| 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * match.c: |
| When matching the runas user and runas group (-u and -g command line |
| options), keep track of runas group and runas user matches |
| separately. Only return a positive match if we have a match for |
| both runas user and runas group (if specified). |
| [68d30216c13a] |
| |
| 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c, parse.c: |
| Do not return -1 on error from the display functions; the call |
| expects a return value >= 0. |
| [e50e6ae4d06d] |
| |
| * ldap.c: |
| display_bound_defaults now returns a count so make the stub return |
| 0, not 1. |
| [97293ced4908] |
| |
| 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * get_pty.c: |
| It looks like AIX doesn't need to push STREAMS modules for ptys. |
| [62c281fcd4ad] |
| |
| 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| Install sudoers file from the build dir not hte src dir. |
| [a26afd8db531] |
| |
| 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * set_perms.c: |
| If runas_pw changes, reset the stashed runas aux group vector. |
| Otherwise, if runas_default is set in a per-command Defaults |
| statement, the command runs with root's aux group vector (i.e. the |
| one that was used when locating the command). |
| [24a695707b67] |
| |
| * Makefile.in: |
| Add target to generate sudoers file Remove generated sudoers file as |
| part of distclean |
| [448627fc35b6] |
| |
| 2010-08-23 millert <millert@rh4-x86.home.courtesan.com> |
| |
| * exec.c: |
| When not logging I/O install a handler for SIGCONT and deliver it to |
| the command upon resume. Fixes bugzilla #431 |
| [e84690aa67bd] |
| |
| 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Don't need to fork and wait when compiled with --disable-pam-session |
| [2ae1bbe4437a] |
| |
| 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * lbuf.c: |
| Convert a remaining puts() and putchar() to use the output function. |
| [d68c213feb0f] |
| |
| 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| Replace sudoers with sudoers.in in DISTFILES |
| [616509f85d6c] |
| |
| * env.c: |
| Set dupcheck to TRUE when setting new HOME value if !env_reset but |
| always_set_home is true. Prevents a duplicate HOME in the |
| environment (old value plus the new one) introduced in 9f97e4b43a4b. |
| [2672ae047984] |
| |
| * configure, configure.in, sudoers, sudoers.in: |
| Substitute sysconfdir in the installed sudoers file to get the |
| correct path for sudoers.d. |
| [ab14a68e546f] |
| |
| 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * boottime.c, get_pty.c: |
| Fix typos that prevented compilation on Irix; Friedrich Haubensak |
| [a3e6c5a66890] |
| |
| 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/pam.c: |
| If the user hits ^C while a password is being read, error out before |
| reading any further passwords in the pam conversation function. |
| Otherwise, if multiple PAM auth methods are required, the user will |
| have to hit ^C for each one. |
| [c8f6bc58fd86] |
| |
| 2010-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * exec.c: |
| Fix waitpid() loop termination condition. |
| [97719b3259f2] |
| |
| * exec_pty.c: |
| Use sudo_waitpid() instead of bare waitpid() |
| [624a40269189] |
| |
| 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.pp: |
| Set pp_kit_version and strip off patchlevel |
| [814c87778567] |
| |
| * sudo.pp: |
| Better handling of versions with a patchlevel. For rpm and deb, use |
| the patchlevel+1 as the release. For AIX, use the patchlevel as the |
| 4th version number. For the rest, just leave the patchlevel in the |
| version string. |
| [d18ef30f0a72] |
| |
| 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/sudo_auth.c: |
| For non-standalone auth methods, stop reading the password if the |
| user enters ^C at the prompt. |
| [59d2b1328d1e] |
| |
| * check.c: |
| When removing/resetting the timestamp file ignore the tty ticket |
| contents. |
| [8b285f601ec0] |
| |
| 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * UPGRADE: |
| Fix typo |
| [0f443aa22e96] |
| |
| 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * check.c: |
| Do not produce a warning for "sudo -k" if the ticket file does not |
| exist. |
| [eeaaa73d7f5b] |
| |
| 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * aclocal.m4, configure: |
| Add cross-compile defaults for remaining AC_TRY_RUN usage. |
| [fb88d22eabc6] |
| |
| 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * aclocal.m4, config.h.in, configure, configure.in, snprintf.c: |
| Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT |
| and AC_CHECK_SIZEOF([long int]) instead of rolling our own. |
| [5e7cc557a46e] |
| |
| 2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * .hgtags: |
| Added tag SUDO_1_7_4 for changeset 2920a3b9d568 |
| [e929004d5102] |
| |
| * pp: |
| Debian: Remove dots from decoded release number AIX: looser matching |
| of file command output for AIX 5.1 |
| [2920a3b9d568] [SUDO_1_7_4] |
| |
| * .hgtags: |
| Added tag SUDO_1_7_4 for changeset 0d844aa34c1d |
| [cf65ddcec602] |
| |
| 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * exec_pty.c: |
| exec_monitor is static |
| [0d844aa34c1d] |
| |
| * pp: |
| Update to latest version |
| [7b8a00defbd6] |
| |
| 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.pp: |
| Let pp determine pp_aix_version itself. |
| [c5ee7944af03] |
| |
| * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c: |
| Add support for Ubuntu admin flag file and enable it when building |
| Ubuntu packages. |
| [2d97501cda0c] |
| |
| * sudo.pp, sudoers: |
| Add commented out SuSE-like targetpw settings |
| [f4ad331ace46] |
| |
| * configure, configure.in: |
| Only try to use +DAportable for non-GCC on hppa Check the value of |
| $pic_flag insteaf of whether the compiler is ANSI C when detecting |
| the HP-UX bundled C compiler. |
| [654da0091c16] |
| |
| * configure, configure.in: |
| Prevent configure from adding the -g flag unless in devel mode |
| [e3c11f228c56] |
| |
| 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.pp: |
| Go back to sudo-flavor to match existing packages and only use an |
| underscore for those that need it. |
| [1f78ecf3b990] |
| |
| * sudo.pp: |
| Use sudo_$flavor instead of sudo-$flavor since that causes the least |
| amount of trouble for the various package managers. |
| [7e1e07115788] |
| |
| * mkpkg: |
| Fix handling of the ldap flavor Remove destdir unless --debug was |
| specified Make distclean before running configure if there is a |
| Makefile present |
| [2bde3925346d] |
| |
| * configure, configure.in: |
| Back out version change in 5baf2187a138 |
| [bbc3a81afbba] |
| |
| * mkpkg: |
| Pass extra args on to configure on HP-UX, if we don't have the HP C |
| compiler, disable zlib to prevent gcc from finding it in |
| /usr/local/lib. |
| [87201c7f1116] |
| |
| * configure, configure.in, mkpkg: |
| Use the HP ANSI C compiler on HP-UX if possible |
| [5baf2187a138] |
| |
| * sudoreplay.c: |
| Some getline() implementations (FreeBSD 8.0) do not ignore the |
| length pointer when the line pointer is NULL as they should. |
| [8652300785ed] |
| |
| * sudoreplay.c: |
| Don't need to check for *cp being non-zero, isdigit() will do that. |
| [107301a99b6a] |
| |
| * sudoreplay.c: |
| Add setlocale() so the command line arguments that use floating |
| point work in different locales. Since sudo now logs the timing |
| data in the C locale we must Parse the seconds in the timing file |
| manually instead of using strtod(). Furthermore, sudo 1.7.3 logged |
| the number of seconds with the user's locale so if the decimal point |
| is not '.' try using the locale-specific version. |
| [2b8ed181e37c] |
| |
| * exec.c: |
| Do I/O logging in the C locale so the floating point numbers in the |
| timing file are not locale-dependent. |
| [18abbca14078] |
| |
| * sudoreplay.c: |
| Use errorx() not error() for thingsthat don't set errno. |
| [a2e7c6793d26] |
| |
| 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.pp: |
| Add Tru64 kit support |
| [40e2d21aa17f] |
| |
| * pp: |
| Better support for 1.2.3 style versions in Tru64 kits |
| [f7133199a711] |
| |
| * pp: |
| Remove apparently unnecessary use of sudo |
| [a667a69eeab0] |
| |
| * Makefile.in: |
| Create timedir as part of install-dirs target. |
| [a2e394d694dd] |
| |
| * exec_pty.c: |
| Handle ENXIO from read/write which can occur when reading/writing a |
| pty that has gone away. Fixes bugzilla 422 |
| [142f4c2efa17] |
| |
| * pwutil.c: |
| sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL |
| [82e5e46bf458] |
| |
| * mkpkg: |
| platform is a pp flag not a variable |
| [9d0ab9b9bf0c] |
| |
| * Makefile.in, mkpkg, sudo.pp: |
| Add simple arg parsing for mkpkg so we can set debug, flavor or |
| platform. |
| [8142ab01ccd9] |
| |
| * pp: |
| Make rpm backend work on AIX 5.x |
| [2467a79d0b4d] |
| |
| 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers: |
| Add commented out Defaults entry for log_output |
| [b3fe97e59ae0] |
| |
| 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| Install binary files with -b~ to make a backup. Fixes "text file |
| busy" error on HP-UX during install. |
| [3563e3e0163a] |
| |
| * install-sh: |
| "mv -f" on HP-UX doesn't unlink the destination first so add an |
| explicit rm before moving the temporary into place. |
| [3994af813c88] |
| |
| * configure, configure.in: |
| Some more ${foo} -> $(foo) conversion for consistent Makefiles. |
| [c214d50c32ec] |
| |
| 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * pathnames.h.in: |
| Add missing include of maillock.h for Solaris |
| [343f04b7a581] |
| |
| * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in, |
| sample.syslog.conf, sudoers.cat: |
| Change the default syslog facility from local2 to authpriv (or auth |
| if the operating system doesn't support authpriv). |
| [949f39cf4a59] |
| |
| * Makefile.in, configure, configure.in, sudo.pp: |
| Install sudoers as /etc/sudoers on RPM and debian systems where the |
| package manager will not replace a user-modified configuration file. |
| This fixes upgrades from the vendor sudo packages. |
| [74c7ff01e880] |
| |
| * pp: |
| RPM: use %config(noreplace) instead of %config for volatile This |
| results in the new file being installed with a .rpmnew suffix |
| instead of the file being replaced and the old one renamed with a |
| .rpmsave suffix. |
| [166133a4fb9e] |
| |
| 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * boottime.c, mkstemps.c: |
| Include time.h for struct timeval. |
| [50446e0b8398] |
| |
| * exec_pty.c: |
| The return value of strsignal() may be const and should be treated |
| as const regardless. |
| [c035b17b50e3] |
| |
| * sudoers.cat, sudoers.man.in, sudoers.pod: |
| Mention that 127.0.0.1 will not match, nor will localhost unless |
| that is the actual host name. |
| [e9977ec7ac4f] |
| |
| * Makefile.in: |
| fix typo |
| [f216d653404d] |
| |
| * Makefile.in, NEWS, README, UPGRADE, WHATSNEW: |
| Rename WHATSNEW -> NEWS |
| [f3ce0a462ca0] |
| |
| * pp: |
| Updated pp with latest patches |
| [cded68af5ba0] |
| |
| * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h: |
| If pam is in use, wait until the process has finished before calling |
| pam_close_session(). |
| [fb3d7de50a05] |
| |
| * sudoers.cat, sudoers.man.in: |
| regen sudoers manual |
| [7498a058eeb1] |
| |
| * UPGRADE, sudoers, sudoers.pod: |
| Add commented out line to add HOME to env_keep and add a warning to |
| the note about the HOME change in UPGRADE. |
| [0f7e08f09b9f] |
| |
| 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c: |
| Add LINE_MAX define for those without it. |
| [6248dd44573c] |
| |
| * WHATSNEW: |
| Mention that tty_tickets is now the default. |
| [4cf26eaee5ba] |
| |
| * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c, |
| sudoers.cat, sudoers.man.in, sudoers.pod: |
| The tty_tickets option is now on by default. |
| [73dd2b82a3a9] |
| |
| * WHATSNEW: |
| Mention that AIX authdb support has been fixed. |
| [9331829dc276] |
| |
| * aix.c: |
| setauthdb() only sets the "old" registry if it was set by a previous |
| call to setauthdb(). To restore the original value, passing NULL |
| (or an empty string) to setauthdb() is sufficient. |
| [d956fd763521] |
| |
| 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.cat, sudoers.man.in, sudoers.pod: |
| Mention new handling of HOME in always_set_home and set_home |
| descriptions. |
| [a69c9bed3164] |
| |
| * sudo.cat, sudo.man.in, sudo.pod: |
| fix typo |
| [9b90bb3e9187] |
| |
| * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod: |
| Reset HOME when env_reset is enabled unless it is in env_keep |
| [18223dfd1ac3] |
| |
| * sudoers.cat, sudoers.man.in, sudoers.pod: |
| The default for set_logname has been "true" for some time now. |
| [9f97e4b43a4b] |
| |
| * sudoers.cat, sudoers.man.in, sudoers.pod: |
| Document that MAIL it set in env_reset mode. |
| [dcf9ad98079e] |
| |
| * boottime.c: |
| Add missing include of time.h |
| [57bee414982d] |
| |
| * defaults.c, sudo.c: |
| Check return value of setdefs() but don't stop setting defaults if |
| we hit an unknown one. |
| [a42cb2d6b7ed] |
| |
| * logging.c: |
| Fix check for dup2() return value. |
| [916cd7fdeba7] |
| |
| * visudo.c: |
| Treat an unknown defaults entry as a parse error. |
| [1f94675835d9] |
| |
| * env.c: |
| Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in |
| -i and env_reset mode. |
| [aa6657ccfe01] |
| |
| * env.c: |
| Add PYTHONUSERBASE to initial_badenv_table |
| [93058374f0d9] |
| |
| * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c, |
| pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod: |
| If env_reset is enabled, set the MAIL environment variable based on |
| the target user unless MAIL is explicitly preserved in sudoers. |
| [d903c904dcd4] |
| |
| 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * pp: |
| decode debian code names |
| [2df0ecbc23b4] |
| |
| * WHATSNEW: |
| fix typo |
| [b66a95fa1869] |
| |
| 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * WHATSNEW: |
| Add entry about SuSE bash script fix. |
| [04af78fa281c] |
| |
| * sudo.c: |
| Restore RLIMIT_NPROC after the uid switch if it appears that |
| runas_setup() did not do it for us. Fixes a bash script problem on |
| SuSE with RLIMIT_NPROC set to RLIM_INFINITY. |
| [bb14802d48b1] |
| |
| 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * mkpkg, pp, sudo.pp: |
| Restore the dot removal in the os version reported by polypkg. Adapt |
| mkpkg and sudo.pp to the change. |
| [83c7870130fe] |
| |
| 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * WHATSNEW: |
| Mention polypkg |
| [c5f6e40bbb58] |
| |
| * README, WHATSNEW: |
| Update for sudo 1.7.4 |
| [0c688f1f8160] |
| |
| * INSTALL: |
| document --with-pam-login |
| [33ca3f6308ae] |
| |
| * sudoers.cat, sudoers.man.in, sudoers.pod: |
| The tag is NOSETENV, not UNSETENV. From Petr Uzel. |
| [95f37e63ca15] |
| |
| 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.pp: |
| Include flavor in solaris package name |
| [b6d56ccf367e] |
| |
| * mkpkg: |
| Older shells don't support IFS= so set explictly to space, tab, |
| newline. |
| [336925525e17] |
| |
| * mkpkg: |
| Use '=' not '==' in test |
| [98c692271cfd] |
| |
| * mkpkg: |
| Fix typo that prevented debian from matching |
| [af4deec35e37] |
| |
| * mkpkg: |
| Add missing prefix setting for debian |
| [d0c1941cb6ec] |
| |
| * sudo.pp: |
| Use tab indents to reduce the chance of problem with <<- Uncomment |
| some env_keep lines for RHEL, SLES and Debian to more closely match |
| the vendor sudoers files. |
| [74ba26566cdc] |
| |
| * sudo.pp: |
| Fix indentation Fix the debian %set section, pp does not set |
| pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d |
| to %files for debian Remove the /etc/sudo-ldap.conf symlink on |
| debian for ldap flavor |
| [f15ff41b5afd] |
| |
| * sudoers: |
| Add commented out env_keep entries, sample Aliases and a %sudo line |
| for debian. |
| [8264e4ed42dc] |
| |
| * configure, configure.in: |
| Remove check for egrep; configure has its own |
| [27b3d85ebf4f] |
| |
| * configure.in: |
| Use enable_zlib instead of enableval for consistency |
| [4a15cfd43d3e] |
| |
| 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * mkpkg: |
| Enable zlib for linux distros |
| [fcab91448bb0] |
| |
| * mkpkg: |
| Add ldap flavor to default build |
| [e35a577c8994] |
| |
| * mkpkg, sudo.pp: |
| Simplify rpm linux distro settings |
| [f30547765636] |
| |
| * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, |
| sudoers.cat: |
| Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo. |
| [8c9440423d98] |
| |
| * Makefile.in, mkpkg, sudo.pp: |
| Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR |
| environment variable. |
| [9f418defc08a] |
| |
| * sudo.pp: |
| Create sudo group on debian |
| [4b0cc7b8b0b5] |
| |
| * mkpkg, sudo.pp: |
| Add debian 4/5/6 and use the dot when doing version matches |
| [d5184f0a1efc] |
| |
| * sudoers.cat, sudoers.man.in, sudoers.pod: |
| Remove spurious "and"; from debian |
| [8b9f2a5937bc] |
| |
| * aclocal.m4, configure: |
| Use a loop when searching for mv, sendmail and sh |
| [a1c7d19721a4] |
| |
| * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in, |
| sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: |
| Substitute the value of EDITOR into the sudoers and visudo manuals. |
| [f00dc9343f94] |
| |
| 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * mkpkg, pp, sudo.pp: |
| Initial debian 4.0 support |
| [6d73c000723f] |
| |
| * mkpkg: |
| Some platforms need -fPIE instead of -fpie |
| [8533a29633e8] |
| |
| * Makefile.in: |
| Add packaging bits to DISTFILES |
| [dea9f374f28b] |
| |
| * auth/pam.c: |
| Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. |
| On Linux it causes a DNS lookup via libaudit. |
| [22e04d2f5f0f] |
| |
| * sudo.psf: |
| We now use pp to generate HP-UX packages |
| [6c9f8ae6bc11] |
| |
| 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/pam.c: |
| Fix indentation |
| [e52e9e6338d5] |
| |
| * INSTALL, Makefile.in: |
| isntall-man -> install-doc |
| [02cc8198ea7a] |
| |
| * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat, |
| sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, |
| sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in: |
| Bump version to 1.7.4 |
| [df6ce4ea908a] |
| |
| * INSTALL.binary, Makefile.binary.in, Makefile.in: |
| Remove remaining bits of the old binary package |
| [8d4f82c23c22] |
| |
| * sudo.pp: |
| Use http://rc.quest.com/topics/polypkg/ for packaging |
| [d71793085629] |
| |
| * Makefile.in, mkpkg, pp: |
| Use http://rc.quest.com/topics/polypkg/ for packaging |
| [675e505758c5] |
| |
| * install-sh: |
| Just ignore the -c option, it is the default Add support for -d |
| option |
| [2adfb3a63231] |
| |
| * env.c, logging.c, pathnames.h.in: |
| Use _PATH_STDPATH instead of _PATH_DEFPATH |
| [2c22d54a1f02] |
| |
| * Makefile.in: |
| Do not strip binaries. |
| [bc84682b372c] |
| |
| * INSTALL, configure, configure.in: |
| Add --insults=disabled configure option to allow people to build in |
| insult support but have the insults disabled unless explicitly |
| enabled in sudoers. |
| [6d9f40db9cca] |
| |
| 2010-07-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * env.c, sudoreplay.c: |
| Fix K&R compilation |
| [e44d3be7ab85] |
| |
| 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c, |
| sudo.h: |
| Add support for a sudo-i pam.d file to be used for "sudo -i". |
| Adapted from a RedHat patch. |
| [2984c3831d88] |
| |
| * Makefile.in: |
| Fix installation of sudo_noexec.so |
| [d1f7ca8331b6] |
| |
| * Makefile.in, config.h.in, configure, configure.in, missing.h, |
| mkstemp.c, mkstemps.c, sudo_edit.c: |
| Use mkstemps() instead of mkstemp() in sudoedit. This allows |
| sudoedit to preserve the file extension (if any) which may be used |
| by the editor (like emacs) to choose the editing mode. |
| [46399679d9ae] |
| |
| 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: |
| TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses |
| TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client |
| code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you |
| should avoid disabling TLS_CHECKPEER is possible. |
| [1d626a5cf8c0] |
| |
| 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * toke.c, toke.l: |
| Add suport for negated user/host/command lists in a Defaults entry. |
| E.g. Defaults:!baduser noexec |
| [24f07a805dce] |
| |
| 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.ldap.pod: |
| fix typo. |
| [d5f2922cecf2] |
| |
| 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * .hgtags: |
| Added tag SUDO_1_7_3 for changeset 72fd1f510a08 |
| [cc8b2277e17e] |
| |
| * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat, |
| sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, |
| sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in: |
| Sudo 1.7.3 GA |
| [72fd1f510a08] [SUDO_1_7_3] |
| |
| * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, |
| auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, |
| auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, |
| auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c, |
| defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c, |
| fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c, |
| getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c, |
| iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c, |
| pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c, |
| sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l, |
| tsgetgrpw.c, visudo.c: |
| Include strings.h even if string.h exists since they may define |
| different things. Fixes warnings on AIX and others. |
| [7c6de7fb5dba] |
| |
| * env.c: |
| Do not rely on env.env_len when unsetting a variable, just use the |
| NULL terminator. |
| [faf088613ce5] |
| |
| * env.c: |
| In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008 |
| [47f8dfcc7a48] |
| |
| 2010-06-28 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: |
| Mention that multiple URI lines are merged into a single one. |
| [1dc0ac5929bf] |
| |
| * WHATSNEW: |
| Document AIX fixes |
| [be36e8a6dddd] |
| |
| 2010-06-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * env.c, sudo.c, sudo.h: |
| For env_init() just use environ not the envp from main(). |
| [d4f3e374caeb] |
| |
| 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat, |
| sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, |
| sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in: |
| Update version to 1.7.3rc1 |
| [fe43fe79070d] |
| |
| * TODO: |
| fqdn issue is resolved |
| [f35cb63eb74b] |
| |
| * env.c: |
| In unsetenv(), assign ep in the for loop instead of doing it |
| earlier. This version of the code does not change env.envp in |
| between when ep is assigned and when it is used but older versions |
| (e.g. 1.7.2) do. |
| [a4cd29c862c9] |
| |
| * aix.c: |
| Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to |
| getuserattr() when fetching the administrative domain to be used by |
| setauthdb(). This was suggested by AIX support and is consistent |
| with what OpenSSH does. |
| [d3109706ec85] |
| |
| * vasgroups.c: |
| Use warningx() instead of log_error() since the latter is not |
| available to visudo or testsudoers. This does mean that they don't |
| end up in syslog. |
| [0174e89f983b] |
| |
| * sudo.c: |
| Defer call to sudo_nonunix_groupcheck_cleanup() until after we have |
| closed the sudoers sources. From Quest sudo. |
| [c1b33e3e0f9e] |
| |
| * pwutil.c: |
| Ignore case when matching user/group names in the cache. From Quest |
| sudo. |
| [72df368a8a0e] |
| |
| 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in, configure, configure.in, selinux.c: |
| Add check for setkeycreatecon() when --with-selinux is specified. |
| [24144c52c0cc] |
| |
| * configure, configure.in: |
| Bump version to 1.7.3b5 Error out if libaudit.h is missing or |
| ununable when --with-linux-audit was specified |
| [215c7653d9bc] |
| |
| * aix.c: |
| K&R function declaration for aix_setauthdb() |
| [82da12d222a6] |
| |
| * env.c, sudo.c, sudo.h: |
| If env_init() was called implicitly via getenv(), setenv() or |
| putenv() just use the specified envp instead of mallocing a new |
| copy. This prevents an infinite loop on OpenBSD which calls |
| getenv() from malloc() to get MALLOC_OPTIONS. |
| [8e82ce63f774] |
| |
| * ldap.c: |
| Add support for multiple URI lines by joining the contents and |
| passing the result to ldap_initialize. |
| [b4e10b2ffdb1] |
| |
| 2010-06-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * pwutil.c, set_perms.c, sudo_nss.c: |
| Bracket initgroups with calls to aix_setauthdb() and |
| aix_restoreauthdb() |
| [363dbe449f1c] |
| |
| * aix.c: |
| Include compat.h before alloc.h to get __P |
| [819a2667ffd7] |
| |
| * auth/aix_auth.c: |
| Include usersec.h for authenticate() prototype |
| [2b8dd2b67131] |
| |
| * aix.c: |
| Add missing includes Add missing trailing NUL in userinfo string |
| [8deaedf44943] |
| |
| 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * HISTORY, history.pod: |
| Mention when LDAP was incorporated. |
| [4e6c8ec4f67c] |
| |
| 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure: |
| Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is |
| not covered by _ALL_SOURCE. |
| [3657f1b181b9] |
| |
| * pwutil.c: |
| Include usersec.h on AIX to get IDtouser() prototype. |
| [11483bbe15c7] |
| |
| * configure.in: |
| Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is |
| not covered by _ALL_SOURCE. |
| [fd48e6e2136b] |
| |
| 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * iolog.c: |
| Add a cast to quiet a compiler warning. |
| [51e9d419bd83] |
| |
| * boottime.c: |
| Use memset() instead of zero_bytes() since we don't include sudo.h |
| [f310b2123ba9] |
| |
| * Makefile.in: |
| getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS |
| [c8750c2d75ab] |
| |
| * getdate.c, getdate.y: |
| Quiet a compiler warning. |
| [9f231be15958] |
| |
| * defaults.c, sudo.c: |
| Call set_fqdn() after sudoers has parsed instead of inline as a |
| callback. |
| [26d413ddb6dd] |
| |
| * WHATSNEW: |
| Do not call set_fqdn() until sudoers parses (where is gets run as a |
| callback). |
| [582453a993a1] |
| |
| * sudo.c: |
| Do not call set_fqdn() until sudoers parses (where is gets run as a |
| callback). Otherwise, if sudo is built --with-fqdn the fqdn will be |
| set even if !fqdn is set in sudoers. |
| [aa01e867d1bb] |
| |
| * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat, |
| sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, |
| sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in: |
| Bump version to 1.7.3b4 |
| [c1c5a73766b6] |
| |
| * WHATSNEW: |
| mention the change in tty ticket behavior when there is no tty |
| [93ddde63e453] |
| |
| * TODO: |
| remove done items |
| [9601b2e8dcef] |
| |
| * aix.c: |
| Remove comment; NAME in usrinfo should be user name. |
| [eb46f1e8ea08] |
| |
| * check.c: |
| Do not update tty ticket if there is no tty. |
| [e64e8c8f2286] |
| |
| * sudo.cat, sudo.man.in, sudo.pod: |
| No longer need to use -- with the -s flag |
| [e45c18dd79dc] |
| |
| * Makefile.in: |
| Add missing $(srcdir) to sudo.man.in target |
| [2bd89f6ca9f3] |
| |
| * Makefile.in: |
| Do not rely on BSD make's $> |
| [cb328b82cb92] |
| |
| * configure, configure.in: |
| Set timedir to /var/db/sudo for darwin to match Apple sudo's |
| location |
| [860c7f1b001f] |
| |
| 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, configure, configure.in: |
| Move aix.o from SUDO_OBJS to COMMON_OBJS |
| [f8a9bdf346c1] |
| |
| * config.h.in, configure, configure.in, defaults.c, iolog.c, |
| sudoreplay.c: |
| Check for zlib.h in addition to libz. |
| [fb77e44d5196] |
| |
| * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h: |
| Move functions and symbols shared between exec.c and exec_pty.c into |
| sudo_exec.h. |
| [e798d945424e] |
| |
| * sudo.h: |
| Add missing prototypes for aix_setauthdb and aix_restoreauthdb |
| [8bc2af6d4e17] |
| |
| * Makefile.in: |
| Comment out rules to build .man.in and .cat files unless --with- |
| devel |
| [81d6726a19ab] |
| |
| * aix.c, pwutil.c, set_perms.c, sudo.h: |
| Fix AIX compilation problems. |
| [7d95f73eca42] |
| |
| * sudo.c: |
| Cast isalnum() arg to unsigned char. |
| [5fff9a81af00] |
| |
| * WHATSNEW: |
| Add Linux audit support. |
| [e59e0670ba79] |
| |
| * sudo.c: |
| Quote any non-alphanumeric characters other than '_' or '-' when |
| passing a command to be run via the shell for the -s and -i options. |
| [d35a3f4cb3c0] |
| |
| * sudo.c: |
| Add missing braces that broke -i mode. |
| [7fe124b078ec] |
| |
| * linux_audit.c: |
| Fix linux_audit_command() return value |
| [0c582476181c] |
| |
| 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, linux_audit.c, linux_audit.h: |
| Add Linux audit support. |
| [b207dc9960de] |
| |
| 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in, |
| logging.h, selinux.c: |
| Add Linux audit support. |
| [26ae31d7ff93] |
| |
| 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: |
| Sync sudoreplay with trunk |
| [65b780cccfa5] |
| |
| * exec_pty.c: |
| Remove an XXX |
| [8304ac649241] |
| |
| * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h: |
| Set usrinfo for AIX Set adminstrative domain for the process when |
| looking up user's password info and when preparing for execve(). |
| [52b48cbe97fd] |
| |
| * ldap.c, parse.c: |
| Better prefix determination now that we can't rely on len==0 to tell |
| the beginning on an entry. |
| [32f1875d9605] |
| |
| * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, |
| sudoers.ldap.pod: |
| Add support for multiple sudoers_base entries in ldap.conf. From |
| Joachim Henke |
| [3c0b59fce7b4] |
| |
| * configure, configure.in: |
| Remove duplicate setsid check |
| [7712d6d52da1] |
| |
| * Makefile.in, config.h.in, configure, configure.in, exec_pty.c, |
| logging.c, missing.h, setsid.c: |
| Move setsid emulation into setsid.c |
| [f24743c9e4e9] |
| |
| * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c: |
| Check for dup2() failure. |
| [b1b6ba761b61] |
| |
| * config.h.in, configure, configure.in: |
| Remove dup2 check, it is not optional. |
| [cfbe5f3b5956] |
| |
| 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * WHATSNEW: |
| Add mbr_check_membership support and SELinux fixes |
| [af1936a7cf2f] |
| |
| * Makefile.in: |
| Sync SRCS and DISTFILES with reality |
| [0971b5dcb1be] |
| |
| * INSTALL: |
| Update OS specific notes. Delete some really ancient ones and move |
| older ones to the end of the list. |
| [872dd8b437a8] |
| |
| * README: |
| Bump for sudo 1.7.3 Merge some changes from trunk |
| [a3088c75bf22] |
| |
| * selinux.c, sudo.c: |
| Call selinux_restore_tty() as part of cleanup() so it gets called |
| from error()/errorx() |
| [0197c07d4c1e] |
| |
| * compat.h: |
| No longer use SA_NOCLDSTOP |
| [73ca654cd3f8] |
| |
| * interfaces.h, match.c: |
| Move union sudo_in_addr_un into interfaces.h |
| [c84bda7c332a] |
| |
| * pathnames.h.in: |
| Update copyright year |
| [94871f44206b] |
| |
| * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h, |
| compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c, |
| gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c, |
| match.c, missing.h, nanosleep.c, parse.h, set_perms.c, |
| sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, |
| sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat, |
| visudo.man.in, visudo.pod: |
| Update copyright year |
| [4cfb47c799b8] |
| |
| * Makefile.in: |
| Remove varsub as part of clean |
| [61f04a21b0bb] |
| |
| * match.c: |
| Quiet a compiler warning. |
| [06d8cfe916c8] |
| |
| * getdate.c, getdate.y: |
| Quiet a compiler warning. |
| [473d2b7d44a1] |
| |
| * ldap.c, sudo.h: |
| Make the remaining functions in ldap.c static |
| [ba555565b30a] |
| |
| * ldap.c: |
| Make private functions static. Diff from Joachim Henke |
| [1603035b1863] |
| |
| * schema.ActiveDirectory: |
| Updates from Alain Roy to provide better examples for importing the |
| schema and to fix problems caused by Windows validating attributes |
| which have not yet been added before committing the changes. |
| [83f11ae00f19] |
| |
| 2010-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat: |
| Generate .cat files directly from .man.in instead of .man using |
| default values in configure.in |
| [0a92b41c5ce5] |
| |
| 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in, sudo.c, sudo_usage.h.in: |
| Print configure args with verbose version information. |
| [ca4a5fcf0af8] |
| |
| * visudo.c: |
| Remove tfd from struct sudoersfile; it is not used. Add prev pointer |
| to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE. |
| Use tq_append to append sudoers entries to the tail queue. |
| [344c631d0d43] |
| |
| 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * WHATSNEW: |
| Describe tty timestamp improvements |
| [136b0f832903] |
| |
| * toke.c, toke.l: |
| A comment character may not be part of a command line argument |
| unless it is quoted with a backslash. Fixes parsing of: |
| testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 |
| [2a0c82ffedde] |
| |
| * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: |
| regen |
| [c9fddd23c7e1] |
| |
| * sudoers.pod: |
| Make this read a little bit better when passwd_timeout is 0. |
| [51644950823f] |
| |
| * Makefile.in: |
| Use the --file argument to config.status instead of setting |
| CONFIG_FILES |
| [fc2b42c60b5d] |
| |
| * sudo.man.pl, sudo.pod: |
| Attempt to handle a default password prompt timeout of zero more |
| gracefully. |
| [478b8e720993] |
| |
| * toke.c, toke.l: |
| Do not override value of keepopen global, instead restore it to the |
| value we pushed onto the stack when popping. |
| [dc370d57a668] |
| |
| * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c: |
| Use SA_INTERRUPT in sa_flags |
| [3845c6637361] |
| |
| * getdate.c, getdate.y, ldap.c, sudoreplay.c: |
| Silence some compiler warnings |
| [112ac65afd0c] |
| |
| 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * exec.c, exec_pty.c, sudo.c, sudo.h: |
| Implement background mode. If I/O logging we use pipes instead of a |
| pty. |
| [8d448eaf2aaa] |
| |
| * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c: |
| Move compat definition of NSIG to compat.h |
| [cae72a4c9dec] |
| |
| * tgetpass.c: |
| Ignore SIGPIPE for "sudo -S" |
| [c6595c8527c4] |
| |
| * tgetpass.c: |
| Properly handle TGP_ECHO again. Print a newline if the user |
| interrupted password input. |
| [15acbe4fb535] |
| |
| * exec_pty.c: |
| Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl |
| [dd041fc9554c] |
| |
| 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h: |
| Return an error from selinux_setup() instead of exiting. Call |
| selinux_setup() from exec_setup(). |
| [b518225cafba] |
| |
| * compat.h: |
| Add definition of WCOREDUMP for systems without it. This is known |
| to work on AIX and SunOS 4, but may be incorrect on other systems |
| that lack WCOREDUMP. |
| [365e56db7cd5] |
| |
| * check.c, compat.h, config.h.in, configure, configure.in, iolog.c, |
| nanosleep.c, sudo_edit.c, visudo.c: |
| Replace timerfoo macros with timevalfoo since the timer macros are |
| known to be busted on some systems. |
| [4bb5228606c5] |
| |
| * toke.c, toke.l: |
| If a file in a #includedir has improper permissions or owner just |
| skip it. This prevents packages that incorrectly install a file |
| into /etc/sudoers.d from breaking sudo so easily. Syntax errors in |
| #includedir files still result in a parse error (for now). |
| [b7fb75eddb77] |
| |
| * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h: |
| Defer call to pam_close_session() until after the command finishes |
| if there is a monitor process. |
| [0a39c8e6a81b] |
| |
| * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat, |
| sudoers.man.in, sudoers.pod: |
| Add use_pty sudoers option to force use of a pty even when not |
| logging I/O. |
| [aea971f1456a] |
| |
| * env.c, sudo.c, sudo.h: |
| Instead of trying to keep the global environment in sync with our |
| private copy, provide our own getenv() that returns values from the |
| private environment and use env_get() to pass the environment in to |
| run_command(). |
| [58c85c5695dc] |
| |
| * set_perms.c: |
| Fix typo |
| [0f677fcdde04] |
| |
| 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.h: |
| Rename pty.c -> get_pty.c |
| [39137dcc4420] |
| |
| * iolog.c: |
| Add #define for maximum session id |
| [2a487437f013] |
| |
| * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c, |
| selinux.c, sudo.c, sudo.h, sudo_edit.c: |
| Split exec.c into exec.c and exec_pty.c Pass a flag in to |
| sudo_execve to indicate whether we need to wait for the command |
| to finish (fork + execve vs. execve). |
| [b197515585db] |
| |
| * Makefile.in, configure, configure.in, get_pty.c, pty.c: |
| Rename pty.c -> get_pty.c |
| [c0e5270bb28a] |
| |
| * aclocal.m4, configure, configure.in: |
| Fix --without-iologdir |
| [dcd6c5907b10] |
| |
| 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * iolog.c: |
| Only use I/O input log file if def_log_input is set and output file |
| if def_log_output is set. |
| [96cdd49be996] |
| |
| 2010-06-05 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * parse_args.c, sudo.c: |
| Include sudo_usage.h after sudo.h now that it has function |
| prototypes to guarantee that __P is defined. |
| [c67b77f8d6b1] |
| |
| 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * tgetpass.c: |
| Do signal setup after turning off echo, not before. If we are using |
| a tty but are not the foreground pgrp this will generate SIGTTOU so |
| we want the default action to be taken (suspend process). Use an |
| array for signals received instead of a single variable so we don't |
| lose any when there are multiple different signals. |
| [de356064ea01] |
| |
| * defaults.h, lbuf.h, sudo.h: |
| Reorg function prototypes a bit |
| [5c40f58bb28e] |
| |
| * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in: |
| Move argument parsing into parse_args.c |
| [fad7b8737c12] |
| |
| * Makefile.in, config.h.in, configure, configure.in, missing.h, |
| mksiglist.c, mksiglist.h, siglist.in, strsignal.c: |
| Build our own sys_siglist for systems that lack it. |
| [3b5f671936dc] |
| |
| * exec.c, iolog.c, missing.h, sudo_edit.c: |
| K&R fixes |
| [dad62986f2fe] |
| |
| * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c: |
| Log sudoedit sessions as well; adapted from trunk |
| [2c5d9695022b] |
| |
| * configure: |
| regen |
| [9b319e89a6c4] |
| |
| * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in, |
| def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c, |
| gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c, |
| script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in, |
| sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, |
| sudoreplay.pod, term.c: |
| Merge I/O logging changes from trunk. Disabling I/O log support at |
| compile time does not currently work. Sudoedit is not yet hooked up |
| to I/O logging. |
| [968c2c74c69b] |
| |
| 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * INSTALL, configure, configure.in: |
| Add --enable-warnings configure option |
| [19cf967c36d1] |
| |
| * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c: |
| Fix K&R compilation issues on HP-UX. |
| [c01a547cdcf8] |
| |
| * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c: |
| Pass in output function to lbuf_init() instead of writing to stdout. |
| A side effect is that the usage info can now go to stderr as it |
| should. Add support for embedded newlines in lbuf and use that |
| instead of multiple calls to lbuf_print. |
| [596a427ff873] |
| |
| * configure, configure.in, sudo.man.pl, sudoers.man.pl: |
| Use numeric registers to handle conditionals instead of trying to do |
| it all with text processing. |
| [31570c372e0e] |
| |
| * sudoers.pod: |
| Document per-command SELinux settings |
| [bbce5acad1be] |
| |
| * sudo.pod: |
| timestamp -> time stamp |
| [d7335ce6286f] |
| |
| * tsgetgrpw.c: |
| Set close on exec flag in private versions of setpwent() and |
| setgrent(). |
| [954814bdbd56] |
| |
| * logging.c: |
| Make send_mail() take a printf-style argument list |
| [0783ad585062] |
| |
| * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4, |
| config.guess, config.h.in, config.sub, configure, configure.in, |
| ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, |
| m4/ltversion.m4, m4/lt~obsolete.m4: |
| Update to autoconf 2.65 and libtool 2.2.6b |
| [3544dd2f1a94] |
| |
| * boottime.c: |
| Don't use TRUE/FALSE which may not be defined. |
| [8649bf22b3b2] |
| |
| * sudo.cat, sudo.man.in, sudo.pod: |
| Document new tty_ticket behavior |
| [0663e0390338] |
| |
| * find_path.c, sudo.c, sudo.h, visudo.c: |
| Make find_path() a little more generic by not checking def_foo |
| variables inside it. Instead, pass in ignore_dot as a function |
| argument. |
| [16c3f27cd9b9] |
| |
| * check.c: |
| Store info from stat(2)ing the tty in the tty ticket when tty |
| tickets are in use. If the tty lives on a devpts (Linux) or devices |
| (Solaris) filesystem, stash the ctime in the tty ticket file, as it |
| is not updated when the tty is written to. This helps us determine |
| when a tty has been reused without the user authenticating again |
| with sudo. |
| [f9aec9ab9054] |
| |
| * boottime.c, check.c, sudo.h: |
| get_boottime() now fills in a timeval struct |
| [dbd2003659c0] |
| |
| 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * check.c, compat.h, config.h.in, configure, configure.in, fileops.c, |
| gettime.c, sudo.h, sudo_edit.c, visudo.c: |
| Use timeval directly instead of converting to timespec when dealing |
| with file times and time of day. |
| [c85bf3e41839] |
| |
| * auth/pam.c: |
| Fix OpenPAM detection for newer versions. |
| [67f29a0703d0] |
| |
| * vasgroups.c: |
| Sync with Quest sudo git repo |
| [2680ad9762c2] |
| |
| * aclocal.m4, configure, configure.in: |
| HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check |
| libvas may need libdl for dlopen() Add missing template for |
| ENV_DEBUG Adapted from Quest sudo |
| [6c886eb9070a] |
| |
| * README.LDAP: |
| Fix typos; from Quest Sudo |
| [cf258fc69f1a] |
| |
| * Makefile.in, configure.in: |
| Use value of SHELL from configure in Makefile |
| [08aaf12221d6] |
| |
| 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * env.c: |
| Handle duplicate variables in the environment. For unsetenv(), keep |
| looking even after remove the first instance. For sudo_putenv(), |
| check for and remove dupes after we replace an existing value. |
| [086c6397d8cd] |
| |
| 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * visudo.c: |
| Fix a crash when checking a sudoers file that has aliases that |
| reference themselves. Based on a diff from David Wood. |
| [5efc702a3b35] |
| |
| 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * alias.c: |
| Fix use after free in error message when a duplicate alias exists. |
| [9eaac49bd22b] |
| |
| 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * visudo.c: |
| Set errorfile to the sudoers path if we set parse_error manually. |
| This prevents a NULL dereference in printf() when checking a sudoers |
| file in strict mode when alias errors are present. |
| [b4eed2f0615d] |
| |
| 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * TODO, sudoers.cat, sudoers.man.in, sudoers.pod: |
| Fix typo |
| [57198cae9cf5] |
| |
| 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * find_path.c: |
| Qualify the command even if it is in the current working directory, |
| e.g. "./foo" instead of just returning "foo". This removes an |
| ambiguity between real commands and possible pseudo-commands in |
| command matching. |
| [fb4d571495fa] |
| |
| 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.cat, sudoers.man.in, sudoers.pod: |
| Add a note about the security implications of the fast_glob option. |
| [84f8097553d9] |
| |
| * memrchr.c: |
| Remove duplicate includes |
| [3e8d90f4c30f] |
| |
| 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Fix installation of sudoers.ldap in "make install" when --with-ldap |
| was specified without a directory. From Prof. Dr. Andreas Mueller |
| [5177a284b9ff] |
| |
| 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * match.c: |
| When doing a glob match, short circuit if gl.gl_pathc is 0. From |
| Mark Kettenis. |
| [549f8f7c2463] |
| |
| 2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Use parent process group id instead of parent process id when |
| checking foreground status and suspending parent. Fixes an issue |
| when running commands under /usr/bin/time and others. |
| [eac86126e335] |
| |
| * env.c: |
| In setenv(), if the var is empty, return 1 and set errno to EINVAL |
| instead of returning EINVAL directly. |
| [d202091ec15e] |
| |
| 2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * match.c: |
| Check for pseudo-command by looking at the first character of the |
| command in sudoers instead of checking the user-supplied command for |
| a slash. |
| [88f3181692fe] |
| |
| 2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * toke.l: |
| Avoid a duplicate fclose() of the sudoers file. |
| [164d39108dde] |
| |
| * toke.l: |
| Fix size arg when realloc()ing include stack. From Daniel Kopecek |
| [8900bccef219] |
| |
| 2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * aix.c, config.h.in, configure, configure.in: |
| Use setrlimit64(), if available, instead of setrlimit() when setting |
| AIX resource limits since rlim_t is 32bits. |
| [2cbb14d98fc1] |
| |
| * logging.c: |
| Fix use after free when sending error messages. From Timo Juhani |
| Lindfors |
| [caf183fd9d94] |
| |
| 2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ChangeLog, Makefile.in: |
| Generate the ChangeLog as part of "make dist" instead of having it |
| in the repo. |
| [836c31615859] |
| |
| 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| Generate correct ChangeLog for 1.7 branch. |
| [586dd90b8878] |
| |
| 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h, |
| auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, |
| auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, |
| auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, |
| auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, |
| closefrom.c, compat.h, configure.in, defaults.c, defaults.h, |
| emul/charclass.h, emul/timespec.h, env.c, error.c, error.h, |
| fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c, |
| gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h, |
| ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, |
| isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c, |
| logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c, |
| mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in, |
| pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers, |
| sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c, |
| sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, |
| strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, |
| sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in, |
| sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, |
| sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod, |
| term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, |
| utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c: |
| Remove CVS $Sudo$ tags. |
| [de683a8b31f5] |
| |
| 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo_usage.h.in: |
| make this match sudoers SYNOPSIS |
| [c74ba66944c2] |
| |
| * lbuf.c, parse.c: |
| Print a newline between Runas and Command-specific defaults in sudo |
| -l. |
| [b5bdfcc9ce4b] |
| |
| * term.c: |
| Use SET and CLR macros in term_raw |
| [50ca42609d6c] |
| |
| * sudoreplay.c: |
| Set stdin to non-blocking mode early instead of in check_input. Use |
| term_raw instead of term_cbreak since the data we get has already |
| been expanded via OPOST. |
| [51c47e803d62] |
| |
| 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c, term.c: |
| Enable/disable all postprocessing instead of just nl->crnl |
| processing since things like tab expansion matter too. However, if |
| stdout is a tty leave postprocessing on in the pty since we run into |
| problems doing it only on the real stdout with .e.g nvi. |
| [62666e309673] |
| |
| 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * check.c: |
| If tty_tickets is enabled and there is no tty, prompt for a |
| password. Do not lecture user for "sudo -k command" if user has a |
| timestamp. |
| [5880200c5f6b] |
| |
| * INSTALL: |
| Document missing options: --with-efence and --with-bsm-audit |
| [d83afcdf9ff3] |
| |
| * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat, |
| sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, |
| sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat, |
| visudo.man.in, visudo.pod: |
| username -> user name groupname -> group name hostname -> host name |
| [10c85646f45d] |
| |
| * INSTALL, README.LDAP, sudoers.pod: |
| filename -> file name like the rest of the docs |
| [1ef8ab5a9018] |
| |
| 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * parse.c: |
| Fix printing of entries with multiple host entries on a single line. |
| [226ceaf91d8d] |
| |
| 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.pod: |
| Mention that targetpw affects the timestamp file name. |
| [a26e22e4f72e] |
| |
| * def_data.c, def_data.h, def_data.in, defaults.c, script.c, |
| sudoers.pod: |
| Add compress_transcript option. |
| [6e94f8cb9dfb] |
| |
| 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| bump to 1.7.3b2 |
| [906d7e347d15] |
| |
| * pwutil.c, set_perms.c, sudo.c, sudo_nss.c: |
| Better split of membership vs. traditional group check in |
| user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails. |
| [6ebc55d4716b] |
| |
| 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * pwutil.c: |
| Fix pasto and add default return value. |
| [7973b5e4599c] |
| |
| * check.c, match.c, pwutil.c, sudo.h: |
| refactor group member checking into user_in_group() |
| [48ca8c2eddf8] |
| |
| * check.c, config.h.in, configure, configure.in, match.c, sudo.c, |
| sudo.h: |
| Add support for mbr_check_membership() as present in darwin. |
| [5501aed02b9f] |
| |
| 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * match.c: |
| Rename label to be accurate |
| [3af17dd960f7] |
| |
| * Makefile.in, boottime.c, check.c, config.h.in, configure, |
| configure.in, sudo.h: |
| Treat timestamp files from before we booted as old. Idea from and |
| Apple patch. |
| [5c96e484c05a] |
| |
| 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c, sudo.pod, sudo_usage.h.in: |
| Allow the -u flag to be used in conjunction with the -v flag as per |
| older versions of sudo. |
| [591e9fc13c1a] |
| |
| * logging.c: |
| fix typo in last commit |
| [4fd0c692dcf0] |
| |
| 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * logging.c: |
| Convert fmt_first and fmt_confd into macros. |
| [32e870158b29] |
| |
| * sudoers.pod: |
| timeouts can be floats now |
| [89de639a9679] |
| |
| * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c, |
| defaults.h, mkdefaults: |
| Add support for floating point timeout values (e.g. 2.5 minutes). |
| [210ffa291733] |
| |
| 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.pod: |
| The -L flag will be removed in sudo 1.7.4 |
| [ffd026084333] |
| |
| 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c: |
| Fix a bug due to order of operators. |
| [938d34464283] |
| |
| 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * match.c: |
| cmnd_matches() already deals with negation so _cmndlist_matches() |
| does not need to do so itself. Fixes a bug with negated entries in |
| a Cmnd_List. |
| [71c845f6ce73] |
| |
| 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Don't exit() from open_sudoers, just return NULL for all errors. |
| [8cfa832f972a] |
| |
| * script.c: |
| Can't rely on the shell sending us SIGCONT when transitioning from |
| backgroup to foreground process. |
| [3c6c5b6cb4b3] |
| |
| * toke.c, toke.l: |
| Add missing extern def for parse_error |
| [45b7b59d03b7] |
| |
| 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * toke.c, toke.l: |
| Avoid a parse error when #includedir doesn't find any files. Closes |
| bug #375 |
| [1ce1b850e9e6] |
| |
| * Makefile.in: |
| Include sudo.man.pl and sudoers.man.pl in the distribution tarball. |
| [6a22e32da108] |
| |
| 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Start command out in foreground mode if stdout is a tty. Works |
| around issues with some curses-based programs that don't handle |
| tcsetattr getting interrupted by a signal. Still allows us to avoid |
| hogging the tty if the command is part of a pipeline. |
| [1c32f2b94769] |
| |
| * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c: |
| Use a socketpair to pass signals from parent to child. Child will |
| now pass command status change info back via the socketpair. This |
| allows the parent to distinguish between signals it has been sent |
| directly and signals the command has received. It also means the |
| parent can once again print the signal notifications to the tty so |
| all writes to the pty master occur in the parent. The command is |
| now always started in background mode with tty signals handled by |
| the parent. |
| [c6790b82986d] |
| |
| 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Fix a few typos in the descriptions; from Jeff Makey Only do the |
| check for krb5_get_init_creds_opt_free() taking two arguments if we |
| find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false |
| positive when using our own krb5_get_init_creds_opt_free which takes |
| only a single argument. |
| [845a9ff6f93d] |
| |
| 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Remove a spurious comma in the kerb5 bits. |
| [3433eab083db] |
| |
| * auth/kerb5.c: |
| Call krb5_get_init_creds_opt_init() in our emulated |
| krb5_get_init_creds_opt_alloc() for MIT kerberos. |
| [7ffb40bf43e9] |
| |
| 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in: |
| Add HAVE_ZLIB |
| [9297bde61ecc] |
| |
| * script.c: |
| Need to ignore SIGTT{IN,OU} in child when running the command in the |
| background. Also some minor cleanup. |
| [dc208d982319] |
| |
| 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Instead of calling sigsuspend when waiting for SIGUSR[12] from |
| parent, install the signal handlers w/o SA_RESTART and let them |
| interrupt waitpid(). |
| [759c7d18203b] |
| |
| * script.c: |
| Pass along SIGHUP and SIGTERM from parent to child. |
| [035b0e254568] |
| |
| * script.c: |
| Close unused bits of script_fds in processes that don't need them. |
| Restore default SIGCONT handler in child. |
| [e037378ab0c1] |
| |
| * script.c: |
| Update foreground/background status in SIGCONT handler in parent |
| process. |
| [3f7f91333264] |
| |
| 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Defer setting terminal into raw mode until just before we fork() and |
| only do it if sudo is the foreground process. If we get SIGTT{IN,OU} |
| and sudo is already in the foreground be sure to set raw mode before |
| continuing the child. |
| [1102ef40832c] |
| |
| 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Fix handling of SIGTTOU/SIGTTIN in program being run. We now only |
| give the command the controlling tty if the main sudo process is the |
| foreground process. |
| [cf3a91cb5682] |
| |
| * script.c: |
| Don't bother with sudo_waitpid() here for now. |
| [9086de480c2d] |
| |
| * script.c: |
| fix non-zlib case |
| [a258bff0f9a6] |
| |
| 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Remove non-wroking code that crept into rev 1.55 |
| [2802dd55cff5] |
| |
| 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * INSTALL, configure, configure.in, script.c, sudoreplay.c: |
| First pass at zlib support for transcript data files |
| [5d10260807da] |
| |
| * Makefile.in: |
| remove vestiges of ZLDFLAGS |
| [1fa0caf1c0fb] |
| |
| * script.c: |
| Add missing variable declaration for when TIOCSCTTY is not defined. |
| Need to include sys/termio.h for TIOCSCTTY on some systems. |
| [ee7f41ac2709] |
| |
| * script.c: |
| when resuming command, send SIGCONT to its pgrp not just pid |
| [5cd63c1d565b] |
| |
| * selinux.c: |
| remove unused variable |
| [df67df4be228] |
| |
| * script.c: |
| include selinux.h for is_selinux_enabled() proto |
| [85ebaa880cc1] |
| |
| * script.c: |
| Don't use log_error() in the child process. |
| [def65fe2a433] |
| |
| * script.c: |
| Do I/O in parent instead of child since the parent can have both |
| /dev/tty as well as the pty fds open. The child just sets things up |
| and waits for its grandchild and writes the signal description to |
| the pty master if the command was killed by a signal. |
| [95e473208982] |
| |
| 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * missing.h, sudo.h: |
| Move two struct forward declarations from sudo.h to missing.h |
| [90ad28294a8c] |
| |
| * script.c: |
| Make comment at the top of script_exec() match reality. |
| [c5042d27dbe0] |
| |
| * sudo.c: |
| if neither stdin nor stdout is a tty, check stderr |
| [c532ff20c8d8] |
| |
| * Makefile.in: |
| Add back dependecy of gram.h on gram.y |
| [c58382b7fcca] |
| |
| * script.c: |
| Make transcript mode work as long as we can figure out our tty, even |
| if it is not stdin. We'd like to use /dev/tty but that won't be |
| valid after the setsid(). |
| [7b8bba8d99e7] |
| |
| 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in, configure, configure.in, pty.c: |
| Add support for IRIX-style dynamic ptys |
| [bedc9bac44c1] |
| |
| * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c: |
| Move alloc.c protos into alloc.h |
| [b6a90649617d] |
| |
| * missing.h: |
| Move prototypes for missing libc functions to missing.h |
| [dda9ae1ccaf8] |
| |
| * Makefile.in, sudo.h, sudoreplay.c: |
| Move prototypes for missing libc functions to missing.h |
| [7483166b577b] |
| |
| 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in, configure, configure.in: |
| Disable transcript support if no tcsetpgrp until we support older |
| BSD-style job control. |
| [27ac1d8163df] |
| |
| * configure, configure.in, pty.c, script.c: |
| Break out pty code into pty.c |
| [e85509b25d41] |
| |
| * compat.h, config.h.in, configure, configure.in: |
| add killpg macro if no killpg function |
| [3a125f4a51f0] |
| |
| * config.h.in, configure, configure.in, script.c: |
| Push ptem and ldterm for STERAMS-based systems when allocating a |
| pty. |
| [36bb39b30ff2] |
| |
| 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Sprinkle some more O_NOCTTY and call grantpt() before unlockpt() |
| [d94bd5c9bf4e] |
| |
| * script.c: |
| Call tcgetpgrp() in the parent, not the child and have the child |
| spin until it is granted. Fixes a race on darwin. |
| [6e8d435339ce] |
| |
| * script.c: |
| Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just |
| reopen slave. |
| [0bdc63c019ca] |
| |
| 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| In script mode, if the command is killed by a signal, print the |
| signal description as well as a core dump notification like the |
| shell does. |
| [9df61738df07] |
| |
| * Makefile.in, config.h.in, configure, configure.in, strsignal.c, |
| sudo.h: |
| Add check for strsignal() and a simple implementation if it is not |
| there but sys_siglist is |
| [61421a188ef4] |
| |
| * script.c: |
| Add missing WUNTRACED and store the signal that stopped the |
| grandchild in suspended, not signo. |
| [df65042b200e] |
| |
| * script.c: |
| g/c unused code |
| [40d8cb5c9203] |
| |
| * script.c: |
| Associate the grandchild's pgrp with the tty instead of the child's |
| and just get suspend notifications via SIGCHLD instead of directly. |
| This fixes a hang with programs that try to set terminal attributes |
| and is more consistent with how the shell handles things. |
| [6865abff7e94] |
| |
| 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Move setpgid() of child into the parent side of the fork() where it |
| belongs. |
| [3defa782777c] |
| |
| 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| fix typo |
| [b6a612b3622c] |
| |
| * script.c: |
| Run command in its own pgrp (like the shell does) for easier |
| signalling. No need to relay SIGINT or SIGQUIT to parent, just send |
| to grandchild. Don't want grandchild stopped events in the child |
| (only termination). Flush output after suspending grandchild before |
| signalling parent. |
| [db556bf2176f] |
| |
| * script.c: |
| Back out revision 1.34; the problem lies elsewhere. |
| [85f590a03275] |
| |
| * script.c: |
| Don't set stdout to blocking mode when flushing remaining output. |
| It can cause us to hang when trying to exit. Need to investigate |
| why. |
| [6f803a3e33ca] |
| |
| * script.c: |
| Handle SIGTTOU and remove some debugging. |
| [52d17279053e] |
| |
| * term.c: |
| Back out revision 1.10 as the signal that interrupts us may be |
| SIGTTOU or SIGTTIN which the caller must handle. |
| [7e2fa9107975] |
| |
| * script.c: |
| Apparently we need to send SIGSTOP to the command as well as ourself |
| when we get SIGTSTP, the kernel doesn't automatically stop the |
| process for us. |
| [1a936e9309c4] |
| |
| * script.c: |
| Use an extra process to act as the glue bewteen the sessions |
| associated with the user's controlling tty (what the shell uses) and |
| the tty that sudo is using to do its logging. Basically, this means |
| that if we get, e.g. SIGTSTP from the process sudo is running, we |
| relay the signal to the parent so it's shell can do the job control. |
| [6dd296988060] |
| |
| * term.c: |
| Handle getting/setting terminal attributes when the fd is in non- |
| blocking mode. |
| [ae5ae535ea7b] |
| |
| 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: |
| Add support for pausing and changing the speed in interactive mode. |
| [72a2063780a7] |
| |
| * script.c: |
| Already define O_NOCTTY in compat.h, don't need it here |
| [b5d80ed3e5ce] |
| |
| 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c: |
| Add missing protos |
| [c4cb4e7f4d8a] |
| |
| 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo_edit.c: |
| Always update the stashed mtime of the temp file instead of using |
| what we have for the original because the time resolution of the |
| filesystem the temporary is on may not match that of the filesystem |
| that holds the original. Should fix bz #371 found by Philippe Levan. |
| [c86ca4bec60c] |
| |
| * sudoreplay.c: |
| Use cbreak mode instead of raw mode and add signal handlers to |
| restore the tty on interrupt. |
| [84dd283da41c] |
| |
| * script.c, sudo.h, term.c: |
| Retain NL to NLCR conversion on the real tty and skip it on the pty |
| we allocate. That way, if stdout is not a pty there are no extra |
| carriage returns. |
| [32e4f570414e] |
| |
| * script.c: |
| Fix log_output(); just pass in a string and a length. |
| [ca980cc0a3fb] |
| |
| 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| do not use errno when complaining out lack of a tty |
| [8f9b8c55ab8e] |
| |
| 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, sudoreplay.c, term.c: |
| Instead of messing with line endings, just set terminal to raw mode |
| in sudoreplay. |
| [90943fa87acb] |
| |
| * term.c: |
| When copying the terminal attributes to the pty, be sure not to set |
| ONLCR. This prevents extra carriage returns from ending up in the |
| script output file. |
| [e6b5475ac2aa] |
| |
| * script.c: |
| Convert a do {} while into a while |
| [e461310d2c77] |
| |
| * Makefile.in: |
| Use if then instead of test && when installing binaries that may not |
| exist. |
| [ad4f9490d971] |
| |
| * script.c: |
| Add O_NOCTTY when opening a tty device. Explicitly disconnect from |
| old tty before associatng with new one. |
| [0e0ca634b80c] |
| |
| * script.c, selinux.c, sudo.c, sudo.h: |
| First cut at refactoring some of the selinux code so it can be used |
| in conjunction with sudo's transcript support. |
| [779b0d8f9d29] |
| |
| 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * aclocal.m4, configure, configure.in: |
| Fix default case of transcript_enabled being unset. |
| [f8aa96186e6b] |
| |
| * script.c, sudoreplay.c: |
| Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR |
| [2844a7a851fa] |
| |
| * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c: |
| Hook up --disable-transcript and --enable-transcript=DIR |
| [b3fa7e6b2480] |
| |
| 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * aclocal.m4, configure, configure.in, pathnames.h.in: |
| _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable- |
| transcript=DIR option to specify the directory |
| [b0bb76d43cda] |
| |
| * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: |
| regen |
| [c7a8a0a9027c] |
| |
| * configure, configure.in, sudoers.man.pl, sudoers.pod: |
| Substitute in default value for secure_path |
| [c8f9ac6dbf93] |
| |
| * sudo.pod: |
| Mention that the password must be followed by a newline with the -S |
| option. |
| [2fc589a3ee7e] |
| |
| 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Go back to dropping out of the select() loop when the process dies; |
| Linux ptys apparently don't behave the same as BSD in regards to |
| select(). No need to flush remaining output to the transcript, only |
| to stdout. Add back code to check the master pty for additional data |
| when we exit the main select loop. |
| [abed9a9cbc6b] |
| |
| 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| Add getline.o to COMMON_OBJS |
| [04ef7643cbc2] |
| |
| * Makefile.in: |
| sudoreplay depends on libsudo.a |
| [142bd0472631] |
| |
| * Makefile.in: |
| More pwutil.o into COMMON_OBJS |
| [4a016b933629] |
| |
| * pwutil.c, testsudoers.c, tsgetgrpw.c: |
| Remove my_* redirection in pwutil.c for testsudoers and just use the |
| normal libc get{pw,gr}* names. |
| [9b76d637d86b] |
| |
| * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: |
| More time and date examples |
| [c6ee0175ec56] |
| |
| * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c: |
| Move nanosleep() emulation into its own file Check librt.a for |
| nanosleep if we don't find it in libc |
| [4da0cc26aad7] |
| |
| * Makefile.in, configure, configure.in: |
| Build libsudo with the common bits and link things against that. |
| [2b53bc0b081a] |
| |
| * script.c: |
| Fix final flush. |
| [6da287d833da] |
| |
| * script.c: |
| Keep reading from the pty master -> log file until read returns <= |
| 0. Do our best to write everything to stdout when flushing any |
| remaining bits. |
| [2a45d4ae280c] |
| |
| * sudoreplay.c: |
| Use unbuffered I/O when writing to stdout and make sure we write the |
| entire buffer. |
| [f39ef9844a47] |
| |
| 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c: |
| Only use max_wait if it is non-zero |
| [f6c10604d2e8] |
| |
| * getdate.c, getdate.y, getline.c: |
| Need compat.h here |
| [5d6722e225a0] |
| |
| * sudoreplay.c: |
| Fix nanosleep emulation |
| [34e5e5d72a76] |
| |
| * script.c: |
| Fix comment after #endif |
| [bd1347718b25] |
| |
| * sudoreplay.c: |
| Add protos for missing libc bits |
| [644f496427a2] |
| |
| * configure, configure.in: |
| add missing line continuation char |
| [db13c0d402cd] |
| |
| * config.h.in, configure, configure.in, getline.c: |
| Implement getline() in terms of fgetln() if we have it. |
| [3ab786eaadc5] |
| |
| * sudoreplay.c: |
| Print year when formatting log line |
| [90be669e3443] |
| |
| * sudoreplay.pod: |
| Document cwd, attempt to document time/date formats. |
| [6290fb9b65c6] |
| |
| * sudoreplay.c: |
| Fix getline return value check. |
| [d696d6657261] |
| |
| * Makefile.in, config.h.in, configure, configure.in, getline.c, |
| sudoreplay.c: |
| Use getline() if the system has it, else use provide our own for |
| sudoreplay. |
| [afca1d6fbe5e] |
| |
| * script.c: |
| Refactor code to update output and timing files. |
| [361491332b1a] |
| |
| 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c: |
| Make sudo_getln() behave more like glibc getline. |
| [40c9f2ea29e6] |
| |
| * script.c: |
| When flushing remaining output, also update timing file. |
| [5a9a5a627549] |
| |
| * sudoreplay.c: |
| Use get_timestr() and make the -l output look like the regular sudo |
| log. |
| [452ba9d436c9] |
| |
| * logging.c, sudo.h, timestr.c: |
| Make get_timestr() take a time_t so we can use it properly in |
| sudoreplay. |
| [82e67cc53c9c] |
| |
| * script.c: |
| Create session dir earlier now that we update the seq number early. |
| [797fe8d6dc61] |
| |
| 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c: |
| Use fromdate and todate as the keywords instead of from and to; the |
| short forms will still be accepted. |
| [d14d9b116df4] |
| |
| * sudoreplay.c: |
| Fix reading long liensin sudo_getln() |
| [58dadd74118c] |
| |
| * script.c, sudoreplay.c: |
| Log the cwd in the script log file. Add sudo_getln() to read |
| arbitrarily long lines. |
| [faceb802ab8f] |
| |
| * Makefile.in, logging.c, sudo.h, timestr.c: |
| Move get_timestr() into its own source file so sudoreplay can use |
| it. |
| [99b054bfa20a] |
| |
| 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c: |
| Add to and from perdicates (date ranges); needs documentation |
| [1d629174dcf4] |
| |
| 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, getdate.c, getdate.y: |
| Fix warning and add generated getdate.c |
| [b877a86b5a03] |
| |
| * Makefile.in, getdate.y: |
| Add getdate.y to be used for sudoreplay date parsing. |
| [b8e26fbb7a40] |
| |
| 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c: |
| Check more than just the first character of a predicate |
| [4fe53728adb1] |
| |
| * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: |
| Add examples, sort predicates |
| [70f8075cbccc] |
| |
| * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, |
| sudoreplay.pod: |
| Implement search expressions in sudoreplay similar in concept to |
| what find or tcpdump uses. TODO: date ranges |
| [f7ce4fb4cf3a] |
| |
| 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Remove vhangup as it was hanging up the wrong tty. Should really |
| vhangup in the child after it as set its tty. |
| [2eed9df73010] |
| |
| * sudoers.pod: |
| Fix cut at documenting transcript support. |
| [e6c533a5568a] |
| |
| * logging.c: |
| ID= -> TSID= for transcript ID |
| [1bf755a35333] |
| |
| 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.pod: |
| Move fast_glob description to where it belongs in sorted order |
| [5901cfb0d25f] |
| |
| * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, |
| parse.c, parse.h, sudo.c: |
| Rename script -> transcript |
| [e06cf823122c] |
| |
| 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * compat.h: |
| Add timeradd and timersub for those without them |
| [929f8aa06c2b] |
| |
| * script.c: |
| Sanity check sessid before using it. |
| [aa8ca5211d43] |
| |
| * sudo.c: |
| Only set the session id if we are running a command or editing a |
| file. |
| [7205d717c098] |
| |
| * script.c: |
| Actually. qsort is fine since most versions fal back to a cheaper |
| sort when the number of elements to sort is small (like in our |
| case). |
| [d11c7cd352fe] |
| |
| * config.h.in, configure, configure.in, script.c: |
| Check for dup2 and use dup instead if we don't have it. |
| [98bd89830f8a] |
| |
| * script.c, sudo.c, sudo.h: |
| Move the code to dup2 the script fds to low numbered descriptors |
| into script_duplow() and fix the fd sorting. |
| [9453fdc5fba6] |
| |
| * script.c, sudo.c, sudo.h: |
| Move script_setup() back to immediately before we drop privs and |
| call the new script_nextid() in its place, which will set |
| sudo_user.sessid for the logging functions. |
| [8434d0c8ff08] |
| |
| 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| Install sudoreplay |
| [6acf2cdb4d3f] |
| |
| * sudoreplay.c: |
| remove unused variable |
| [2316360bb992] |
| |
| 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * logging.c, script.c, sudo.c, sudo.h: |
| Log the session ID, if there is one. Currently logs ID=XXXXXX, |
| perhaps should be SESSIONID or SESSID. |
| [53976905b0a6] |
| |
| * Makefile.in, configure, configure.in, sudoreplay.cat, |
| sudoreplay.man.in, sudoreplay.pod: |
| Add sudoreplay docs |
| [da4f14f0e64c] |
| |
| * sudoreplay.c: |
| add -V (version) flag |
| [b5e743639ee3] |
| |
| * sudoreplay.c: |
| Hook up max_wait. |
| [2ec5697a92ba] |
| |
| * script.c, sudoreplay.c: |
| Use base36 number for the ID and store script files with paths like |
| /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6 |
| (2,176,782,336) unique IDs. |
| [6aab019d07aa] |
| |
| 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in, configure.in: |
| Add check for regcomp |
| [44c3ebd7ff34] |
| |
| * sudoreplay.c: |
| Add support for selecting by pattern and tty when listing. |
| [66189f840c52] |
| |
| 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoreplay.c: |
| The beginnings of a list mode. |
| [8d0150b4a52c] |
| |
| 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| fix pasto |
| [616b4640b8a8] |
| |
| * Makefile.in, config.h.in, configure.in: |
| Add scaffolding for building sudoreplay |
| [a32958505dbe] |
| |
| * sudoreplay.c: |
| include error.h first arg to nanotime is const |
| [fe5a7bb31bc5] |
| |
| * sudoreplay.c: |
| Initial cut at sudoreplay; replay a sudo session. |
| [f149fba372bd] |
| |
| 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * script.c: |
| Fix wait() usage and use correct wait status. |
| [f4745ed7ad05] |
| |
| * sudo.c, sudo.h, tgetpass.c: |
| Add protos for term_* to sudo.h |
| [14fe1abd7e7b] |
| |
| * script.c: |
| Fix detection of the child process exiting. Since the child is in |
| its own session we should only ever get SIGCHLD for that process but |
| better safe than sorry. |
| [7edfdadd8505] |
| |
| * config.h.in: |
| Add UNIX98 pty support. |
| [82f4b53a0e8f] |
| |
| * configure, configure.in, script.c: |
| Add UNIX98 pty support. |
| [795b8bb0a3a1] |
| |
| 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * term.c: |
| For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC |
| if it is defined. |
| [40f8b83baf69] |
| |
| * auth/pam.c: |
| Set PAM_RUSER and PAM_RHOST early so they can be used during |
| authentication. Based on a patch from Jamie Beverly. |
| [3d567b453a6a] |
| |
| * match.c: |
| Close dir before returning if strlcpy() reports overflow. From |
| Martynas Venckus. |
| [6a82f96473e5] |
| |
| * config.h.in, configure, configure.in, script.c: |
| On Linux, the openpty proto libes in pty.h |
| [98643a018d1c] |
| |
| * script.c: |
| Call vhangup on exit if the system has it Use setpgrp() if no |
| setsid() |
| [3a9e13149829] |
| |
| 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in, configure, configure.in: |
| Add checks for revoke and vhangup if we don't have openpty |
| [fcb04572e994] |
| |
| * script.c: |
| Session logging guts that got forgotten in the previous commit. |
| [c2af08a63ea9] |
| |
| * Makefile.in, aclocal.m4, compat.h, config.h.in, configure, |
| configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, |
| gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, |
| tgetpass.c: |
| First cut at session logging for sudo. Still need to write |
| get_pty() for Unix 98 and old-style BSD ptys. Also needs |
| documentation and general cleanup. |
| [77e3f5e25738] |
| |
| 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c, sudo_edit.c: |
| Fix a bug introduced with def_closefrom. The value of def_closefrom |
| already includes the +1. |
| [7291c136300d] |
| |
| 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| Generate sudo distributions with pax in ustar mode. No longer need |
| to use a temp file or have the source dir name match the version. |
| [9778177a8272] |
| |
| 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * toke.c, toke.l: |
| Fix expansion of %h in #include names. Fixes bugzilla 363 |
| [6e346879ba24] |
| |
| 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * mkdefaults: |
| If no arg assume def_data.in |
| [c1dd28c0e675] |
| |
| * README, WHATSNEW: |
| Update for 1.7.2 |
| [f5ad45f69f05] [SUDO_1_7_2] |
| |
| * ChangeLog: |
| sync |
| [6283549396ff] |
| |
| 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.cat, sudoers.man.in, sudoers.pod: |
| Add missing single quotes around a colon in Runas_Spec definition. |
| From Elias Benali. |
| [ccc6ee4fca83] |
| |
| 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.man.in, sudoers.man.in: |
| regen |
| [546e75304ebf] |
| |
| * redblack.c: |
| In rbrepair, re-color the root or the first non-block node we find |
| to be black. Re-coloring the root is probably not needed but won't |
| hurt. |
| [34d01ebe241b] |
| |
| * sudo.cat, sudoers.cat: |
| regen |
| [bebf5a39f54f] |
| |
| 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * redblack.c: |
| When repairing the tree, don't touch the root node. |
| [9841f0d5d789] |
| |
| 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * set_perms.c: |
| Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID. |
| Reported by Josef Schmid. |
| [ed044b1eb879] |
| |
| 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.pod: |
| Document that we accept env_pam-style environment files |
| [e3b545456352] |
| |
| * env.c: |
| Adapt to accept pam_env-style /etc/environment which allows shell- |
| style lines such as: export EDITOR="/usr/bin/vi" |
| [752eb75bf007] |
| |
| * sudoers.pod: |
| Make it clear that env_delete only works when !env_reset. From Lo??c |
| Minier |
| [3bd3f8e351ba] |
| |
| 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.pod, sudoers.pod: |
| Add non-unix group bits, adapted from Quest |
| [8ce427de8dea] |
| |
| * Makefile.in: |
| build the .cat page in the current working dir, not the src dir |
| [00e87a307674] |
| |
| * env.c: |
| Return EINVAL in setenv() if var is NULL or the empty string to |
| match glibc behavior. |
| [23fd7c247142] |
| |
| 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE |
| [fedd4a3e2a85] |
| |
| 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, |
| sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: |
| regen |
| [7b9f461a40b3] |
| |
| 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * INSTALL: |
| Document --with-libvas and --with-libvas-rpath |
| [a071e6d96c89] |
| |
| 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c, sudoers.ldap.pod: |
| For netscape-derived LDAP SDKs the cert and key paths may be a |
| directory or a file. However, version 5.0 of the SDK only seems to |
| support using a directory. If ldapssl_clientauth_init fails and the |
| cert or key paths look like they could be files, strip off the last |
| path element and try again. |
| [ac4e49d83043] |
| |
| * Makefile.in: |
| Add non-Unix group .o to COMMON_OBJS and substitute in path to flex. |
| [4547cc1a335f] |
| |
| 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in, match.c, sudo.c, vasgroups.c: |
| Update non-Unix group support from Quest, as reworked by me. |
| [1abafce29dc6] |
| |
| * toke.c: |
| regen |
| [01bfca9148b7] |
| |
| * toke.l: |
| Add support for escaped hex chars in names, e.g. \x20 for space. |
| [3c7be8e58a39] |
| |
| 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c, |
| auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c, |
| fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c, |
| logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c, |
| set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h, |
| sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c, |
| tgetpass.c, toke.l, visudo.c: |
| Update copyright years. |
| [e615f676c764] |
| |
| 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * interfaces.c, lbuf.c: |
| Minor fixes for Minix-3 |
| [898c510d23f9] |
| |
| 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * set_perms.c: |
| Handle getgroups() returning 0. Also add missing check for |
| HAVE_GETGROUPS. |
| [d73b958f9ffd] |
| |
| 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, config.h.in, configure, configure.in, sudo.c, |
| version.h, visudo.c: |
| Replace version.h with PACKAGE_VERSION set via AC_INIT in configure. |
| [5050579a264d] |
| |
| 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * set_perms.c: |
| Remove group setting code in setusercontext case, we will do it |
| ourselves later on in runas_setup. Set the gid after |
| initgroups/setgroups is called, since on Mac OS X it seems to change |
| the egid. |
| [09dc21d8b42d] |
| |
| 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c, |
| vasgroups.c: |
| Initial bits of non-unix group support using Quest Authentication |
| Services |
| [1eecab0ff27e] |
| |
| * toke.c, toke.l: |
| Accept %:foo as a non-Unix group |
| [4c4b5dd899a6] |
| |
| * toke.c, toke.l: |
| Allow user/group to be double quoted in the case of non-Unix groups |
| which contain spaces. |
| [47a3d568b7e8] |
| |
| 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * match.c: |
| Don't allow the user to specify the default runas user if their |
| sudoers entry only allows them to run as a group. |
| [4d726177227c] |
| |
| 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Must call audit_success before we change uids. |
| [04a9e6ce6e55] |
| |
| * logging.c, set_perms.c, sudo.h, testsudoers.c: |
| Add option for set_perm to not exit on failure and use this in the |
| logging routines. |
| [833dce7b7f42] |
| |
| * parse.c: |
| In -l mode, if the user is only allowed to run as a group, display |
| the user's name, not root's before the allowed group. |
| [ef92ff99d265] |
| |
| * sudo.c: |
| Fix -g mode, broken by rev 1.503 which had the side effect of |
| setting the runas user to root unilaterally. |
| [50a2f7df4385] |
| |
| 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * fileops.c: |
| When unlocking a file with fcntl, use F_SETLK, not F_SETLKW. |
| [30fbe832dcf3] |
| |
| * pwutil.c: |
| Only cache by the method we fetched for pwd and grp lookups. |
| Previously we cached both by namd and id but this can cause problems |
| for entries that share the same id. Also add more info in the error |
| message in case the insert fails (which should now be impossible). |
| [ef95a4f0bab5] |
| |
| 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.pod: |
| Add a clarification from Nick Sieger |
| [1eadad329561] |
| |
| 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * env.c: |
| Inline the setting of the environment string. |
| [9515d11c6295] |
| |
| 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * env.c: |
| setenv(3) in Linux treats a NUL value as the empty string setenv(3) |
| in BSD doesn't return an error if the name has '=' in it, it just |
| treats the '=' as end of string. |
| [941260bf94d2] |
| |
| 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * toke.c, toke.l: |
| Not all systems have d_namlen |
| [e377b18d8e2d] |
| |
| 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.pod: |
| Fix up some pod2html issues. |
| [823a1f10ab60] |
| |
| 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * interfaces.c: |
| Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from |
| Quest Software. |
| [73de36653131] |
| |
| * sudoers.pod: |
| Ignore files ending in '~' in sudo.d (emacs backup files) |
| [7871fad702db] |
| |
| * toke.c, toke.l: |
| Ignore files ending in '~' in sudo.d (emacs backup files) |
| [53fded2a469f] |
| |
| 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: |
| For #includedir, ignore any file containing a dot |
| [a7daa1bce6c2] |
| |
| * Makefile.in, version.h: |
| Bump version |
| [ef60f14ffc44] |
| |
| * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat, |
| sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l, |
| visudo.c: |
| Implement #includedir directive. Files in an includedir are not |
| edited by visudo unless they contain a syntax error. |
| [3923d85a6c79] |
| |
| * ChangeLog: |
| sync |
| [8741ed61a78b] [SUDO_1_7_1] |
| |
| * WHATSNEW: |
| Forgot umask_override |
| [7c86a21a5504] |
| |
| * ChangeLog, TODO: |
| sync |
| [57339ca6bccf] |
| |
| 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * visudo.c: |
| Rewind stream if we fdopen sudoers since it may not be at the |
| beginning. Set the keepopen flag on already-open files too so the |
| lexer doesn't close them out from under us. |
| [61292d819aff] |
| |
| * visudo.c: |
| Print the proper file name when there is a parse error in an include |
| file. |
| [b0e85d4aedde] |
| |
| 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * WHATSNEW: |
| Sync |
| [997e5d485ea3] |
| |
| 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Fix a warning when --without-ldap is specified. |
| [d91fd9481b30] |
| |
| 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * alias.c, parse.h, visudo.c: |
| Store aliases that we remove during check_aliases in a freelist and |
| free them at the end so we don't leak memory. |
| [805e2272f6a3] |
| |
| 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * visudo.c: |
| Check aliases in -c mode too. |
| [9199e188d9f2] |
| |
| * alias.c, parse.h, visudo.c: |
| Make alias_remove return the alias struct instead of freeing it |
| directly. Fixes a use after free in alias_remove_recursive, the only |
| consumer. |
| [a04b61804800] |
| |
| * alias.c, match.c, parse.c, parse.h, visudo.c: |
| Rename find_alias -> alias_find for consistency. |
| [48b0a82924f3] |
| |
| 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * visudo.c: |
| When checking for unused aliases, recurse if the alias points to |
| another alias. |
| [2d4d1a7f3a41] |
| |
| 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c: |
| Back out rev 1.105 for now. Real ldapux_client.conf support will be |
| done later after some refactoring. |
| [8ad72e69b277] |
| |
| 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c: |
| Treat ldap_hostport the same as "host" for ldapux. |
| [3281dcc66da8] |
| |
| * configure, configure.in: |
| Only check for ldap_sasl_interactive_bind_s if we can find sasl.h. |
| Fixes compilation with ldapux. |
| [ca1ed585ef0e] |
| |
| 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * fileops.c: |
| fix char subscript |
| [41e51f080d00] |
| |
| 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| remove errant carriage returns |
| [e9e258a31c7b] |
| |
| * audit.c, env.c: |
| fix K&R compilation |
| [d182e8920f13] |
| |
| * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, |
| sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: |
| regen |
| [791a5cbf04e5] |
| |
| 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in: |
| Add missing HAVE_BSM_AUDIT |
| [49ad1bb96f04] |
| |
| * WHATSNEW: |
| Add 1.7.1 features |
| [f107f1604c61] |
| |
| * INSTALL: |
| Mention --with-netsvc |
| [d1e90d147795] |
| |
| * sudoers.ldap.pod: |
| Document netsvc.conf support |
| [e78f8abce6af] |
| |
| * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, |
| sudo_nss.h: |
| Add support for AIX netsvc.conf (like nsswitch.conf). |
| [1df56a84dee5] |
| |
| 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in, configure, configure.in, env.c: |
| Add --enable-env-debug flag to enable environment sanity checks. |
| [128cdd8832e7] |
| |
| * sudoers.ldap.pod, sudoers.pod: |
| Work around some pod2html issue. |
| [e733b9609bd2] |
| |
| 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * env.c: |
| Only sync environ for putenv, setenv, and unsetenv. We need to make |
| sure that sudo_putenv and sudo_setenv only modify env.envp, not |
| environ. |
| [be3ac732243c] |
| |
| 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * env.c: |
| Really fix UNSETENV_VOID |
| [08ab7e882507] |
| |
| * env.c: |
| Fix unsetenv when UNSETENV_VOID |
| [d3038b3f2f15] |
| |
| * aclocal.m4, configure: |
| Fix SUDO_FUNC_PUTENV_CONST |
| [de35569c572b] |
| |
| * ldap.c: |
| tivoli-based ldap does not have ldapssl_err2string |
| [c63fd90d5e99] |
| |
| * configure: |
| regen |
| [f38f1ee828ad] |
| |
| 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in, configure, configure.in, ldap.c: |
| Add support for Tivoli-based LDAP start TLS as seen in AIX. |
| Untested. |
| [8f8771829f85] |
| |
| * env.c: |
| Add sanity checks for setenv/unsetenv |
| [adbd1d95856b] |
| |
| * Makefile.in: |
| Include bsm_audit.h in the tarball |
| [4a4aa02b2c32] |
| |
| * Makefile.in, version.h: |
| bump version for sudo 1.7.1 |
| [362c71d21595] |
| |
| * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in, |
| env.c, ldap.c, sudo.h: |
| Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and |
| provide our own setenv/unsetenv/putenv that operates on own env |
| pointer. Make sync_env() inline in setenv/unsetenv/putenv functions. |
| [276edcd23032] |
| |
| 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Make "sudoedit -h" work as expected |
| [2bcbbb45d389] |
| |
| * auth/pam.c: |
| Make sure def_prompt is always defined. This is a workaround for |
| pam configs that prompt for a password in the session but don't have |
| an auth line. A better fix is to expand the sudo prompt earlier and |
| set def_prompt to that when initializing. |
| [ee073c04aec3] |
| |
| * sudo.pod: |
| Mention that the helper for -A may be graphical. |
| [b64a940c4082] |
| |
| * TROUBLESHOOTING: |
| Document what happens if there is no tty. |
| [313d58a856a5] |
| |
| * sudo.c: |
| cosmetic changes |
| [894f5e3b0c3e] |
| |
| * term.c: |
| Fix term_restore |
| [6c6315ff14bc] |
| |
| * sudo.c: |
| Fix "sudo -k" with no other args |
| [59e94dc419c6] |
| |
| 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * check.c, sudo.c, sudo.pod, sudo_usage.h.in: |
| Allow the -k flag to be specified in conjunction with a command or |
| another option that may require authentication. |
| [5960ff20355d] |
| |
| 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes' |
| [e86ab69c4a57] |
| |
| * Makefile.in: |
| Parallel make fix. From Diego E. 'Flameeyes' |
| [1289d7ee27db] |
| |
| 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: |
| Implement umask_override |
| [8b87a3f7c5aa] |
| |
| * toke.c: |
| regen |
| [79d7ca9ac873] |
| |
| * sudoers.pod, toke.l, visudo.c: |
| Implement %h escape in sudoers include filenames. |
| [a7f288dd64f0] |
| |
| * audit.c: |
| Need to include compat.h |
| [c0dc07ce2f70] |
| |
| * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c: |
| Make audit_success and audit_failure generic functions in |
| preparation for integrating linux audit support. |
| [7df020a8fd6f] |
| |
| * term.c: |
| remove duplicate include |
| [1dfcd01a7e46] |
| |
| 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * bsm_audit.c: |
| Add missing include |
| [fb56e08c37ee] |
| |
| * sudo.c: |
| May need to update the runas user after parsing command-based |
| defaults. |
| [246f130d7802] |
| |
| 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * glob.c: |
| Add missing pair of braces introduced with character class support. |
| [0e2afa2e03e9] |
| |
| 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: |
| Rename pwstars to pwfeedback |
| [a9f85a57ebac] |
| |
| 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * bsm_audit.c, bsm_audit.h: |
| Add const to make MacOS happy. |
| [4274432d6627] |
| |
| * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure, |
| configure.in, sudo.c: |
| Add bsm audit support from Christian S.J. Peron |
| [bef61cd8693d] |
| |
| * term.c: |
| This is new code, no DARPA notice. |
| [ec6ad09b9c23] |
| |
| 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: |
| Rename simple_glob -> fast_glob |
| [68d9ed803cc1] |
| |
| * match.c: |
| g/c unused var |
| [693fa0464eb6] |
| |
| * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: |
| Add simple_glob option to use fnmatch() instead of glob(). This is |
| useful when you need to specify patterns that reference network file |
| systems. |
| [77ba634f6949] |
| |
| * tgetpass.c: |
| add term_* proto |
| [520f5149d073] |
| |
| * sudoers.pod: |
| mention glob() |
| [ddaab8e03c52] |
| |
| 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * tgetpass.c: |
| Delete any pwstars we wrote after the user hits return. That way |
| there is no record on screen as to the user's password length. |
| [fae25cda762b] |
| |
| 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * term.c: |
| Move terminal setting bits from tgetpass.c to term.c |
| [03d43325ee99] |
| |
| * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod, |
| tgetpass.c: |
| Add pwstars sudoers option that causes sudo to print a star every |
| time the user presses a key. |
| [7aab417e184d] |
| |
| 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in. |
| [64f70e879816] |
| |
| 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c: |
| For ldap_search_ext_s() the sizelimit param should be 0, not -1, to |
| indicate no limit. From Mark Janssen. |
| [e2c5732d54f5] |
| |
| 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * toke.c, toke.l: |
| Comments that begin with #- should not be parsed as uids. |
| [a72a50f12f41] |
| |
| 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Do not try to set the close on exec flag if we didn't actually open |
| sudoers. |
| [ece3ca256904] |
| |
| 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ChangeLog: |
| regen |
| [e11f0e4c1bdd] [SUDO_1_7_0] |
| |
| 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * TODO: |
| sync |
| [5b8954462bb3] |
| |
| 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/pam.c: |
| Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the |
| password prompt. |
| [8563601cb3de] |
| |
| * configure, configure.in: |
| Don't try to build sudo_noexec.so on HP-UX with the bundled compiler |
| as it cannot generate shared objects. |
| [6d4262ef9669] |
| |
| * emul/charclass.h, glob.c, lbuf.c, tgetpass.c: |
| K&R compilation fixes |
| [77921678d17c] |
| |
| * parse.c: |
| Use tq_foreach_fwd when checking pseudo-commands to make it clear |
| that we are not short-circuiting on last match. When pwcheck is |
| 'all', initialize nopass to TRUE and override it with the first non- |
| TRUE entry. |
| [96b209f4778f] |
| |
| 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * parse.c: |
| Do not short circuit pseudo commands when we get a match since, |
| depending on the settings, we may need to examine all commands for |
| tags. |
| [fdbaf89d6f35] |
| |
| 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.cat, sudoers.man.in: |
| regen |
| [1ecce7c1b841] |
| |
| * sudoers.pod: |
| hostnames may also contain wildcards |
| [82b76695601c] |
| |
| * Makefile.in: |
| remove stamp-* files and linux core files in clean target |
| [22003f091467] |
| |
| 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/sudo_auth.h, config.h.in, configure, configure.in: |
| Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX |
| [6905bede8410] |
| |
| 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| correctly enable SIA on Digital UNIX |
| [a51881d13995] |
| |
| * TODO: |
| checkpoint |
| [af0fe8d94d42] |
| |
| * ChangeLog: |
| sync |
| [831f623cf99c] |
| |
| 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * check.c, sudo.h, tgetpass.c: |
| Even if neither stdin nor stdout are ttys we may still have /dev/tty |
| available to us. |
| [20f306ba883b] |
| |
| 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.cat, sudoers.man.in: |
| regen |
| [76d97c4c318f] |
| |
| * sudoers.pod: |
| fix typos; Markus Lude |
| [bff8bc1e2066] |
| |
| * ChangeLog: |
| sync |
| [f108552531cd] |
| |
| * toke.c: |
| regen |
| [de828413c67e] |
| |
| * toke.l: |
| Fix matching of a line that only consists of a comment char |
| [09c953d8d5ca] |
| |
| 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/pam.c: |
| MacOS pam will retry conversation function if it fails so just treat |
| ^C as an empty password. |
| [d056058930bc] |
| |
| * visudo.c: |
| When checking for alias use, also check defaults bindings. |
| [2647f82c7dbd] |
| |
| * redblack.c: |
| unused var |
| [b7ff71c17c18] |
| |
| * redblack.c: |
| Replace my rbdelete with Emin's version (which actually works ;-) |
| [21b133dd0c72] |
| |
| 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * testsudoers.c: |
| malloc debugging |
| [0fb446fa3279] |
| |
| * visudo.c: |
| malloc options in devel mode for visudo too |
| [98d06c6afeef] |
| |
| 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| fix compilation on non-C99; from Theo |
| [7c304e16c536] |
| |
| * visudo.c: |
| fix check_aliases |
| [83f30a3b1765] |
| |
| * alias.c: |
| when destroying an alias, free the correct data pointer |
| [6e1a8bd86c01] |
| |
| * auth/sudo_auth.h: |
| add proto for aixauth_cleanup; from Dale King |
| [eba94ffc8f63] |
| |
| 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, |
| visudo.man.in: |
| regen |
| [409fa57fff83] |
| |
| * sudo.pod, sudoers.pod, visudo.pod: |
| standardize on the term 'option' for command line options (not flag) |
| [228caefc2e36] |
| |
| 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * INSTALL: |
| Add note on configuring HP-UX pam |
| [f7674a581baf] |
| |
| 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * check.c, sudo.c: |
| Move tty checks into check_user() so we only do them if we actually |
| need a password. |
| [7d997d7106d6] |
| |
| * sudo.c: |
| Don't error out if no tty or askpass unless we actually need to |
| authenticate. |
| [9f23b83ed66c] |
| |
| 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ChangeLog: |
| regen |
| [23f9aef32da6] |
| |
| * pathnames.h.in, sudo.c: |
| s/overriden/overridden/; from Tobias Stoeckmann |
| [9f7459a8fac5] |
| |
| 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * WHATSNEW, visudo.c: |
| check sudoers owner and mode in strict mode |
| [a3468c5ac1c4] |
| |
| * gram.c, toke.c: |
| regen |
| [7d6b515a5443] |
| |
| * sudo.man.in, sudoers.man.in, visudo.man.in: |
| Update copyright years. |
| [52d340cb8cba] |
| |
| * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, |
| auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, |
| auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, |
| closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, |
| gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c, |
| interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h, |
| parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, |
| sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod, |
| testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c, |
| visudo.pod, zero_bytes.c: |
| Update copyright years. |
| [b4e6bf2beafa] |
| |
| * emul/charclass.h, fnmatch.c, glob.c: |
| add my copyright |
| [28681385014a] |
| |
| 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * toke.c, toke.l: |
| The loop in fill_cmnd() was going one byte too far past the end, |
| resulting in a NUL being written immediately after the buffer end. |
| [a5a49d603cd7] |
| |
| * UPGRADE, WHATSNEW: |
| add sections on tgetpass changes |
| [2e6929b6a102] |
| |
| * tgetpass.c: |
| Treat EOF w/o newline as an error. |
| [aa02b1db9240] |
| |
| 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * parse.c: |
| Fix "sudo -v" when NOPASSWD is set. |
| [f4914711ea80] |
| |
| * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c, |
| auth/sudo_auth.h: |
| No longer treat an empty password at the prompt as special. To quit |
| out of sudo you now need to hit ^C at the password prompt. |
| [980f760ad419] |
| |
| * sudoers.cat, sudoers.man.in: |
| regen |
| [6ca21a2cd869] |
| |
| * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: |
| Sudo will now refuse to run if no tty is present unless the new |
| visiblepw sudoers flag is set. |
| [0cc56943252e] |
| |
| 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * aix.c: |
| just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not |
| defined |
| [24fc6f712d5c] |
| |
| * aix.c: |
| fix fallback value for RLIM_SAVED_MAX |
| [e09e04e1af89] |
| |
| * auth/aix_auth.c, auth/sudo_auth.h: |
| Move clearing of AUTHSTATE into aixauth_cleanup. |
| [e14ae7bd259c] |
| |
| * auth/aix_auth.c, env.c: |
| Unset AUTHSTATE after calling authenticate() as it may not be |
| correct for the user we are running the command as. |
| [d14f68f1b0ab] |
| |
| * isblank.c: |
| Add isblank() function for systems without it. Needed for POSIX |
| character class matching in fnmatch.c and glob.c. |
| [16cba30b283f] |
| |
| 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * TROUBLESHOOTING: |
| expound on sudo and cd |
| [8e0fa9033637] |
| |
| 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ChangeLog: |
| regen |
| [40cf320a10fc] |
| |
| * sudoers.cat, sudoers.man.in: |
| regen |
| [7cac761ae2c6] |
| |
| * sudoers.pod: |
| mention defauts parse order |
| [4e2ce86d1394] |
| |
| 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, aclocal.m4, compat.h, configure: |
| Add isblank() function for systems without it. Needed for POSIX |
| character class matching in fnmatch.c and glob.c. |
| [a1ab55da8424] |
| |
| * Makefile.in: |
| add emul/charclass.h to HDRS |
| [7e8a019dcaa4] |
| |
| 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * TODO: |
| checkpoint |
| [afeb9bc1baed] |
| |
| * defaults.c, parse.c, testsudoers.c, visudo.c: |
| Move update_defaults into defaults.c and call it properly from |
| visudo and testsudoers. |
| [f4dbb369461f] |
| |
| * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c, |
| tsgetgrpw.c: |
| use zero_bytes() instead of memset() for consistency |
| [4cee0465f4a8] |
| |
| * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c, |
| visudo.c: |
| Zero out sigaction_t before use in case it has non-standard entries. |
| [120092225459] |
| |
| * match.c: |
| quiet gcc |
| [098a1df49b23] |
| |
| * match.c: |
| Short circuit glob() checks if basename(pattern) != |
| basename(command). Refactor code that checks for a command in a |
| directory and use it in the glob case if the resolved pattern ends |
| in a '/'. |
| [3c46fd317acb] |
| |
| 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: |
| Defer setting runas defaults until after runaspw/gr is setup. |
| [12e75ee49c0c] |
| |
| 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * match.c, sudo.c, testsudoers.c: |
| Use MAXHOSTNAMELEN+1 when allocating host/domain name since some |
| systems do not include space for the NUL in the size. Also manually |
| NUL-terminate buffer from gethostname() since POSIX is wishy-washy |
| on this. |
| [7266ab3296a3] |
| |
| 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c, sudoers.pod: |
| When setting the umask, use the union of the user's umask and the |
| default value set in sudoers so that we never lower the user's umask |
| when running a command. |
| [4e804b004e38] |
| |
| * sudo.c: |
| Don't try to read from a zero-length sudoers file. Remove the bogus |
| Solaris work-around for EAGAIN. Since we now use fgetc() it should |
| not be a problem. |
| [bb8e5f68d944] |
| |
| 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * parse.c: |
| In update_defaults() check the return value of user*_matches against |
| ALLOW so we don't inadvertantly match on UNSPEC. |
| [4e422fa1527e] |
| |
| 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, |
| sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: |
| regen man pages; no more hyphenation |
| [15de4fe2fe01] |
| |
| * sudo.c: |
| Don't error out on a zero-length sudoers file. With the advent of |
| #include the user could create a situation where sudo is unusable. |
| [6eb461319fa5] |
| |
| 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/kerb5.c, config.h.in, configure, configure.in: |
| Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT |
| krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at |
| all. Add configure tests to handle all the cases. |
| [4b554a98470d] |
| |
| 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.pod: |
| resort ENVIRONMENT |
| [f4f20f40653e] |
| |
| * sudoers.pod: |
| document sudoers_locale |
| [0bffd2dbe806] |
| |
| * sudo.pod, sudo_edit.c: |
| add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL |
| or EDITOR |
| [0ef8cb248cee] |
| |
| * toke.c, toke.l: |
| In fill_cmnd(), collapse any escaped sudo-specific characters. |
| Allows character classes to be used in pathnames. |
| [5685244c8e44] |
| |
| 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * lbuf.c: |
| fix typo in non-C89 function declaration |
| [99a7113b3a05] |
| |
| * sudoers.pod: |
| Mention POSIX characters classes now that out fnmatch() and glob() |
| support them. |
| [9c916f1230c3] |
| |
| * sample.sudoers, sudoers.pod: |
| Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is |
| locale agnostic. |
| [a60a62bec244] |
| |
| * parse.h: |
| use __signed char if we are going to assign a negative value since |
| on Power, char is unsigned by default |
| [2877b319df17] |
| |
| * config.h.in, configure, configure.in: |
| Add tests for __signed char and signed char. |
| [5eb874fdf1d4] |
| |
| * aix.c: |
| Fix AIX limit setting. getuserattr() returns values in disk blocks |
| rather than bytes. The default hard stack size in newer AIX is |
| RLIM_SAVED_MAX. From Dale King. |
| [3db67415ecc3] |
| |
| 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * emul/charclass.h, fnmatch.c, glob.c: |
| Add character class support to included glob(3) and fnmatch(3). |
| [6b5b4ad77899] |
| |
| 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * emul/fnmatch.h: |
| Remove UCB advertising clause and some compatibility defines. |
| [2ade7bee74e1] |
| |
| 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo_edit.c: |
| Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself |
| or sudo. This allows one to set EDITOR to sudoedit without getting |
| into an infinite loop of sudoedit running itself until the path gets |
| too big. |
| [aa49ab68f82d] |
| |
| * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: |
| Add sudoers_locale Defaults option to override the default sudoers |
| locale of "C". |
| [0639886a35bf] |
| |
| 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Set locale to system default except for during sudoers parse. |
| [016dd2736728] |
| |
| 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * match.c: |
| Redo change in 1.34 to use pointer arithmetic. |
| [f9e7b63bb450] |
| |
| 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * match.c: |
| Fix a dereference (read) of a freed pointer. Reported by Patrick |
| Williams. |
| [69877b633753] |
| |
| 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Set locale to "C" to avoid interpretation issues with character |
| ranges in sudoers. May want to make the locale a sudoers option in |
| the future. |
| [098a95de1746] |
| |
| 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in: |
| we no longer use setproctitle |
| [c7f20fb747ea] |
| |
| * sudo.h: |
| remove #if 1 |
| [a368ee6816c6] |
| |
| * LICENSE, mkstemp.c: |
| Use my replacement mkstemp() from the mktemp package. |
| [d07c2beb0f9e] |
| |
| 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * gram.c: |
| regen with yacc skeleton bug fixed |
| [24784571cbb8] |
| |
| * sudoers.pod: |
| Remove duplicate "as root". From Martin Toft. |
| [97241acfee5e] |
| |
| 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * pwutil.c, sudo.c, sudo.h, testsudoers.c: |
| Flesh out the fake passwd entry used for running commands as a uid |
| not listed in the passwd database. Fixes an issue with some PAM |
| modules. |
| [a6648227f3f2] |
| |
| 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Error out in -i mode if the user has no shell. This can happen when |
| running commands as a uid with no password entry. |
| [0c174bef36ff] |
| |
| 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * toke.c, toke.l: |
| Better fix for line continuation inside double quotes. Now accepts |
| whitespace between the backslash and the newline like the main |
| lexer. |
| [64efcdf86d31] |
| |
| 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * toke.c, toke.l: |
| Fix line continuation in strings. It was only being honored if |
| preceded by whitespace. |
| [96c21271a3e4] |
| |
| 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * config.h.in, configure, configure.in, logging.c: |
| Replace the double fork with a fork + daemonize. |
| [328505441e67] |
| |
| 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * env.c, sudo.c: |
| The -i flag should imply env_reset. This got broken in sudo 1.6.9. |
| [3caedfeaec87] |
| |
| * logging.c, sudo.c, sudo_edit.c, visudo.c: |
| Change how the mailer is waited for. Instead of having a SIGCHLD |
| handler, use the double fork trick to orphan the child that opens |
| the pipe to sendmail. Fixes a problem running su on some Linux |
| distros. |
| [b59ce60a393d] |
| |
| 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Fix configure test for dirfd() on Linux where DIR is opaque. |
| [b8f729cdfecc] |
| |
| 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * tgetpass.c: |
| Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has |
| this problem we'll need to revisit this again. |
| [c17fee8ad530] |
| |
| 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * logging.c: |
| Ignore SIGPIPE instead of blocking it when piping to the mailer. If |
| we only block the signal it may be delivered later when we unblock. |
| Also, there is no need to block SIGCHLD since we no longer do the |
| double fork. The normal SIGCHLD handler is sufficient. |
| [e94a49e992e5] |
| |
| 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Add description for NO_PAM_SESSION, from a redhat patch. |
| [b9e4c939ec09] |
| |
| 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.cat, sudo.man.in, sudo.pod: |
| Fix typos in -i usage |
| [2d7ce5de0235] |
| |
| 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Redo the test for dgettext() in a way that hopefully will work |
| around the libintl_dgettext() undefined problem. |
| [d27beb0cf85e] |
| |
| 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * schema.ActiveDirectory: |
| change filename in comment |
| [733da4ee9ac5] |
| |
| 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in, |
| sudoers.ldap.pod: |
| Reference schema.ActiveDirectory |
| [d6aec537800e] |
| |
| 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * schema.OpenLDAP, schema.iPlanet: |
| Mark sudoRunAs as deprecated. |
| [00c50df807af] |
| |
| * schema.ActiveDirectory: |
| add sudoRunAsUser and sudoRunAsGroup |
| [19bcce6f72fb] |
| |
| * schema.ActiveDirectory: |
| Active Directory schema by Chantal Paradis and Eric Paquet |
| [06a09c92c6a5] |
| |
| 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * parse.c: |
| remove an XXX that was fixed |
| [b88038062fa2] |
| |
| * ChangeLog: |
| sync |
| [8fc27c17270e] |
| |
| * parse.c: |
| Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This |
| fixes a problem where the tag value printed was influenced by |
| defaults set in the first pass through the parser. |
| [588ccd630367] |
| |
| 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, sudo.psf: |
| No point in packaging the TODO file |
| [9590248fffe1] |
| |
| * ChangeLog: |
| sync |
| [152acf4c6813] |
| |
| 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c, |
| sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: |
| Add env_file Defaults option that is similar to /etc/environment on |
| some systems. |
| [1daf53d51e18] |
| |
| 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in, |
| sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, |
| version.h, visudo.cat, visudo.man.in: |
| change version to 1.7.0 |
| [d41d126b9bd8] |
| |
| * UPGRADE: |
| initial valgrind pass done |
| [c59c3876d8ca] |
| |
| 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c: |
| Fix typo/think in sudo_ldap_read_secret() when storing the secret. |
| [830d246c09b0] |
| |
| 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c: |
| define LDAPS_PORT if the system headers do not |
| [247b12325701] |
| |
| 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * gram.c, gram.y: |
| Fix another memory leak in init_parser(). |
| [7bba47deba11] |
| |
| * configure, configure.in: |
| There was a missing space before the ldap libs in SUDO_LIBS for some |
| configurations. |
| [7524cfc93759] |
| |
| * alias.c, gram.c, gram.y, toke.c, toke.l: |
| Clean up some memory leaks pointed out by valgrind. |
| [a965866ece1a] |
| |
| 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| fix "sudo -s" broken by mode/flags breakout |
| [acffe984d408] |
| |
| * configure, configure.in: |
| remove duplicate check for dgettext |
| [58145529133c] |
| |
| 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * aix.c: |
| Fall back to default stanza if no user-specific limit is found. |
| [7b8cb29123ee] |
| |
| 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * snprintf.c: |
| include stdint.h if present |
| [f0ec38529306] |
| |
| * snprintf.c: |
| Use LLONG_MAX, not the old QUAD_MAX |
| [01041ce508fb] |
| |
| 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudoers.ldap.pod: |
| fix cut and pasto |
| [34240fdef5ab] |
| |
| 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * pwutil.c: |
| Add #ifdef PURITY |
| [ce1b571ad526] |
| |
| 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/bsdauth.c: |
| remove useless cast |
| [494f8a862e1d] |
| |
| 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ChangeLog: |
| sync |
| [f5c97ffaabcc] |
| |
| * TODO: |
| sync |
| [96ff1c44c182] |
| |
| * sudo.h: |
| Split MODE_* defines into primary and flags. |
| [c02ee3027cb9] |
| |
| 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * aix.c: |
| It turns out the logic for getting AIX limits is more convoluted |
| than I realized and differs depending on whether the soft and/or |
| hard limits are defined. |
| [cf8d3f85d395] |
| |
| 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in, configure, configure.in: |
| Back out AIX-specific change to set the sudo_noexec path to the .a |
| file, we do really want to use the .so file. Since libtool doesn't |
| do that correctly, just install the .so file ourselves in the |
| Makefile. |
| [05c6f33177d9] |
| |
| * install-sh: |
| If the file given to install is a path, only use the basename of the |
| file when building the destination path. |
| [695ba4e429ce] |
| |
| 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| parse_args() cleanup: Sort command line options in the getopt() |
| switch The -U option requires a parameter Normalize a few ISSET |
| calls Split mode into mode and flags and retire the now-obsolete |
| excl variable |
| [0d156835f861] |
| |
| * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, |
| sudo_usage.h.in: |
| Add -n (non-interactive) flag. |
| [e3e50400d32d] |
| |
| * sudo.c: |
| Move version printing, etc. into a separate function. |
| [18c91b476e2c] |
| |
| * sudo.c: |
| Don't try to cleanup nsswitch if it has not been initialized. |
| [aeb1ca1b399d] |
| |
| 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * logging.c: |
| Block SIGPIPE in send_mail() so sudo is not killed by a problem |
| executing the mailer. |
| [f130e7924cca] |
| |
| 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| AIX shared libs end in .a, not .so. |
| [a5deb07020d8] |
| |
| 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * env.c: |
| Preserve HOME by default too. Matches documentation and previous |
| behavior. |
| [c16f17f1047c] |
| |
| 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Use getopt() to parse the command line. We need to be able to |
| intersperse env variables and options yet still honor "--"" which |
| complicates things slightly. |
| [60f271ce5c16] |
| |
| 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ChangeLog: |
| sync |
| [685e67964eda] |
| |
| * acsite.m4, configure, ltmain.sh: |
| update to libtool-1.5.26 |
| [4c9a8c3d3b40] |
| |
| * config.guess, config.sub: |
| update from libtool-1.5.26 distribution |
| [c6641aef2527] |
| |
| * aix.c, sudo.h: |
| attempt to fix compilation errors on AIX |
| [edb13e5b2184] |
| |
| * Makefile.in: |
| fix typo in last commit |
| [25ba7f7ceae4] |
| |
| * Makefile.in: |
| Add WHATSNEW file to the distribution |
| [213f4115de8f] |
| |
| * visudo.c: |
| use warningx instead of fprintf(stderr, ...) |
| [a3494b8ccb19] |
| |
| * list.c: |
| add DEBUG to list2tq |
| [115d24a3000c] |
| |
| * ChangeLog, TODO: |
| sync |
| [60e6f4d1fac0] |
| |
| * WHATSNEW: |
| mention mailfrom |
| [e2498f9e18d6] |
| |
| * Makefile.in, aix.c, config.h.in, configure, configure.in, |
| set_perms.c, sudo.h: |
| Add aix_setlimits() to set resource limits on AIX using a |
| combination of getuserattr() and setrlimit(). Currently untested. |
| [9b1441fd89ca] |
| |
| 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat, |
| sudoers.man.in, sudoers.pod: |
| Add mailfrom Defaults option that sets the value of the From: field |
| in the warning/error mail. If unset the login name of the invoking |
| user is used. |
| [029b9f05d3d9] |
| |
| * defaults.c: |
| store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable |
| [a90e407d5e00] |
| |
| * gram.c, gram.y: |
| When adding a default, only call list2tq() once to do the list to tq |
| conversion. It is not legal to call list2tq multiple times on the |
| same list since list2tq consumes and modifies the list argument. |
| [fbc25d245c4a] |
| |
| * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: |
| comment out XXXs for now |
| [595a1d43309d] |
| |
| * WHATSNEW: |
| mention askpass |
| [b993e0837c22] |
| |
| 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.c: |
| Error out if both -A and -S are specified Error out if -A is |
| specified but no askpass is configured |
| [24f1df2638f6] |
| |
| * configure, configure.in: |
| we are not going to ship a sudo-specific askpass |
| [61949e7a3943] |
| |
| 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.h: |
| fix definition of TGP_ASKPASS |
| [0447c57ba4c3] |
| |
| * def_data.c, def_data.in: |
| make askpass boolean-capable |
| [e0885893a325] |
| |
| * INSTALL: |
| document --with-askpass |
| [c76e15ba97cf] |
| |
| * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, |
| sudoers.man.in, visudo.cat: |
| regen |
| [8d16242980b7] |
| |
| 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.pod, sudo_usage.h.in, sudoers.pod: |
| document -A and askpass |
| [02c07505a78c] |
| |
| * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c, |
| def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h, |
| sudo_usage.h.in, tgetpass.c: |
| Add support for running a helper program to read the password when |
| no tty is present (or when specified with the -A flag). TODO: docs. |
| [05780f5f71fd] |
| |
| * def_data.c, def_data.in: |
| add missing printf format to SELinux role and type strings |
| [2b32774715e7] |
| |
| 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * INSTALL, configure, configure.in: |
| Disable use of gss_krb5_ccache_name() by default and add |
| --enable-gss-krb5-ccache-name configure option to enable it. It |
| seems that gss_krb5_ccache_name() doesn't work properly with some |
| combinations of Heimdal and OpenLDAP. |
| [f61ebd3b19bd] |
| |
| 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * selinux.c: |
| Ignore setexeccon() failing in permissive mode. Also add a call to |
| setkeycreatecon() (though this is probably insufficient). From Dan |
| Walsh. |
| [52564fc1c069] |
| |
| * auth/pam.c: |
| Only set std_prompt for the PAM_PROMPT_* cases. The conversation |
| function may be called for non-password reading purposes so we must |
| be careful not to use def_prompt in cases where it may not be set. |
| [29d88ca575ba] |
| |
| 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * selinux.c: |
| Don't free the new tty context, we need to keep it around when we |
| restore the tty context after the command completes |
| [5b4bd39b6ea8] |
| |
| 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * selinux.c: |
| s/newrole/sudo/ |
| [21b8a96ff8df] |
| |
| * sudo.man.pl, sudo.pod: |
| Only put login_cap(3) in SEE ALSO section if we have login.conf |
| support |
| [05250ddff2c0] |
| |
| 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, |
| sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: |
| regen |
| [301e5c5ccdbe] |
| |
| * sudoers.pod: |
| Substitute in comment characters for lines partaining to login.conf, |
| BSD auth and SELinux and only enable them if pertinent. |
| [c1c98fa163ce] |
| |
| * sudoers.man.pl: |
| Substitute in comment characters for lines partaining to login.conf, |
| BSD auth and SELinux and only enable them if pertinent. |
| [6c88f30b878a] |
| |
| * sudo.pod: |
| Substitute in comment characters for lines partaining to login.conf, |
| BSD auth and SELinux and only enable them if pertinent. |
| [acdbdfd24e1d] |
| |
| * sudo.man.pl: |
| Substitute in comment characters for lines partaining to login.conf, |
| BSD auth and SELinux and only enable them if pertinent. |
| [0c56d4750ac3] |
| |
| * Makefile.in, configure, configure.in: |
| Substitute in comment characters for lines partaining to login.conf, |
| BSD auth and SELinux and only enable them if pertinent. |
| [9a02bd6a6658] |
| |
| * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: |
| Remove the =cut on the first line (above the copyright notice) to |
| quiet pod2man. Also remove the hackery in the FILES section and |
| just deal with the fact that there will a newline between each |
| pathname. |
| [2ac1ab191835] |
| |
| 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * Makefile.in: |
| run sudo.man.pl when generating sudo.man.in |
| [859727369168] |
| |
| * configure, configure.in, sudo.man.pl: |
| comment out SELinux manual bits unless --with-selinux was specified |
| [97ff4212b649] |
| |
| * sudoers.pod: |
| document role and type defaults for SELinux |
| [870f303366b3] |
| |
| * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in: |
| Document "sudo -ll" and make "sudo -l -l" be equivalent. |
| [3ce6dc429ea3] |
| |
| 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure, configure.in: |
| Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on |
| Debian GNU/kFreeBSD. |
| [c4efa567a328] |
| |
| 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * auth/kerb5.c: |
| Avoid Heimdal'isms introduced in the rev 1.32 rewrite of |
| verify_krb_v5_tgt() |
| [f80538e5a6fa] |
| |
| * logging.c, logging.h, sudo.c: |
| Remove dependence on VALIDATE_NOT_OK in logging functions. Split |
| log_auth() into log_allowed() and log_denial() Replace mail_auth() |
| with should_mail() and a call to send_mail() |
| [58aac9997557] |
| |
| 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c: |
| Add debugging so we can tell if the krb5 ccache is accessible |
| [c679322527bb] |
| |
| * INSTALL: |
| mention --with-selinux |
| [9efbe0b52194] |
| |
| 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * configure: |
| regen |
| [467a834f867c] |
| |
| * selinux.c: |
| add Sudo tag |
| [d004ee669bed] |
| |
| * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, |
| sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, |
| testsudoers.c, toke.c, toke.l: |
| Add support for SELinux RBAC. Sudoers entries may specify a role |
| and type. There are also role and type defaults that may be used. |
| To make sure a transition occurs, when using RBAC commands are |
| executed via the new sesh binary. Based on initial changes from Dan |
| Walsh. |
| [1d4abfe2c004] |
| |
| * sesh.c: |
| Add support for SELinux RBAC. Sudoers entries may specify a role |
| and type. There are also role and type defaults that may be used. |
| To make sure a transition occurs, when using RBAC commands are |
| executed via the new sesh binary. Based on initial changes from Dan |
| Walsh. |
| [1e3b395ce049] |
| |
| * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, |
| def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, |
| pathnames.h.in, selinux.c: |
| Add support for SELinux RBAC. Sudoers entries may specify a role |
| and type. There are also role and type defaults that may be used. |
| To make sure a transition occurs, when using RBAC commands are |
| executed via the new sesh binary. Based on initial changes from Dan |
| Walsh. |
| [6b421948286e] |
| |
| 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: |
| Add long list (sudo -ll) support for printing verbose LDAP and |
| sudoers file entries. Still need to update manual. |
| [2875be37935c] |
| |
| 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: |
| Unify the -l output for file and ldap based sudoers and use lbufs |
| for both. The ldap output does not currently include options that |
| cannot be represented as tags. This will be remedied in a long list |
| output mode to come. |
| [b2e429456596] |
| |
| 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * set_perms.c: |
| Use a specific error message for errno == EAGAIN when setuid() et al |
| fails. On Linux systems setuid() will fail with errno set to EAGAIN |
| if changing to the new uid would result in a resource limit |
| violation. |
| [08d0aecd9f03] |
| |
| * sudo.c: |
| Unlimit nproc on Linux systems where calling the setuid() family of |
| syscalls causes the nroc resource limit to be checked. The limits |
| will be reset by pam_limits.so when PAM is used. In the non-PAM |
| case the nproc limit will remain unlimited but there doesn't seem to |
| be a way around that other than having sudo parse |
| /etc/security/limits.conf directly. |
| [df024b415a8d] |
| |
| * env.c, sudo.c, sudo.pod: |
| Only read /etc/environment on Linux and AIX |
| [90669e2aefdb] |
| |
| 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|