4: added SUDO_CHECK_SHADOW [464301301639] 1995-07-12 Todd C. Miller <[email protected]> * configure.in: define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for memmove() since we dno longer use it... [8aefa87d7d31] * CHANGES: updated [ce97b3fd7182] * logging.c: added BROKEN_SYSLOG support [a45c3bca36f6] * config.h.in: added BROKEN_SYSLOG [6f6abf0a6268] * check.c: now only bitch it timestamp > time_now + 2 * timeout to allow for a machine udpating its time from a server [546bc8d35325] * sudo.man: added 2 security notes updated Nieusma's email addr [616756c56977] * lsearch.c: changed a memmove() to memcpy() since we don't have to worry about overlapping segments. [30baa478526b] 1995-07-11 Todd C. Miller <[email protected]> * interfaces.c: cleanup up the loop when interfaces are groped in so that it is readable [1fa39446bd69] * Makefile.in, version.h: ++version [b46bd2b1770f] 1995-07-09 Todd C. Miller <[email protected]> * CHANGES: annotated 124-126 [b82a2b3ec7ce] 1995-07-07 Todd C. Miller <[email protected]> * check.c: fixed permissions check on /tmp/.odus [cc2431a65468] 1995-07-06 Todd C. Miller <[email protected]> * check.c: fixed some comments [8896d09b4fda] * check.c: now checks owner & mode of timedir also checks for bogus dates on timestamp file [a0fad5df5b0a] * OPTIONS: updated TIMEOUT info [033cc22d9e04] * logging.c, sudo.h: added BAD_STAMPDIR and BAD_STAMPFILE [31d9ce691101] * compat.h: added definition of S_IRWXU [ff2dab091a9b] * CHANGES: updated [a40df90284f1] 1995-07-03 Todd C. Miller <[email protected]> * interfaces.c: added #ifdef to make it compile on strange arches [4a127f12afce] 1995-07-02 Todd C. Miller <[email protected]> * aclocal.m4: fixed check for fulkl void impl. [b6f2a4a361d8] * check.c: added mssing "static" [520552f2772b] * insults.h: replaced #elif with #else #if constructs for ancient C compilers [39ab2d365b57] * INSTALL: updated irix c2 & kerb5 info [ae79b99b4905] * configure.in: added shadow pw support for irix [632469d9c528] 1995-07-01 Todd C. Miller <[email protected]> * BUGS, TODO: updated [2a96bb18ac30] * CHANGES: last changes for sudo 1.3.3 [c1c0cd1034b8] * configure.in: now calls SUDO_SOCK_SA_LEN [14ea78159d45] * config.h.in: added HAVE_SA_LEN [cc2a346aa905] * aclocal.m4: added SUDO_SOCK_SA_LEN [456a2025644a] * interfaces.c: now works with ip implementations that use sa_len in sockaddr [90be6e028077] * INSTALL: added note about buggy AIX compiler [c0f6d427e4e4] * interfaces.c: now include sys/time.h for AIX [2510858ab38b] 1995-06-28 Todd C. Miller <[email protected]> * Makefile.in: getcwd -> getwd [66085ebca98e] * interfaces.c: now works for ISC and others. yay. [f336d4ffc927] 1995-06-26 Todd C. Miller <[email protected]> * Makefile.in, version.h: version++ [836cffc2078d] 1995-06-23 Todd C. Miller <[email protected]> * aclocal.m4: fixed test for full void impl [fb004107e7b9] * sudo.c: now check to see that st_dev is non-zero before assuming that we are being spoofed [1b0e1c30c506] 1995-06-20 Todd C. Miller <[email protected]> * aclocal.m4, configure.in: SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL [4953379bfb01] 1995-06-19 Todd C. Miller <[email protected]> * aclocal.m4: fixed include file order for SUDO_FUNC_UTIME_POSIX [ff64ab7df44f] * logging.c: added cast for ttyname() [444f05f56758] * configure.in: fixed typo [de068e748431] * check.c: now deal correctly with all known variation of utime() -- yippe [b778a4195a89] * configure.in: added SUDO_FUNC_UTIME_POSIX [cf635f2269d6] * aclocal.m4: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX [d79593be4b73] * config.h.in: added HAVE_UTIME_POSIX [c67b4ac0dca5] * check.c: fixed a typo [b14df5680f59] * check.c: no longer assume !HAVE_UTIME_NULL means old BSD utime() [0aeaf4b2f38b] * check.c: fixed fascist C compiler warning [c61ddf2f1f93] * interfaces.c: now set strioctl.ic_timout in STRSET() now initialize num_interfaces to 0 (just to be anal) [c54cc2ba0052] 1995-06-18 Todd C. Miller <[email protected]> * sudo.h: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname [74cf585a54fb] * logging.c: added tty logging [e27d8dcfbd78] * interfaces.c: reworked the ISC code [bcf57ce8ae69] * Makefile.in, version.h: updated version [032941c9b94d] * check.c: now expect old-style utime(3) if utime() can't take NULL as an arg [018dd4a73030] * configure.in: added check for utime.h [0b76e8feb618] * config.h.in: added HAVE_UTIME_H [62ee42feda46] * Makefile.in: added CPPFLAGS STATIC_FLAGS -> LDFLAGS [fa3201d294e1] * configure.in: now search for kerb libs and includes [cc332401e571] * check.c: added support for utime(2)'s that can't take a NULL parameter [98797fedf69f] * utime.c: moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs [6ce6d825fb44] * configure.in: added utime(s) stuff [a2afb744403e] * check.c: now use utime() [48902240a51e] * config.h.in: added HAVE_UTIME and HAVE_UTIME_NULL [9a56ab65d4f4] 1995-06-17 Todd C. Miller <[email protected]> * utime.c: now use HAVE_UTIME_NULL [e3944de09a92] * emul/utime.h, utime.c: Initial revision [a2cbf2ef3427] * check.c: need to setuid(0) to make kerb4 stuff work. [c6cfda4039d7] * tgetpass.c: no more special case for kerberos [4a5c33145be9] * config.h.in: took out setreuid and setresuid stuff added kerb5 stuff (use kerb4 emulation) [a607ee43e650] * compat.h: no longer need setreuid() emulation now set _PASSWD_LEN to 128 if kerberos [02fb274cc136] * check.c: now use private ticket file for kerberos support to avoid trouncing on system one [28d8b6b812c7] 1995-06-15 Todd C. Miller <[email protected]> * sudo.h: added SPOOF_ATTEMPT & cmnd_st [d3b42a1f4d0d] * sudo.c: added anti-spoofing support [ab1e2aa44a57] * parse.c: now use global cmnd_st [47018265a1a6] * logging.c: added SPOOF_ATTEMPT suypport [7bbe9dd2a021] * testsudoers.c, visudo.c: added void casts where appropriate [f191441ba333] * parse.yacc: fixed up spacing and added void casts where appropriate [15d886fc809c] * sudo.c: fixed problem with "-p prompt" but no args [6fc048261a3e] 1995-06-14 Todd C. Miller <[email protected]> * sudo.man: added BUGS and annotated -l description [e5c506de2603] * sudo.h: validate() now takes a flag [26627becc60a] * sudo.c: validate() now takes a flag added -l [a4f7bb97fe54] * parse.yacc: added support for -l [e7a9b10b0ad3] * parse.c: validate() now takes a flag that says whether or not to check the command [9e1e67f4e281] 1995-06-08 Todd C. Miller <[email protected]> * logging.c: now deals with Argv == 1 [0acb637ab635] * sudo.man: added -p option [e60382fc0561] * sudo.c: added prompt support reworked parse_args() [2f605267ed4a] * sudo.h: added prompt [5ab021bdb419] * options.h: added PASSPROMPT [614727ff44a2] * check.c: now use BUFSIZ as length of kerb password added kpass so pass is always a char * now use prompt global when asking for a password [76be09af784f] * tgetpass.c: now use BUFSIZ as _PASSWD_LEN if using kerberos [1e907eed312b] * OPTIONS: added PASSPROMPT [ddb2f405ce40] 1995-06-07 Todd C. Miller <[email protected]> * configure.in: only look for -lufc or -lcrypt if crypt() not in libc [9717d315661f] * check.c: don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN (unknown user) silently fail [2b48693d4ee9] * INSTALL: added kerb4 note [986e393f740c] * tgetpass.c: HAVE_KERBEROS -> HAVE_KERB4 [e438bfb5e6aa] * check.c: removed debugging printf [1cf9f5cbffa5] * configure.in: KERBEROS -> KERB4 added checks for setreuid & setresuid [01e9945beb1e] * config.h.in: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID [0e0bb5b8ac3e] * compat.h: added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation with setresuid if applic [9dae24c47696] * check.c: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if no setreuid() or a broken one [1fca642bdb8e] 1995-06-06 Todd C. Miller <[email protected]> * configure.in: added kerberos support [da5639b9b8e7] * config.h.in: added HAVE_KERBEROS [fcc5be550e65] * tgetpass.c: added KERBEROS support (long passwords) [303ba6924dd2] * check.c: added kerberos support [e40afe98fc1d] 1995-06-03 Todd C. Miller <[email protected]> * sudo.h: added MODE_BACKGROUND [9b483c932016] * sudo.man: escaped dashes added -b option [62e84f1a7714] * sudo.c: added -b option [7e78aaefeb95] * check.c: added crypt() for osf/1 3.x enhanced secuiry [e9aa5abdb7d5] * configure.in: now check for -lcrypt [5cb9c67e9fa2] * interfaces.c: added ENXIO like EADDRNOTAVAIL [74223bb1ba75] 1995-05-08 Todd C. Miller <[email protected]> * configure.in: now emulate getwd(), not getcwd() [3e5439d9a5f4] * sudo.c: getcwd() -> getwd() [6392a96a658e] * getwd.c: getcwd -> getwd [1b0ab9bae11e] 1995-05-02 Todd C. Miller <[email protected]> * ins_2001.h, ins_classic.h, ins_goons.h: Initial revision [86db60d8cf00] * insults.h: broke out insults into separate include files [0a01993bd38a] * OPTIONS, options.h: added GOONS [e283203c6515] * Makefile.in: added ins_2001.h ins_classic.h ins_goons.h [2a39cd6a4cd2] * Makefile.in, version.h: ++version [05ebf4f5e41a] * visudo.c: moved signal handler setup to setup_signals() [3dd976c04540] * sudo.h: added load_interfaces() [af2d473b09e2] * sudo.c: moved load_interfaces to interfaces.c [5c8c138e5d4c] * parse.yacc: added clearaliases [aeb4ff301daa] * OPTIONS, options.h: added FAST_MATCH [f49ea3d1b525] * parse.lex: now uses clearaliases variable [a2dda415bf61] * interfaces.c: Initial revision [a1990e3f5c69] * Makefile.in: added interfaces.[co] [1e8e5984de97] * testsudoers.c: now uses ip addrs and netmasks via load_interfaces() [54b8f7a6835e] * sudo.c: now remove IFS instead of setting to "sane" value [ce7eec9f115e] 1995-05-01 Todd C. Miller <[email protected]> * parse.c: added FAST_MATCH [816d4f5fe81a] 1995-04-30 Todd C. Miller <[email protected]> * Makefile.in: sudo_goodpath.c-> goodpath.c [a5072c4e1de2] * sudo.c: added Andy's new ISC changes [caa6bbee358e] 1995-04-14 Todd C. Miller <[email protected]> * OPTIONS: added a sentence to SECURE_PATH info [cad6e1569d15] * BUGS: added one [4b35cf699a83] * CHANGES: updated [5fded9dc62f0] * RUNSON: updated [33cb993cfd39] 1995-04-13 Todd C. Miller <[email protected]> * RUNSON: updated for beta3 [a05dc6a91995] * Makefile.in, version.h: ++version [54aaf3fadc75] * aclocal.m4: sendmail is now looked for in /usr/ucblib [231ac1a4662f] * sudo.c: fixed indentation [fb137400c8c2] * aclocal.m4: fixed a typo [e03f1acc468b] * sudo.c: updated ISC mods [070290d4754b] * configure.in: added unixware case [e90250bae0d9] * check.c: user_is_exempt is no longer hidden [1a341765b8af] * RUNSON: updated [a9c4898b26dd] * aclocal.m4: isc and riscos changes [98b5d86585d1] * OPTIONS: added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH [e1ecc464ce4b] * Makefile.in: fixed a typo and added testsudoers stuff [435d60e163dc] * testsudoers.c: Initial revision [6ce14a448662] 1995-04-12 Todd C. Miller <[email protected]> * parse.yacc: applied fixed patch from Chris [cd6144203d13] 1995-04-11 Todd C. Miller <[email protected]> * Makefile.in: fixed a typo [34f8a54ba041] * parse.yacc: added a set of braces for bison [f0e43b938914] * parse.yacc: merged in Chris' changes to dekludge the parser. [82d6e373ab1c] * logging.c: send_mail() was calling find_path() which is wrong since find_path() stores cmnd in a static var. Anyhow, it doesn't make much sense since MAILER should always be fully qualified [6eae6a0b8098] 1995-04-10 Todd C. Miller <[email protected]> * sample.sudoers: added User_Alias stuff [aaba8c8e918d] * aclocal.m4: SUDO_NEXT now looks for /usr/lib/NextStep/software_version [52bd81f34b32] * RUNSON: added DEC UNIX 3.0 w/ gcc [7daf570775b5] * visudo.c: Exit was being used in places where exit should be used [6026a89c07ed] * sudoers: added "User alias specification" [a487b6e234f8] * parse.yacc: fixed probs caused by making nslots and naliases a size_t [0be919384f3f] * RUNSON: added KSR, upped rev to 1.3.1b2 [ce04ee6faadf] * logging.c, parse.yacc: 1024 -> BUFSIZ [cd6dda45fa11] * parse.yacc: void * -> VOID * naliases and nslots are now size_t to appease lsearch on 64-bit machines [bf2f807c0dc1] 1995-04-09 Todd C. Miller <[email protected]> * TODO: did a bunch of things and added a bunch :-) [42afd957b829] * PORTING: updated [972f95c85776] * visudo.man: closer to BSD manpage style [07ae88f50325] * sudo.man: closer to standard BSD man format [372c28dcc135] * compat.h, config.h.in, emul/search.h, insults.h, options.h, pathnames.h.in, sudo.h, version.h: added RCS id [c0ec90b81002] * sudo.h: removed crufty #defines that are no longer used [35e2b4b477f0] * BUGS: fixed a bug [5bb3e1bee85e] * sudo.man: updated based on sudo changes [e65de1cae438] * parse.yacc: now allow ALL keyword in User_Aliases now allow ALL keyword as well as a NAME or ALIAS [1fb31404dd0f] * CHANGES: updated [b24018ac610b] * sudo.c: now sets SUDO_COMMAND and SUDO_GID envariables. [e9d791557fb7] * aclocal.m4: fixed bug with full void impl check [35715301023c] * parse.yacc: fixed User_Alias supoprt [4c30dfbaaa07] * parse.yacc: added stubs for User_Alias support [f4afbd247edf] * sudo.c: now sets removes # bogus interfaces from num_interfaces [6f077fac9ab1] * parse.lex: added User_Alias support [bc7997e5df85] 1995-04-08 Todd C. Miller <[email protected]> * Makefile.in: removed extraneous TODO [bc87a3b14d6d] 1995-04-07 Todd C. Miller <[email protected]> * visudo.c: ntwk_matches -> addr_matches [475044e288b8] * parse.yacc: ntwk_matches -> addr_matches [dd1f4093fd2d] * parse.c: ntwk_matches -> addr_matches now use inet_addr() not inet_network() (which expects octet boundaries) fixes for OSF (sizeof(int) != sizeof(long)) [acd2f556940f] * sudo.c: took out debugging info [044023063eca] * aclocal.m4: OS was being set to unknown before non-uname based host checks. This caused no checks to happen since $OS was not zero-length. [335a7267479d] * sudo.c: fixed loading of interfaces struct still has debugging info in though [2d1a18998c1e] * parse.c: fixed typo [175674a3a9fa] 1995-04-06 Todd C. Miller <[email protected]> * Makefile.in: ++version [55d191b5daa3] * version.h: ++ [d7d1f115696a] * visudo.c: removed extraneous extern decl of "top [50355621047d] * visudo.c: now zeros "top" [4e683210345b] * parse.yacc: removed parser_cleanup (no need for it now) [afa59f222b6c] * parse.lex: now calls reset_aliases() directly [3a23cbd60fc0] 1995-04-04 Todd C. Miller <[email protected]> * OPTIONS: added a sentence to SECURE_PATH description [c5bf75b85af0] * parse.c: fixed my stupid bug where I used NAMLEN on something I wanted to just get the name from. argh. [111f460f6540] 1995-04-03 Todd C. Miller <[email protected]> * lsearch.c: fixed argument order of memmove() that i hosed when converting from bcopy(). arghh. [2f5336045c8b] * Makefile.in: finally fixed DISTFILES line [a1b419e73a63] * Makefile.in: tabs -> spaces [280fb03e5764] * Makefile.in: added missing files to DISTFILES [991fc1cd2263] * Makefile.in: SUPPORTED -> RUNSON [7580e65b05fb] 1995-04-01 Todd C. Miller <[email protected]> * TODO: updated [fe764a29c1cc] * RUNSON: updated for pl5b1 release [aefc35bd2291] * BUGS, TODO: updated [8f0ea249b687] * check.c: fixed bug where if you hit return at first sudo prompt it would still log as a failure [24539c854692] * CHANGES: updated [251cc7b3ede4] * aclocal.m4: better test for bogus void * implementation [efe23180cb88] * logging.c: added PASSWORDS_NOT_CORRECT [bd12c73f83f7] * check.c: added PASSWORDS_NOT_CORRECT stuff] [90de391a979f] * sudo.h: added PASSWORDS_NOT_CORRECT [727fbeb76fc5] * tgetpass.c: moved pathnames.h [4f910e5a8df7] * sudo.c: removed some unused vars and fixed up uid2str [70e92c7f9076] * putenv.c: moved compat.h [b271091586f6] * getcwd.c, getwd.c: added pathnames.h [6f25218f133f] 1995-03-31 Todd C. Miller <[email protected]> * parse.yacc: fixed a typo I introduced in the last checkin :-( [62c3af75c4fe] * parse.lex: can't have #ifdef's where N is defined so just do this the broken way for AIX [c5648a5594e4] * parse.yacc: better hack from Chris (but still a hack) [6b6d8aed93f3] * parse.lex: stupid hack for broken aix lex [efc3f9e5280e] * tgetpass.c: now includes compat.h [401822173f77] * visudo.c: now includes fcntl.h [63865c2f8ac6] * compat.h: added FD_SET and FD_ZERO for 4.2BSD [00c5597c0bb0] * parse.yacc: dirty hack to fix parser bug. i don't really like this but it works for now... [5b8bbdc81569] * sudo.c: uid2str is now static like the prototype says [f2a97b5cb870] 1995-03-30 Todd C. Miller <[email protected]> * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING: updated [6f79c3e92716] * RUNSON: Initial revision [12a09ef9e884] * sudo.c: check_sudoers now returns an error code and sudo calls inform_user and log_error based on the return value. [340eca188d9a] * logging.c, sudo.h: added entries for new errors [6050d8542e1f] * parse.c: now set uid to that of SUDOERS_OWNER while parsing sudoers file [3683c42bc9b0] * Makefile.in: took out testsudoers [65317d49db48] * sudo.c: now explicately checks that it is setuid root [2fe1be60ef6a] * sudo.c: If a user has no passwd entry sudo would segv (writing to a garbage pointer). Now allocate space before writing :-) [d08e7eb5e5ef] * configure.in: reordered AC_CHECK_FUNCS [4c82e56c6f4f] * config.h.in: fixed memset macro [77ede6b714ab] * tgetpass.c, visudo.c: bzero -> memset [1a005bb322c8] * logging.c: bzero -> memset when a parse error is logged the line number of the error is now logged too [a42d68047723] * INSTALL: added Sunos to blurb about c2 security [af750a1d131e] * configure.in: added a SUN4 define for C2 security [6ad5b23a3eb0] * config.h.in: bcopy -> memmove bzero -> memset [5494460c8464] * lsearch.c: bcopy -> memmove char * -> VOID * [a15f5c316e16] * check.c: added support for sunos with C2 security [03fea5bb21e6] * OPTIONS, options.h: reordered [1686265af3e1] * pathnames.h.in: _PATH_SUDO_LOGFILE now set based on configure [5867b58e4a04] * configure.in: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T [1984d9fd1b5c] * config.h.in: added _SUDO_PATH_LOGFILE [dd3eebe62580] * aclocal.m4: added SUDO_LOGFILE to find where to put sudo.log added SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) [c589a515a99a] 1995-03-29 Todd C. Miller <[email protected]> * TROUBLESHOOTING: Initial revision [f42f1baba3a8] * sudo.c: now do set_perms(PERM_ROOT) before the getpwuid() in load_global() to work around a problem is trusted hpux shadow passwords. yuck. [ae1f13b54687] * parse.yacc: backed out a change in malloc/realloc [ab868db0ad69] * parse.yacc: now include stdlib.h [957eef0631eb] * visudo.c: now do an freopen() of the stmp file so that yyin will always point to the same thing. This is important for flex since we are doing a YY_NEWFILE [44558922fd3e] * parse.yacc: replaced yywrap() with parser_cleanup() since yywrap() needs to be in parse.lex to be able to use YY_NEW_FILE. sigh. [12dd09921074] * parse.lex: now have a rule that matches anything that doesn't match an explicite rule. well, you know what i mean (. matches anything not yet matched). However, this means that there is input still queued up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved into parse.lex and it calls parser_cleanup() which is most of the old yywrap() sigh. [7f4042bc48d6] * SUPPORTED: no longer used [8f220be4da94] * getcwd.c, getwd.c: moved compat.h to be the last include file [9f3a65e2d485] * parse.yacc: fixed type of aliascmp() args [1c27eb989bdf] * find_path.c: NULL -> '\0' [5c8d8cf1692e] * parse.yacc: added casts to lfind and lsearch args for irix [61027ddeecf8] * Makefile.in: bsdinstall -> install-sh [61de6612c5a5] * INSTALL: added info about make realclean [29c6324d727f] * Makefile.in: updated VERSION added dependencies for visudo.cat [09077d7229d4] * version.h: -> pl5b1 [5d21c7ad1a41] * sudo.c: took out -l [fc1478d81b38] * Makefile.in: now there is a real visudo.man and visudo.cat [58aeac43a6dd] * sudo.man: took out visudo stuff [4a6ac4393343] * visudo.man: Initial revision [cba348843db8] * parse.c, parse.lex, parse.yacc: updated copyright [ffa16b70944a] * README: updated for pl5 [a26e423e9e5f] * sudo.man: updated Nieusma & Hieb email addresses [f0083e71989d] * INSTALL: updated to include options.h and OPTIONS [ee59e2b76c94] * CHANGES, TODO: updated [51e011ad5220] * BUGS: eliminated bug #1 (yay) [e7e88515494e] * configure.in: sunos no longer gets linked statically [2e5b3ff3108f] 1995-03-28 Todd C. Miller <[email protected]> * parse.lex: prototype now uses __P() [68ecdcab4c70] * parse.lex: make fill() non-ansi [d6509972260b] * parse.c: made -v (validate) work [13c9d520638c] * logging.c: now gives host [f04859cdba5a] * find_path.c: don't check for execute/statable if fq or relative path given [4bbe851f3973] * parse.c: added a cast [345c308f72f3] * visudo.c: now include ctype.h for islower and tolower macros [582c0aa332d5] * goodpath.c: moved _S_IFMT & _S_ISREG to compat.h [828e4ca4e7b4] * sudo.c: moved a set of parens [5783474ecf37] * strdup.c: now include compat.h [75e2036b94af] * emul/search.h: void * -> VOID * [cedcfaf04161] * parse.yacc: now cast malloc & realloc return vals added search for HAVE_LSEARCH now use strcmp if no strcasecmp available [d6a42bc3d4ae] * lsearch.c: void * -> VOID * [886adc44f607] * config.h.in: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H, HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH [3b50d7fb4349] * compat.h: added _S_IFMT, _S_IFREG, and S_ISREG [73d506c7d53c] * aclocal.m4: took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results to most SUDO_* macros [8442155f5936] * Makefile.in: no more -I. [63462f195bd4] * configure.in: various 1.x ro 2.x autoconf changes now check for strcasecmp now use AC_INSTALL_PROG instead of custom one added check for fully woorking void implementation [5ac6b6e6230f] * Makefile.in: added lsearch & search.h visudo links into $(LIBOBJS) [bc119cda4598] * aclocal.m4: partial 1.x to 2.x changes added SUDO_FULL_VOID [1194d01fa5c5] * visudo.c: whatnow_help was prototyped to be static be was not declared as such [0f85489dd426] * configure.in: autoconf 2.x changes took out HAVE_FLEX (no longer used) added check for dirent/dir/ndir.h [7408f3854948] * parse.c: now use groovy gnu autoconf macro AC_HEADER_DIRENT [e465db9f5dfa] * getcwd.c, getwd.c: MAXPATHLEN -> MAXPATHLEN+1 [714d87424e21] * emul/search.h, lsearch.c: Initial revision [55d79482c535] 1995-03-27 Todd C. Miller <[email protected]> * parse.yacc: eliminated bison warnings [61ca0a96da22] * parse.lex: added missing case [6be0f849747c] * visudo.c: now iincludes signal.h [221e0fcc144f] * parse.yacc: only clear data structures on a parse error [7b1c0f1a4527] * visudo.c: whatnow() now gives help on invalid input [e5a4cd88c587] * visudo.c: added a whatnow() function (sort of like mh) [932d9b145f1c] * parse.yacc: kill_aliases -> reset_aliases yywrap() now cleans up by calling reset_aliases() and clearing top took reset stuff out of yyerror() since it doesn't beling there (and doesn't work anyway). errorlineno is now initially set to -1 so we can set it to the first error that occurrs (it was getting set to the last) [2f71f95a974c] * parse.lex: added a void cast [18ae6042dce4] * visudo.c: rewrote from scratch based on 4.3BSD vipw.c [2f6814f18576] 1995-03-26 Todd C. Miller <[email protected]> * sudo.c, sudo.h: removed ocmnd [a31735f41ad4] * sudo.h: no more sudo_realpath() and find_path() changed params [8e85c3b39159] * sudo.c: find_path() changed since no more realpath() [b25366c7f2ee] * parse.yacc: on error, errorlineno is set to the line where the error occurred added kill_aliases() to free the aliases struct now clean up in yyerror() so we can reparse cleanly [2342f578c27a] * options.h, parse.c: no more USE_REALPATH [cfc59babeaff] * logging.c: changed to use new find_path() [91c7a38e7751] * find_path.c: removed all the realpath() stuff [cc21a43a8562] * Makefile.in: sudo_realpath.c -> sudo_goodpath.c [03a9b1ddec2f] * visudo.c: now works correctly with utk parser [08aa554a0ce8] * goodpath.c: Initial revision [1ea607e1ffb2] * sudo_realpath.c: eliminated a compiler warning [198bcccc55b6] * sudo.c: elinated compiler warning [e2384f9a878b] * sudo_realpath.c: added sudo_goodpath() [43878c4cc540] * sudo.h: added prototype for sudo_goodpath [23e8627a2265] * parse.c: added support for /sys/dir.h [eca897087741] * options.h: USE_REALPATH turned off [620ac8b63d85] * find_path.c: added calls to sudo_goodpath() [ad170904fbcd] * configure.in: added check for dirent.h [7964a8c26855] * config.h.in: added HAVE_DIRENT_H [1f785fec7e19] * configure.in: added in linux shadow pass stuff [e585a5785f50] 1995-03-24 Todd C. Miller <[email protected]> * visudo.c: added back host, user, cmnd, parse_error [0ec19f3d64f4] * visudo.c: added in utk changes plus some minor cosmetic changes [c5c1921c8a58] * sudo.c, sudo_realpath.c: added void casts for printf's [9c6ff11c0082] * options.h: added a define of USE_REALPATH [db3711c9efc5] * configure.in: there is no more visudoers/Makefile [36e1bc1f78d0] * Makefile.in: added in utk changes (visudo is now built from the toplevel) [76203d4b345d] * find_path.c: added (void) casts to printf's [dd5cb1e060ac] * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: merged in utk changes [35563307fd8e] 1995-03-23 Todd C. Miller <[email protected]> * find_path.c: now check to see that what we are trying to run is a file (or a link to a file, we do a stat(2) so there is no diff) [05889c4bcace] 1995-03-13 Todd C. Miller <[email protected]> * CHANGES: updated [3e8047bb26fb] * Makefile.in: aclocal.m4 -> acsite.m4 make realclean updated for new autoconf [0bdbaa7c4c7d] * sudo.man: added myself as maintainer [77a9d75aab84] 1995-02-17 Todd C. Miller <[email protected]> * sudo.c: changed setegid -> setgid [7f4788d73b6f] 1995-02-06 Todd C. Miller <[email protected]> * configure.in: fixed the test for irix 5.x to skip bad libs [bfef896de013] * aclocal.m4: now initialize OS and OSREV [cc302756e440] 1995-01-27 Todd C. Miller <[email protected]> * configure.in: irix5 changes [ac985b23f5f2] * configure.in: AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1 compatibility [0cf8c92a06d7] 1995-01-19 Todd C. Miller <[email protected]> * visudo.c: use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ thing wrt yyrestart (grrrr) [18e8eabfbb82] 1995-01-16 Todd C. Miller <[email protected]> * Makefile.in: added visudoers/compat.h to DISTFILES [db23b574b034] * configure.in: fixed an echo [7cbc0462b89d] * sudo.c: added ocmnd declaration adjusted for find_path()'s new parameters [d929cd156474] * sudo.h: added ocmnd extern adjusted find_path() prototype [e0004daf5d3c] * parse.c: cmndcmp() now takes 3 arguments and checks against the qualified as well as the unqualified pathname. more code that should use cmndcmp() but did not, now does [6f70a8c17bee] * options.h: added to a comment [7a78680426b2] * logging.c: changed to use new find_path() parameter passing [840981d30db4] * find_path.c: find_path() now takes 2 copyout parameters (one for the qualified pathname and one for the unqualified pathname). The third parameter may be NULL. [851503b005e9] * configure.in: no longer munge pathnames.h [427d8796c5a9] * pathnames.h.in: changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h) as a result, pathnames.h does not need to be run through configure and the user can override the configured values easily. [2e378f2ebe88] * config.h.in: added _SUDO_PATH_* entries [0857de7cebab] * aclocal.m4: _PATH* -> _SUDO_PATH_* [7601193f56cc] * Makefile.in: updated DISTFILES and HDRS .o's now depend on config.h [39d8601965cf] 1995-01-13 Todd C. Miller <[email protected]> * compat.h: removed extraneous #endif [27d4c5f2ce7e] * aclocal.m4: added SUDO_PROG_MV [76dda3bdd816] * configure.in: added SUDO_PROG_MV added riscos and isc os types took out -DSHORT_MESSAGE from --with-csops since it is now the default [68c206ad976e] * sudo.c: move the include of id.h to compat.h now includes options.h [45a1eaafb3a8] * sudo.h: moved compatibility #defines to compat.h [0eee27057698] * pathnames.h.in: added _PATH_MV [e830797ab320] * config.h.in: move __P to compat.h [188e12e0ba93] * getcwd.c, getwd.c, putenv.c: now includes compat.h [c72cb6d73981] * compat.h: Initial revision [d4d2f359ae03] 1995-01-12 Todd C. Miller <[email protected]> * sudo.h: pull user-configurable stuff out and put in options.h [ef929467b070] 1995-01-11 Todd C. Miller <[email protected]> * parse.lex, parse.yacc, visudo.c: now includes options.h [e36d7c82add1] * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c, sudo_setenv.c: now includes options.h [f186ba03de07] * Makefile.in: added visudoers/options.h [e5350c476494] * OPTIONS, options.h: Initial revision [9b6b5001e318] * Makefile.in: added OPTIONS and options.h [25448341e16a] * logging.c: changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE [5dd6385dd1d3] * check.c, sudo.h: changed PASSWORD_TIMEOUT to minutes [0ec6aab98738] 1994-12-17 Todd C. Miller <[email protected]> * visudo.c: now only do Editor +line_num if line_num != 0 [b69f04b5e3c7] 1994-12-16 Todd C. Miller <[email protected]> * visudo.c: now use mv if rename(2) fails [83210dca1bab] * BUGS: added a visudo bug [d61a806f9aa7] * check.c: expanded comment [641f2cba94cb] 1994-11-12 Todd C. Miller <[email protected]> * check.c: fixed user_is_exempt to return 0 if EXEMPTGROUP is not set [7a11135039a8] 1994-11-10 Todd C. Miller <[email protected]> * sudo.c: added mips & isc support [e258dc053119] * parse.c: added support for non-root owned sudoers file [fea07e65a0fc] * check.c: added exempt group support [928fb4bd9ad5] * sudo.h: added set_perms() support added SUDOERS_OWNER so can have non-root own sudoers file added exempt group support added isc support [61c578d31fc1] * visudo.c: now copy sudoers to temp file via read/write (not stdio) now chown new sudoers file to SUDOERS_OWNER [a5176c59df70] 1994-11-08 Todd C. Miller <[email protected]> * configure.in: added skey support [35a8d2fabdb7] * sudo_realpath.c: be_* -> setperms() [a1631d686e1c] * sudo.h: fixed typo added set_perms support added skey support added seteuid()/setegid() emulation for AIX [c0c8d6771406] * sudo.c: be_* -> setperms() now check to make sure sudoers file is owned by root nread/write by only root [13ab1e261f1a] * logging.c, parse.c: be_* -> setperms() [21499d845c8f] * check.c: be_* -> set_perms() added skey support [df51b56871c1] 1994-11-06 Todd C. Miller <[email protected]> * Makefile.in: ++version [3c1abbe4e43c] * version.h: ++ [1d2f9b540a95] 1994-10-21 Todd C. Miller <[email protected]> * sudo.c: now sets IFS [eabbb41b9f08] * insults.h: fixed typo [c7997f19216e] 1994-10-15 Todd C. Miller <[email protected]> * config.h.in: added HAVE_SKEY [da948ec4186b] 1994-10-04 Todd C. Miller <[email protected]> * CHANGES: updated [f4b55ab007ea] * Makefile.in: ++version [0489068b8c95] * version.h: ++ [d189faedf423] * sudo.c: now bail if ARgv[1] > MAXPATHLEN [0cea8ecc9dc2] * configure.in: added function check for tcgetattr(3) [e03289b22c2f] * config.h.in: only define HAVE_TERMIOS_H if you have tcgetattr(3) [757eab83d1a2] * config.h.in: added check for tcgetattr [c5ae92715930] 1994-09-26 Todd C. Miller <[email protected]> * CHANGES: updated [cbc419883108] 1994-09-22 Todd C. Miller <[email protected]> * parse.lex: now only include unistd.h for linux [e9adeab95ef0] 1994-09-21 Todd C. Miller <[email protected]> * Makefile.in: added visudo.8 generation [d6a3f0f887f8] * configure.in: added -Wl,-bI:./aixcrypt.exp to aix flags [72594a21edcf] 1994-09-20 Todd C. Miller <[email protected]> * BUGS: added one [9993a349e096] * CHANGES: updated [297b31ec4cdd] * README: added mailing list info [10372f94a2b2] * parse.yacc: now use sudolineno instead of yylineno fixed bison warnings [25a83e62057b] * configure.in: now use -no_library_replacement for osf don't make a static binary for hpux >= 9.0 [1fa7b892f1a3] * tgetpass.c: added string.h/strings.h inclusion [71faa98fc0a1] * config.h.in: added ssize_t def [406284bd1ac0] * parse.lex: added inclusion of string.h/strings.h [6985b1df5d09] * aclocal.m4: fixed uname | sed (needed to quote the '[') [4cd2d3415c1a] * parse.lex: replaced yylineno with sudolineno fixed bison syntax errors [0bd31a5fab26] * visudo.c: changed yylineno to sudolineno since yylineno cannot be counted upon. [38c30104d0ae] * TODO: updated [5d4746f1a752] * parse.c: added code to support command listings [030172e133fd] * sudo.c: added code for -l flag [801dbbc82778] * sudo.man: fixed typo added info for -l flag [8916ca945d65] * configure.in: AC_SSIZE_T -> SUDO_SSIZE_T [c61f7f47013f] * aclocal.m4: added SUDO_SSIZE_T [0ccdb77be84d] * sudo.h: added MODE_LIST [9b2bd844c76c] * configure.in: added AC_SSIZE_T [35cca208f9b5] * find_path.c, sudo_realpath.c: readlink() is now declared as returning ssize~_t [0640a08d1407] * configure.in: added -laud for OSF c2 [b7539c905efc] 1994-09-02 Todd C. Miller <[email protected]> * Makefile.in, visudo.c: changed sudo-bugs.cs.colorado.edu -> [email protected] [067fd9bcb5e1] * config.h.in, parse.lex, parse.yacc, pathnames.h.in: changed sudo-bugs.cs.colorado.edu -> [email protected] [fc46e7c7110a] * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c, parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c, sudo_setenv.c, tgetpass.c, version.h: changed sudo-bugs.cs.colorado.edu -> [email protected] [d1d4fbc53a98] 1994-09-01 Todd C. Miller <[email protected]> * Makefile.in: ++version [b7066d97633f] * version.h: ++ [65ec69d88110] * logging.c: added host to alertmail messages [d973c19ce777] * CHANGES, TODO: udpated [5a65eb16faeb] * logging.c: fixed logging problem where mail would not say which user it was [35723edcc5d2] * configure.in: added -laud for gcc if osf & c2 [18f1e0ae5548] * check.c: moved set_auth_parameters to sudo.c [d23112fe01db] * sudo.c: added set_auth_parameters for osf [eb70f65214ac] * configure.in: cleaned up -static stuff [01e9575f0422] * Makefile.in: ++version [7ac3bff5c770] * version.h: ++ [10a4ff478469] * sudo.c: changed setenv() to sudo_setenv() [40a78abb9946] * check.c: fixed osf problem [3d69b118efb8] * configure.in: added OSF C2 stuff [38cff3ad4093] * CHANGES: updated [cd341dd0581a] * check.c: added osf auth support & removed some extra spaces [a448cdd81514] * INSTALL, SUPPORTED: added osf C2 stuff [f70484796146] 1994-08-31 Todd C. Miller <[email protected]> * TODO: added 2 suggestions [695fbdbd86e6] * Makefile.in: removed README.v1.3.1 and added VERSION stuff [f69403eb04c6] * version.h: pl1 [21580c0f8cb1] 1994-08-30 Todd C. Miller <[email protected]> * version.h: 1.3.1final [630114970298] * Makefile.in: added HISTORY [901bff251614] * sudo.man: mention HISTPRY file [86dbcfd4326e] * sudo.c: use sizeof instead of a constant in 1 place [d819604c68ca] * parse.yacc: added unistd.h [6f9500f9fe7e] * parse.lex: added unistd.h [468b81a276eb] * README: udpated [7e275618923a] * HISTORY: Initial revision [5db1b0a3939b] 1994-08-17 Todd C. Miller <[email protected]> * version.h: ++ [7dfbb4a810bb] [SUDO_1_3_1] * CHANGES: updated [7820ee610bf8] * sudo_setenv.c: added unistd.h include [30cf2b654525] 1994-08-16 Todd C. Miller <[email protected]> * sudo.c: added sys/time.h for AIX [199fc8caf3a3] 1994-08-15 Todd C. Miller <[email protected]> * configure.in: added check for -lsocket and sys/sockio.h [f9abfbb31031] * config.h.in: took out libshadow check and added in sys/sockio.h check [0c4b0393ac80] * sudo.c: now include sockio.h instead of ioctl.h if it exists "sudo -" now gets a better error message [53041bea5483] * sample.sudoers: now has a dir and subnet entry [56b820f65438] 1994-08-13 Todd C. Miller <[email protected]> * sudo.c: removed if_ether.h [b4f64507493e] * TODO: added an item [ea2a1bb6922a] * sudo.man: added network and ip addresses to man page [01c85016511f] * sudo.c: no error if can't get interfaces or netmask since networking may not be in the kernel. [50b8890e2134] * parse.c: nwo check for interfaces == NULL [dc1b3eef0db2] * parse.c: fixed a bug that caused directory specs in a Cmnd_Alias to fail if the last entry in the spec failed (ie: it was only looking at the last entry). CLeaned things up by adding the cmndcmp() function--all neat & tidy [007e93578e5e] * CHANGES: added one [40e8a2cef497] 1994-08-12 Todd C. Miller <[email protected]> * sudo.c: now do two passes to skip bogus interfaces (lo0, etc) [465e30aecaf7] * parse.lex, parse.yacc, visudo.c: added include of netinet/in.h [11e3816ed362] * logging.c, sudo_realpath.c, sudo_setenv.c: added ninclude of netinet/in.h [daccfa40fe1e] * check.c, find_path.c, getcwd.c, getwd.c: added include of netinet/in.h [0222f95e06ad] * version.h: ++ [d6b0cfa35a38] * sudo.h: added interfaces global [ba52fa8ad75e] * parse.c: now uses new interfaces global [17473ad5ecba] * sudo.c: now ip addresses are gleaned fw/o dns [8828bb2007e0] 1994-08-10 Todd C. Miller <[email protected]> * sudo.c: added load_ip_addrs() to load the ip_addrs global var [60c825f04238] * parse.c: added hostcmp() to compare hostnames, ip addrs, and network addrs [ab0e40e37537] * sudo.h: added ip_addrs def added load_ip_addrs prototype [c41c565d0777] 1994-08-08 Todd C. Miller <[email protected]> * CHANGES: updated [2a128dbe9bcb] * Makefile.in: removed multiple entries in DISTFILES [2490f4f371e6] * visudo.c: ansified the !STDC_HEADERS decls [646ba06d17ae] * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: don't do malloc decl if gnuc [f1bad1925f98] * sudo.c: can't use getopt(3) since it munges args to the command to be run as root don't do malloc decl if gnuc [38e78f6da14e] * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c, sudo_realpath.c, sudo_setenv.c: ansi-fied !STDC_HEADER function prottypes [51d8cad89976] * getcwd.c, getwd.c: added missing paren [6a1fae70e27e] * Makefile.in: added putenv.c to DISTFILES [a5e4523eabbb] * sudo_setenv.c: added params to func decls when STDC_HEADERS is not defined now can count on putenv() being there [fd587796189b] * sudo_realpath.c: took out errno decl since sudo.h does it for us fixed up a next cc warning added params to func decls when STDC_HEADERS is not defined [70fa5152ace6] * sudo.h: took out environ extern added local declaratio of putenv() if local version is needed [a84bae6c020d] * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: added params to func decls when STDC_HEADERS is not defined [f406f0e47ac0] * config.h.in: added memcpy check check to see that ansi vs bsd macros are ntot already defiend before defining (ie: avoid redefinition) [879ae026e19f] * configure.in: removed fluff setenv check plus check w/ replace for putenv if also no setenv [e3c03814ad4b] * putenv.c: Initial revision [3cff63e2dc1b] 1994-08-06 Todd C. Miller <[email protected]> * sudo_setenv.c: Initial revision [4d637631fa6b] * sudo.h: rm'd s realp[ath added sudo_realpath and sudo_setenv [07ba001ff57e] * sudo.c: now use sudo_setenvc [fd81e04d5ef0] * configure.in: added puteenv and setenv, removed realpath [27bfacfb513b] * config.h.in: added putenv & setenv [515f14eaf6e4] * Makefile.in: added sudo_setenv [217731a717c5] * version.h: ++ [eadb346d7129] 1994-08-05 Todd C. Miller <[email protected]> * configure.in: added MAN_POSTINSTALL and /usr/share/catman for irix [2a9496c1bdba] * Makefile.in: added MAN_POSTINSTALL [89b0d4695529] * CHANGES: added [48c021ba8a70] * sudo.man: added SUDO_* plus new options [c0759cff5683] * CHANGES: added one [7d44a3922d56] * configure.in: took out shadow lib [07cf3de18701] * TODO: adde done [a27a578e8afe] * visudo.c: now use yyrestart() if flex now reset yylineno to 0 [77d67ce0b677] * Makefile.in: support for installing a cat page instead of a man page if no nroff [44671c0fc0fa] * configure.in: now defines HAVE_FLEX fixed up man stuff so that it looks for nroff to determine whether or not to install a cat or man page [0562d069c135] * config.h.in: added HAVE_FLEX [c5490bae39d3] * sudo.c: not set ret to MODE_RUN initially [88b4983c195b] * find_path.c: made command (and therefor cmnd dynamically allocated) [95b82e32b6de] * TODO: did #8 [fb6f41308cdf] * version.h: ++ [14112ecab5ae] * sudo_realpath.c: changed bufs from MAXPATHLEN to MAXPATHLEN+1 [0ad4f34e55c0] * sudo.h: added MODE_ removed validate_only and added remove_timestamp() [dd5f99c57728] * sudo.c: usage() now takes an int (exit value) added parse_args() to parse command line arguments moved call to find_path() from load_globals to new function load_cmnd() removed validate_only global -- now use the concept of "modes" added -h and -k options [c3887090b28a] * parse.c: no longer use global validate_only now checks for command called "validate" removed check for non-fully qualified commands since that is done by find_path [7d56fbd26369] * find_path.c: changed MAXPATHLEN r to MAXPATHLEN+1 [a86e8664d971] * find_path.c: fixed off by one error with MAXPATHLEN and fixed a comment [58adcef8c981] * check.c: check_timestamp no longer runs reminder(), it is implied in the return val added remove_timestamp() [42ab5a77066f] * CHANGES: updated [8e69b31df024] 1994-08-04 Todd C. Miller <[email protected]> * BUGS: fixed on [bc34f1ac4280] * sudo_realpath.c: took out old_errno [a168d00a0768] * CHANGES: updated [04ba80922df7] 1994-08-03 Todd C. Miller <[email protected]> * logging.c: moved send_mail to after syslog [4d4188087834] * sudo.c: now set SUDO_ envariables [e5963f1bd3bb] 1994-08-01 Todd C. Miller <[email protected]> * version.h: ++ [2a4534845d8c] * sudo_realpath.c: now print error if chdir fails [0d75c8973d49] * find_path.c: removed an XXX [e2077bcb35aa] 1994-07-26 Todd C. Miller <[email protected]> * CHANGES: updated [e30a2b39b41a] * configure.in: no more static binaries for aix [77a0beb6bd80] 1994-07-25 Todd C. Miller <[email protected]> * INSTALL: fixed typo [ba5e0d391bc4] * sudo_realpath.c: took out stuff not needed for sudo now does be_root/be_user itself now uses cwd global [4f6d4641d793] * version.h: +=2 [97da927b297c] * logging.c, sudo.c: be_root/be_user is now down in sudo_realpath() [f331662fa50f] * logging.c, sudo.h: now works with 4.2BSD syslog (blech) [98e39d89dd36] * find_path.c: now use sudo_realpath() [ab436a8ebd02] * config.h.in: took out realpth() stuff since we now use sudo_realpath() [8de5ef9f6044] * configure.in: ultrix enhanced sec [815fb7fffcc0] * SUPPORTED: added ultrix enhanced sec. [6466766c8062] * INSTALL: updated [d681a634297a] * check.c: ultrix enhanced security suport [f10c8decbcc2] * Makefile.in: added sudo_realpath.c [6b9bcd3be022] * CHANGES: updated [2fa8084c1b53] * tgetpass.c: increased passwd len to 24 for c2 security [ec64838be62d] * BUGS: updated BUGS [ca00d8fec2ce] 1994-07-15 Todd C. Miller <[email protected]> * check.c: now use user global var [568769719013] * configure.in: took out -ls [490a44180d5f] 1994-07-14 Todd C. Miller <[email protected]> * configure.in: added AFS libs [4fb40c8c01ba] * sudo.h: user is now a char * added epasswd [27a919fafdfb] * sudo.c: added tzset() to load_globals added epasswd (encrypted password) global made user dynamically allocated [b99ef9bdbfce] * configure.in: added tzset test [27592dd1214b] * config.h.in: added HAVE_TZSET [b13f4213f3d0] * check.c: cleaned up encrypted passwd grab somewhat [c8ba9a4db38a] * configure.in: fixed AFS typo [2bfcbce237b6] * INSTALL: added AFS not [80c67329393c] * CHANGES: udpated [2f09ecdd5d31] * logging.c: can now log to both syslog & a file [4d5c0932bc01] * sudo.h: added BOTH_LOGS [623c539be824] * CHANGES: updated [a1c7f5ef3616] * configure.in: --with-AFS [28718d8f5daf] * config.h.in: added HAVE_AFS [2e32bb4e63e4] * check.c: added afs changes [fe4d0ff320a2] * sudo.h: removed AFS stuff :-) [a40387e6fa27] * tgetpass.c: include sys/select for AIX [f32c5a8f2c84] * sudo.h: added AFS [da2ab3dd0348] * version.h: ++ [452d4dfe25af] 1994-07-07 Todd C. Miller <[email protected]> * CHANGES, SUPPORTED: updated [e7dfe6f23a37] * logging.c: can now have MAILER undefined [1d33b98b35e1] * INSTALL: new sub-note about MAILER [d35c636a0574] * sudo.man: added blurb about password timeout [70c2ee50de20] * configure.in: convex c2 changes [367138a6232e] * aclocal.m4: took out duplicate define of _CONVEX_SOURCE [647182138450] * Makefile.in: added OSDEFS [7fdcd50602d1] * config.h.in: added spaces [f2b8a05e48f3] * tgetpass.c: added a goto if fgets fails [68a6586d9c45] * sudo.h: use __hpux not hpux convex c2 stuff [5c377a8d5f34] * sudo.c: use __hpux not hpux [9363bc0f9f9e] * logging.c: convex c2 stuff [ea5630975ac4] * config.h.in: define ansi-ish cpp os defines if non-ansi are defined for hpux & convex [664f53a5e786] * INSTALL: updated to say we support sonvex C2 [5f2f8b87013e] * check.c: added convex c2 support [9a665d4918fa] 1994-07-01 Todd C. Miller <[email protected]> * tgetpass.c: no more ioctl never returns NULL uses fgets() and select() to timeout [b333e6d63e97] 1994-06-29 Todd C. Miller <[email protected]> * configure.in: things were testing -n "$GCC" instead of -z "$GCC" [059a9b15ede2] * tgetpass.c: now works + uses fgets() [353d7ebcb7bb] 1994-06-28 Todd C. Miller <[email protected]> * tgetpass.c: select doesn't seem to recognize a single '\n' as input waiting so we can;t use it, sigh. [f76e3218b835] 1994-06-26 Todd C. Miller <[email protected]> * PORTING: updated tgetpass() blurb [95baac736b49] * configure.in: added --with-getpass [42ac0bdf58ed] * Makefile.in: added tgetpass stuff [e2b38c635663] * tgetpass.c: now uses stdio [36af8ff66e35] * version.h: ++ [4e81c9db19bd] 1994-06-24 Todd C. Miller <[email protected]> * PORTING: updated ,. [54f523770a05] * config.h.in: added USE_GETPASS && HAVE_C2_SECURITY [86b355cb2953] * configure.in: fixed a test aded --with-C2 and --with-tgetpass [abf6181588ef] * check.c: added hpux C2 shit [20d4177ffa88] * Makefile.in: took out tgetpass.* [cc82fd9984b4] * INSTALL: added C2 blurb [1d2bfc35e4b6] 1994-06-13 Todd C. Miller <[email protected]> * configure.in: no termio(s) for ultrix since it is broken [d3e82e835350] * check.c: added a space (yeah, anal) [05e4b31ca68c] * realpath.c, sudo_realpath.c: fixed it (duh, rtfm) [f13097cb8cb6] 1994-06-08 Todd C. Miller <[email protected]> * config.h.in: took out bsd signal stuff for irix [e179cdafc97a] * visudo.c: comments in #endif [e3a629190f5e] * configure.in: don't define BSD signals for irix [3ce57bffb7f0] * TODO: did some... [274241cd0f74] * CHANGES: updated [8f29fc755faf] * realpath.c, sudo_realpath.c: took out unneeded code by changing where a strings was terminated [b5564d62d30e] 1994-06-07 Todd C. Miller <[email protected]> * realpath.c, sudo_realpath.c: fix bug where /dirname would return NULL [b85f470daf26] * sudo.h: move __P to config.h [7763c0ff3f28] * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: added errno definition [4cc9d2d9782a] * config.h.in: added __P [ca06f5aa58f3] * config.h.in: added HAVE_FCHDIR [206d714641e0] * strdup.c: now include stdio [0d8458da0e1d] * realpath.c, sudo_realpath.c: now works if no fchdir [e035911b6722] * visudo.c: define SA_RESETHAND to null if not defined [afec03e84342] * configure.in: added check & replace [c1a65481441c] * configure.in: took out -static for nextstep -- it doesn't work [fa1a1a611743] 1994-06-06 Todd C. Miller <[email protected]> * logging.c: moved #endif to where it belongs [07d3a8972097] * SUPPORTED: correction [0c1ecba3e5a3] * configure.in: now checks for strdup realpath getcwd bzero [f029a1917515] * config.h.in: emulate bzero [d792352e44a3] * visudo.c: added posic signals [2ed0005f90fc] * tgetpass.c: bzero cast [6d91b1a1526f] * logging.c: added posix signals [67ede9c22a05] * configure.in: removed BROKEN_GETPASS added new srcs toreplace missing functions [cf44274bb1c8] * config.h.in: added posix signal stuff [a3c1c98fe8ef] * Makefile.in: added new srcs [b6a079afee47] * visudo.c: updated useag [589ed091c44f] * tgetpass.c: now uses posix signals [30f74964074f] * PORTING: updated sto reflect major changes [bcfc309e017b] * CHANGES, TODO: updated [23aacbd54278] * tgetpass.c: uses sysconf() if available [a27431c90bab] * sudo.h: added PASSWORD_TIMEOUT + prototypes for new functions [d7473c2f77c4] * realpath.c, sudo_realpath.c: for those w/o this in libc [1e47aa7a9d46] * getcwd.c, getwd.c: Initial revision [c90dea57a84f] * find_path.c: rewrote to use realpath(3) - nis now all my code [d2c3bb8fb37d] * config.h.in: added HAVE_REALPATH [02c10352a8c7] * check.c: now use tgetpass [b5c021fc179f] * Makefile.in: added LIBOBJS use tgetpass.c [230a7b3eeaa3] 1994-06-05 Todd C. Miller <[email protected]> * tgetpass.c: works now :-) [025e7a3875ba] * tgetpass.c: Initial revision [3316ab33b230] * pathnames.h.in: added /dev/tty [29242585e53f] 1994-06-04 Todd C. Miller <[email protected]> * version.h: incremented [f2e54b48280f] * sudo.c: always use getcwd [c6068e8a4029] * config.h.in: added check for getwd [ab1e102ad673] * configure.in: replace strdup & realpath & getcwd if missing [b0eb14f2a1c3] * pathnames.h.in: added _PATH_PWD [309d2388f69a] * aclocal.m4: added SUDO_PROG_PWD [e16e85deb96c] * strdup.c: Initial revision [810efdc15007] * realpath.c, sudo_realpath.c: Initial revision [d85eee438e09] 1994-06-03 Todd C. Miller <[email protected]> * configure.in: quoted quare brackets [d0e7ca111d98] 1994-06-02 Todd C. Miller <[email protected]> * sudo.c: no need to strdup() a constant [a8c44712df9a] * CHANGES: updated [71364129cca0] * sudo.man: added validate [0bb198095a26] * sudo.c: added -v to usage [31ea71f11dbb] * parse.c, sudo.c, sudo.h: added validate_only stuff [9bcd853d3c90] 1994-05-30 Todd C. Miller <[email protected]> * configure.in: now finds sed [6374bb0d3f28] * aclocal.m4: $OSREV is now an int [ace0666d66cf] 1994-05-29 Todd C. Miller <[email protected]> * configure.in: added mtxinu to caser [73a776887b16] * sudo.h: added EXEC macro [2e8eb28b710a] * sudo.c: now use the EXEC nmacro now only do a gethostbyname() if FQDN is set [56afb4f658d5] * logging.c: changed mail_argv[] def now use EXEC() macro [ddcabd28edb1] * check.c: took out crypt() definition [0e657724cf5f] * version.h: upped the version [62c5d66119fc] * configure.in: always look for -lnsl [d7b594f0313b] * aclocal.m4: added an echo [1caae3491dc5] * sudo.h: SHORT_MESSAGE is now the default [cfce35c3119a] * config.h.in: fixed typo [6499a564bf75] * configure.in: added missing AC_DEFINE(SVR4) for solaris [feef0b17b94f] * sudo.man: documented the -v flag [a6429f2bc2cf] * SUPPORTED: updated [088886e79540] * check.c: proto-ized crypt() [801e4ff5b121] * config.h.in: added LIBSHADOW undef [8df588e9ee2b] * configure.in: nwo set OS to be lowercase [561ebed833e4] 1994-05-28 Todd C. Miller <[email protected]> * configure.in: now use SUDO_OSTYPE to set $OS [0e60aee23098] * aclocal.m4: now use uname to determine os [99705e58d400] * visudo.c: added prototypes & moved sig handler around [1f0bc8d23b51] * sudo.h: added prototyppes [be3935a2b163] * check.c, logging.c, sudo.c: added prototypes [2079b4605ab8] * parse.c: added comment [a34d147d8399] * config.h.in: nwo use _BSD_SIGNALS not _BSD_COMPAT [63663195f047] * aixcrypt.exp: Initial revision [890aed08357e] * Makefile.in: added aixcrypt.exp [1005a183105f] * parse.lex, parse.yacc: moved config.h to top of includes [9569c49aa5f3] 1994-05-25 Todd C. Miller <[email protected]> * find_path.c: now don't bitch if get EACCESS (treat like EPERM) [dbeffb638de4] * visudo.c: added -v flag and usage() [4d44ed60ed75] * version.h: fixed a typo [cf3f9347ae41] * sudo.c: cast Argv to a const for exec added -v flag [d11b6efc0e45] * logging.c: mail_argv is now a const [93bb5d90bb6f] * configure.in: only set RETSIGTYPE if it is not set already [c97aac260b77] * aclocal.m4: now defines & STDC_HEADERS for Irix [9c2b24ad1fc5] * Makefile.in: added version.h [9f79e880229a] * insults.h, sudo.h: prevent multiple inclusion [d68c8a9243ce] * version.h: Initial revision [dbb39c5ef8d9] * parse.lex, parse.yacc: now includes config.h [f117e036a56b] * aclocal.m4: now talks about sunos 4.x [c9054aa92d4e] * visudo.c: calls to Exit now pass an arg [a92104670551] 1994-05-24 Todd C. Miller <[email protected]> * visudo.c: signal handler now takes an int argument [26f480c41523] * CHANGES: updated [8c166a9d796b] * sudo.c: ok, the getcwd() is now *really* done as the user [ab86cf85134a] * configure.in: changed AIX STATIC_FLAGS [b9c0a3ba5663] * aclocal.m4: solaris now defines SVR4 [c3e20cac96f5] * sudo.h: added cwd and fixed stupid core dump that makes no sense. sigh. [7a9755436dbb] * sudo.c: moved getcwd stuff into load_globals [ec2bc90df1f3] * parse.c: took out externs that are in suod.h [93c4b3f856d7] * logging.c: moved cwd into load_globals [050de754d228] * find_path.c: moved cwd stuff [22f3f3b4c34d] * Makefile.in: fixed make distclean & realclean [c9964d89bcef] * TODO: updated ., [e513581ef0e3] * CHANGES: added solaris changes [505d930daf27] * aclocal.m4: added solaris changes, need to rework [33f20fb16c49] * configure.in: cleaned up for solaris [2fb8cfa05d0f] * logging.c: reinstall reapchild signal handler for non-bsd signals [3d1dc545113d] * sudo.h: took out getdtablesize() emulation for HP-UX (no longer needed) [1fc83d170f34] * sudo.c: support for HAVE_SYSCONF [50ca2a7a224a] * visudo.c: added <fcntl.h> for solaris & reorg'd the includes + minor prettying up / [0a570e826dd4] * config.h.in: added HAVE_SYSCONF [2b9a9f3a4e94] 1994-05-16 Todd C. Miller <[email protected]> * configure.in: now tells you what os you are running /. [06c6332a895b] * aclocal.m4: took out extra ',' [e8c75ce59f4a] 1994-05-14 Todd C. Miller <[email protected]> * config.h.in: added _BSD_COMPAT [73c5099806c2] * aclocal.m4: fixed for irix5 [1047d1f6c0eb] * CHANGES: updated [1bc4969fee96] * sudo.c: uid seinitialized to -2 [8d7812b1878b] 1994-04-28 Todd C. Miller <[email protected]> * sudo.c: now removes LIBPATH for AIX [075392eb1dd9] 1994-03-13 Todd C. Miller <[email protected]> * configure.in: now uses ufc if it finds it [ab6ce30a5958] 1994-03-12 Todd C. Miller <[email protected]> * sudo.h: no longer define yyval & yylval since yacc does it [09d250aea50a] * parse.lex: now defines yylval as extenr [8ec2b88952bc] * configure.in: BROKEN_GETPASS is now an OPTION [3714f4bb8312] * config.h.in: took out BROKEN_GETPASS [9c4f6aa50137] * Makefile.in: took out big comment [4c13cff0e556] * README: updated [b8b9902b620d] * Makefile.in: took out README.beta [ed2cd861e82b] * SUPPORTED: Initial revision [2fffc51e6606] * INSTALL: now reference SUPPORTED ., [d112c30be1f2] * config.h.in: now check for convex OR __convex__ [a0e5701a3069] * aclocal.m4: now check for convex or __convex__ [5dae2bfbe3bc] * Makefile.in: added dist target [400a54de57db] * aclocal.m4: use __convex__ [58a19470ed0b] * find_path.c: now use _S_* stat stuff to be ansi-like [28cce560e048] * INSTALL: updated for configure directions [a034ccc7c30a] * Makefile.in: distclean now removes config.h and pathnames.h [300f2349b4ab] * CHANGES: updated [646f7e9430c1] * TODO: fixed typoe [70fd6361b2bc] * visudo.c: updated version [cf13d87d789f] * Makefile.in: updated version [8c5dacc27a7a] * config.h.in, pathnames.h.in: added copyright header [747ce3d3d6b7] * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.h: udpated version [4751c39bad18] * visudo.c: udpated to use configure + pathnames.h [d45dff76a1cd] * aclocal.m4: updated [f05a367a55be] * Makefile.in, config.h.in, configure.in: updated [524778598879] * sudo.h: now works with configure [83fc40e533f4] * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c: updated to work with configure + pathnames.h [cb67fa6ab52d] * Makefile.in: added LEXLIB [f43cad4ab0a2] 1994-03-10 Todd C. Miller <[email protected]> * COPYING: updated gnu general licence to versio 2 [2b0b56112ddc] * config.h.in, pathnames.h.in: Initial revision [4b586f39ec2d] * sudo.h: changed to work with configure [13f3506ddf16] 1994-03-09 Todd C. Miller <[email protected]> * Makefile.in, aclocal.m4, configure.in: Initial revision [a8636ae77371] * visudo.c: now uses defines used by configure [de438d118993] 1994-03-01 Todd C. Miller <[email protected]> * find_path.c: sudo won't bitch about EPERM now, for real [ce26d9ef7e3f] 1994-02-28 Todd C. Miller <[email protected]> * logging.c: renamed exec_argv to eliminate a libc name clash with ksros [bcb4350d8411] * CHANGES: corrected [dae68d422efd] * logging.c, sudo.c, sudo.h: execve -> execv [40cc2c4bdb15] * TODO: upated [9275a8b8fc45] * PORTING: added 2 mroe items [6cbb5c56993c] * CHANGES: updated [73f34f8e571a] * sudo.h: added UMASK and mode_t declaration [7c2015e1d171] * sudo.c: added UMASK [d37be7523680] * logging.c: now opens log file with mode 077 [0825cc3ee841] * check.c: saved current umask ans restores it [659c1aaae8e8] * sudo.h: added MAXLOGFILELEN [34331c7dee90] * logging.c: split long log lines. FOr syslog, split into multiple entries, for a log file, indent the extra for readability [72c9e4cdba6e] 1994-02-27 Todd C. Miller <[email protected]> * CHANGES: added changes [81196833673d] * sudo.h: MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be) [1aa69e903840] 1994-02-25 Todd C. Miller <[email protected]> * TODO: added input from Brett M Hogden <[email protected]> [80f01fc88ce9] 1994-02-16 Todd C. Miller <[email protected]> * sudo.c: added rmenv() to remove stuff from environ. can now uses execvp() OR execve() becuase of this. [e7fc2535bd67] * logging.c: now uses execvp() OR execve() [56391aa1f99d] * sudo.h: added USE_EXECVE [f21f38050b95] * sudo.h: added environ [6b805e23c6f6] * find_path.c: now ignore EPERM [c8fd7117a1d7] * sudo.h: moved some func decls out of sudo.h and into sudo.c as statics /. [5f555c267d27] * CHANGES: updated [431f478af320] * sudo.h: took out Envp [6f722be7793d] 1994-02-14 Todd C. Miller <[email protected]> * BUGS: Initial revision [4a8ecf0da95c] 1994-02-10 Todd C. Miller <[email protected]> * CHANGES: added SECURE_PATH [1c72cb222609] * sudo.c, sudo.h: added SECURE_PATH [5bf5357a63c5] * sudo.h: added SECURE_PATH [3976a74405ac] * INSTALL: added sample.sudoers note [1b395d29aaeb] * sudoers: Initial revision [485888d07477] 1994-02-09 Todd C. Miller <[email protected]> * find_path.c: fixed typo [bfc3cc4d41ca] * PORTING: took out SAVED_UID garbage [b7c2d3469661] [SUDO_1_3_0] * INSTALL: mentioned HAL [253d6695df90] * sudo.h: added HAL line [29ec1a4ac6de] * insults.h: added HAL insults [7d7c96d77c74] * TODO: updated [aa2ed9790586] * logging.c: more verbose error if mailer not found [fca47fd00cb6] * check.c: now do getpwent as root for soem shadow password systems (bsdi) [e0339e110d46] 1994-02-08 Todd C. Miller <[email protected]> * sudo.h: took out SAVED_UID garbade [fcb0e81dcdb5] * sudo.c: took out SAVED_UID garbage since it don't work [507e9513e9c2] 1994-02-06 Todd C. Miller <[email protected]> * README: updated [d2b6b253dae5] * insults.h: added a missing space :-) [8940ea991f87] * sudo.c, sudo.h: took out multimax cruft [c2606b365181] * INSTALL: minor update [05fb6ee73131] * PORTING: finished [c4ac47c84dc5] * sudo.c: fixed a typo + indentation [7eab40aae8fa] 1994-02-05 Todd C. Miller <[email protected]> * sudo.h: took outumoved some defines to the config file ,. ,. [defff05beb52] * PORTING: Initial revision [c803e9127959] * TODO: did #6 [c6fa1c946c31] * sudo.h: added HAS_SAVED_UID [6a88a39c0a07] * sudo.c: put back AIX cruft [a24d2507ddd4] 1994-02-03 Todd C. Miller <[email protected]> * sudo.c: aix changes [1663915f754a] 1994-02-02 Todd C. Miller <[email protected]> * CHANGES: updated [a8cc73747cae] * check.c, logging.c, parse.c, sudo.c, sudo.h: now is only root when abs necesary [3c9d12c5cdfe] * check.c: added missing %s\n [609320b72d89] 1994-01-31 Todd C. Miller <[email protected]> * install-sh: Initial revision [b5bba140a175] * TODO: updated [c9d2eba602af] * CHANGES: updated [932f1fc3bb14] * sudo.c: now removed _RLD_* for alphas [54a36e648158] * INSTALL: updated for new config scheme [61c8ae800444] * find_path.c: more verbose eror messages [b4fd123db42d] 1994-01-27 Todd C. Miller <[email protected]> * TODO: now have solaris [371002fbf266] * sudo.h: define __svr4__ for SOLARIS [0b5cf5ed936d] * check.c: added svr4 junk for shadow pws for solaris 2.x [91ed58f21618] * check.c, sudo.c: took out setuid(0) and setreuid(udi) garbage. Its not needed since we start out setuid with the correct perms. [07689e782b0b] * check.c, sudo.c, sudo.h: now use setreuid() [7d64d685d78e] 1994-01-26 Todd C. Miller <[email protected]> * sudo.man: revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES sectoin [b26967b1e19b] * visudo.c: now uses ENV_EDITOR if you want to use the EDITOR envar [a4f8fcb9bd1d] * sudo.h: now uses ENV_EDITOR if you want to use the EDITOR envar >> . [028cc55c4328] 1993-12-07 Todd C. Miller <[email protected]> * INSTALL: rewrote most of this [a6750923f9c9] * README: minor update + spell fix [a411717a7249] * sudo.h: added all options that are in the Makefile [6db3b3b841b3] * getpass.c: now use USE_TERMIO #define for sgi & hpux [b91f89ae6be1] * TODO: todo: posix sigs [4548a56eb2ef] 1993-12-06 Todd C. Miller <[email protected]> * check.c, find_path.c: always include strings.h [1fc20bda92c0] * visudo.c: added STATICEDITOR [0596f820716e] * sudo.h: sgi has vi in /usr/bin too [94203b62bfd9] * sudo.man: added VISUAL [87c2844c4cac] 1993-12-03 Todd C. Miller <[email protected]> * sudo.h: sue /usr/bin/vi on some systems [e3ad9190f35e] * sudo.c: fixed warning (include strings.h) [0b896de4d8a0] * sudo.man: added [email protected]'s changes (new features) [f41b4205a8cf] * CHANGES: changes from [email protected] [6bdef8e948d5] * visudo.c: added EDITOR envar [5c4bf716de21] * check.c, find_path.c, parse.c, sudo.c: added patches from John_Rouillard directory spec uses EDITOR [f62a435f8c41] 1993-12-02 Todd C. Miller <[email protected]> * getpass.c: added flush for hpux [07cfdd6a7b55] 1993-11-30 Todd C. Miller <[email protected]> * sudo.c: no longer assume malloc returns a char * [7480bd2756f3] * sudo.c: alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now gets removed correctly [8587166c6ac8] * sudo.h: added STD_HEADERS macro [480f5a9a516c] * sudo.c: now uses STD_HEADERS macor for ansi [c5018806fd59] * find_path.c: now uses STD_HEADERS macro [ad821e0788ea] * check.c: niceties for C compiler bitches -- no real change [0fc0b1a5fb64] 1993-11-29 Todd C. Miller <[email protected]> * visudo.c: now doesn't fclose a file never opened. [ee888ec9427d] 1993-11-28 Todd C. Miller <[email protected]> * sudo.man: added visudo line [698d51c66407] * sudo.man: added error stuff added me in there... [d202fd34b906] * CHANGES: noted insults [998a22c2230c] * INSTALL: added blurb about reading stuff [e71db100798f] * sudo.h: added insults [c110431cec56] * insults.h: corrected somments and removed newlines [493706fd488c] * check.c: now uses insults [6d23cf06a0ef] * insults.h: Initial revision [83153c26b4a3] * INSTALL: added dec syslog note [555437273237] * sample.sudoers: added real stuff in there [53442a7fba78] * TODO: added a todo [c630472bd4dc] * TODO: added one [806464453284] 1993-11-27 Todd C. Miller <[email protected]> * sample.sudoers: Initial revision [7db0a9f1ca8f] * sudo.man: updated with changes [d9bf254c6c08] * sudo.man: Initial revision [dd6f11174ac6] * indent.pro: Initial revision [dbfbb494fad9] * CHANGES, COPYING, INSTALL, README, TODO: Initial revision [6d98f489a079] * visudo.c: updated version number and took out jeff's old addr since it is no good [ee47c24818cb] * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.h: updated version number and took out jeff's email (since it is invalid) [54616458a52e] 1993-10-28 Todd C. Miller <[email protected]> * check.c: added fflush() [145c881f4fb4] 1993-10-23 Todd C. Miller <[email protected]> * find_path.c: now return NULL instead pfof exiting for nopnn-fatal errors [8bc74f8cb1ae] 1993-10-21 Todd C. Miller <[email protected]> * check.c: new banner [5387ab2af516] * parse.lex: now sudo.h gets included first [2acb01c18e18] 1993-10-18 Todd C. Miller <[email protected]> * parse.lex: now can use flex [164d3839adf0] * sudo.h: linux patch [f1b6b1b1a2ca] * sudo.c: hpux 9 fix, removes SHLIB_PATH linux patch [67611dc1737f] * check.c: linux diff [c24536682397] 1993-10-15 Todd C. Miller <[email protected]> * find_path.c: stat now ignores EINVAL [c7761a5dc642] 1993-10-06 Todd C. Miller <[email protected]> * find_path.c, sudo.c: now declare strdup as extern [6b7d6f8784b5] 1993-10-04 Todd C. Miller <[email protected]> * visudo.c: reformatted with indent + by hand [9d43084e4990] * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h: used indent to "fix" coding style [489ffacbdc70] * find_path.c: now checks '.' or '.' or '' in PATH -- but does it LAST should maybe move the code that does this into the loop body. makes it messier tho. hmmm. [c4d22b48da9a] 1993-09-08 Todd C. Miller <[email protected]> * find_path.c: redid the fix for non-executable files in an easier to read way plus some minor aethetic changes [84fe337f1426] * find_path.c: fixed bug with non-executable tings of same name in path introduced by checkig errno after stat(2). [c2a812cfcbc1] 1993-09-05 Todd C. Miller <[email protected]> * sudo.c: fixed off by one error [fabb7cee0041] * find_path.c: now handles decending below '/' correctly [5d2ddfc0b220] * sudo.c: now actually builds Envp instead of munging envp [bdc4b08f6898] 1993-09-04 Todd C. Miller <[email protected]> * parse.yacc: now includes sys/param.h [efbb494ab4de] * visudo.c: now includes sys/param.h [ad6c91d59958] * sudo.h: fixed ifndef -> ifdef [7aebe822d863] * qualify.c: make more like find_path.c [853b2dab2e03] * find_path.c: rewritten by millert [c6a043cc11b3] * sudo.h: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info about new defines in the comment [39ffefce3aec] * logging.c: now uses USE_CWD [fa0f3b118bb3] * sudo.h: added delc for clean_envp() and Envp [a12034e300c2] * sudo.c: now rips LD_* env vars out of envp and passed sanitized Envp to exec [d201a218e056] * logging.c: now uses execve() [f3e01032cd33] * find_path.c: ENOTDIR is ok now too (in case part of the path is bogus) [b5cbbb201bb5] * qualify.c: now works correctly (ttaltotal rewrite) [0c25d64a5c68] * parse.lex: now includes sys/param.h didn't match trailing / -- fix from [email protected] [b6363ba110af] 1993-06-11 Todd C. Miller <[email protected]> * sudo.c: moved around the #ifndef _AIX [7d4330950c20] * check.c, logging.c, parse.c: Initial revision [c101e9572d7f] 1993-03-20 Todd C. Miller <[email protected]> * qualify.c: Initial revision [5a5f21d0e0bf] 1993-03-13 Todd C. Miller <[email protected]> * find_path.c: now works if you do sudo bin/test [07835120ce43] * find_path.c: works [c3da8b5efa20] 1993-03-02 Todd C. Miller <[email protected]> * sudo.h: Initial revision [28a1caa38b72] * visudo.c: Initial revision [0e5cd7c3cdbe] * parse.lex, parse.yacc: Initial revision [5f2d0cccb06b] 1993-02-16 Todd C. Miller <[email protected]> * sudo.c: took out errno.h [7466431a2655] * sudo.c: now spews error if exec fails and exits with -1 [e5c41ea725c1] * sudo.c: Initial revision [8aeabe39a0c2] * find_path.c: now only execs files with (an) executable bit set. [0a451f9c0e58] * find_path.c: Initial revision [02a534891a35] 1993-02-15 Todd C. Miller <[email protected]> * getpass.c: added nice comment [ea8b2aaa9389] * getpass.c: now works on sgi's [bf2b7c6d0960] * getpass.c: Initial revision [9f4de251c1b5]