From: Todd C. Miller Date: Sun, 10 Jun 2007 22:00:57 +0000 (+0000) Subject: Fix Changelog generation and update. X-Git-Tag: SUDO_1_7_0~564 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7b73bcbb8afd53824ad629135d916925a7116e97;p=sudo Fix Changelog generation and update. --- diff --git a/ChangeLog b/ChangeLog index 47a4704f7..4ede8949b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,13930 +1,17097 @@ -2005-02-09 22:03 millert +2007-06-10 16:30 millert + + * config.h.in, fileops.c, gettime.c, sudo.c: Add TIME_WITH_SYS_TIME + +2007-06-10 16:30 millert + + * BUGS: Update version to 1.6.9 + +2007-06-10 14:52 millert + + * ldap.c, parse.c, sudo.c, sudo.h: Keep a copy of the supplemental + group vector in struct sudo_user and use it for matching. + +2007-06-10 14:49 millert + + * configure: regen + +2007-06-10 14:45 millert + + * gettime.c: function to return the current time in a struct + timespec + +2007-06-10 14:45 millert + + * utime.c, utimes.c: Replace utime() emulation with utimes() and + futimes() emulation. + +2007-06-10 14:40 millert + + * Makefile.binary, Makefile.binary.in: Replace Makefile.binary with + Makefile.binary.in for config.status substitution + +2007-06-10 14:26 millert + + * env.c: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD + and LDR_PRELOAD64. The 64-bit version is not currently + supported. + +2007-06-10 14:23 millert + + * env.c: Actually add COLORTERM to initial_checkenv_table + +2007-06-10 13:53 millert + + * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd. Add fcntl + F_CLOSEM support to closefrom(). Move old-style fd closing into + closefrom_fallback() and call that if /proc/self/fd doesn't exist + or the F_CLOSEM fcntl() fails. + +2007-06-10 13:52 millert + + * config.h.in, auth/sudo_auth.h: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/ + +2007-06-10 13:46 millert + + * auth/securid5.c: Fix securid5 authentication, was not checking + for ACM_OK. Also add default cases for the two switch()es. + Problem noted by ccon at worldbank + +2007-06-10 13:43 millert + + * alloc.c: Make easprintf() work correctly in K&R + +2007-06-10 13:37 millert + + * README: Update version and note that license is ISC not BSD + +2007-06-10 13:37 millert + + * INSTALL.configure: Update configure's INSTALL file from head + +2007-06-10 13:28 millert + + * auth/kerb5.c: o If we cannot get a valid service key using the + default keytab it + is a fatal error. + o use krb5_verify_user() if available instead of doing it by + hand + o use krb5_init_secure_context() if we have it + o pass an encryption type of 0 to krb5_kt_read_service_key() + instead of + ENCTYPE_DES_CBC_MD5 to let kerberos choose. + +2007-06-10 13:27 millert + + * auth/pam.c: Linux PAM now defines __LINUX_PAM__, not + __LIBPAM_VERSION. If the user enters ^C at the password prompt, + abort instead of trying to authenticate with an empty password + (which causes an annoying delay). Call pam_open_session() and + pam_close_session() to give pam_limits a chance to run. + +2007-06-10 13:25 millert + + * PORTING, TROUBLESHOOTING, config.h.in, set_perms.c, sudo.c, + sudo.h, testsudoers.c: Kill use of POSIX saved uids; they aren't + worth bothering with. + +2007-06-10 13:23 millert + + * env.c: Allow COLORTERM to be inherited from the environment. + Check TERM and COLORTERM for '%' and '/' characters. Remove more + potentially dangerous variables from the environment. Many from + Debian. + +2007-06-10 13:21 millert + + * check.c: Fix fd leak when lecture file option is enabled. From + Jerry Brown + +2007-06-10 13:19 millert + + * aclocal.m4, acsite.m4, config.guess, config.sub, configure.in, + ltmain.sh: Sync configure and libtool from head, using more + recent autoconf. + +2007-06-10 13:17 millert + + * README.LDAP: Sync with head + +2007-06-10 13:16 millert + + * INSTALL.binary, Makefile.in, version.h: Update version to 1.6.9 + +2007-06-10 13:14 millert + + * INSTALL: Merge changes from head + +2007-06-10 13:05 millert + + * HISTORY: No more support contracts. + +2007-06-10 12:57 millert + + * CHANGES, INSTALL, LICENSE, Makefile.in, README.LDAP, RUNSON, + TODO, TROUBLESHOOTING, aclocal.m4, check.c, compat.h, + config.guess, config.h.in, config.sub, configure, configure.in, + def_data.c, def_data.h, def_data.in, defaults.c, env.c, + fileops.c, find_path.c, goodpath.c, ins_csops.h, ldap.c, + lex.yy.c, mkdefaults, parse.c, parse.yacc, pathnames.h.in, + sample.pam, sudo.c, sudo.h, sudo.man.in, sudo.pod, sudo_edit.c, + sudo_noexec.c, sudoers.man.in, sudoers.pod, version.h, visudo.c, + visudo.man.in, visudo.pod, auth/kerb5.c, auth/pam.c, + emul/utime.h: Merge in sudo 1.6.8 patches 1-12 + +2007-06-09 07:26 millert + + * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd + + Move old-style fd closing into closefrom_fallback() and call that + if /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails + +2007-06-09 07:24 millert + + * config.h.in, configure.in, auth/kerb5.c: o use + krb5_verify_user() if available instead of doing it by hand + o use krb5_init_secure_context() if we have it + o pass an encryption type of 0 to krb5_kt_read_service_key() + instead of + ENCTYPE_DES_CBC_MD5 to let kerberos choose. + +2007-06-09 07:20 millert + + * env.c: Check TERM and COLORTERM for '%' and '/' characters. From + Debian. + +2007-06-09 07:17 millert + + * configure.in: Fix closefrom() substitution in the Makefile + +2007-06-09 07:15 millert + + * TROUBLESHOOTING: Mention alternate sudo pronunciation. + +2007-06-07 07:52 millert + + * env.c: Remove KRB5_KTNAME from environment. Allow COLORTERM. + +2007-06-07 07:22 millert + + * auth/kerb5.c: If we cannot get a valid service key using the + default keytab it is a fatal error. Fixes a bug where sudo could + be tricked into allowing access when it should not by a fake KDC. + From Thor Lancelot Simon. + +2007-05-12 08:56 millert + + * aclocal.m4, configure, configure.in: Update long long checks to + use AC_CHECK_TYPES and to cache values. + +2007-05-12 08:07 millert + + * aclocal.m4, configure.in: Use AC_FUNC_FNMATCH instead of a + homebrew fnmatch checker. We can't use AC_REPLACE_FNMATCH since + that assumes replacing with GNU fnmatch. + +2007-05-11 17:05 millert + + * configure, configure.in: Add closefrom() to LIB_OBJS not + SUDO_OBJS if it is missing since we need it for visudo now too. + +2007-04-24 14:44 millert + + * sudoers.pod: Attempt to clarify the bit talking about network + numbers w/o netmasks. + +2007-04-24 14:25 millert + + * sudo.pod: Clarify timestamp dir ownership sentence. + +2007-04-20 12:40 millert + + * auth/pam.c: Linux PAM now defines __LINUX_PAM__, not + __LIBPAM_VERSION. From Dmitry V. Levin. + +2007-04-16 12:13 millert + + * sudo.c: -i is also one of the mutually exclusive options to list + it in the warning message. Noted by Chris Pepper. + +2007-04-12 11:18 millert + + * visudo.pod: The sudoers variable is env_editor, not enveditor. + From Jean-Francois Saucier. + +2007-03-29 13:30 millert + + * redblack.c: I tracked down the original author so credit him and + include his license info. + +2007-02-06 13:25 millert + + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod: Fix typos; from Jason McIntyre. + +2007-02-06 13:23 millert + + * logging.c: Restore signal mask before calling reapchild(). Fixes + a possible race condition that could prevent sudo from properly + waiting for the child. + +2007-01-31 10:02 millert + + * pwutil.c: Don't declare pw_free() if we are not going to use it. + +2007-01-31 10:00 millert + + * env.c: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD + and LDR_PRELOAD64. The 64-bit version is not currently + supported. Remove zero_env() prototype as it no longer exists. + +2006-12-11 13:21 millert + + * logging.c: Add "Auto-Submitted: auto-generated" line to sudo mail + for rfc 3834. + +2006-09-29 10:53 millert + + * auth/pam.c: If the user enters ^C at the password prompt, abort + instead of trying to authenticate with an empty password (which + causes an annoying delay). + +2006-08-17 11:26 millert + + * closefrom.c, config.h.in, configure, configure.in: Add fcntl + F_CLOSEM support to closefrom(); adapted from a diff by Darren + Tucker. + +2006-08-17 11:25 millert + + * pwutil.c: pw_free() is only used by sudo_freepwcache() so ifdef + it out too. + +2006-08-04 11:34 millert + + * config.sub, config.guess: Update to latest versions from + cvs.savannah.gnu.org + +2006-07-31 13:51 millert + + * pwutil.c, sudo_edit.c: Move password/group cache cleaning out of + sudo_end{pw,grp}ent() so we can close the passwd/group files + early. + +2006-07-31 13:50 millert + + * config.h.in, configure, configure.in, set_perms.c: Add seteuid() + flavor of set_perms() for systems without setreuid() or + setresuid() that have a working seteuid(). Tested on Darwin. + +2006-07-30 15:56 millert + + * mon_systrace.c: systrace_read() returns ssize_t + +2006-07-30 15:53 millert + + * configure, configure.in: Fix typo, -lldap vs. -ldap; from Tim + Knox. + +2006-07-28 13:12 millert + + * HISTORY: Fix typo; Matt Ackeret + +2006-07-17 08:25 millert + + * sudo.c: Print sudoers path in -V mode for root. + +2006-06-15 14:44 millert + + * ldap.c: Do a sub tree search instead of a base search (one level + in the tree only) for sudo right objects. This allows system + administrators to categorize the rights in a tree to make them + easier to manage. + +2005-12-28 13:52 millert + + * sudo.pod: fix typo + +2005-12-04 12:16 millert + + * ldap.c: Convert GET_OPT and GET_OPTI to use just 2 args. Add + timelimit and bind_timelimit support; adapted from gentoo. + +2005-11-23 18:57 millert + + * ldap.c: Support comments that start in the middle of a line + +2005-11-23 18:56 millert + + * configure.in, configure: Define LDAP_DEPRECATED until we start + using ldap_get_values_len() + +2005-11-18 09:55 millert + + * closefrom.c: Silence gcc -Wsign-compare; djm@openbsd.org + +2005-11-17 20:39 millert + + * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: cleanup() now + takes an int as an arg so it can be used as a signal handler too. + +2005-11-17 20:38 millert + + * sudo.c: Make a copy of the shell field in the passwd struct for + NewArgv to avoid a use after free situation after sudo_endpwent() + is called. + +2005-11-16 20:36 millert + + * Makefile.in, mkstemp.c, config.h.in, configure, configure.in: Add + mkstemp() for those poor souls without it. + +2005-11-15 09:25 millert + + * env.c: Add PERL5DB to list of environment variables to remove. + +2005-11-13 15:49 millert + + * mon_systrace.c, mon_systrace.h: Instead of calling the check + function twice with a state cookie use separate check/log + functions. + + Check more ioctl() calls for failure. + + systrace_{read,write} now return the number of bytes read/written + or -1 on error. + +2005-11-13 14:51 millert + + * env.c: Add more environment variables to remove; from gentoo + linux Add some comments about what bad env variables go to what + (more to do) + +2005-11-11 17:23 millert + + * sudo.c, sudo_edit.c: Move sudo_end{gr,pw}ent() until just before + the exec since they free up our cached copy of the passwd + structs, including sudo_user and sudo_runas. Fixes a + use-after-free bug. + +2005-11-11 17:19 millert + + * visudo.c: Close all fd's before executing editor. + +2005-11-11 17:17 millert + + * sudo.c: Enable malloc debugging on OpenBSD when SUDO_DEVEL is + set. + +2005-11-11 11:22 millert + + * check.c: Fix fd leak when lecture file option is enabled. From + Jerry Brown + +2005-11-07 11:02 millert + + * env.c: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of + environment variables to remove. From Charles Morris + +2005-11-01 13:24 millert + + * env.c: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 + +2005-10-27 20:35 millert + + * env.c: add PS4 and SHELLOPTS to initial_badenv_table for bash + +2005-08-14 20:32 millert + + * sudoers.pod: Fix typo; Toby Peterson + +2005-08-02 09:57 millert + + * tsgetgrpw.c: Make return buffers static so they don't get + clobbered + +2005-07-27 21:14 millert + + * auth/securid5.c: Fix securid5 authentication, was not checking + for ACM_OK. Also add default cases for the two switch()es. + Problem noted by ccon at worldbank + +2005-06-26 20:10 millert + + * ldap.c: Remove ncat() in favor of just counting bytes and + pre-allocating what is needed. + +2005-06-26 19:44 millert + + * ldap.c: Fix up some comments Add missing fclose() for the + rootbinddn case + +2005-06-26 19:38 millert + + * ldap.c: align struct ldap_config + +2005-06-26 19:37 millert + + * ldap.c: use LINE_MAX for max conf file line size + +2005-06-26 18:36 millert + + * pathnames.h.in: add _PATH_LDAP_SECRET + +2005-06-26 18:36 millert + + * README.LDAP: Mention rootbinddn Give example ou=SUDOers container + +2005-06-25 18:03 millert + + * configure, INSTALL, configure.in, ldap.c: Support rootbinddn in + ldap.conf + +2005-06-25 17:46 millert + + * env.c, sudo.pod, sudoers.pod: Preserve DISPLAY environment + variable by default. + +2005-06-25 16:39 millert + + * acsite.m4, configure: set need_lib_prefix=no for all cases; this + is safe for LD_PRELOAD + +2005-06-25 16:15 millert + + * acsite.m4, configure: set need_version=no for all cases; this is + safe for LD_PRELOAD + +2005-06-25 14:45 millert + + * aclocal.m4: typo + +2005-06-25 14:33 millert + + * configure, configure.in: Add dragonfly + +2005-06-25 14:29 millert + + * auth/pam.c: Fix call to pam_end() when pam_open_session() fails. + +2005-06-25 14:21 millert + + * configure: regen + +2005-06-25 14:20 millert + + * acsite.m4: rebuild acsite.m4 from libtool 1.9f libtool.m4 + ltoptions.m4 ltsugar.m4 ltversion.m4 + +2005-06-25 14:08 millert + + * config.guess, config.sub, ltmain.sh: merge in local changes: + config.guess: o better openbsd support config.sub: o hiuxmpp + support ltmain.sh o remove requirement that libs must begin with + "lib" o don't print a bunch of crap about library installs o + don't run ldconfig + +2005-06-25 14:05 millert + + * config.guess, config.sub, ltmain.sh: libtool 1.9f + +2005-06-25 14:04 millert + + * configure.in: Update with autoupdate and make minor changes for + libtool 1.9f + +2005-06-22 23:19 millert + + * parse.c: don't call sudo_ldap_display_cmnd if ldap not setup + +2005-06-22 23:04 millert + + * check.c, compat.h, fileops.c, gettime.c, sudo_edit.c, visudo.c, + emul/timespec.h: Move declatation of struct timespec to its own + include files for systems without it since it needs time_t + defined. + +2005-06-22 22:57 millert + + * ldap.c: Don't set safe_cmnd for the "sudo ALL" case. + +2005-05-27 01:59 millert + + * auth/pam.c: Call pam_open_session() and pam_close_session() to + give pam_limits a chance to run. Idea from Karel Zak. + +2005-04-24 19:24 millert + + * check.c, sudo.c: Add explicit cast from mode_t -> u_int in printf + to silence warnings on Solaris + +2005-04-24 19:22 millert + + * parse.c: include grp.h to silence a warning on Solaris + +2005-04-23 15:10 millert + + * parse.c: Fix printing of += and -= defaults. + +2005-04-17 01:21 millert + + * mon_systrace.c: Sanity check number of syscall args with argsize. + Not really needed but a little paranoia never hurts. + +2005-04-17 01:18 millert + + * mon_systrace.c, mon_systrace.h: Don't do pointer arithmetic on + void * Use int, not size_t/ssize_t for systrace lengths (since it + uses int) + +2005-04-16 03:14 millert + + * mon_systrace.c: Add some memsets for paranoia Fix namespace + collsion w/ error Check rval of decode_args() and update_env() + Remove improper setting of validated variable + +2005-04-11 21:37 millert + + * parse.c, sudo.c, sudo.h: In -l mode, only check local sudoers + file if def_ignore_sudoers is not set and call LDAP versions from + display_privs() and display_cmnd() instead of directly from + main(). Because of this we need to defer closing the ldap + connection until after -l processing has ocurred and we must pass + in the ldap pointer to display_privs() and display_cmnd(). + +2005-04-11 21:33 millert + + * ldap.c: Reorganize LDAP code to better match normal sudoers + parsing. Instead of storing strings for later printing in -l + mode we do another query since the authenticating user and the + user being listed may not be the same (the new -U flag). Also + add support for "sudo -l command". + + There is still a fair bit if duplicated code that can probably be + refactored. + +2005-04-11 00:37 millert + + * ldap.c: Replace pass variable with do_netgr for better + readability. + +2005-04-10 23:49 millert + + * ldap.c: use DPRINTF macro + +2005-04-10 23:18 millert + + * ldap.c: estrdup, not strdup + +2005-04-10 17:44 millert + + * parse.c: Add macro to test if the tag changed to improve + readability. + +2005-04-10 17:40 millert + + * parse.c: Avoid printing defaults header if there are no defaults + to print... + +2005-04-10 15:29 millert + + * glob.c: Fix a warning on systems without strlcpy(). + +2005-04-10 13:32 millert + + * pwutil.c: Use macros where possible for sudo_grdup() like + sudo_pwdup(). + +2005-04-08 17:04 millert + + * utimes.c: It is possible for tv_usec to hold >= 1000000 usecs so + add in tv_usec / 1000000. + +2005-03-29 23:38 millert + + * auth/kerb5.c: The component in krb5_principal_get_comp_string() + should be 1, not 0 for Heimdal. From Alex Plotnick. + +2005-03-29 09:29 millert + + * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, + gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, + pwutil.c, redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c: + Add efree() for consistency with emalloc() et al. Allows us to + rely on C89 behavior (free(NULL) is valid) even on K&R. + +2005-03-28 22:33 millert + + * parse.c, sudo.c: Move initgroups() for -U option into + display_privs() so group matching in sudoers works correctly. + +2005-03-26 21:34 millert + + * ldap.c: Removed duplicate call to ldap_unbind_s introduced along + with sudo_ldap_close. + +2005-03-26 20:01 millert + + * parse.c: Add missing space in Defaults printing + +2005-03-25 12:36 millert + + * pwutil.c: Sync sudo_pwdup with OpenBSD changes: use macros for + size computaton and string copies. + +2005-03-18 22:08 millert + + * pwutil.c: Zero old pw_passwd before replacing with version from + shadow file. + +2005-03-18 22:07 millert + + * configure, configure.in: Only attempt shadow password detection + if PAM is not being used Add shadow_* variables to make shadow + password detection more generic. + +2005-03-18 21:46 millert + + * configure.in: Use OSDEFS for os-specific -D_FOO_BAR stuff rather + than CPPFLAGS + +2005-03-12 19:27 millert + + * sudoers.pod: use a non-breaking space to avoid a double space + after e.g. + +2005-03-12 19:26 millert + + * sudo.pod: commna, not colon after e.g. + +2005-03-12 18:43 millert + + * sudo_noexec.c: Add __ variants of the exec functions. GNU libc + at least uses __execve() internally. + +2005-03-12 12:29 millert + + * indent.pro: Match reality a bit more. + +2005-03-12 12:27 millert + + * pwutil.c: Missed piece from rev. 1.6, fix sudo_getpwnam() too. + +2005-03-11 23:42 millert + + * pwutil.c: Store shadow password after making a local copy of + struct passwd in case normal and shadow routines use the same + internal buffer in libc. + +2005-03-10 20:57 millert + + * alloc.c, logging.c: Make varargs usage consistent with the rest + of the code. + +2005-03-10 10:09 millert + + * sudo_noexec.c: Wrap more of the exec family since on Linux the + others do not appear to go through the normal execve() path. + +2005-03-10 09:57 millert + + * visudo.c: make print_unused static like proto says + +2005-03-10 09:55 millert + + * glob.c: silence a warning on K&R systems + +2005-03-10 09:51 millert + + * parse.c, alias.c, error.c: make this build in K&R land + +2005-03-07 22:21 millert + + * toke.c: regen + +2005-03-05 22:46 millert + + * ldap.c: return(foo) not return foo optimize _atobool() slightly + +2005-03-05 22:40 millert + + * ldap.c: Use TRUE/FALSE + +2005-03-05 22:31 millert + + * ldap.c: Reformat to match the rest of sudo's code. + +2005-03-05 19:33 millert + + * sudo.pod: I am the primary author + +2005-02-22 22:28 millert + + * README, RUNSON, Makefile.in: The RUNSON file is toast--it + confused too many people and really isn't needed in a + configure-oriented world. + +2005-02-22 22:28 millert + + * INSTALL: alternate -> alternative + +2005-02-22 22:26 millert + + * tgetpass.c: Use TCSADRAIN instead of TCSAFLUSH since some OSes + have issues with TCSAFLUSH. + +2005-02-22 22:16 millert + + * toke.l: Allow leading blanks before Defaults and Foo_Alias + definitions + +2005-02-22 22:14 millert + + * Makefile.in: fix rules to build toke.o and gram.o in devel mode + +2005-02-20 13:00 millert + + * sudoers.pod: env_keep overrides set_logname + +2005-02-20 12:57 millert + + * env.c: Fix disabling set_logname and make env_keep override + set_logname. + +2005-02-20 12:28 millert + + * compat.h, config.h.in, configure, configure.in: No longer need + memmove() + +2005-02-20 11:48 millert + + * env.c, sudo.c: Just clean the environment once. This assumes + that any further setenv/putenv will be able to handle the fact + that we replaced environ with our own malloc'd copy but all the + implementations I've checked do. + +2005-02-15 23:16 millert + + * env.c, sudo.c: In -i mode, base the value of insert_env()'s + dupcheck flag on DID_FOO flags. Move checks for $HOME resetting + into rebuild_env() + +2005-02-13 00:33 millert + + * env.c, sudo.c: Move setting of user_path, user_shell, user_prompt + and prev_user into init_vars() since user_shell at least is + needed there. + +2005-02-12 18:51 millert + + * Makefile.in: fix devel builds + +2005-02-12 18:46 millert + + * check.c, sudo.c: Fix some printf format mismatches on error. + +2005-02-12 18:33 millert + + * configure, gram.c, toke.c: regen + +2005-02-12 17:56 millert + + * LICENSE, Makefile.binary.in, Makefile.in, aclocal.m4, alias.c, + alloc.c, check.c, closefrom.c, compat.h, configure.in, + defaults.c, defaults.h, env.c, error.c, fileops.c, find_path.c, + getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.y, + interfaces.c, interfaces.h, ldap.c, logging.c, logging.h, + match.c, mon_systrace.c, parse.c, redblack.c, redblack.h, + set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, + strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.pod, sudo_edit.c, + sudo_noexec.c, sudoers.pod, testsudoers.c, tgetpass.c, toke.l, + utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c, + auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, + emul/utime.h: Update copyright years. + +2005-02-12 16:46 millert + + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: + version 1.7 + +2005-02-12 16:16 millert + + * WHATSNEW: What's new in sudo 1.7, based on the 1.7 CHANGES + entries. + +2005-02-11 18:06 millert + + * compat.h, logging.h, sudo.h: Add __printflike and use it with gcc + to warn about printf-like format mismatches + +2005-02-10 00:16 millert + + * CHANGES, ChangeLog: Replaced CHANGES file with ChangeLog + generated from cvs logs + +2005-02-10 00:03 millert * set_perms.c: Use warning/error instead of perror/fatal. -2005-02-09 21:13 millert +2005-02-09 23:13 millert * config.guess: Update OpenBSD section -2005-02-09 21:10 millert +2005-02-09 23:10 millert * UPGRADE: Add upgrading noted for 1.7 -2005-02-09 21:00 millert +2005-02-09 23:00 millert - * env.c, sudo.c: Instead of zeroing out the environment, just prune - out entries based on the env_delete and env_check lists. Base - building up the new environment on the current environment and the - variables we removed initially. + * env.c, sudo.c, sudoers.pod: Instead of zeroing out the + environment, just prune out entries based on the env_delete and + env_check lists. Base building up the new environment on the + current environment and the variables we removed initially. -2005-02-09 20:23 millert +2005-02-09 22:23 millert * configure, configure.in, sudo.c, config.h.in: Set locale to "C" - if locales are supported, just to be safe. + if locales are supported, just to be safe. + +2005-02-09 22:19 millert + + * toke.c, toke.l: Cast argument to ctype functions to unsigned + char. -2005-02-07 20:56 millert +2005-02-07 22:56 millert * env.c: correct value for DID_USER -2005-02-07 20:55 millert +2005-02-07 22:55 millert * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: #include - not "compat.h" + not "compat.h" -2005-02-07 20:51 millert +2005-02-07 22:51 millert * defaults.c: Reset the environment by default. -2005-02-07 20:50 millert +2005-02-07 22:50 millert * sudo.c: Alloc an extra slot in NewArgv. Removes the need to - malloc an new vector if execve() fails. + malloc an new vector if execve() fails. -2005-02-06 21:16 millert +2005-02-06 23:16 millert * INSTALL, config.h.in, configure, configure.in, sudo.c: Use - execve(2) and wrap the command in sh if we get ENOEXEC. + execve(2) and wrap the command in sh if we get ENOEXEC. + +2005-02-05 23:01 millert + + * sudo_noexec.c: Only include time.h on systems that lack struct + timespec which gets defind in compat.h (using time_t). + +2005-02-05 22:59 millert + + * sudo_noexec.c: Include time.h for time_t in compat.h for systems + w/o struct timespec. -2005-02-05 20:56 millert +2005-02-05 22:56 millert * configure, compat.h, config.h.in, configure.in: use bcopy on - systems w/o memmove + systems w/o memmove -2005-02-05 20:31 millert +2005-02-05 22:31 millert * compat.h: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 - so limit its use to gcc >= 2.8. + so limit its use to gcc >= 2.8. -2005-02-05 19:21 millert +2005-02-05 21:21 millert * Makefile.in: Add explicit rule to build sudo_noexec.lo -2005-02-05 15:56 millert +2005-02-05 17:56 millert * INSTALL.configure, Makefile.in: No longer depend on VPATH; - pointed out a bunch of missed dependencies. + pointed out a bunch of missed dependencies. -2005-02-05 11:18 millert +2005-02-05 13:18 millert * TROUBLESHOOTING: Help for PAM when account section is missing -2005-02-05 07:57 millert +2005-02-05 13:01 millert + + * auth/pam.c: Give user a clue when there is a missing "account" + section in the PAM config. + +2005-02-05 10:22 millert + + * auth/pam.c: Better error handling. + +2005-02-05 09:57 millert * configure, config.h.in, configure.in: Move _FOO_SOURCE to - CPPFLAGS so it takes effect as early as possible. Silences a - warning about isblank() on linux. + CPPFLAGS so it takes effect as early as possible. Silences a + warning about isblank() on linux. -2005-01-31 21:03 millert +2005-02-04 21:49 millert + + * auth/pam.c: Fix typo (missing comma) that caused an incorrect + number of args to be passed to log_error(). + +2005-01-31 23:03 millert * pwutil.c: Don't try to destroy a tree we didn't create. -2005-01-27 08:42 millert +2005-01-27 10:42 millert * alias.c, alloc.c, check.c, closefrom.c, compat.h, defaults.c, - env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, - getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c, gram.y, - interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, - pwutil.c, set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, - strerror.c, strlcat.c, strlcpy.c, sudo.c: Add __unused to rcsids - -2005-01-21 08:34 millert + env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, + getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c, + gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, + parse.c, pwutil.c, set_perms.c, sigaction.c, snprintf.c, + strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, + sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, + toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c, + auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Add __unused to + rcsids + +2005-01-21 10:34 millert * configure, configure.in: Fix error message when mixing invalid - auth types + auth types -2005-01-21 08:32 millert +2005-01-21 10:32 millert * INSTALL: PAM, AIX auth, BSD auth and login_cap are now on by - default if the OS supports them. + default if the OS supports them. -2005-01-21 08:29 millert +2005-01-21 10:29 millert - * config.h.in: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g + * config.h.in, auth/sudo_auth.h: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g -2005-01-21 08:29 millert +2005-01-21 10:29 millert * configure.in: Better checking for conflicting authentication - methods Display the authentication methods used at the end of - configure Rename --with-authenticate -> --with-aixauth Use - --with-aixauth, --with-bsdauth, --with-pam, --with-logincap by - default on systems that support them unless disabled. Add OSMAJOR - variable that replaces old OSREV; now OSREV has full version number + methods Display the authentication methods used at the end of + configure Rename --with-authenticate -> --with-aixauth Use + --with-aixauth, --with-bsdauth, --with-pam, --with-logincap by + default on systems that support them unless disabled. Add + OSMAJOR variable that replaces old OSREV; now OSREV has full + version number -2005-01-17 17:40 millert +2005-01-17 19:40 millert - * def_data.c, def_data.in, sudo.c: s/-O/-C/ + * def_data.c, def_data.in, sudo.c, sudoers.pod: s/-O/-C/ -2005-01-14 11:35 millert +2005-01-14 13:35 millert * configure.in: Replace: test -n "$FOO" || FOO="bar" - - With: : ${FOO='bar'} -2005-01-09 16:58 millert + With: : ${FOO='bar'} + +2005-01-09 18:58 millert - * pwutil.c: Use function pointers to only call private passwd/group - routines when using a nonstandard passwd/group file. + * pwutil.c, testsudoers.c, tsgetgrpw.c: Use function pointers to + only call private passwd/group routines when using a nonstandard + passwd/group file. -2005-01-06 08:34 millert +2005-01-06 10:34 millert * CHANGES: sync -2005-01-05 15:29 millert +2005-01-05 22:16 millert + + * tsgetgrpw.c: Can't use strtok() since it doesn't handle empty + fields so add getpwent()/getgrent() functions and call those. + +2005-01-05 17:29 millert * Makefile.in: Fix dummied out toke.c and gram.c dependencies. -2005-01-05 15:18 millert +2005-01-05 17:18 millert * Makefile.in: Rename PARSESRCS -> GENERATED since it is only used - in the clean target Add devdir variable and use it to specify the - path to parser sources + in the clean target Add devdir variable and use it to specify the + path to parser sources -2005-01-05 15:17 millert +2005-01-05 17:17 millert * configure: regen -2005-01-05 15:17 millert +2005-01-05 17:17 millert * configure.in: Add a devdir variables that defaults to $(srcdir) - and is set to . if --devel was specified. Allows for proper - dependecies building the parser. + and is set to . if --devel was specified. Allows for proper + dependecies building the parser. + +2005-01-05 14:50 millert + + * testsudoers.c: Add support for custom passwd/group files. -2005-01-05 12:47 millert +2005-01-05 14:47 millert * Makefile.in: Build private copy of pwutil.o for testsudoers with - MYPW defined so it uses our own passwd/group routines. + MYPW defined so it uses our own passwd/group routines. + +2005-01-05 14:46 millert + + * visudo.c: Remove sudo_*{pw,gr}* stubs and add + sudo_setspent/sudo_endspent stubs instead. We can now just use + the caching sudo_*{pw,gr}* functions in pwutil.c Add comment + about wanting to call sudo_endpwent/sudo_endgrent in cleanup() + +2005-01-05 14:44 millert + + * tsgetgrpw.c: Remove caching; we will just use what is in pwutil.c + Use global buffers for passwd/group structs Rename functions from + sudo_* to my_* -2005-01-05 12:43 millert +2005-01-05 14:43 millert * logging.c, sudo.c: g/c pwcache_init/pwcache_destroy -2005-01-05 12:42 millert +2005-01-05 14:42 millert * sudo.h: Undo last commit and add sudo_setspent and sudo_endspent - instead. + instead. -2005-01-05 12:41 millert +2005-01-05 14:41 millert * getspwuid.c, pwutil.c: Move all but the shadow stuff from - getspwuid.c to pwutil.c and pwcache_get and pwcache_put as they are - no longer needed. Also add preprocessor magic to use private - versions of the passwd and group routines if MYPW is defined (for - use by testsudoers). + getspwuid.c to pwutil.c and pwcache_get and pwcache_put as they + are no longer needed. Also add preprocessor magic to use private + versions of the passwd and group routines if MYPW is defined (for + use by testsudoers). -2005-01-04 18:10 millert +2005-01-04 22:40 millert - * logging.c, sudo.c, sudo.h: Adapt to pwutil.c + * tsgetgrpw.c: zero out struct passwd/group before filling it in so + if there are fields we don't handle they end up as 0. -2005-01-04 18:09 millert +2005-01-04 20:10 millert + + * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Adapt to + pwutil.c + +2005-01-04 20:09 millert * Makefile.in: Add tsgetgrpw.c and pwutil.c Rename the *OBJ - variables for better readability. + variables for better readability. + +2005-01-04 20:08 millert + + * tsgetgrpw.c: Passwd and group lookup routines for testsudoers + that support alternate passwd and group files. -2005-01-04 18:07 millert +2005-01-04 20:07 millert * getspwuid.c, pwutil.c: Split off pw/gr cache and dup code into - its own file. This allows visudo and testsudoers to use the pw/gr - cache too. + its own file. This allows visudo and testsudoers to use the + pw/gr cache too. -2005-01-01 17:31 millert +2005-01-01 19:31 millert * parse.c: Print Defaults info in "sudo -l" output and wrap lines - based on the terminal width. + based on the terminal width. -2005-01-01 10:41 millert +2005-01-01 12:41 millert - * match.c: Only check group vector in usergr_matches() if we are - matching the invoking or list user. Always check the group - members, even if there was a group vector. + * match.c, visudo.c, testsudoers.c: Only check group vector in + usergr_matches() if we are matching the invoking or list user. + Always check the group members, even if there was a group vector. -2004-12-17 15:24 millert +2004-12-17 17:24 millert * LICENSE, Makefile.in, fnmatch.3: No longer bundle fnmatch.3 -2004-12-17 11:12 millert +2004-12-17 13:12 millert * CHANGES, TODO: checkpoint -2004-12-16 12:20 millert +2004-12-16 14:20 millert * sudo.c: sort usage -2004-12-16 12:20 millert +2004-12-16 14:20 millert * sudo.pod: Sort command line options -2004-12-16 11:33 millert +2004-12-16 13:33 millert * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, - sudo.c, sudo.pod: Add closefrom sudoers option to start closing at - a point other than 3. Add closefrom_override sudoers option and -C - sudo flag to allow the user to specify a different closefrom - starting point. + sudo.c, sudo.pod, sudoers.pod: Add closefrom sudoers option to + start closing at a point other than 3. Add closefrom_override + sudoers option and -C sudo flag to allow the user to specify a + different closefrom starting point. -2004-12-16 11:25 millert +2004-12-16 13:25 millert * pathnames.h.in: Add _PATH_DEVNULL for those without it. -2004-12-15 20:55 millert +2004-12-15 22:55 millert * LICENSE: no more UCB strcasecmp -2004-12-15 20:54 millert +2004-12-15 22:54 millert * strcasecmp.c: replace BSD licensed one with version derived from - pdksh + pdksh -2004-12-09 19:07 millert +2004-12-09 21:07 millert * sudo.c: Fix last commit. -2004-12-09 17:26 millert +2004-12-09 19:26 millert * sudo.c: Make sure stdin, stdout and stderr are open and dup them - to /dev/null if not. + to /dev/null if not. -2004-12-03 11:57 millert +2004-12-03 13:57 millert * ldap.c, mon_systrace.c, sudo.c, sudo.h: add sudo_ldap_close -2004-12-03 11:52 millert +2004-12-03 13:52 millert - * fileops.c, gettime.c, sudo.c: Use TIME_WITH_SYS_TIME + * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c: + Use TIME_WITH_SYS_TIME -2004-12-03 11:48 millert +2004-12-03 13:48 millert * configure, configure.in, config.h.in: Add TIME_WITH_SYS_TIME_H -2004-12-02 09:18 millert +2004-12-02 11:18 millert * env.c: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE - being set unconditionally on darwin. From Toby Peterson. + being set unconditionally on darwin. From Toby Peterson. -2004-12-02 08:40 millert +2004-12-02 10:40 millert * getspwuid.c: Check rbinsert() return value. In the case of faked - up entries there is usually a negative response cached that we need - to overwrite. - - In pwfree() don't try to zero out a NULL pw_passwd pointer. + up entries there is usually a negative response cached that we + need to overwrite. -2004-12-02 07:53 millert + In pwfree() don't try to zero out a NULL pw_passwd pointer. + +2004-12-02 09:53 millert * mon_systrace.c: Use the double fork trick to avoid the monitor - process being waited for by the main program run through sudo. + process being waited for by the main program run through sudo. -2004-11-29 10:52 millert +2004-11-29 12:52 millert * sudo.c: Call initgroups() in -U mode so group matches work - normally. + normally. -2004-11-29 10:34 millert +2004-11-29 12:34 millert * def_data.h, mkdefaults: Don't print a trailing comma for the last - entry in enum def_tupple + entry in enum def_tupple + +2004-11-28 16:08 millert -2004-11-28 14:05 millert + * sudoers.cat, sudoers.man.in, sudoers.pod: Mention values when + lecture, listpw and verifypw are used in boolean context. + +2004-11-28 16:05 millert * def_data.c, def_data.in: verifypw when used in a boolean TRUE - context should be "all", not "any". + context should be "all", not "any". -2004-11-26 12:21 millert +2004-11-26 14:21 millert * def_data.in, defaults.c: Allow tuples that can be used as - booleans to be used as boolean TRUE. In this case the 2nd possible - value of the tuple is used for TRUE. + booleans to be used as boolean TRUE. In this case the 2nd + possible value of the tuple is used for TRUE. -2004-11-25 10:23 millert +2004-11-25 12:23 millert * configure, configure.in: Correct the test for 2-parameter - timespecsub + timespecsub -2004-11-25 10:20 millert +2004-11-25 12:20 millert * sudo.h: Add strub struct definitions for passwd, timeval and - timespec + timespec -2004-11-25 10:09 millert +2004-11-25 12:09 millert - * configure, configure.in, config.h.in: Add check for 2-argument - form of timespecsub (FreeBSD and BSD/OS) and fix a typo in the - gettimeofday check. + * configure, configure.in, config.h.in, sudo_edit.c, visudo.c: Add + check for 2-argument form of timespecsub (FreeBSD and BSD/OS) and + fix a typo in the gettimeofday check. -2004-11-24 14:44 millert +2004-11-24 16:44 millert - * match.c: Deal with user_stat being NULL as it is for visudo and - testsudoers. + * match.c, testsudoers.c: Deal with user_stat being NULL as it is + for visudo and testsudoers. -2004-11-24 14:31 millert +2004-11-24 16:31 millert * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: Add -U - option to use in conjunction with -l instead of -u. Add support - for "sudo -l command" to test a specific command. + option to use in conjunction with -l instead of -u. Add support + for "sudo -l command" to test a specific command. -2004-11-24 14:28 millert +2004-11-24 16:28 millert * gram.c, gram.y, sudo.c: Set safe_cmnd after sudoers_lookup() if - it has not been set. Previously it was set by sudo "ALL" in the - parser but at that point the fully-qualified pathname has not yet - been found. + it has not been set. Previously it was set by sudo "ALL" in the + parser but at that point the fully-qualified pathname has not yet + been found. -2004-11-23 16:18 millert +2004-11-23 18:18 millert - * parse.c: Correctly handle multiple privileges per userspec and - runas inheritence. + * parse.c, testsudoers.c: Correctly handle multiple privileges per + userspec and runas inheritence. -2004-11-21 12:09 millert +2004-11-21 14:09 millert * defaults.c: Zero out sd_un for each entry in sudo_defs_table in - init_defaults. + init_defaults. + +2004-11-19 18:04 millert -2004-11-19 16:00 millert + * toke.c, toke.l: make per-command defaults work with sudoedit + +2004-11-19 18:00 millert * ldap.c, parse.c, sudo.c, sudo.h: Remove the FLAG_NOPASS, - FLAG_NOEXEC and FLAG_MONITOR flags. Instead, we just set the - approriate defaults variable. + FLAG_NOEXEC and FLAG_MONITOR flags. Instead, we just set the + approriate defaults variable. -2004-11-19 15:09 millert +2004-11-19 17:09 millert - * sample.sudoers: Document per-command Defaults. + * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: + Document per-command Defaults. -2004-11-19 14:35 millert +2004-11-19 16:35 millert * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c, - sudo.c: Add support for command-specific Defaults entries. E.g. + sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: Add support for + command-specific Defaults entries. E.g. Defaults!/usr/bin/vi noexec -2004-11-19 13:03 millert +2004-11-19 15:03 millert - * defaults.c, match.c, parse.c, parse.h: Change an occurence of - user_matches() -> runas_matches() missed previously - runas_matches(), host_matches() and cmnd_matches() only really need - to pass in a list of members. user_matches() still needs to pass - in a passwd struct because of "sudo -l" + * defaults.c, match.c, parse.c, parse.h, testsudoers.c: Change an + occurence of user_matches() -> runas_matches() missed previously + runas_matches(), host_matches() and cmnd_matches() only really + need to pass in a list of members. user_matches() still needs to + pass in a passwd struct because of "sudo -l" -2004-11-19 12:46 millert +2004-11-19 14:46 millert * parse.c: Check def_authenticate, def_noexec and def_monitor when - setting return flags. XXX May be better to just set the defaults - directly and get rid of those flags. + setting return flags. XXX May be better to just set the defaults + directly and get rid of those flags. -2004-11-19 11:39 millert +2004-11-19 13:39 millert * alias.c, alloc.c, check.c, closefrom.c, defaults.c, env.c, - error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, - getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, gram.c, - gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, - parse.c, redblack.c, set_perms.c, snprintf.c, strcasecmp.c, - strerror.c, strlcat.c, strlcpy.c, sudo.c: Use: #include - Not: #include "config.h" That way we get the correct config.h when - build dir != src dir - -2004-11-19 11:30 millert + error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, + getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, + gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, + mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c, + strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, + sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, + toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c, + auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Use: #include + Not: #include "config.h" That way we get the correct + config.h when build dir != src dir + +2004-11-19 13:30 millert * Makefile.in: Back out part of rev 1.263; fix -I order -2004-11-19 10:35 millert +2004-11-19 13:12 millert + + * toke.c, toke.l: More robust parsing if #include; could be much + better still. + +2004-11-19 12:55 millert + + * sudo_edit.c, visudo.c: Make arg splitting in visudo and sudoedit + consistent. + +2004-11-19 12:35 millert * Makefile.in, alias.c, gram.c, gram.y, parse.h: Split alias - routines out into their own file. + routines out into their own file. -2004-11-19 10:32 millert +2004-11-19 12:32 millert * error.h: __attribute__ is already defined in compat.h -2004-11-19 09:54 millert +2004-11-19 12:30 millert + + * visudo.c: quit() should not be __noreturn__ as it is non-void on + some platforms. + +2004-11-19 12:24 millert + + * auth/: fwtk.c, rfc1938.c, securid.c, securid5.c: Add local + error/warning functions like err/warn but that call an additional + cleanup routine in the error case. This means we no longer need + to compile a special version of alloc.o for visudo. + +2004-11-19 11:54 millert * parse.h: Clarify comments about the data structures -2004-11-17 12:25 millert +2004-11-18 15:28 millert + + * visudo.c: Add support for VISUAL and EDITOR containing command + line args. If env_editor is not set any args in VISUAL and + EDITOR are ignored. Arguments are also now supported in + def_editor. + +2004-11-17 14:25 millert * parse.h: alias_matches() is no more -2004-11-17 12:09 millert +2004-11-17 14:09 millert * CHANGES, TODO: sync -2004-11-17 11:19 millert +2004-11-17 13:19 millert * Makefile.in: When regenerating the parser, don't replace gram.h - unless it has changed. + unless it has changed. -2004-11-17 09:56 millert +2004-11-17 11:56 millert * Makefile.in: remove Makefile.binary for distclean -2004-11-17 09:18 millert +2004-11-17 11:18 millert * env.c: Preserve KRB5CCNAME in zero_env() and add a paranoia check - to make sure we can't overflow new_env. + to make sure we can't overflow new_env. -2004-11-16 17:00 millert +2004-11-17 10:33 millert + + * sudo_edit.c: paranoia when stripping trailing slashes from + tempdir. + +2004-11-16 19:00 millert * sudo.c: Set user_ngroups to 0 if getgroups() returns an error. -2004-11-16 16:59 millert +2004-11-16 18:59 millert * configure, configure.in, config.h.in, sudo.c: Add configure check - for getgroups() + for getgroups() -2004-11-16 16:55 millert +2004-11-16 18:55 millert * ldap.c: Use supplementary group vector in struct sudo_user. -2004-11-16 16:40 millert +2004-11-16 18:40 millert * match.c: Only do string comparisons on the group members if there - is no supplemental group list. + is no supplemental group list. -2004-11-16 14:10 millert +2004-11-16 16:10 millert * CHANGES, TODO: sync -2004-11-16 10:02 millert +2004-11-16 15:54 millert + + * sudo_edit.c: On Digital UNIX _PATH_VAR_TMP doesn't end with a + trailing slash so chop off any trailing slashes we see and add an + explicit one. + +2004-11-16 12:02 millert * match.c: remove bogus XXX comment -2004-11-16 09:10 millert +2004-11-16 11:10 millert * match.c: Get rid of alias_matches and correctly fall through to - the non-alias cases when there is no alias with the specified name. + the non-alias cases when there is no alias with the specified + name. -2004-11-16 08:47 millert +2004-11-16 10:47 millert * getspwuid.c: Cache non-existent passwd/group entries too. -2004-11-16 08:45 millert +2004-11-16 10:45 millert * gram.c: regen -2004-11-15 21:32 millert +2004-11-15 23:32 millert * getspwuid.c: fix typo -2004-11-15 21:24 millert +2004-11-15 23:24 millert * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c, - mon_systrace.h, sudo.c, sudo.h: Implement group caching and use the - passwd and group caches throughout. + mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c: + Implement group caching and use the passwd and group caches + throughout. -2004-11-15 12:43 millert +2004-11-15 14:43 millert * match.c: Properly negate the return value of alias_matches() when - appropriate. + appropriate. -2004-11-15 12:38 millert +2004-11-15 14:38 millert * match.c: Make hostname_matches() return TRUE for a match, else - FALSE like the caller expects. + FALSE like the caller expects. -2004-11-15 11:24 millert +2004-11-15 13:24 millert * Makefile.in: Add missing dependencies on gram.h -2004-11-15 11:06 millert +2004-11-15 13:06 millert * match.c: Use runas_matches in alias_matches() now that we have - it. + it. -2004-11-15 11:00 millert +2004-11-15 13:00 millert * parse.c, parse.h: Expand aliases in "sudo -l" mode -2004-11-15 10:33 millert +2004-11-15 12:33 millert * gram.y, match.c: Use ALIAS for the member type when storing an - alias instead of HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since - match.c relies on the more generic type. Expand runas_matches - instead of calling user_matches() inside of it since user_matches() - looks up USERALIASes, not RUNASALIASes. + alias instead of HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since + match.c relies on the more generic type. Expand runas_matches + instead of calling user_matches() inside of it since + user_matches() looks up USERALIASes, not RUNASALIASes. -2004-11-15 10:05 millert +2004-11-15 12:05 millert * CHANGES, getspwuid.c: Paranoia; zero out pw_passwd before freeing - passwd entry. + passwd entry. -2004-11-15 08:53 millert +2004-11-15 10:53 millert * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure, - configure.in, err.c, error.c, error.h, defaults.c, env.c, - find_path.c, interfaces.c, logging.c, mon_systrace.c, sudo.c, - sudo.h: Add local error/warning functions like err/warn but that - call an additional cleanup routine in the error case. This means - we no longer need to compile a special version of alloc.o for - visudo. + configure.in, err.c, error.c, error.h, defaults.c, env.c, + find_path.c, interfaces.c, logging.c, mon_systrace.c, sudo.c, + sudo.h, sudo_edit.c, testsudoers.c, visudo.c, emul/err.h: Add + local error/warning functions like err/warn but that call an + additional cleanup routine in the error case. This means we no + longer need to compile a special version of alloc.o for visudo. -2004-11-15 07:59 millert +2004-11-15 09:59 millert * match.c: Use userpw_matches() to compare usernames, not strcmp(), - since the latter checks for "#uid". + since the latter checks for "#uid". -2004-11-15 07:53 millert +2004-11-15 09:53 millert * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: Cache passwd - db entries in 2 reb-black trees; one indexed by uid, the other by - user name. The data returned from the cache should be considered - read-only and is destroyed by sudo_endpwent(). + db entries in 2 reb-black trees; one indexed by uid, the other by + user name. The data returned from the cache should be considered + read-only and is destroyed by sudo_endpwent(). -2004-11-15 07:50 millert +2004-11-15 09:50 millert * match.c: add cast to uid_t -2004-11-15 07:49 millert +2004-11-15 09:49 millert * gram.y: missing free in alias_destroy -2004-11-15 07:49 millert +2004-11-15 09:49 millert * redblack.c: Can't use rbapply() for rbdestroy since the - destructor is passed a data pointer, not a node pointer. + destructor is passed a data pointer, not a node pointer. -2004-11-14 21:06 millert +2004-11-14 23:06 millert * getspwuid.c, logging.c, sudo.c, sudo.h: Create and use private - versions of setpwent() and endpwent() that set/end the shadow - password file too. + versions of setpwent() and endpwent() that set/end the shadow + password file too. -2004-11-14 20:55 millert +2004-11-14 22:55 millert - * gram.c, gram.h, gram.y, match.c, parse.h: Store aliases in a - red-black tree. + * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, + visudo.c: Store aliases in a red-black tree. -2004-11-14 20:52 millert +2004-11-14 22:52 millert * Makefile.in, redblack.c, redblack.h: red-black tree - implementation + implementation -2004-11-12 09:19 millert +2004-11-14 22:37 millert + + * visudo.c: Edit all sudoers file if there were unused or undefined + aliases and we are in strict mode. + +2004-11-12 11:19 millert * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c, - find_path.c: Bring back the "secure_path" Defaults option now that - Defaults take effect before the path is searched. + find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: + Bring back the "secure_path" Defaults option now that Defaults + take effect before the path is searched. -2004-11-11 10:22 millert +2004-11-11 12:22 millert * logging.c, parse.c: A user can always list their own entries, - even with -u. Better error message when failing to list another - user's entries. + even with -u. Better error message when failing to list another + user's entries. -2004-11-11 10:12 millert +2004-11-11 12:12 millert * parse.c, sudo.c, sudo.h: The syntax to list another user's - entries is now "-u otheruser -l". Only root or users with sudo - "ALL" may list other user's entries. + entries is now "-u otheruser -l". Only root or users with sudo + "ALL" may list other user's entries. -2004-11-11 09:30 millert +2004-11-11 11:30 millert * sudo.cat, sudo.man.in, sudo.pod: Update env variable info in - SECURITY NOTES + SECURITY NOTES -2004-11-11 09:25 millert +2004-11-11 11:25 millert * env.c: strip CDPATH too -2004-11-11 09:20 millert +2004-11-11 11:20 millert * env.c: strip exported bash functions from the environment. -2004-10-27 10:16 millert +2004-10-27 12:16 millert * sudo.c: Only reset sudo_user.pw based on SUDO_USER environment - variables for real commands and sudoedit. This avoids a confusing - message when a user tries "sudo -l" or "sudo -v" and is denied. + variables for real commands and sudoedit. This avoids a + confusing message when a user tries "sudo -l" or "sudo -v" and is + denied. -2004-10-27 10:06 millert +2004-10-27 12:06 millert * gram.c, gram.y, parse.h: Extend LIST_APPEND to deal with - appending lists too + appending lists too -2004-10-26 16:39 millert +2004-10-26 18:39 millert * logging.c: Convert some bitwise AND to ISSET -2004-10-26 16:29 millert +2004-10-26 18:29 millert - * lex.yy.c: toke.c replaces lex.yy.c + * lex.yy.c, toke.c: toke.c replaces lex.yy.c -2004-10-26 16:29 millert +2004-10-26 18:29 millert * CHANGES, TODO: sync -2004-10-26 16:28 millert +2004-10-26 18:28 millert * BUGS: new parser fixes most of the outstanding bugs -2004-10-26 16:27 millert +2004-10-26 18:27 millert * configure: regen -2004-10-26 16:23 millert +2004-10-26 18:26 millert + + * visudo.c: Rework for the new parser. Now checks for unused + aliases in sudoers. + +2004-10-26 18:25 millert + + * testsudoers.c: Rewrite for the new parser. Now supports a -d + flag (dump) and adds a -h flag (host). It now defaults to the + local hostname unless otherwise specified. + +2004-10-26 18:23 millert * sudo.h: Add new prototypes. Remove NOMATCH/UNSPEC (now in - parse.h) + parse.h) -2004-10-26 16:22 millert +2004-10-26 18:22 millert * sudo.c: Update for new parse. We now call find_path() *after* we - have updated the global defaults based on sudoers. Also adds - support for listing other user's privs if you are root. + have updated the global defaults based on sudoers. Also adds + support for listing other user's privs if you are root. -2004-10-26 16:21 millert +2004-10-26 18:21 millert * mon_systrace.c: Working LDAP support; also remove a now-unneeded - rewind(). + rewind(). -2004-10-26 16:20 millert +2004-10-26 18:20 millert * logging.c, logging.h: Add NO_STDERR flag. -2004-10-26 16:19 millert +2004-10-26 18:19 millert * ldap.c: Split sudo_ldap_check() into three pieces: - sudo_ldap_open(), udo_ldap_update_defaults() and sudo_ldap_check(). - This allows us to connecto to LDAP, apply the default options, - find the command in the user's path, and then check whether the - user is allowed to run it. The important thing here is that the - default runas user may be specified as a default option and that - needs to be set before we search for the command. + sudo_ldap_open(), udo_ldap_update_defaults() and + sudo_ldap_check(). This allows us to connecto to LDAP, apply the + default options, find the command in the user's path, and then + check whether the user is allowed to run it. The important thing + here is that the default runas user may be specified as a default + option and that needs to be set before we search for the command. -2004-10-26 16:17 millert +2004-10-26 18:17 millert * ldap.c: Add casts to unsigned char for isspace() to quiet a gcc - warning. + warning. -2004-10-26 16:16 millert +2004-10-26 18:16 millert * defaults.h: Add prototype for update_defaults() -2004-10-26 16:16 millert +2004-10-26 18:16 millert * defaults.c: Don't warn about line numbers now that we operate on - a set of data structures (or LDAP) and not a file. + a set of data structures (or LDAP) and not a file. -2004-10-26 16:15 millert +2004-10-26 18:15 millert * config.h.in: No long use lsearch() -2004-10-26 16:14 millert +2004-10-26 18:14 millert * Makefile.in: Update for new and changed file names. -2004-10-26 16:14 millert +2004-10-26 18:14 millert * LICENSE: no more BSD lsearch.c -2004-10-26 16:14 millert +2004-10-26 18:14 millert * match.c: foo_matches() routines now live in match.c Added - user_matches(), runas_matches(), host_matches(), cmnd_matches() and - alias_matches() that operate on the parsed sudoers file. + user_matches(), runas_matches(), host_matches(), cmnd_matches() + and alias_matches() that operate on the parsed sudoers file. -2004-10-26 16:12 millert +2004-10-26 18:12 millert - * parse.lex: Move parse.lex -> toke.l Rename buffer_frob() -> - switch_buffer() WORD no longer needs to exclude '@' kill yywrap() + * parse.lex, toke.l: Move parse.lex -> toke.l Rename buffer_frob() + -> switch_buffer() WORD no longer needs to exclude '@' kill + yywrap() -2004-10-26 16:10 millert +2004-10-26 18:10 millert - * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc: Rewritten - parser that converts sudoers into a set of data structures. This - eliminates ordering issues and makes it possible to apply sudoers - Defaults entries before searching for the command. + * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.h: + Rewritten parser that converts sudoers into a set of data + structures. This eliminates ordering issues and makes it + possible to apply sudoers Defaults entries before searching for + the command. -2004-10-26 16:09 millert +2004-10-26 18:09 millert - * configure.in, lsearch.c: We won't be using lsearch() any longer. + * configure.in, lsearch.c, emul/search.h: We won't be using + lsearch() any longer. -2004-10-26 16:07 millert +2004-10-26 18:07 millert * ldap.c: sudo should not send mail if someone who runs 'sudo -l' - has no entry. + has no entry. + +2004-10-26 16:09 millert -2004-10-26 14:09 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: regen - * sudo.cat, sudo.man.in: regen +2004-10-26 16:09 millert + + * visudo.pod: Update warnings to match new visudo -2004-10-26 14:08 millert +2004-10-26 16:08 millert + + * sudoers.pod: The new parser doesn't have the old ordering + constraints. + +2004-10-26 16:08 millert * sudo.pod: Document that -l now takes an optional username - argument + argument -2004-10-25 11:44 millert +2004-10-25 13:44 millert * RUNSON: AIX 5.2.0.0 works -2004-10-25 11:38 millert +2004-10-25 13:38 millert * ldap.c: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS - instead. Fixes a compilation problem with Solaris 9's native LDAP. - - Set FLAG_MONITOR when needed. + instead. Fixes a compilation problem with Solaris 9's native + LDAP. -2004-10-23 11:32 millert + Set FLAG_MONITOR when needed. + +2004-10-23 13:32 millert * mon_systrace.c: Call sudo_goodpath() *after* changing the cwd to - match the traced process. Fixes relative paths. + match the traced process. Fixes relative paths. + +2004-10-21 12:31 millert -2004-10-13 10:46 millert + * testsudoers.c: Kill set_perms() stub--it is no longer needed. + +2004-10-13 12:52 millert + + * sudoers.cat, sudoers.man.in, sudoers.pod: stay_setuid now + requires set_reuid() or setresuid() + +2004-10-13 12:46 millert * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure, - configure.in, set_perms.c, sudo.c, sudo.h: Kill use of POSIX saved - uids; they aren't worth bothering with. + configure.in, set_perms.c, sudo.c, sudo.h: Kill use of POSIX + saved uids; they aren't worth bothering with. -2004-10-07 14:23 millert +2004-10-07 16:23 millert * glob.c: remove call to issetugid() -2004-10-07 12:52 millert +2004-10-07 14:57 millert + + * sudoers.cat, sudoers.man.in, sudoers.pod: Remove warning about + wildcards. Now that we use glob() the bug is fixed. + +2004-10-07 14:52 millert * parse.c: Use glob(3) instead of fnmatch(3) for matching pathnames - and stat each result that matches the basename of the user's - command. This makes "cd /usr/bin ; sudo ./blah" work when sudoers - allows /usr/bin/blah. Fixes bug #143. + and stat each result that matches the basename of the user's + command. This makes "cd /usr/bin ; sudo ./blah" work when + sudoers allows /usr/bin/blah. Fixes bug #143. -2004-10-07 12:27 millert +2004-10-07 14:27 millert * configure, configure.in, config.h.in: Define HAVE_EXTENDED_GLOB - for extended glob (GLOB_TILDE and GLOB_BRACE) + for extended glob (GLOB_TILDE and GLOB_BRACE) -2004-10-07 10:59 millert +2004-10-07 12:59 millert * config.h.in, configure, configure.in: Check for a glob() that - supports GLOB_BRACE and GLOB_TILDE + supports GLOB_BRACE and GLOB_TILDE -2004-10-07 10:51 millert +2004-10-07 12:51 millert * LICENSE: reference glob -2004-10-07 10:50 millert +2004-10-07 12:50 millert - * glob.c: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded - extensions removed. + * glob.c, emul/glob.h: 4.4BSD glob(3) with fixes from OpenBSD and + some unneeded extensions removed. -2004-10-05 15:26 millert +2004-10-05 17:26 millert * mon_systrace.c: Just return if STRIOCINJECT or STRIOCREPLACE - fail. It probably means we are out of space in the stack gap... + fail. It probably means we are out of space in the stack gap... -2004-10-05 15:20 millert +2004-10-05 17:20 millert * CHANGES: sync -2004-10-05 14:53 millert +2004-10-05 16:53 millert * mon_systrace.c: Take a stab at ldap sudoers support here. -2004-10-05 13:13 millert +2004-10-05 15:13 millert * mon_systrace.c, mon_systrace.h: Detach from tracee on SIGHUP, - SIGINT and SIGTERM. Now "sudo reboot" doesn't cause reboot to - inadvertanly kill itself. + SIGINT and SIGTERM. Now "sudo reboot" doesn't cause reboot to + inadvertanly kill itself. -2004-10-05 12:21 millert +2004-10-05 14:21 millert * mon_systrace.c: put "monitor" in the proctitle, not "systrace" -2004-10-05 12:15 millert +2004-10-05 14:15 millert * mon_systrace.c: When modifying the environment, don't replace - envp when we can get away with just rewriting pointers in the - traced process. + envp when we can get away with just rewriting pointers in the + traced process. -2004-10-05 11:46 millert +2004-10-05 13:46 millert * mon_systrace.c, mon_systrace.h: Add environment updating via - STRIOCINJECT (if available). + STRIOCINJECT (if available). + +2004-10-05 10:22 millert -2004-10-04 14:15 millert + * sudoers.cat, sudoers.man.in: regen + +2004-10-04 16:15 millert * lex.yy.c: regen -2004-10-04 14:15 millert +2004-10-04 16:15 millert * parse.lex: Fix bug introduced in unput() removal; want yyless(0) - not yyless(1) + not yyless(1) -2004-10-04 10:09 millert +2004-10-04 12:09 millert * mon_systrace.c: Include file is now mon_systrace.h -2004-10-04 10:07 millert +2004-10-04 12:07 millert * Makefile.in, configure, configure.in, def_data.c, def_data.h, - def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, - sudo.c, sudo.h: No longer call it tracing, it is now "monitoring" - which should be more a obvious name to non-hackers. + def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, + sudo.c, sudo.h, sudo.tab.h, sudoers.pod: No longer call it + tracing, it is now "monitoring" which should be more a obvious + name to non-hackers. -2004-10-01 13:06 millert +2004-10-01 15:06 millert * mon_systrace.c, mon_systrace.h: Fix some XXX -2004-10-01 12:30 millert +2004-10-01 14:30 millert * mon_systrace.c, mon_systrace.h: No need to include syscall.h, use - 1024 as the max # of entries (the max that systrace(4) allows). - - Only need to use SYSTR_POLICY_ASSIGN once - - Change check_syscall() -> find_handler() and have it return the - handler instead of just running it. We need this since handler now - have two parts: one part that generates and answer and another that - gets called after the answer is accepted (to do logging). - - Add some missing check_exec for emul execv + 1024 as the max # of entries (the max that systrace(4) allows). + + Only need to use SYSTR_POLICY_ASSIGN once -2004-10-01 08:58 millert + Change check_syscall() -> find_handler() and have it return the + handler instead of just running it. We need this since handler + now have two parts: one part that generates and answer and + another that gets called after the answer is accepted (to do + logging). - * sample.pam, sample.sudoers, sample.syslog.conf: Add $Sudo$ tags. + Add some missing check_exec for emul execv -2004-10-01 08:47 millert +2004-10-01 10:58 millert + + * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: Add + $Sudo$ tags. + +2004-10-01 10:47 millert * config.h.in: Add missing HAVE_LINUX_SYSTRACE_H -2004-09-30 18:46 millert +2004-09-30 20:46 millert * Makefile.in: add trace_systrace.o dependency -2004-09-30 17:00 millert +2004-09-30 19:00 millert * configure, configure.in: Also look for systrace.h in - /usr/include/linux + /usr/include/linux -2004-09-30 16:27 millert +2004-09-30 18:27 millert * mon_systrace.c, mon_systrace.h: Move all struct defs and - prototypes into trace_systrace.h and mark all but systace_attach() - static. + prototypes into trace_systrace.h and mark all but + systace_attach() static. -2004-09-30 16:14 millert +2004-09-30 18:14 millert * mon_systrace.c, mon_systrace.h: Add support for tracing - emulations. At the moment, all emulations are compiled in. It - might make sense to #ifdef them in the future, though this impeeds - readability. + emulations. At the moment, all emulations are compiled in. It + might make sense to #ifdef them in the future, though this + impeeds readability. -2004-09-30 15:07 millert +2004-09-30 17:07 millert * Makefile.in, configure.in, configure: rename systrace.c -> - trace_systrace.c + trace_systrace.c -2004-09-30 13:58 millert +2004-09-30 15:58 millert * parse.yacc: Allow this to build with a K&R compiler again -2004-09-30 11:58 millert +2004-09-30 13:58 millert * TODO: sync -2004-09-30 11:55 millert +2004-09-30 13:55 millert - * sudo.c, compat.h: Use __attribute__((__noreturn__)) + * sudo.c, compat.h, visudo.c: Use __attribute__((__noreturn__)) -2004-09-30 11:25 millert +2004-09-30 13:44 millert - * sudo.cat, sudo.man.in: regen + * visudo.c: Exit() takes a negative value to indicate it was not + called via signal. + +2004-09-30 13:25 millert -2004-09-30 11:22 millert + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: regen - * Makefile.in: Define Err() and Errx() that are like err() and - errx() but call Exit() instead of exit(). Build private copy of - alloc.o for visudo that calls Err() and Errx(). +2004-09-30 13:22 millert -2004-09-29 13:22 millert + * Makefile.in, visudo.c: Define Err() and Errx() that are like + err() and errx() but call Exit() instead of exit(). Build + private copy of alloc.o for visudo that calls Err() and Errx(). + +2004-09-29 15:22 millert * lex.yy.c: regen -2004-09-29 13:22 millert +2004-09-29 15:22 millert * CHANGES: sync -2004-09-29 12:36 millert +2004-09-29 14:41 millert + + * visudo.c: Overhaul visudo for editing multiple files: o visudo + has been broken out into functions (more work needed here) o + each file is now edited before sudoers is re-parsed o if a + #include line is added that file will be edited too - * parse.lex, sudo.c, sudo.h: Add keepopen arg to open_sudoers that - open_sudoers can use to indicate to the caller that the fd should - not be closed when it is done with it. To be used by visudo to - keep locked fds from being closed prematurely (and thus losing the - lock). + TODO: o cleanup temp files when exiting via err() or errx() o + continue breaking things out into separate functions -2004-09-29 12:33 millert +2004-09-29 14:36 millert + + * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: Add keepopen + arg to open_sudoers that open_sudoers can use to indicate to the + caller that the fd should not be closed when it is done with it. + To be used by visudo to keep locked fds from being closed + prematurely (and thus losing the lock). + +2004-09-29 14:33 millert * parse.yacc, sudo.c: Add errorfile global that contains the name - of the file that caused the error. + of the file that caused the error. -2004-09-29 12:30 millert +2004-09-29 14:30 millert * parse.lex: return COMMENT to yacc grammar for a #include line -2004-09-29 12:29 millert +2004-09-29 14:29 millert * parse.lex: Remove us of unput() in favor of yyless() which is - cheaper. + cheaper. -2004-09-29 12:28 millert +2004-09-29 14:28 millert * parse.yacc: Allow an empty sudoers file. -2004-09-28 14:50 millert +2004-09-28 16:50 millert * mon_systrace.c: Rewind sudoers_fp now that sudoers_lookup() - doesn't do it for us. + doesn't do it for us. -2004-09-28 12:37 millert +2004-09-28 14:37 millert * lex.yy.c: regen -2004-09-28 12:31 millert +2004-09-28 14:36 millert + + * visudo.c: Do signal setup before calling edit_sudoers(). Don't + shadow the "quiet" global. + +2004-09-28 14:33 millert + + * visudo.c: If a sudoers file includes other files, edit those too. + Does not yes deal with creating the new includes files itself. + +2004-09-28 14:31 millert + + * testsudoers.c: init_parser now takes a path + +2004-09-28 14:31 millert * parse.c, parse.h, parse.lex, parse.yacc: More scaffolding for - dealing with multiple sudoers files: o init_parser() now takes a - path used to populate the sudoers global o the sudoers global is - used to print the correct file in yyerror() o when switching to a - new sudoers file, perserve old file name and line number + dealing with multiple sudoers files: o init_parser() now takes a + path used to populate the sudoers global o the sudoers global is + used to print the correct file in yyerror() o when switching to + a new sudoers file, perserve old file name and line number -2004-09-28 12:29 millert +2004-09-28 14:29 millert * Makefile.in, pathnames.h.in: Kill _PATH_SUDOERS_TMP; it is not - meaningful now that we can have multiple sudoers files. + meaningful now that we can have multiple sudoers files. -2004-09-28 11:52 millert +2004-09-28 13:52 millert * parse.c, sudo.c: Rewind sudoers_fp in open_sudoers() instead of - sudoers_lookup() so we start at the right file position when - reading include files. + sudoers_lookup() so we start at the right file position when + reading include files. -2004-09-27 18:47 millert +2004-09-27 21:04 millert + + * sudoers.pod: document #include + +2004-09-27 20:47 millert * lex.yy.c: regen -2004-09-27 18:47 millert +2004-09-27 20:47 millert * parse.lex: Add max depth of 128 for the include stack to avoid - loops. - - Since yyerror() doesn't stop parsing, pass return values back to - yylex and call yyterminate() on error. + loops. + + Since yyerror() doesn't stop parsing, pass return values back to + yylex and call yyterminate() on error. + +2004-09-27 14:06 millert -2004-09-27 12:05 millert + * sudoers.pod: document tracing + +2004-09-27 14:05 millert * sudo.pod: Mention PREVENTING SHELL ESCAPES section of sudoers man - page + page -2004-09-27 10:08 millert +2004-09-27 12:08 millert * lex.yy.c: regen -2004-09-27 10:03 millert +2004-09-27 12:03 millert * parse.lex: Add support for #include in sudoers (visudo support - TBD) + TBD) -2004-09-27 10:02 millert +2004-09-27 12:02 millert * parse.yacc: make yyerror()'s argument const -2004-09-27 10:01 millert +2004-09-27 12:02 millert + + * testsudoers.c, visudo.c: Add open_sudoers() stubs. + +2004-09-27 12:01 millert * sudo.c, sudo.h: Rename check_sudoers() open_sudoers() and make it - return a FILE * + return a FILE * -2004-09-26 10:35 millert +2004-09-26 12:35 millert - * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: - Crank version + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, + version.h: Crank version -2004-09-26 10:33 millert +2004-09-26 12:33 millert * Makefile.in, sudo.psf: Better HP-UX depot construction -2004-09-25 15:08 millert +2004-09-25 17:08 millert * mon_systrace.c: o Made children global so check_exec() can lookup - a child. o Replaced uid in struct childinfo with struct passwd * - (for runas) o new_child() now takes a parent pid so the runas info - can be inherited o Added find_child() to lookup a child by its pid - o update_child() now fills in a struct passwd o Converted the big - if/else mess in set_policy to a switch o Syscalls that change uid - are now "ask" so we get SYSTR_MSG_UGID events + a child. o Replaced uid in struct childinfo with struct passwd * + (for runas) o new_child() now takes a parent pid so the runas + info can be inherited o Added find_child() to lookup a child by + its pid o update_child() now fills in a struct passwd o Converted + the big if/else mess in set_policy to a switch o Syscalls that + change uid are now "ask" so we get SYSTR_MSG_UGID events -2004-09-25 15:01 millert +2004-09-25 17:01 millert * getspwuid.c: Add flag to sudo_pwdup that indicates whether or not - to lookup the shadow password. Will be used to a struct passwd - that has the shadow password already filled in. + to lookup the shadow password. Will be used to a struct passwd + that has the shadow password already filled in. -2004-09-25 14:58 millert +2004-09-25 16:58 millert * mon_systrace.c: add missing increment of addr in read_string() -2004-09-25 14:15 millert +2004-09-25 16:15 millert * mon_systrace.c: Remove bogus call to update_child() and some - cosmetic fixes + cosmetic fixes -2004-09-25 14:11 millert +2004-09-25 16:11 millert * mon_systrace.c: Don't leak /dev/systrace fd to tracee Make - initialized global for simplicity If STRIOCATTACH returns EBUSY we - are already being traced Check for user_args == NULL in - setproctitle() call Add missing calls to STRIOCANSWER + initialized global for simplicity If STRIOCATTACH returns EBUSY + we are already being traced Check for user_args == NULL in + setproctitle() call Add missing calls to STRIOCANSWER -2004-09-25 11:15 millert +2004-09-25 13:15 millert * sudo.c: g/c sudo_pwdup proto -2004-09-24 18:21 millert +2004-09-24 20:21 millert * Makefile.in, sudo.psf: Add target for building a depot file -2004-09-24 18:07 millert +2004-09-24 20:07 millert * mon_systrace.c: trim includes -2004-09-24 12:11 millert +2004-09-24 14:11 millert - * lex.yy.c: regen + * lex.yy.c, sudo.tab.h: regen -2004-09-24 12:10 millert +2004-09-24 14:10 millert * INSTALL: document --with-systrace -2004-09-24 12:10 millert +2004-09-24 14:10 millert * config.h.in, configure, configure.in: Add check for setproctitle -2004-09-24 12:09 millert +2004-09-24 14:09 millert * mon_systrace.c: pass struct str_msg_ask in to syscall checker so - it can set the error code + it can set the error code -2004-09-24 11:30 millert +2004-09-24 13:30 millert * mon_systrace.c: systrace(4) support for sudo. On systems with - the systrace(4) kernel facility (OpenBSD, NetBSD, Linux w/ patches) - sudo can intercept exec calls and check the exec args against the - sudoers file. In other words, sudo can now control subcommands and - shell escapes. + the systrace(4) kernel facility (OpenBSD, NetBSD, Linux w/ + patches) sudo can intercept exec calls and check the exec args + against the sudoers file. In other words, sudo can now control + subcommands and shell escapes. -2004-09-24 11:17 millert +2004-09-24 13:17 millert * sudo.c, sudo.h: Call systrace_attach() if FLAG_TRACE is set. -2004-09-24 11:15 millert +2004-09-24 13:15 millert * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: Add trace - Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE + Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE -2004-09-24 11:13 millert +2004-09-24 13:13 millert * parse.c, sudo.c: Don't close sudoers_fp, keep it open and set - close on exec flag instead. + close on exec flag instead. -2004-09-24 11:11 millert +2004-09-24 13:11 millert * def_data.c, def_data.h, def_data.in: Add trace option -2004-09-23 18:24 millert +2004-09-23 20:24 millert * Makefile.in: Add systrace -2004-09-23 18:23 millert +2004-09-23 20:23 millert * INSTALL: SunOS /bin/sh blows up with configure -2004-09-23 18:23 millert +2004-09-23 20:23 millert * configure, configure.in: Include sys/param.h before systrace.h -2004-09-23 18:15 millert +2004-09-23 20:15 millert * configure: regen -2004-09-23 18:15 millert +2004-09-23 20:15 millert * pathnames.h.in: _PATH_DEV_SYSTRACE -2004-09-23 18:14 millert +2004-09-23 20:14 millert * configure.in: line up options in --help -2004-09-23 18:11 millert +2004-09-23 20:11 millert * config.h.in, configure.in: Add --with-systrace -2004-09-23 11:35 millert +2004-09-23 13:35 millert * configure: regen -2004-09-23 11:35 millert +2004-09-23 13:35 millert * aclocal.m4, configure.in: make this work with autoconf-2.59 -2004-09-15 16:47 millert +2004-09-16 12:58 millert + + * sudo_edit.c: Simplify logic around open & stat of files and do + sanity on edited file even if we lack fstat (still racable but + worth doing). + +2004-09-15 18:47 millert * HISTORY: Add support url -2004-09-15 14:11 millert +2004-09-15 16:11 millert * Makefile.in: versino 1.6.8p1 -2004-09-15 13:20 millert +2004-09-15 15:20 millert * CHANGES: more changes for 1.6.8p1 -2004-09-15 10:16 millert +2004-09-15 15:18 millert + + * version.h: 1.6.8p1 - * CHANGES: Add sanity check so we don't try to edit something other - than a regular file. +2004-09-15 12:16 millert -2004-09-14 18:55 aaron + * CHANGES, sudo_edit.c: Add sanity check so we don't try to edit + something other than a regular file. + +2004-09-14 20:55 aaron * CHANGES: sync -2004-09-14 18:21 aaron +2004-09-14 20:21 aaron * INSTALL: document --with-ldap-conf-file -2004-09-14 15:43 millert +2004-09-14 17:43 millert * CHANGES, ins_csops.h: political correctness strikes again -2004-09-14 13:09 millert +2004-09-14 15:09 millert * RUNSON: sync -2004-09-12 17:50 millert +2004-09-12 19:50 millert * Makefile.binary.in, Makefile.in: Install sudoedit man link -2004-09-12 12:25 millert +2004-09-12 14:25 millert * INSTALL: Update PAM note and mention where HP-UX users can - download gcc binaries. + download gcc binaries. -2004-09-12 10:08 millert +2004-09-12 12:08 millert * Makefile.in: libtool wants to install stuff from .libs so fake - one up for binary installations. + one up for binary installations. -2004-09-12 09:53 millert +2004-09-12 11:53 millert * Makefile.binary.in: rm -f old sudoedit link instead of using ln - -f set LIBTOOL correctly + -f set LIBTOOL correctly -2004-09-12 09:53 millert +2004-09-12 11:53 millert * Makefile.in: Deal with "uname -m" having slashes in it rm -f old - sudoedit link instead of using ln -f + sudoedit link instead of using ln -f -2004-09-12 08:22 millert +2004-09-12 10:22 millert * Makefile.binary, Makefile.binary.in: Makefile.binary -> - Makefile.binary.in for config.status substitution Add support for - installing noexec bits + Makefile.binary.in for config.status substitution Add support for + installing noexec bits -2004-09-12 08:21 millert +2004-09-12 10:21 millert * Makefile.in: Copy noexec bits into binary dists too No longer use - my old arch script for making binary dists + my old arch script for making binary dists -2004-09-12 07:36 millert +2004-09-12 09:36 millert * Makefile.binary: Install sudoedit link. -2004-09-10 10:31 millert +2004-09-11 12:25 millert + + * emul/utime.h: avoid __P so there is no need for compat.h to be + included + +2004-09-11 12:24 millert + + * utimes.c: Don't use HAVE_UTIME_H before including config.h. + +2004-09-10 12:31 millert * compat.h: Fix Solatis futimes macro -2004-09-08 12:36 millert +2004-09-09 11:02 millert + + * sudo_edit.c: Rename ots -> omtim for improved readability. + +2004-09-08 14:38 millert + + * sudo_edit.c: Redo changes in revision 1.7. Don't really need to + keep the temp file open; re-opening it with the invoking user's + euid is sufficient. + +2004-09-08 14:36 millert * CHANGES: sync -2004-09-08 12:35 millert +2004-09-08 14:35 millert * sudo.cat, sudo.man.in: regen -2004-09-08 12:34 millert +2004-09-08 14:34 millert * sudo.pod: back out revision 1.70; it is no long applicable -2004-09-08 09:57 millert +2004-09-08 11:57 millert * env.c: Let the loader initialize nep -2004-09-08 09:49 millert +2004-09-08 11:49 millert * configure, configure.in, config.h.in: Removed unneed check for - fchown Add check for gettimeofday Move autoheader template stuff - into separate AH_TEMPLATE lines + fchown Add check for gettimeofday Move autoheader template stuff + into separate AH_TEMPLATE lines -2004-09-08 09:48 millert +2004-09-08 11:48 millert - * check.c, compat.h, fileops.c, sudo.h: Use timespec throughout. + * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: Use + timespec throughout. -2004-09-08 09:47 millert +2004-09-08 11:47 millert * Makefile.in: gettime.[co] -2004-09-08 09:47 millert +2004-09-08 11:47 millert * gettime.c: function to return the current time in a struct - timespec + timespec + +2004-09-08 10:51 millert -2004-09-07 14:36 millert + * utimes.c: Not a darpa-sponsored file. + +2004-09-07 16:36 millert * compat.h, config.h.in, configure, configure.in: Add a check for - struct timespec and provide it for those without. + struct timespec and provide it for those without. + +2004-09-07 15:56 millert -2004-09-07 13:56 millert + * config.h.in, configure, configure.in, sudo_edit.c: Add checks for + st_mtim and st_mtimespec and add macros for pulling the mtime sec + and nsec out of struct stat. These are used in sudo_edit() to + better tell whether or not the file has changed. - * config.h.in, configure, configure.in: Add checks for st_mtim and - st_mtimespec and add macros for pulling the mtime sec and nsec out - of struct stat. These are used in sudo_edit() to better tell - whether or not the file has changed. +2004-09-07 15:55 millert -2004-09-07 13:55 millert + * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: Add an extra + param to touch() for nsec - * check.c, fileops.c, sudo.h: Add an extra param to touch() for - nsec +2004-09-07 14:06 millert -2004-09-07 12:04 millert + * sudo_edit.c: Call mkstemp() as the in invoking user so we don't + have to chown the file later. Only touch() the temp file if we + can do it via the file descriptor. Don't check for modification + of the temp file if we lack fstat(). Catch errors read()ing the + temp file. + +2004-09-07 14:04 millert * fileops.c: If path is NULL and fd == -1 return -1. -2004-09-07 11:14 millert +2004-09-07 13:31 millert + + * sudo_edit.c: closefrom() is overkill, the only extra fds are the + ones we opened so just close those in the child. + +2004-09-07 13:14 millert * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, - configure, configure.in, fileops.c, sudo.h: Use utimes() and - futimes() instead of utime() in touch(), emulating as needed. Not - all systems are able to support setting the times of an fd so - touch() takes both an fd and a file name as arguments. + configure, configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, + utimes.c, visudo.c: Use utimes() and futimes() instead of utime() + in touch(), emulating as needed. Not all systems are able to + support setting the times of an fd so touch() takes both an fd + and a file name as arguments. -2004-09-06 19:12 aaron +2004-09-06 21:12 aaron * env.c: Rare SEGV -2004-09-06 14:46 millert +2004-09-06 16:46 millert - * sudo.cat, sudo.man.in: regen + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: regen -2004-09-06 14:45 millert +2004-09-06 16:45 millert - * sudo.pod: Add SUPPORT section and re-order some of the sections - to match the order we use in OpenBSD. + * sudo.pod, sudoers.pod, visudo.pod: Add SUPPORT section and + re-order some of the sections to match the order we use in + OpenBSD. -2004-09-06 13:05 aaron +2004-09-06 15:05 aaron * env.c: Openldap ~/.ldaprc fix -2004-09-06 10:18 millert +2004-09-06 12:18 millert * sudo.pod: Talk about how the editor must write its changes to the - original file and not just use rename(2). + original file and not just use rename(2). -2004-09-06 10:12 millert +2004-09-06 12:12 millert * CHANGES: sync -2004-09-06 10:10 millert +2004-09-06 12:11 millert + + * sudo_edit.c: Keep the temp file open instead of re-opening after + the editor has exited. + +2004-09-06 12:10 millert * sample.pam: Update for current redhat/fedora core. -2004-09-02 19:56 aaron +2004-09-02 21:56 aaron * README.LDAP: tls_ examples -2004-09-01 22:03 aaron +2004-09-02 00:03 aaron * ldap.c: config tls_* options -2004-08-29 09:39 millert +2004-08-29 11:39 millert * configure, configure.in: No need for -lcrypt when using pam. -2004-08-26 21:57 millert +2004-08-26 23:57 millert * configure: regen -2004-08-26 21:44 aaron +2004-08-26 23:44 aaron * configure.in, ldap.c, pathnames.h.in: Allow --with-ldap-conf-file - option to override LDAP_CONF + option to override LDAP_CONF -2004-08-26 20:08 aaron +2004-08-26 22:08 aaron * ldap.c: cleanup debug message -2004-08-26 17:29 aaron +2004-08-26 19:29 aaron * README.LDAP: more config info -2004-08-24 12:01 millert +2004-08-24 14:01 millert - * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h: Add - cmnd_base to struct sudo_user and set it in init_vars(). Add - cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No - longer use gross statics in command_matches(). Also rename some - variables for improved clarity. + * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c: + Add cmnd_base to struct sudo_user and set it in init_vars(). Add + cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No + longer use gross statics in command_matches(). Also rename some + variables for improved clarity. -2004-08-21 12:33 millert +2004-08-21 14:33 millert * INSTALL: document HP's crippled compiler deficiency. -2004-08-21 12:25 millert +2004-08-21 14:25 millert * INSTALL: Fix some thinkos in --with-editor and --with-env-editor - descriptions. Noticed by Norihiko Murase. + descriptions. Noticed by Norihiko Murase. -2004-08-21 12:20 millert +2004-08-21 14:20 millert * configure, configure.in: --with-noexec takes an optional PATH - argument. + argument. -2004-08-21 12:20 millert +2004-08-21 14:20 millert * INSTALL: document --with-noexec -2004-08-17 14:21 millert +2004-08-17 16:21 millert * RUNSON, TODO: sync -2004-08-17 12:53 millert +2004-08-17 15:11 millert + + * sudo_edit.c: Better warning message when sudoedit is unable to + write to the destination file. + +2004-08-17 14:53 millert * sudo.cat, sudo.man.in: regen -2004-08-17 12:53 millert +2004-08-17 14:53 millert * sudo.pod: Don't italicize the string "sudoedit" -2004-08-16 16:45 millert +2004-08-16 18:45 millert * HISTORY: Mention GratiSoft. -2004-08-11 12:29 millert +2004-08-11 14:29 millert * parse.yacc: Reset used_runas to FALSE when re-intializing the - parser. + parser. -2004-08-09 17:04 millert +2004-08-09 19:04 millert * config.guess: Correct OpenBSD mips support -2004-08-09 15:28 millert +2004-08-09 17:28 millert * config.guess: Add OpenBSD/mips -2004-08-06 21:43 aaron +2004-08-06 23:43 aaron * README.LDAP: More behavior notes -2004-08-06 21:36 aaron +2004-08-06 23:36 aaron * README.LDAP: Updates on current behavior -2004-08-06 17:56 millert +2004-08-06 19:56 millert - * sudo.pod: =back does not take an indentlevel (makes no difference - to formatted files). + * sudo.pod, sudoers.pod: =back does not take an indentlevel (makes + no difference to formatted files). -2004-08-06 17:48 millert +2004-08-06 19:48 millert * CHANGES: new -2004-08-06 17:42 millert +2004-08-06 19:42 millert * sudo.c: Consistency. Use same error for bad -u #uid when - targetpw is set as we do when a bad -u username is specified. + targetpw is set as we do when a bad -u username is specified. -2004-08-06 17:33 millert +2004-08-06 19:33 millert * TODO: Add checksum idea from Steve Mancini -2004-08-06 17:32 millert +2004-08-06 19:32 millert - * sudo.cat, sudo.man.in: regen + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen -2004-08-06 17:31 millert +2004-08-06 19:31 millert - * sudo.pod: Document the restriction on uids specified via -u when - targetpw is set. + * sudo.pod, sudoers.pod: Document the restriction on uids specified + via -u when targetpw is set. -2004-08-06 17:24 millert +2004-08-06 19:24 millert * sudo.c: Error out when targetpw is enabled and sudo is run with - -u #uid but #uid does not exist in the passwd database. We can't - do target authentication when the target is not in passwd! + -u #uid but #uid does not exist in the passwd database. We can't + do target authentication when the target is not in passwd! -2004-08-05 19:16 millert +2004-08-05 21:16 millert - * sudo.cat, sudo.man.in: regen + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen -2004-08-05 19:14 millert +2004-08-05 21:14 millert * TODO: Some more todo for the next release. -2004-08-05 19:13 millert +2004-08-05 21:13 millert * INSTALL: Make it clear that PAM should be used for DCE support - when possible. + when possible. + +2004-08-05 21:13 millert + + * sudoers.pod: o Document problems with wildcards and relative + paths. o Make the order requirements more prominent. o Change a + "set" to "reset" for clarity. -2004-08-05 12:29 millert +2004-08-05 14:29 millert * sudo.pod: Mention --with-secure-path, not SECURE_PATH. -2004-08-02 20:34 aaron +2004-08-02 22:34 aaron * ldap.c: reflect changes to parse.c -2004-08-02 12:44 millert +2004-08-02 14:44 millert - * parse.c, parse.h, parse.yacc: Don't pass user_cmnd and user_args - to command_matches(), just use the globals there. Since we keep - state with statics anyway it is misleading to pretend that passing - in different cmnd and cmnd_args will work. + * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: Don't pass + user_cmnd and user_args to command_matches(), just use the + globals there. Since we keep state with statics anyway it is + misleading to pretend that passing in different cmnd and + cmnd_args will work. -2004-08-02 12:40 millert +2004-08-02 14:40 millert * parse.c: Fix a bug introduced in rev. 1.149. When checking for - pseudo-commands check for a '/' anywhere in cmnd, not just the - first character. + pseudo-commands check for a '/' anywhere in cmnd, not just the + first character. -2004-07-30 21:07 aaron +2004-07-30 23:07 aaron * sudo.man.in, sudo.pod: Clarification thanks to Olivier Blin - + -2004-07-30 20:06 aaron +2004-07-30 22:41 aaron + + * sudoers.man.in, sudoers.pod: Add ignore_local_sudoers + +2004-07-30 22:06 aaron * README.LDAP: Sun One schema definition by - Andreas.Bussjaeger@t-systems.com and janth@moldung.no + Andreas.Bussjaeger@t-systems.com and janth@moldung.no -2004-07-29 09:57 millert +2004-07-29 11:57 millert * CHANGES: typo -2004-07-23 14:44 millert +2004-07-23 16:44 millert * CHANGES: sync -2004-07-23 14:43 millert +2004-07-23 16:43 millert * parse.c: Parse sudoers file as PERM_RUNAS not PERM_ROOT and - remove a useless PERM_SUDOERS. Restore to PERM_ROOT upon exit of - the parse. + remove a useless PERM_SUDOERS. Restore to PERM_ROOT upon exit of + the parse. -2004-07-08 08:20 millert +2004-07-08 10:20 millert * CHANGES: PAM change -2004-07-07 19:04 aaron +2004-07-07 21:04 aaron * ldap.c: Better debugging of ALL command -2004-07-07 18:15 millert +2004-07-07 20:15 millert * parse.c: When matching for "sudoedit" in sudoers check both the - command the user typed *and* the command that is listed in the - sudoers entry. + command the user typed *and* the command that is listed in the + sudoers entry. -2004-07-04 17:59 aaron +2004-07-04 19:59 aaron * ldap.c: Added !command feature -2004-06-10 21:11 millert +2004-06-28 10:51 millert + + * auth/pam.c: Use pam_acct_mgmt() to check for disabled accounts; + Brian Farrell + +2004-06-10 23:11 millert * LICENSE: License is ISC-style, not BSD-style -2004-06-10 18:58 millert +2004-06-10 20:58 millert * CHANGES: sync -2004-06-10 14:54 millert +2004-06-10 16:54 millert * sudo.man.in, sudo.cat: regen -2004-06-10 14:53 millert +2004-06-10 16:53 millert * sudo.pod: o Update some out of date bits to reality o Change the - shell promt in examples to bourne-shell style o Clarify some - details o Add a CAVEAT about "sudo cd /foo" + shell promt in examples to bourne-shell style o Clarify some + details o Add a CAVEAT about "sudo cd /foo" -2004-06-10 14:19 millert +2004-06-10 16:19 millert * check.c: Don't ask for a password if invoking user == target - user. + user. -2004-06-10 10:32 millert +2004-06-10 12:32 millert * sudo.c: typo in comment -2004-06-08 14:20 millert +2004-06-08 19:20 millert + + * sudoers.man.in, sudoers.cat: regen + +2004-06-08 19:19 millert + + * sudoers.pod: Expand on NOEXEC a little. + +2004-06-08 16:20 millert * TODO: sync -2004-06-08 13:55 millert +2004-06-08 15:58 millert - * CHANGES, parse.yacc: Add a check in visudo for runas_default - being set after it has already been used. + * visudo.man.in, visudo.cat: regen -2004-06-08 11:53 millert +2004-06-08 15:55 millert + + * CHANGES, parse.yacc, visudo.c, visudo.pod: Add a check in visudo + for runas_default being set after it has already been used. + +2004-06-08 13:53 millert * parse.yacc: Add a MATCHED macro for testing whether foo_matches - has been set to TRUE or FALSE. This is more readable than checking - for >=0 or < 0. Doesn't change the actual code generated. + has been set to TRUE or FALSE. This is more readable than + checking for >=0 or < 0. Doesn't change the actual code + generated. + +2004-06-06 20:11 millert + + * sudoers.man.in, sudoers.cat: regen -2004-06-06 18:02 millert +2004-06-06 20:07 millert - * find_path.c, ldap.c, logging.h: update (c) year + * sudoers, sudoers.pod: Correct description of where Defaults specs + should go. -2004-06-06 17:58 millert +2004-06-06 20:02 millert + + * find_path.c, ldap.c, logging.h, testsudoers.c, visudo.c, + auth/bsdauth.c, auth/kerb5.c, auth/pam.c: update (c) year + +2004-06-06 19:58 millert * check.c, compat.h, defaults.c, env.c, find_path.c, getcwd.c, - ldap.c, logging.h, parse.c, parse.yacc, sudo.c: Remove trailing - spaces, no actual code changes. + ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c, + tgetpass.c, visudo.c, auth/bsdauth.c, auth/kerb5.c, auth/pam.c: + Remove trailing spaces, no actual code changes. -2004-06-06 14:22 millert +2004-06-06 16:22 millert * parse.yacc: Fix a >=0 that should be <0 that was improperly - converted when UNSPEC was added. + converted when UNSPEC was added. -2004-06-06 13:54 millert +2004-06-06 15:54 millert * parse.yacc: Add do {} while(0) around pop macro Set cmnd_matches - to UNSPEC, not NOMATCH when resetting it. + to UNSPEC, not NOMATCH when resetting it. -2004-06-06 13:39 millert +2004-06-06 15:39 millert * parse.yacc: Fix pastos introduced in SETNMATCH addition. -2004-06-05 11:55 millert +2004-06-05 13:55 millert * README.LDAP: Update for configure changes -2004-06-05 11:42 millert +2004-06-05 13:42 millert * parse.yacc, sudo.h: Add NOMATCH and UNSPEC defines (-1 and -2 - respectively) and use these in parse.yacc. Also in parse.yacc - initialize the *_matches vars to UNSPEC and add two macros, - SETMATCH and SETNMATCH for use when setting *_matches to a value - that may be NOMATCH/UNSPEC/TRUE/FALSE. + respectively) and use these in parse.yacc. Also in parse.yacc + initialize the *_matches vars to UNSPEC and add two macros, + SETMATCH and SETNMATCH for use when setting *_matches to a value + that may be NOMATCH/UNSPEC/TRUE/FALSE. -2004-06-05 09:17 millert +2004-06-05 11:17 millert * parse.yacc: Initialize runas to -2, not -1 since we need to be - able to distinguish between the initialized value and the value of - a non-match when passing along the runas value to multiple - commands. - - The result of this is that an unmatched runas is now set to -1, not - 0. This is required now that parse.c treats a FALSE value for - runas as being explicitly denied. + able to distinguish between the initialized value and the value + of a non-match when passing along the runas value to multiple + commands. -2004-06-03 14:21 millert + The result of this is that an unmatched runas is now set to -1, + not 0. This is required now that parse.c treats a FALSE value + for runas as being explicitly denied. - * getprogname.c, sudo.c: Error out if argc < 1. +2004-06-03 16:21 millert -2004-06-03 10:37 millert + * getprogname.c, sudo.c, visudo.c: Error out if argc < 1. + +2004-06-03 12:37 millert * configure, configure.in: Add tests for what libs we need to link - with for ldap and for whether or not lber.h needs to be explicitly - included. + with for ldap and for whether or not lber.h needs to be + explicitly included. -2004-06-02 18:30 aaron +2004-06-02 20:30 aaron * ldap.c: Solaris native LDAP build fix -2004-06-01 14:56 millert +2004-06-01 16:56 millert * ldap.c: Set edn to NULL is ldap_get_dn() fails to avoid potential - use of an unset variable. + use of an unset variable. -2004-06-01 14:56 millert +2004-06-01 16:56 millert * sudo.h: Add prototype for sudo_ldap_list_matches -2004-06-01 14:53 millert +2004-06-01 16:53 millert * compat.h, config.h.in, configure, configure.in: Better check for - dirfd macro--we now set HAVE_DIRFD for the macro version too. - Added check for dd_fd in `DIR' if no dirfd is found; this is now - used to confitionally define the dirfd macro in compat.h. + dirfd macro--we now set HAVE_DIRFD for the macro version too. + Added check for dd_fd in `DIR' if no dirfd is found; this is now + used to confitionally define the dirfd macro in compat.h. -2004-06-01 14:51 millert +2004-06-01 16:51 millert * closefrom.c: Only check /proc/$$/fd if we have the dirfd - function/macro. + function/macro. -2004-06-01 13:13 millert +2004-06-01 15:13 millert * compat.h, config.h.in, configure, configure.in: Add a check for a - dirfd() function (like Linux) and add a dirfd macro in compat.h if - there is no dirfd() function or macro. + dirfd() function (like Linux) and add a dirfd macro in compat.h + if there is no dirfd() function or macro. -2004-06-01 12:59 millert +2004-06-01 14:59 millert * closefrom.c, getcwd.c: dirfd() is now defined in compat.h as - needed. + needed. -2004-06-01 12:30 millert +2004-06-01 14:30 millert * CHANGES: Clarify closefrom() note. -2004-06-01 10:51 millert +2004-06-01 12:51 millert * parse.c: When checking for a command in the directory, only copy - the base dir once. + the base dir once. -2004-06-01 10:44 millert +2004-06-01 12:44 millert * closefrom.c: If there is a /proc/$$/fd directory, behave like the - Solaris closefrom() and only close the descriptors listed therein. + Solaris closefrom() and only close the descriptors listed + therein. -2004-06-01 10:23 millert +2004-06-01 12:23 millert * alloc.c: compat.h guarantees INT_MAX is defined. -2004-06-01 10:23 millert +2004-06-01 12:23 millert * compat.h: Add definitions of OPEN_MAX and INT_MAX for those - without it and remove definition of RLIM_INFINITY (now unused). + without it and remove definition of RLIM_INFINITY (now unused). -2004-05-31 19:22 millert +2004-05-31 21:22 millert * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, - parse.c, sudo.c, sudo.h: Use PATH_MAX, not MAXPATHLEN since the - former is standardized. + parse.c, sudo.c, sudo.h, visudo.c: Use PATH_MAX, not MAXPATHLEN + since the former is standardized. -2004-05-31 17:18 millert +2004-05-31 19:18 millert * CHANGES: sync -2004-05-31 17:10 millert +2004-05-31 19:10 millert * RUNSON: Add some entries that were mailed in a while ago -2004-05-31 12:16 millert +2004-05-31 14:16 millert * closefrom.c: o sysconf returns a long, not an int. o check for - negative return value from sysconf/getdtablesize and use OPEN_MAX - in this case. o define OPEN_MAX to 256 for those without it (a - fair guess...) + negative return value from sysconf/getdtablesize and use + OPEN_MAX in this case. o define OPEN_MAX to 256 for those + without it (a fair guess...) -2004-05-30 10:25 millert +2004-05-30 12:25 millert * UPGRADE: Mention change in parse order for RunAs entries. -2004-05-30 10:15 millert +2004-05-30 12:15 millert * configure: regen -2004-05-29 16:29 millert +2004-05-29 18:29 millert * config.h.in, configure.in, INSTALL, README.LDAP: o --with-ldap - now takes an optional dir as a parameter - o added check for ldap_initialize() and start_tls_s() + now takes an optional dir as a parameter + o added check for ldap_initialize() and start_tls_s() -2004-05-29 12:54 millert +2004-05-29 14:54 millert * README.LDAP: Fix some typos, word choice and formatting issues. -2004-05-28 14:27 millert +2004-05-28 18:06 millert + + * tgetpass.c: Use SA_INTERRUPT so SunOS works correctly, avoid + stdio and just use read/write as it is simpler. + +2004-05-28 16:27 millert * configure, configure.in: Remove hack overriding cross-compiler - check. It should no longer be needed. + check. It should no longer be needed. -2004-05-28 14:26 millert +2004-05-28 16:26 millert * compat.h: Remove select() compat bits since we no longer use - select(). + select(). -2004-05-28 14:24 millert +2004-05-28 16:24 millert - * CHANGES: Use alarm() instead of select() for the timeout for - systems that don't fully/properly implement select(). + * CHANGES, tgetpass.c: Use alarm() instead of select() for the + timeout for systems that don't fully/properly implement select(). -2004-05-27 17:14 millert +2004-05-27 19:14 millert * CHANGES: synbc -2004-05-27 17:12 millert +2004-05-27 19:12 millert * RUNSON: update -2004-05-27 17:12 millert +2004-05-27 19:12 millert * set_perms.c: Deal with systems that have no way of setting the - effective uid such as nsr-tandem-nsk. + effective uid such as nsr-tandem-nsk. -2004-05-27 17:01 millert +2004-05-27 19:01 millert * configure, configure.in: Define NO_SAVED_IDS if we don't find - seteuid() + seteuid() -2004-05-27 16:21 millert +2004-05-27 18:21 millert * config.h.in, configure, configure.in: Add back check for - setreuid() since NSK doesn't have it. + setreuid() since NSK doesn't have it. + +2004-05-27 15:57 millert -2004-05-27 13:56 millert + * sudoers.cat, sudoers.man.in: regen + +2004-05-27 15:56 millert * BUGS, CHANGES: sync -2004-05-27 13:55 millert +2004-05-27 15:55 millert * parse.c: In sudoers_lookup() return VALIDATE_NOT_OK if the runas - user was explicitly denied and the command matched. This fixes a - long-standing bug and makes: foo machine = (ALL) /usr/bin/blah - foo machine = (!bar) /usr/bin/blah - - equivalent to: foo machine = (ALL, !bar) /usr/bin/blah + user was explicitly denied and the command matched. This fixes a + long-standing bug and makes: foo machine = (ALL) + /usr/bin/blah foo machine = (!bar) /usr/bin/blah + + equivalent to: foo machine = (ALL, !bar) /usr/bin/blah -2004-05-19 19:25 aaron +2004-05-27 15:52 millert + + * sudoers.pod: Clarify mail_noperm + +2004-05-19 21:25 aaron * Makefile.in: Missing DESTDIR in make install for sudo_noexec.la -2004-05-17 16:32 millert +2004-05-17 18:32 millert - * sudo.man.in, sudo.cat: regen + * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, + sudoers.cat, visudo.cat: regen -2004-05-17 16:31 millert +2004-05-17 18:31 millert * TODO: sync -2004-05-17 16:31 millert +2004-05-17 18:31 millert - * sample.sudoers: Remove fastboot/fasthalt (who still remembers - these?) and add a minimal sudoedit example. + * sample.sudoers, sudoers.pod: Remove fastboot/fasthalt (who still + remembers these?) and add a minimal sudoedit example. -2004-05-17 16:21 millert +2004-05-17 18:21 millert - * CHANGES, INSTALL, TROUBLESHOOTING, UPGRADE, sudo.c: filesystem -> - file system + * CHANGES, INSTALL, TROUBLESHOOTING, UPGRADE, sudo.c, visudo.c: + filesystem -> file system -2004-05-17 16:19 millert +2004-05-17 18:19 millert - * sudo.pod: Fix some minor typos and formatting goofs + * sudo.pod, sudoers.pod: Fix some minor typos and formatting goofs -2004-05-17 16:10 millert +2004-05-17 18:10 millert * lex.yy.c: regen -2004-05-17 15:55 millert +2004-05-17 17:57 millert + + * visudo.pod: remove my email addr - * sudo.pod: Use @mansectform@ and @mansectsu@ everywhere Make man - page references links with L<> +2004-05-17 17:55 millert -2004-05-17 14:51 millert + * sudo.pod, sudoers.pod, visudo.pod: Use @mansectform@ and + @mansectsu@ everywhere Make man page references links with L<> + +2004-05-17 16:51 millert * parse.lex: Accept quoted globbing characters and pass them - verbatim for fnmatch() + verbatim for fnmatch() -2004-05-17 14:50 millert +2004-05-17 16:50 millert * UPGRADE: Document that /tmp/.odus is gone. -2004-05-17 14:28 millert +2004-05-17 16:28 millert * CHANGES, aclocal.m4, configure, pathnames.h.in: No longer use - /tmp/.odus as a possible timestamp dir unless specifically - configured to do so. Instead, if no /var/run exists, use - /var/adm/sudo or /usr/adm/sudo. + /tmp/.odus as a possible timestamp dir unless specifically + configured to do so. Instead, if no /var/run exists, use + /var/adm/sudo or /usr/adm/sudo. -2004-05-17 14:08 millert +2004-05-17 16:08 millert - * check.c, compat.h, logging.c, set_perms.c, sudo.c: Preliminary - changes to support nsr-tandem-nsk. Based on patches from Tom - Bates. + * check.c, compat.h, logging.c, set_perms.c, sudo.c, tgetpass.c, + visudo.c: Preliminary changes to support nsr-tandem-nsk. Based + on patches from Tom Bates. -2004-05-16 16:47 millert +2004-05-16 18:47 millert * CHANGES: There was no 1.6.7p6. -2004-05-16 14:38 millert +2004-05-16 16:38 millert * BUGS, CHANGES: sync -2004-05-16 14:36 millert +2004-05-16 16:36 millert * Makefile.in: add missing files to DISTFILES -2004-05-16 14:24 millert +2004-05-16 16:23 millert - * sudo.cat: regen + * sudoers.man.in, sudo.cat, sudoers.cat, visudo.cat: regen -2004-05-16 14:20 millert +2004-05-16 16:20 millert * Makefile.in: Fix some line wrap and update (c) year -2004-04-28 13:05 aaron +2004-04-28 15:05 aaron * README.LDAP: Build Note -2004-04-06 20:03 aaron +2004-04-06 22:03 aaron * Makefile.in: Fix install-dirs -2004-03-24 16:06 millert +2004-04-04 20:27 millert + + * visudo.c: In Exit() when used as a signal handler, emsg is a + pointer so sizeof() is wrong so make it a #define instead. Also + avoid using a negative exit value. Found by Aaron Campbell + +2004-03-24 18:23 millert + + * sudoers.pod: Remove bogus sentence about uids in a User_List. + Document usernames vs. uid parsing in a Runas_List. - * parse.c, parse.h, parse.yacc, sudo.c: If the user specified a uid - with the -u flag and the uid exists in the passwd file, set - runas_user to the name, not the uid. - - When comparing usernames in sudoers, if a name is really a uid - (starts with '#') compare it numerically to pw_uid. +2004-03-24 18:06 millert -2004-02-28 16:54 aaron + * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: If + the user specified a uid with the -u flag and the uid exists in + the passwd file, set runas_user to the name, not the uid. + + When comparing usernames in sudoers, if a name is really a uid + (starts with '#') compare it numerically to pw_uid. + +2004-03-22 13:35 millert + + * auth/kerb5.c: krb5_mcc_ops should be const; Johnny C. Lam + +2004-02-28 18:54 aaron * CHANGES, config.h.in, ldap.c: Added start_tls support -2004-02-14 16:04 millert +2004-02-14 18:04 millert * Makefile.in: Clean up libtool stuff for 'make distclean' and add - def_data.c, def_data.h to PARSESRCS. + def_data.c, def_data.h to PARSESRCS. -2004-02-14 08:13 aaron +2004-02-14 10:13 aaron * strlcat.c, strlcpy.c: Un-Fix last license munge -2004-02-13 14:37 millert +2004-02-13 16:37 millert * CHANGES, RUNSON, TODO: checkpoint -2004-02-13 14:37 millert +2004-02-13 16:37 millert * lex.yy.c, configure: regen -2004-02-13 14:36 millert +2004-02-13 16:36 millert * LICENSE, Makefile.binary, Makefile.in, alloc.c, check.c, - closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, - find_path.c, getprogname.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - interfaces.h, ldap.c, logging.c, logging.h, parse.c, parse.h, - parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, - strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, - sudo.pod: More to a less restrictive, ISC-style license. - -2004-02-12 19:08 aaron + closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, + find_path.c, getprogname.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + interfaces.h, ldap.c, logging.c, logging.h, parse.c, parse.h, + parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, + strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, + sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.man.in, + sudoers.pod, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c, visudo.man.in, visudo.pod, zero_bytes.c, auth/afs.c, + auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, + emul/search.h, emul/utime.h: More to a less restrictive, + ISC-style license. + +2004-02-12 21:08 aaron * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in, - def_data.c, def_data.h, def_data.in, ldap.c, sudo.c, sudo.h: Merged - in LDAP Support + def_data.c, def_data.h, def_data.in, ldap.c, sudo.c, sudo.h, + sudoers2ldif: Merged in LDAP Support -2004-02-12 18:54 aaron +2004-02-12 20:54 aaron * sudo.h: Merge with HEAD -2004-02-08 13:53 millert +2004-02-11 22:08 aaron + + * sudo_noexec.c: Merge with HEAD - * sudo.h: Only do "extern int errno" if errno is not a macro. +2004-02-08 15:53 millert -2004-02-07 15:48 aaron + * sudo.h, sudo_noexec.c: Only do "extern int errno" if errno is not + a macro. - * ldap.c: noexec hooks +2004-02-07 17:48 aaron -2004-02-07 15:05 aaron + * ldap.c, sudoers2ldif: noexec hooks + +2004-02-07 17:05 aaron * def_data.c, def_data.in: description fix -2004-02-07 15:04 aaron +2004-02-07 17:04 aaron * ldap.c: Conformity -2004-02-07 14:44 aaron +2004-02-07 16:44 aaron * sudo.c: Conformity -2004-02-07 14:31 aaron +2004-02-07 16:31 aaron * def_data.c: Syntax Fix -2004-02-07 14:21 aaron +2004-02-07 16:21 aaron * configure: regen (via autoconf from configure.in) -2004-02-07 14:12 aaron +2004-02-07 16:12 aaron * BUGS, CHANGES, INSTALL, LICENSE, Makefile.in, TODO, acsite.m4, - check.c, closefrom.c, config.h.in, configure.in, def_data.c, - def_data.h, def_data.in, defaults.c, defaults.h, env.c, fnmatch.c, - getspwuid.c, ins_classic.h, interfaces.c, interfaces.h, lex.yy.c, - logging.c, ltmain.sh, mkdefaults, parse.c, parse.h, parse.lex, - parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, sudo.c, - sudo.h, sudo.man.in, sudo.pod: Big Merge with HEAD - -2004-02-06 16:08 millert + check.c, closefrom.c, config.h.in, configure.in, def_data.c, + def_data.h, def_data.in, defaults.c, defaults.h, env.c, + fnmatch.c, getspwuid.c, ins_classic.h, interfaces.c, + interfaces.h, lex.yy.c, logging.c, ltmain.sh, mkdefaults, + parse.c, parse.h, parse.lex, parse.yacc, pathnames.h.in, + set_perms.c, sigaction.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudo.tab.h, sudo_edit.c, sudo_noexec.c, sudoers.man.in, + sudoers.pod, testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, + visudo.pod, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Big Merge + with HEAD + +2004-02-06 18:08 millert * set_perms.c: setreuid(0, 0) fails on QNX if the euid is not - already 0 so set the euid first, then just call setuid(0) to set - the real uid too. + already 0 so set the euid first, then just call setuid(0) to set + the real uid too. -2004-02-06 12:52 millert +2004-02-06 14:52 millert * set_perms.c: Use setresuid() and setreuid() for PERM_RUNAS when - appropriate instead of seteuid() which may not exist. + appropriate instead of seteuid() which may not exist. -2004-02-04 12:58 millert +2004-02-04 14:58 millert * LICENSE: 2004 -2004-02-03 21:38 millert +2004-02-03 23:38 millert * INSTALL, config.h.in, configure, configure.in, ins_classic.h: Add - --with-pc-insults configure option + --with-pc-insults configure option -2004-02-01 13:45 millert +2004-02-03 23:32 millert - * sudo.man.in: regen + * visudo.man.in: Prefer VISUAL over EDITOR like old vipw did. + +2004-02-01 15:45 millert + + * sudo.man.in, sudoers.man.in: regen + +2004-02-01 15:44 millert -2004-02-01 13:20 millert + * sudoers.pod: Add a note that noexec is not a cure-all. + +2004-02-01 15:20 millert + + * sudoers.pod: Mention that disabling "root_sudo" is pretty + pointless. + +2004-02-01 15:20 millert * configure, configure.in: Substitute for root_sudo in sudoers.pod -2004-02-01 13:03 millert +2004-02-01 15:03 millert * sudo.pod: Add sudoedit to the NAME section -2004-01-29 17:42 millert +2004-02-01 15:00 millert + + * sudoers.pod: Document that fact that setting ignore_dot in + sudoers has no effect due to the fact that find_path() is called + *before* sudoers is read. + +2004-01-29 19:50 millert + + * sudo_edit.c: Do not require _PATH_USRTMP to be set. + +2004-01-29 19:42 millert * BUGS, CHANGES, TODO: sync -2004-01-29 17:42 millert +2004-01-29 19:42 millert * sudo.man.in: regen -2004-01-29 17:41 millert +2004-01-29 19:41 millert * sudo.pod: Clarify that when sudo is run by root with the - SUDO_USER variable set, the sudoers lookup happens for root and not - the SUDO_USER user. + SUDO_USER variable set, the sudoers lookup happens for root and + not the SUDO_USER user. -2004-01-29 15:33 millert +2004-01-29 17:33 millert * defaults.c, env.c, fnmatch.c, interfaces.c, logging.c, parse.c, - set_perms.c, sigaction.c, sudo.c: Use the SET, CLR and ISSET - macros. + set_perms.c, sigaction.c, sudo.c, tgetpass.c, auth/pam.c, + auth/sudo_auth.c: Use the SET, CLR and ISSET macros. -2004-01-29 14:22 millert +2004-01-29 16:22 millert * interfaces.h: MAIN was replaced with _SUDO_MAIN some time ago. -2004-01-29 14:15 millert +2004-01-29 16:15 millert * sudo.c: Don't look at prev_user until after we've parsed sudoers - and done the password check. That way, if sudo/sudoedit is run - from a root process that was invoked by sudo, we check sudoers for - root, not the previous user. This makes sudoedit much more useful - and means that for the sudo case, we get correct logging on who - actually ran the command. + and done the password check. That way, if sudo/sudoedit is run + from a root process that was invoked by sudo, we check sudoers + for root, not the previous user. This makes sudoedit much more + useful and means that for the sudo case, we get correct logging + on who actually ran the command. + +2004-01-22 19:22 millert -2004-01-22 14:06 millert + * sudo_edit.c: Add a comment describing why we need to be notified + about our child stopping. + +2004-01-22 16:06 millert * def_data.c, def_data.in: Update the noexec variable descriptions -2004-01-21 19:57 millert +2004-01-22 14:18 millert + + * sudoers.man.in, sudoers.pod: noexec now replaces more than just + execve() + +2004-01-22 12:14 millert + + * sudo_noexec.c: Alas, all the world does not go through execve(2). + Many systems still have an execv(2) system call, Linux 2.6 + provides fexecve(2) and it is not uncommon for libc to have + underscore ('_') versions of the functions to be used internally + by the library. Instead of stubbing all these out by hand, + define a macro and let it do the work. Extra exec functions + pointed out by Reznic Valery. - * sudo.c: Fix suspending the editor in -e mode. Because we do a - fork() first we need to be notified when the child has been stopped - and then send that same signal to ourself so the shell can do its - job control thing. +2004-01-21 21:57 millert -2004-01-21 18:03 millert + * sudo.c, sudo_edit.c: Fix suspending the editor in -e mode. + Because we do a fork() first we need to be notified when the + child has been stopped and then send that same signal to ourself + so the shell can do its job control thing. + +2004-01-21 21:44 millert + + * visudo.c: Use WIFEXITED and WEXITSTATUS macros. If there are + systems out there that want to run sudo that still don't support + these we can try to deal with that later. + +2004-01-21 20:03 millert * lex.yy.c: regen -2004-01-21 18:00 millert +2004-01-21 20:00 millert - * sudo.man.in, sudo.pod: Document sudo -e / sudoedit + * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: Document sudo + -e / sudoedit -2004-01-21 17:08 millert +2004-01-21 19:08 millert * configure, configure.in: fix typo -2004-01-21 17:02 millert +2004-01-21 19:02 millert * config.h.in, configure.in: Add SET/CLR/ISSET -2004-01-21 16:55 millert +2004-01-21 18:55 millert - * sudo.c: Allow non-exclusive flags when invoked as sudoedit. - Pretty print the long usage() line to not wrap (assumes 80 char - display) + * sudo.c: Allow non-exclusive flags when invoked as sudoedit. + Pretty print the long usage() line to not wrap (assumes 80 char + display) -2004-01-21 16:01 millert +2004-01-21 18:01 millert * Makefile.in, sudo.c: If sudo is invoked as "sudoedit" the -e flag - is implied and no other flags are permitted. + is implied and no other flags are permitted. -2004-01-21 16:00 millert +2004-01-21 18:00 millert * sudo.h: Add a new flag, -e, that makes it possible to give users - the ability to edit files with the editor of their choice as the - invoking user, not the runas user. Temporary files are used for - the actual edit and the temp file is copied over the original after - the editor is done. + the ability to edit files with the editor of their choice as the + invoking user, not the runas user. Temporary files are used for + the actual edit and the temp file is copied over the original + after the editor is done. -2004-01-21 15:25 millert +2004-01-21 17:25 millert - * Makefile.in, parse.c, parse.lex, sudo.c: Add a new flag, -e, that - makes it possible to give users the ability to edit files with the - editor of their choice as the invoking user, not the runas user. - Temporary files are used for the actual edit and the temp file is - copied over the original after the editor is done. + * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: Add a new + flag, -e, that makes it possible to give users the ability to + edit files with the editor of their choice as the invoking user, + not the runas user. Temporary files are used for the actual edit + and the temp file is copied over the original after the editor is + done. -2004-01-21 15:06 millert +2004-01-21 17:06 millert * sudo.c, env.c: If real uid == 0 and the SUDO_USER environment - variables is set, use that to determine the invoking user's true - identity. That way the proper info gets logged by someone who has - done "sudo su" but still uses sudo to as root. We can't do this - for non-root users since that would open up a security hole, though - perhaps it would be acceptable to use getlogin(2) on OSes where - this a system call (and doesn't just look in the utmp file). + variables is set, use that to determine the invoking user's true + identity. That way the proper info gets logged by someone who + has done "sudo su" but still uses sudo to as root. We can't do + this for non-root users since that would open up a security hole, + though perhaps it would be acceptable to use getlogin(2) on OSes + where this a system call (and doesn't just look in the utmp + file). -2004-01-21 14:58 millert +2004-01-21 16:58 millert * pathnames.h.in: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP -2004-01-21 14:57 millert +2004-01-21 16:57 millert * configure, config.h.in, configure.in: Add check for fchown(2) -2004-01-20 12:22 millert +2004-01-20 14:22 millert * sudo.c: Back out portions of the -i commit that set NewArgv[0] in - set_runaspw. It is far to late to set NewArgv[0] there and will - have no effect anyway as cmnd and safe_cmnd have already been set. + set_runaspw. It is far to late to set NewArgv[0] there and will + have no effect anyway as cmnd and safe_cmnd have already been + set. + +2004-01-20 14:18 millert -2004-01-18 18:17 millert + * visudo.c, visudo.pod: Prefer VISUAL over EDITOR like old vipw + did. + +2004-01-18 20:17 millert * env.c, sudo.c: In -i mode always set new environment based on the - runas user's passwd entry. + runas user's passwd entry. -2004-01-18 15:56 millert +2004-01-18 17:56 millert * sudo.man.in, sudo.pod: Document the new -i flag and sync SYNOPSIS - section with usage() in sudo.c. Also sort the flags in the OPTIONS - section. + section with usage() in sudo.c. Also sort the flags in the + OPTIONS section. -2004-01-18 15:55 millert +2004-01-18 17:55 millert * sudo.c, sudo.h: o Add -i that acts similar to "su -", based on - patches from David J. MacKenzie o Sort the flags in the usage - message + patches from David J. MacKenzie o Sort the flags in the usage + message + +2004-01-18 17:22 millert -2004-01-17 14:34 millert + * sudoers.man.in, sudoers.pod: Add a missing @runas_default@ + substitution. - * sudo.c: Change euid to runas user before calling find_path(). - Unfortunately, though runas_user can be modified in sudoers we - haven't parsed sudoers yet. +2004-01-17 16:34 millert -2004-01-17 11:49 millert + * sudo.c: Change euid to runas user before calling find_path(). + Unfortunately, though runas_user can be modified in sudoers we + haven't parsed sudoers yet. + +2004-01-17 16:25 millert + + * sudoers.man.in, sudoers.pod: Add missing defintion of + Parameter_List and use single pipes in the Defaults EBNF + definition. + +2004-01-17 13:49 millert * sudo.c: Fix a bug when set_runaspw() is used as a callback. We - don't want to reset the contents of runas_pw if the user specified - a user via the -u flag. - - Avoid unnecessary passwd lookups in set_authpw(). In most cases we - already have the info in runas_pw. + don't want to reset the contents of runas_pw if the user + specified a user via the -u flag. + + Avoid unnecessary passwd lookups in set_authpw(). In most cases + we already have the info in runas_pw. -2004-01-16 16:16 millert +2004-01-16 18:16 millert * check.c: Add Stan Lee / Uncle Ben quote to the lecture from - RedHat + RedHat -2004-01-16 16:12 millert +2004-01-16 18:12 millert * sudo.h: Update sudo_getepw() proto and add one for set_runaspw() -2004-01-16 16:10 millert +2004-01-16 18:10 millert * parse.c: If we can't stat the command as root, try as the runas - user instead. + user instead. -2004-01-16 16:09 millert +2004-01-16 18:09 millert + + * testsudoers.c, visudo.c: Add stub set_runaspw() function + +2004-01-16 18:09 millert * sudo.c: Add set_runaspw() function to fill in runas_pw. This - will be used as a callback to update runas_pw when the runas user - changes. + will be used as a callback to update runas_pw when the runas user + changes. -2004-01-16 16:07 millert +2004-01-16 18:07 millert * env.c, sudo.c: PERM_RUNAS -> PERM_FULL_RUNAS -2004-01-16 16:05 millert +2004-01-16 18:05 millert * set_perms.c, sudo.h: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add - a PERM_RUNAS that just changes the euid. + a PERM_RUNAS that just changes the euid. -2004-01-16 16:04 millert +2004-01-16 18:04 millert * getspwuid.c: Make sudo_pwdup() act like OpenBSD pw_dup() and - allocate memory in one chunk for easy free()ing. Also change it - from static to extern. + allocate memory in one chunk for easy free()ing. Also change it + from static to extern. -2004-01-16 16:03 millert +2004-01-16 18:03 millert * defaults.c, defaults.h: Add callback support -2004-01-16 16:02 millert +2004-01-16 18:02 millert * def_data.c, def_data.in, mkdefaults: Add a callback field and use - it for runas_default + it for runas_default + +2004-01-15 15:13 millert + + * auth/fwtk.c: Add support for chalnecho and display server + responses used by fwtk >= 2.0 -2004-01-12 12:03 millert +2004-01-12 18:39 millert + + * sudoers.man.in, sudoers.pod: ld.so is ld.so.1 on solaris + +2004-01-12 14:03 millert * Makefile.in, config.h.in, configure, configure.in, sudo.c, - sudo.h: Use closefrom() instead of doing the equivalent inline. + sudo.h: Use closefrom() instead of doing the equivalent inline. -2004-01-12 11:55 millert +2004-01-12 13:55 millert * closefrom.c: closefrom(3) for systems w/o it -2004-01-09 14:26 millert +2004-01-09 16:29 millert + + * sudoers.man.in: Update from .pod file. + +2004-01-09 16:26 millert * configure, configure.in: Substitute noexec_file for the sudoers - man page + man page -2004-01-09 14:24 millert +2004-01-09 16:24 millert * sudo.man.in, sudo.pod: Mention noexec -2004-01-09 12:38 millert +2004-01-09 16:16 millert - * config.h.in, configure.in: Move PAM_CONST macro definition from - config.h to pam.c where it belongs. We can't have this in config.h - since that gets included too early. + * sudoers.man.in, sudoers.pod: Document noexec -2004-01-09 12:35 millert +2004-01-09 14:38 millert - * config.h.in, configure, configure.in: Some PAM implementations - put their headers in /usr/include/pam instead of - /usr/include/security. + * config.h.in, configure.in, auth/pam.c: Move PAM_CONST macro + definition from config.h to pam.c where it belongs. We can't + have this in config.h since that gets included too early. -2004-01-09 12:32 millert +2004-01-09 14:35 millert + + * config.h.in, configure, configure.in, auth/pam.c: Some PAM + implementations put their headers in /usr/include/pam instead of + /usr/include/security. + +2004-01-09 14:32 millert * configure.in: I missed changing the EXEC macro -> EXECV here when - I changed this in config.h.in and sudo.c a while ago. + I changed this in config.h.in and sudo.c a while ago. -2004-01-09 11:15 millert +2004-01-09 13:15 millert * acsite.m4: OpenBSD vax/m88k/hppa don't do shared libs -2004-01-09 01:29 millert +2004-01-09 03:29 millert * configure, configure.in: o merge the hpux case entries into a - single entry w/ its own sub-case statement. o HP-UX >= 11 support - getspnam(), use it in preference to getprpwuid() + single entry w/ its own sub-case statement. o HP-UX >= 11 + support getspnam(), use it in preference to getprpwuid() -2004-01-09 00:58 millert +2004-01-09 02:58 millert * configure, configure.in: eval $shrext so that it expands nicely - on MacOS X + on MacOS X -2004-01-09 00:50 millert +2004-01-09 02:50 millert * Makefile.in: Don't lie about making a module, it does the wrong - thing on mach + thing on mach -2004-01-09 00:49 millert +2004-01-09 02:49 millert - * ltmain.sh: Remove requirement that libs must begin with "lib". - They don't when we point directly at the lib using LD_PRELOAD or - its equivalent. + * ltmain.sh: Remove requirement that libs must begin with "lib". + They don't when we point directly at the lib using LD_PRELOAD or + its equivalent. -2004-01-09 00:01 millert +2004-01-09 02:01 millert * acsite.m4: Disable support for c++, f77 and java. We don't need - it, it takes a lot of time, and it hosed our check for shared lib - support. + it, it takes a lot of time, and it hosed our check for shared lib + support. -2004-01-09 00:00 millert +2004-01-09 02:00 millert * configure: regen -2004-01-09 00:00 millert +2004-01-09 02:00 millert * configure.in: Call AC_ENABLE_SHARED and check the status of - enable_shared to know when shared libs are available. + enable_shared to know when shared libs are available. -2004-01-08 23:37 millert +2004-01-09 01:37 millert * acsite.m4: Duh, OpenBSD suports shared libs too -2004-01-08 23:18 millert +2004-01-09 01:18 millert * configure.in, config.h.in: Only OpenPAM and Linux PAM use const - qualifiers. + qualifiers. -2004-01-08 23:15 millert +2004-01-09 01:15 millert * configure, configure.in: o No need to check for sed, libtool - config does that for us o move check for --with-noexec until after - libtool magic is run so we can use $can_build_shared and $shrext + config does that for us o move check for --with-noexec until + after libtool magic is run so we can use $can_build_shared and + $shrext -2004-01-08 23:14 millert +2004-01-09 01:14 millert * ltmain.sh: Don't print a bunch of crap about library installs - since we are not really installing a library. + since we are not really installing a library. -2004-01-08 22:38 millert +2004-01-09 00:38 millert * env.c: Make format_env() varargs Add noexec support for Darwin, - MacOS X, Irix, and Tru64 + MacOS X, Irix, and Tru64 -2004-01-08 22:32 millert +2004-01-09 00:32 millert * acsite.m4, ltconfig, ltmain.sh: Update to libtool 1.5 with local - changes: o no ldconfig in the finish step o assume no libprefix - or version is needed + changes: o no ldconfig in the finish step o assume no libprefix + or version is needed + +2004-01-09 00:15 millert + + * sudo_noexec.c: Fix compilation under K&R -2004-01-06 07:31 millert +2004-01-06 09:31 millert * CHANGES: checkpoint -2004-01-05 14:10 millert +2004-01-06 09:28 millert + + * sudo_noexec.c: stub execve() that just returns EACCES; used for + noexec functionality + +2004-01-06 01:42 millert + + * sudo.tab.h: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 + issue with generated code. + +2004-01-05 16:10 millert * def_data.c, def_data.h, def_data.in: Move the environment - defaults to the end and shorten a few of the descriptions. + defaults to the end and shorten a few of the descriptions. -2004-01-05 13:05 millert +2004-01-05 15:05 millert * configure.in, configure: no shared libs on ultris or convexos -2004-01-05 13:03 millert +2004-01-05 15:03 millert * Makefile.in, configure, configure.in: Build sudo_noexec shared - object using libtool; could use some cleanup. + object using libtool; could use some cleanup. -2004-01-05 12:59 millert +2004-01-05 14:59 millert * acsite.m4, ltconfig, ltmain.sh: libtool scaffolding -2004-01-05 12:56 millert +2004-01-05 14:56 millert * parse.yacc: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so - that order is not important. + that order is not important. -2004-01-05 10:15 millert +2004-01-05 12:15 millert * defaults.c, env.c, parse.c, parse.h, parse.lex, parse.yacc, - pathnames.h.in, sudo.c, sudo.h, lex.yy.c: update copyright year + pathnames.h.in, sudo.c, sudo.h, lex.yy.c: update copyright year -2004-01-04 20:58 millert +2004-01-04 22:58 millert * configure, configure.in, defaults.c, env.c, pathnames.h.in: Add - _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option. - The default value of noexec_file is set to this. + _PATH_SUDO_NOEXEC and corresponding --with-noexec configure + option. The default value of noexec_file is set to this. -2004-01-04 19:48 millert +2004-01-04 21:48 millert * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c, - parse.h, parse.lex, parse.yacc, sudo.c, sudo.h: Add support for - preloading a shared object containing a dummy execve() function - that just sets error and returns -1. This adds a "noexec_file" - option to load the filename as well as a "noexec" flag to enable it - unconditionally. There is also a NOEXEC tag that can be attached - to specific commands and an EXEC tag to disable it. + parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.h: Add + support for preloading a shared object containing a dummy + execve() function that just sets error and returns -1. This adds + a "noexec_file" option to load the filename as well as a "noexec" + flag to enable it unconditionally. There is also a NOEXEC tag + that can be attached to specific commands and an EXEC tag to + disable it. -2004-01-04 19:40 millert +2004-01-04 21:40 millert * mkdefaults: add missing newline to usage statement -2004-01-04 18:39 millert +2004-01-04 20:39 millert * config.h.in, sudo.c: Rename EXEC macro -> EXECV -2004-01-04 18:16 millert +2004-01-04 20:16 millert * logging.c: Don't truncate usernames to 8 characters in the log - message. + message. -2004-01-04 18:13 millert +2004-01-04 20:13 millert - * check.c: Update copyright year + * check.c, sudoers.man.in, sudoers.pod: Update copyright year -2004-01-04 18:12 millert +2004-01-04 20:12 millert - * check.c, def_data.c, def_data.h, def_data.in: Add a new option, - lecture_file, that can be used to point to a custom sudo lecture. + * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in, + sudoers.pod: Add a new option, lecture_file, that can be used to + point to a custom sudo lecture. -2004-01-01 16:22 aaron +2004-01-01 18:22 aaron * configure: removed duplicate darwin entry -2004-01-01 14:47 aaron +2004-01-01 16:47 aaron * Makefile.in, TODO, check.c, configure, configure.in, def_data.c, - def_data.h, def_data.in, defaults.c, defaults.h, env.c, err.c, - find_path.c, ldap.c, logging.c, mkdefaults, parse.c, parse.yacc, - set_perms.c, sudo.c, sudo.h: Sync with HEAD + def_data.h, def_data.in, defaults.c, defaults.h, env.c, err.c, + find_path.c, ldap.c, logging.c, mkdefaults, parse.c, parse.yacc, + set_perms.c, sudo.c, sudo.h, sudoers.man.in, sudoers.pod, + visudo.c, visudo.man.in, zero_bytes.c, auth/aix_auth.c, + auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/rfc1938.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Sync with HEAD -2003-12-31 15:46 millert +2003-12-31 17:46 millert - * Makefile.in, sudo.h: Add a zero_bytes() function to do the - equivalent of bzero in such a way that will heopfully not be - optimized away by sneaky compilers. + * Makefile.in, sudo.h, zero_bytes.c, auth/aix_auth.c, + auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Add a + zero_bytes() function to do the equivalent of bzero in such a way + that will heopfully not be optimized away by sneaky compilers. -2003-12-31 14:53 aaron +2003-12-31 16:53 aaron * ldap.c, sudo.c: Incorporated Patch from Nationwide (Todd Anello) -2003-12-31 11:35 millert +2003-12-31 13:35 millert * err.c: Use #ifdef __STDC__, not #if __STDC__. -2003-12-30 15:41 millert +2003-12-30 17:41 millert * mkdefaults: Always put at least one space between the def_* macro - name and its definition. + name and its definition. -2003-12-30 15:34 millert +2003-12-30 17:34 millert * configure, configure.in: Adjust code for --without-lecture to - match new values. + match new values. + +2003-12-30 17:33 millert + + * visudo.man.in: regen after pasto fix + +2003-12-30 17:31 millert + + * sudoers.man.in, sudoers.pod: Document that "lecture" has changed + from a flag to a tuple. -2003-12-30 15:31 millert +2003-12-30 17:31 millert * check.c, def_data.c, def_data.h, def_data.in, defaults.c, - defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: Add - support for tuples in def_data.in; these are implemented as an enum - type. Currently there is only a single tuple enum but in the - future we may have one tuple enum per T_TUPLE entry in def_data.in. - Currently listpw, verifypw and lecture are tuples. This avoids - the need to have two entries (one ival, one str) for pwflags and - syslog values. - - lecture is now a tuple with the following values: never, once, - always - - We no longer use both an int and string entry for syslog facilities - and priorities. Instead, there are logfac2str() and logpri2str() - functions that get used when we need to print the string values. - -2003-12-30 15:20 millert + defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: Add + support for tuples in def_data.in; these are implemented as an + enum type. Currently there is only a single tuple enum but in + the future we may have one tuple enum per T_TUPLE entry in + def_data.in. Currently listpw, verifypw and lecture are tuples. + This avoids the need to have two entries (one ival, one str) for + pwflags and syslog values. + + lecture is now a tuple with the following values: never, once, + always + + We no longer use both an int and string entry for syslog + facilities and priorities. Instead, there are logfac2str() and + logpri2str() functions that get used when we need to print the + string values. + +2003-12-30 17:20 millert * check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c, - logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c: - Create def_* macros for each defaults value so we no longer need - the def_{flag,ival,str,list,mode} macros (which have been removed). - This is a step toward more flexible data types in def_data.in. + logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c, + visudo.c, auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, + auth/pam.c, auth/rfc1938.c, auth/securid5.c, auth/sia.c, + auth/sudo_auth.c: Create def_* macros for each defaults value so + we no longer need the def_{flag,ival,str,list,mode} macros (which + have been removed). This is a step toward more flexible data + types in def_data.in. -2003-12-30 13:55 millert +2003-12-30 15:55 millert * TODO: checkpoint -2003-12-23 08:58 aaron +2003-12-23 10:58 aaron * sudo.c: Sync with HEAD -2003-12-22 19:18 millert +2003-12-22 21:18 millert * sudo.c: If we are in -k/-K mode, just spew to stderr. It is not - unusual for users to place "sudo -k" in a .logout file which can - cause sudo to be run during reboot after the YP/NIS/NIS+/LDAP/etc - daemon has died. Previously, this would result in useless mail and - logging. + unusual for users to place "sudo -k" in a .logout file which can + cause sudo to be run during reboot after the YP/NIS/NIS+/LDAP/etc + daemon has died. Previously, this would result in useless mail + and logging. -2003-12-19 19:30 aaron +2003-12-19 21:30 aaron * README.LDAP: typo -2003-12-19 19:28 aaron +2003-12-19 21:28 aaron * README.LDAP: typos -2003-12-18 17:40 aaron +2003-12-18 19:40 aaron - * configure: Merge with HEAD + * configure, visudo.pod: Merge with HEAD -2003-12-17 21:13 aaron +2003-12-17 23:13 aaron * ldap.c: Bugfix reported by Andreas.Bussjaeger@t-systems.com -2003-12-17 20:47 aaron +2003-12-17 22:47 aaron * README.LDAP, ldap.c: LDAPv3 -2003-12-14 12:39 aaron +2003-12-16 23:23 aaron - * README.LDAP, config.h.in, ldap.c: other LDAP Libraries from - Andreas Bussjaeger + * sudoers2ldif: Added to buglist -2003-12-12 10:22 millert +2003-12-16 13:51 millert - * Makefile.in, configure, configure.in, ldap.c: Don't compile - ldap.c (even as a stub) unless --with-ldap is specified. + * visudo.pod: fix pasto in VISUAL description -2003-12-12 10:12 millert +2003-12-14 14:39 aaron - * ldap.c: file ldap.c was initially added on branch LDAP. + * README.LDAP, config.h.in, ldap.c: other LDAP Libraries from + Andreas Bussjaeger -2003-12-12 10:12 millert +2003-12-12 12:22 millert - * CHANGES, Makefile.in, README.LDAP, config.h.in, configure, - configure.in, def_data.c, def_data.h, def_data.in, ldap.c, sudo.c, - sudo.h: Merge in LDAP support from Aaron Spangler + * Makefile.in, configure, configure.in, ldap.c: Don't compile + ldap.c (even as a stub) unless --with-ldap is specified. -2003-12-12 10:12 millert +2003-12-12 12:12 millert - * README.LDAP: file README.LDAP was initially added on branch LDAP. + * CHANGES, Makefile.in, README.LDAP, config.h.in, configure, + configure.in, def_data.c, def_data.h, def_data.in, ldap.c, + sudo.c, sudo.h, sudoers2ldif: Merge in LDAP support from Aaron + Spangler -2003-12-09 20:09 millert +2003-12-09 22:09 millert * configure: regen -2003-12-09 20:08 millert +2003-12-09 22:08 millert * CHANGES: checkpoint -2003-12-09 20:02 millert +2003-12-09 22:02 millert * TROUBLESHOOTING: Some OSes (like Solaris) allow export w/ nosuid - too + too -2003-08-12 14:45 millert +2003-08-12 16:45 millert * compat.h: We don't use FD_ZERO anymore so just define FD_SET (if - not already there). + not already there). + +2003-06-28 21:31 millert -2003-06-21 10:50 millert + * auth/pam.c: Fix a core dump on Solaris by preserving the + pam_handle_t we used during authentication for pam_prep_user(). + If we didn't authenticate (ie: ticket still valid), we call + pam_init() from pam_prep_user(). This is something of a hack; it + may be better to change the auth API and add an auth_final() + function that acts like pam_prep_user(). + +2003-06-21 12:50 millert * set_perms.c: Add explicit declaration of printerr variable in - function header (was defaulting to int which is OK but oh so K&R - :-). From Theo. + function header (was defaulting to int which is OK but oh so K&R + :-). From Theo. -2003-06-09 17:00 millert +2003-06-09 19:00 millert * config.h.in, configure.in: s/HAVE_STOW/USE_STOW/ -2003-06-09 14:07 millert +2003-06-09 16:07 millert * logging.c: Also exit waitpid() loop when pid == 0. Fixes a - problem where the sudo process would spin eating up CPU until - sendmail finished when it has to send mail. + problem where the sudo process would spin eating up CPU until + sendmail finished when it has to send mail. -2003-05-30 14:22 millert +2003-05-30 16:22 millert * fnmatch.3, fnmatch.c: Remove advertising clause, UCB has - disavowed it + disavowed it -2003-05-21 19:53 millert +2003-05-21 21:53 millert * parse.c: Don't assume that getgrnam() calls don't modify contents - of struct passwd returned by getpwnam(). On FreeBSD w/ NIS this - can happen. Based on a patch from Kirk Webb. + of struct passwd returned by getpwnam(). On FreeBSD w/ NIS this + can happen. Based on a patch from Kirk Webb. -2003-05-06 09:25 millert +2003-05-06 11:25 millert * configure.in: missing ;; -2003-05-05 22:53 millert +2003-05-06 00:53 millert * configure.in: darwin has a broken setreuid() in at least some - versions + versions -2003-05-05 22:31 millert +2003-05-06 00:31 millert * env.c: Fix an off by one error when reallocating the environment; - Kevin Pye + Kevin Pye + +2003-04-30 14:04 millert -2003-04-28 17:30 millert + * sudoers.pod: Fix User_Spec definition; SEKINE Tatsuo + +2003-04-28 19:30 millert * HISTORY: More info on the early days from Coggs. -2003-04-15 18:42 millert +2003-04-21 14:47 millert - * Makefile.in, alloc.c, check.c, compat.h, defaults.c, defaults.h, - env.c, fileops.c, find_path.c, getprogname.c, getspwuid.c, - goodpath.c, interfaces.c, interfaces.h, logging.c, parse.c, - parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, - strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod: add DARPA credit - on affected files + * auth/kerb5.c: remove errant semicolon that prevented compilation + under heimdal -2003-04-15 18:25 millert +2003-04-15 20:42 millert + + * Makefile.in, alloc.c, check.c, compat.h, defaults.c, defaults.h, + env.c, fileops.c, find_path.c, getprogname.c, getspwuid.c, + goodpath.c, interfaces.c, interfaces.h, logging.c, parse.c, + parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, + strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, utime.c, + version.h, visudo.c, visudo.man.in, visudo.pod, auth/afs.c, + auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c: add DARPA credit + on affected files + +2003-04-15 20:25 millert * LICENSE: slightly different wording for the darpa credit -2003-04-15 12:37 millert +2003-04-15 14:37 millert * LICENSE: Add DARPA credit -2003-04-13 13:48 millert +2003-04-14 16:49 millert + + * auth/kerb5.c: Use krb5_princ_component() instead of + krb5_princ_realm() for MIT Kerberos like we did before I messed + things up ;-) + + Use krb5_principal_get_comp_string() to do the same thing w/ + Heimdal. I'm not sure if the component should be 0 or 1 in this + case. + + #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since + older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there + should be a configure check for this I guess. + +2003-04-13 15:48 millert * TROUBLESHOOTING, config.h.in, configure, configure.in, - sample.sudoers: builtin -> built-in; Jason McIntyre + sample.sudoers: builtin -> built-in; Jason McIntyre -2003-04-09 14:14 millert +2003-04-13 15:45 millert + + * sudoers.pod: built in -> built-in; Jason McIntyre + +2003-04-09 16:14 millert * CHANGES: checkpoint for 1.6.7p3 -2003-04-09 14:14 millert +2003-04-09 16:14 millert * HISTORY: Update info on the early years @ SUNY-Buffalo from Cliff - Spencer. Amazingly, sudo source from 1985 is available via - groups.google.com + Spencer. Amazingly, sudo source from 1985 is available via + groups.google.com -2003-04-09 14:13 millert +2003-04-09 16:13 millert * sudo.c: Don't change rl.rlim_max for RLIMIT_CORE. We need only - set rl.rlim_cur to 0 to turn off core dumps. This may be needed - for the RLIMIT_CORE restoration on some OSes. + set rl.rlim_cur to 0 to turn off core dumps. This may be needed + for the RLIMIT_CORE restoration on some OSes. + +2003-04-04 12:46 millert + + * auth/kerb5.c: Make this compile on Heimdal and MIT Kerberos 5 -2003-04-04 10:45 millert +2003-04-04 12:45 millert * config.h.in, configure, configure.in: Check for heimdal even if - we found krb5-config and define HAVE_HEIMDAL. + we found krb5-config and define HAVE_HEIMDAL. -2003-04-03 08:16 millert +2003-04-03 22:04 millert + + * auth/kerb5.c: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. + The former is no longer defined by MIT kerb5 (though it used to + be and indeed remains so in Heimdal). + +2003-04-03 10:16 millert * mkinstalldirs: Remove newer stuff that passes multiple (possibly - duplicate) directories to "mkdir -p" since that seems to break on - Tru64 Unix at least. This basically brings back what shipped with - sudo 1.6.6. + duplicate) directories to "mkdir -p" since that seems to break on + Tru64 Unix at least. This basically brings back what shipped + with sudo 1.6.6. + +2003-04-02 13:57 millert + + * auth/kerb5.c: Correct number of args to + krb5_principal_get_realm() and fix an unclosed comment that hid + the bug. -2003-04-02 11:45 millert +2003-04-02 13:45 millert * configure: regen -2003-04-02 11:45 millert +2003-04-02 13:45 millert * BUGS, CHANGES, INSTALL, INSTALL.binary, Makefile.in, README, - configure.in: ++version + configure.in, version.h: ++version -2003-04-02 11:44 millert +2003-04-02 13:44 millert * configure.in: use krb5-config to determine Kerberos V details if - it exists + it exists -2003-04-02 11:25 millert +2003-04-02 13:25 millert * alloc.c, check.c, compat.h, defaults.c, env.c, find_path.c, - interfaces.c, logging.c, parse.c, sudo.c, sudo.h: Use warn/err and - getprogname() throughout. The main exception is openlog(). Since - the admin may be filtering logs based on the program name in the - log files, hard code this to "sudo". + interfaces.c, logging.c, parse.c, sudo.c, sudo.h, testsudoers.c, + visudo.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c, + auth/securid5.c, auth/sia.c: Use warn/err and getprogname() + throughout. The main exception is openlog(). Since the admin + may be filtering logs based on the program name in the log files, + hard code this to "sudo". -2003-04-02 11:16 millert +2003-04-02 13:16 millert * Makefile.in: Add getprogname.c and err.c -2003-04-02 11:15 millert +2003-04-02 13:15 millert * configure: regen -2003-04-02 11:15 millert +2003-04-02 13:15 millert * configure.in, config.h.in: Add checks for getprognam(), - __progname and err.h + __progname and err.h -2003-04-02 11:14 millert +2003-04-02 13:14 millert - * err.c: For systems withour err/warn functions. + * err.c, emul/err.h: For systems withour err/warn functions. -2003-04-02 11:14 millert +2003-04-02 13:14 millert * getprogname.c: For systems neither getprogname() nor __progname; - uses Argv[0]. + uses Argv[0]. -2003-04-01 08:09 millert +2003-04-01 10:09 millert * CHANGES: checkpoint for 1.6.7p1 -2003-04-01 08:02 millert +2003-04-01 10:02 millert - * sudo.c: fix strlcpy() rval check (innocuous) + * sudo.c, testsudoers.c: fix strlcpy() rval check (innocuous) -2003-04-01 07:58 millert +2003-04-01 09:58 millert * check.c: oflow detection in expand_prompt() was faulty (false - positives). The count was based on strlcat() return value which - includes the length of the entire string. + positives). The count was based on strlcat() return value which + includes the length of the entire string. -2003-03-30 17:02 millert +2003-03-30 19:02 millert * CHANGES, RUNSON, TODO: checkpoint for the sudo 1.6.7 release -2003-03-24 14:09 millert +2003-03-24 16:09 millert * logging.c: g/c unused variable -2003-03-24 09:06 millert +2003-03-24 11:06 millert * configure: regen -2003-03-24 09:05 millert +2003-03-24 11:05 millert * configure.in: use man sections 8 and 5 for csops -2003-03-21 16:11 millert +2003-03-21 18:11 millert * configure: regen -2003-03-21 13:10 millert +2003-03-21 15:10 millert * configure.in: Add -lskey or -lopie directly to SUDO_LIBS instead - of having AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. + of having AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. -2003-03-21 12:02 millert +2003-03-21 14:02 millert * configure: regen -2003-03-21 12:01 millert +2003-03-21 14:01 millert - * INSTALL, aclocal.m4, configure.in: Add --with-blibpath for AIX. - An alternate libpath may be specified or -blibpath support can be - disabled. Also change conifgure such that -blibpath is not - specified if no -L libpaths were added to SUDO_LDFLAGS. + * INSTALL, aclocal.m4, configure.in: Add --with-blibpath for AIX. + An alternate libpath may be specified or -blibpath support can be + disabled. Also change conifgure such that -blibpath is not + specified if no -L libpaths were added to SUDO_LDFLAGS. -2003-03-20 20:05 millert +2003-03-20 22:05 millert * configure.in: add AIX blibpath support -2003-03-20 18:28 millert +2003-03-20 20:28 millert * INSTALL, configure.in: --with-skey and --with-opie now take an - option directory argument This obsoletes a --with-csops hack - (/tools/cs/skey) - - Also remove the remaining direct uses of "echo" + option directory argument This obsoletes a --with-csops hack + (/tools/cs/skey) -2003-03-20 15:44 millert + Also remove the remaining direct uses of "echo" + +2003-03-20 17:44 millert * configure.in: Detect KTH Kerberos IV and deal with it. Also make - -lroken optional for KTH Kerberos IV and V. + -lroken optional for KTH Kerberos IV and V. -2003-03-20 12:42 millert +2003-03-20 14:42 millert * aclocal.m4: Add SUDO_APPEND_LIBPATH function that add - -L/path/to/dir (and -R/path/to/dir if $with_rpath) to the specified - variable. + -L/path/to/dir (and -R/path/to/dir if $with_rpath) to the + specified variable. -2003-03-20 12:40 millert +2003-03-20 14:40 millert - * INSTALL, configure.in: Add -R/path/to/libs for Solaris and SVR4. - There is a new configure option, --with-rpath to control this - behavior. + * INSTALL, configure.in: Add -R/path/to/libs for Solaris and SVR4. + There is a new configure option, --with-rpath to control this + behavior. -2003-03-19 21:50 millert +2003-03-19 23:50 millert * configure.in: for kerb4 put libdes after libkrb on the link line -2003-03-19 21:33 millert +2003-03-19 23:49 millert + + * auth/kerb4.c: typo + +2003-03-19 23:33 millert * configure.in: fix kerberos lib check when a path is specified -2003-03-19 19:04 millert +2003-03-19 21:04 millert * logging.c: Fix boolean thinko in SIGCHLD reaper and call - reapchild after sending mail instead of doing a conditional - sudo_waitpid. + reapchild after sending mail instead of doing a conditional + sudo_waitpid. -2003-03-19 14:20 millert +2003-03-19 16:20 millert * configure: regen -2003-03-19 14:19 millert +2003-03-19 16:19 millert * configure.in: replace =DIR with [=DIR] where sensible -2003-03-19 14:16 millert +2003-03-19 16:16 millert * configure.in: o Use AC_MSG_* instead of "echo" o New Kerberos - include/lib detection based on openssh's configure.in + include/lib detection based on openssh's configure.in -2003-03-19 13:58 millert +2003-03-19 15:58 millert * INSTALL: --with-kerb4 and --with-kerb5 now take an optional - argument. + argument. + +2003-03-15 22:03 millert -2003-03-15 13:31 millert + * auth/securid.c: Kill remaining strcpy(), the programmer's guide + says username is 32 bytes. + +2003-03-15 21:18 millert + + * auth/kerb4.c: trat uid_t as unsigned long for printf and use + snprintf, not sprintf + +2003-03-15 21:18 millert + + * auth/rfc1938.c: use snprintf + +2003-03-15 15:37 millert + + * auth/: afs.c, aix_auth.c, bsdauth.c, dce.c, fwtk.c, kerb4.c, + kerb5.c, pam.c, passwd.c, rfc1938.c, sudo_auth.c: update + copyright year + +2003-03-15 15:31 millert * LICENSE, alloc.c, check.c, configure.in, env.c, sudo.c, - Makefile.in, aclocal.m4, compat.h, find_path.c, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, sudo.h, - sudo.pod, sudo.man.in: update copyright year + Makefile.in, aclocal.m4, compat.h, find_path.c, interfaces.c, + logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, sudo.h, + sudo.pod, sudoers.pod, testsudoers.c, version.h, visudo.c, + visudo.pod, sudo.man.in, sudoers.man.in, visudo.man.in: update + copyright year -2003-03-15 13:19 millert +2003-03-15 15:19 millert * check.c, env.c, sudo.c: Cast [ug]ids to unsigned long and printf - with %lu + with %lu -2003-03-15 13:17 millert +2003-03-15 15:17 millert * configure: regen -2003-03-15 13:16 millert +2003-03-15 15:16 millert * configure.in: correct error messages for - --with-sudoers-{mode,uid,gid} + --with-sudoers-{mode,uid,gid} -2003-03-15 13:10 millert +2003-03-15 15:10 millert * alloc.c: make the malloc(0) error specific to each function to - aid tracking down bugs. + aid tracking down bugs. -2003-03-15 12:49 millert +2003-03-15 14:49 millert * alloc.c: deal with platforms where size_t is signed and there is - no SIZE_MAX or SIZE_T_MAX + no SIZE_MAX or SIZE_T_MAX + +2003-03-15 14:10 millert -2003-03-15 11:02 millert + * auth/kerb5.c: Make this compile w/ Heimdal and fix some gcc + warnings. + +2003-03-15 13:02 millert * sudo.c: Use stat_sudoers macro so --with-stow can work -2003-03-15 11:01 millert +2003-03-15 13:01 millert * INSTALL, config.h.in, configure, configure.in: Add support for - --with-stow based on patches from Robert Uhl + --with-stow based on patches from Robert Uhl -2003-03-15 10:51 millert +2003-03-15 12:51 millert * env.c: fix indentation -2003-03-14 22:21 millert +2003-03-15 00:21 millert * configure.in: back out rev 1.352 -2003-03-14 18:11 millert +2003-03-14 20:11 millert * lex.yy.c: regen -2003-03-14 18:11 millert +2003-03-14 20:11 millert * parse.lex: use strlcpy, not strncpy -2003-03-14 17:48 millert +2003-03-14 19:48 millert * set_perms.c: Fix typo; check pw_uid, not pw_gid after - setusercontext() failure. + setusercontext() failure. -2003-03-14 17:43 millert +2003-03-14 19:43 millert * logging.c: use pid_t -2003-03-14 08:43 millert +2003-03-14 10:43 millert * strlcat.c, strlcpy.c: Make gcc shutup about unused rcsid -2003-03-14 08:35 millert +2003-03-14 10:35 millert * interfaces.c: Move the n == 0 check for the non-getifaddrs cas -2003-03-13 19:38 millert +2003-03-13 21:47 millert + + * auth/rfc1938.c: skeychallenge() on NetBSD take a size parameter + +2003-03-13 21:38 millert * configure: regen -2003-03-13 19:38 millert +2003-03-13 21:38 millert * configure.in: put -ldl after -lpam, not before; fixes static - linking on Linux + linking on Linux -2003-03-13 19:17 millert +2003-03-13 21:17 millert * interfaces.c: Avoid malloc(0) and fix the loop invariant for the - getifaddrs() case. + getifaddrs() case. -2003-03-13 18:24 millert +2003-03-13 20:24 millert - * sudo.man.in, sudo.cat: regen + * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, + sudoers.cat, visudo.cat: regen -2003-03-13 18:23 millert +2003-03-13 20:23 millert * Makefile.in: Preserve copyright notice from .pod file in .man.in - file + file -2003-03-13 13:27 millert +2003-03-13 20:01 millert + + * visudo.pod: Add sudoers(5) to SEE ALSO + +2003-03-13 15:27 millert * lex.yy.c: regen -2003-03-13 13:27 millert +2003-03-13 15:27 millert * parse.lex: Don't assume libc can realloc() a NULL string. If - malloc/realloc fails, make sure we just return; yyerror() is not - terminal. + malloc/realloc fails, make sure we just return; yyerror() is not + terminal. -2003-03-13 13:17 millert +2003-03-13 15:17 millert * lex.yy.c: regen -2003-03-13 13:17 millert +2003-03-13 15:17 millert * parse.lex: simplify fill_args a little and use strlcpy for - paranoia + paranoia -2003-03-13 13:00 millert +2003-03-13 15:00 millert - * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c: Use - strlc{at,py} for paranoia's sake and exit on overflow. In all - cases the strings were either pre-allocated to the correct size of - length checks were done before the copy but a little paranoia can - go a long way. + * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c, + testsudoers.c: Use strlc{at,py} for paranoia's sake and exit on + overflow. In all cases the strings were either pre-allocated to + the correct size of length checks were done before the copy but a + little paranoia can go a long way. -2003-03-13 10:54 millert +2003-03-13 12:54 millert * sudo.h: Add strlc{at,py} protos -2003-03-13 10:03 millert +2003-03-13 12:03 millert * env.c, interfaces.c: Use erealloc3() -2003-03-13 10:00 millert +2003-03-13 12:00 millert * configure: regen -2003-03-13 10:00 millert +2003-03-13 12:00 millert * alloc.c: Oflow test of nmemb > SIZE_MAX / size is fine (don't - need >=). Use memcpy() instead of strcpy() in estrdup() so this is - strcpy()-free. + need >=). Use memcpy() instead of strcpy() in estrdup() so this + is strcpy()-free. -2003-03-13 09:58 millert +2003-03-13 11:58 millert * sudo.c: snprintf() a uid as %lu, not %ld to match the - MAX_UID_T_LEN test in configure. + MAX_UID_T_LEN test in configure. -2003-03-13 09:56 millert +2003-03-13 11:56 millert * aclocal.m4: In MAX_UID_T_LEN test cast uid_t to unsigned long, - just unsigned. + just unsigned. -2003-03-12 16:46 millert +2003-03-12 18:46 millert * sudo.c: Use snprintf() for paranoia -2003-03-12 15:16 millert +2003-03-12 17:16 millert * parse.yacc: Use emalloc2 and erealloc3 -2003-03-12 15:08 millert +2003-03-12 17:08 millert * Makefile.in: strlc{at,py} for those w/o it -2003-03-12 15:07 millert +2003-03-12 17:07 millert * strlcat.c, strlcpy.c: stlc{at,py} for those w/o it. -2003-03-12 15:07 millert +2003-03-12 17:07 millert * config.h.in, configure, configure.in: Add stlc{at,py} for those - w/o it. + w/o it. -2003-03-12 14:51 millert +2003-03-12 16:51 millert * alloc.c, sudo.h: Add erealloc3(), a realloc() version of - emalloc2(). + emalloc2(). -2003-03-12 14:45 millert +2003-03-12 16:45 millert * interfaces.c, sudo.c: Use emalloc2() to allocate N things of a - certain size. + certain size. -2003-03-12 14:41 millert +2003-03-12 16:41 millert * alloc.c, sudo.h: Add emalloc2() -- like calloc() but w/o the - bzero and with error/oflow checking. + bzero and with error/oflow checking. -2003-03-12 14:23 millert +2003-03-12 16:23 millert * alloc.c: Error out on malloc(0); suggested by theo -2003-03-09 17:34 millert +2003-03-09 19:34 millert * configure, configure.in: fix a typo; David Krause -2003-03-07 08:46 millert +2003-03-07 10:46 millert * sudo.pod: fix typo -2003-03-03 19:47 millert +2003-03-03 21:47 millert * env.c: Remove DYLD_ from the environment for MacOS X; from bbraun -2003-03-01 11:20 millert +2003-03-01 13:20 millert * configure.in, config.h.in: not not; Anil Madhavapeddy -2003-01-23 01:03 millert +2003-01-23 03:03 millert - * sudo.pod: typos; jmc@openbsd.org + * sudo.pod, sudoers.pod, visudo.pod: typos; jmc@openbsd.org -2003-01-20 14:13 millert +2003-01-20 16:13 millert * parse.yacc: Add some missing ';' rule terminators that bison - warns about. + warns about. -2003-01-20 14:07 millert +2003-01-20 16:07 millert * config.sub: fix typo I introduced in last merge -2003-01-20 13:59 millert +2003-01-20 15:59 millert * configure: regenerate with autoconf 2.57 -2003-01-20 13:58 millert +2003-01-20 15:58 millert * config.h.in: Add missing "$HOME" -2003-01-20 13:57 millert +2003-01-20 15:57 millert * configure.in: Add some more square backets to make autoconf 2.57 - happy + happy -2003-01-20 12:39 millert +2003-01-20 14:39 millert * config.guess, config.sub, mkinstalldirs: Updates from - autoconf-2.57 + autoconf-2.57 + +2003-01-17 18:10 millert + + * lex.yy.c, sudo.tab.h: regen -2003-01-17 16:10 millert +2003-01-17 18:09 millert - * lex.yy.c: regen + * parse.lex, parse.yacc, sudoers.pod: Add support for + Defaults>RunasUser -2003-01-17 16:09 millert +2003-01-06 19:10 millert - * parse.lex, parse.yacc: Add support for Defaults>RunasUser + * visudo.c: fclose() yyin after each yyparse() is done and use + fopen() instead of using freopen(). -2003-01-06 17:02 millert +2003-01-06 19:02 millert * parse.lex: Better fix for sudoers files w/o a newline before EOF. - It looks like the issue is that yyrestart() does not reset the - start condition to INITIAL which is an issue since we parse sudoers - multiple times. + It looks like the issue is that yyrestart() does not reset the + start condition to INITIAL which is an issue since we parse + sudoers multiple times. -2003-01-06 16:47 millert +2003-01-06 18:47 millert * parse.lex: Work around what appears to be a flex bug when dealing - with files that lack a final newline before EOF. This adds a rule - to match EOF in the non-initial states which resets the state to - INITIAL and throws an error. + with files that lack a final newline before EOF. This adds a + rule to match EOF in the non-initial states which resets the + state to INITIAL and throws an error. + +2003-01-06 15:06 millert -2002-12-15 09:24 millert + * visudo.c: o The parser needs sudoers to end with a newline but + some editors (emacs) may not add one. Check for a missing + newline at EOF and add one if needed. o Set quiet flag during + initial sudoers parse (to get options) o Move yyrestart() call + and always use freopen() to open yyin after initial sudoers + parse. - * set_perms.c: Fix pasto/thinko in setresgid()/setregid() usage. - Want to set effective gid, not real gid, when reading sudoers. +2002-12-15 11:24 millert -2002-12-15 09:08 millert + * set_perms.c: Fix pasto/thinko in setresgid()/setregid() usage. + Want to set effective gid, not real gid, when reading sudoers. + +2002-12-15 11:08 millert * set_perms.c: don't compile set_perms_posix if we have setreuid or - setresuid + setresuid -2002-12-14 12:21 millert +2002-12-14 14:21 millert - * sudo.pod: document new prompt escapes + * sudo.pod, sudoers.pod: document new prompt escapes -2002-12-14 12:15 millert +2002-12-14 14:15 millert * check.c: Add %U and %H escapes and redo prompt rewriting. "%%" - now gets collapsed to "%" as was originally intended. This also - gets rid of lastchar (does lookahead instead of lookback) which - should simplify the logic slightly. + now gets collapsed to "%" as was originally intended. This also + gets rid of lastchar (does lookahead instead of lookback) which + should simplify the logic slightly. + +2002-12-13 13:20 millert -2002-12-13 11:09 millert + * tgetpass.c: Write the prompt *after* turning off echo to avoid + some password characters being echoed on heavily-loaded machines + with fast typists. + +2002-12-13 13:09 millert * config.sub: Add support for mipseb; wiz@danbala.tuwien.ac.at -2002-12-13 10:48 millert +2002-12-13 12:48 millert * configure.in: Fix IRIX fallout from name changes in man dir/sect - Makefile variables. Patch from erici AT motown DOT cc DOT utexas - DOT edu + Makefile variables. Patch from erici AT motown DOT cc DOT utexas + DOT edu + +2002-12-13 11:33 millert -2002-11-28 16:43 millert + * auth/pam.c: Keep a local copy of tgetpass_flags so we don't add + in TGP_ECHO to the global copy. Problem noted by Peter Pentchev. + +2002-11-28 18:43 millert * parse.yacc: Add missing yyerror() calls; YYERROR does not seem to - call this for us. + call this for us. -2002-11-26 10:09 millert +2002-11-26 12:09 millert * sudo.c: fix typo in comment; Pedro Bastos -2002-11-22 12:41 millert +2002-11-22 14:41 millert * INSTALL: document --disable-setresuid -2002-11-22 12:11 millert +2002-11-22 14:41 millert + + * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: + Sprinkle some volatile qualifiers to prevent over-enthusiastic + optimizers from removing memset() calls. + +2002-11-22 14:11 millert * logging.c, parse.yacc: minor sign fixes pointed out by gcc - -Wsign-compare + -Wsign-compare -2002-11-22 12:09 millert +2002-11-22 14:09 millert * set_perms.c, sudo.c, sudo.h: Revamp set_perms. We now use a - version based on setresuid() or setreuid() when possible since that - allows us to support the stay_setuid option and we always know - exactly what the semantics will be (various Linux kernels have - broken POSIX saved uid support). + version based on setresuid() or setreuid() when possible since + that allows us to support the stay_setuid option and we always + know exactly what the semantics will be (various Linux kernels + have broken POSIX saved uid support). -2002-11-22 12:08 millert +2002-11-22 14:08 millert * config.h.in, configure: regen from configure.in -2002-11-22 12:07 millert +2002-11-22 14:07 millert * configure.in: Add checks for setresuid() and a way to disable - using it + using it -2002-11-22 12:05 millert +2002-11-22 14:05 millert * compat.h: No long need to emulate set*[ug]id() via setres[ug]id() - or setre[ug]id(). The new set_perms stuff only uses things it - knows are there. + or setre[ug]id(). The new set_perms stuff only uses things it + knows are there. -2002-11-22 11:33 millert +2002-11-22 13:33 millert * sudo.c: Before exec, restore state of signal handlers to be the - same as when we were initialy invoked instead of just reseting to - SIG_DFL. Fixes a problem when using sudo with nohup. Based on a - patch from Paul Markham. + same as when we were initialy invoked instead of just reseting to + SIG_DFL. Fixes a problem when using sudo with nohup. Based on a + patch from Paul Markham. -2002-11-22 11:23 millert +2002-11-22 13:23 millert * sudo.c: o timestamp_uid should be uid_t, not int o clarify error - message when sudo is run by root and no_root_sudo is set + message when sudo is run by root and no_root_sudo is set -2002-09-19 15:27 millert +2002-09-19 17:27 millert * README: update ftp link for bison -2002-07-20 06:30 millert +2002-07-20 08:30 millert * set_perms.c: Error out if setusercontext() fails and the runas - user is not root. + user is not root. + +2002-05-20 16:51 millert -2002-05-20 14:50 millert + * auth/securid5.c: Fix rcsid + +2002-05-20 16:50 millert * configure.in: Fix SecurID API test -2002-05-17 11:20 millert +2002-05-17 13:20 millert * env.c: typo in comment -2002-05-17 11:20 millert +2002-05-17 13:20 millert * configure.in: securid5 stuff needs pthreads. Just adding - -lpthread is suboptimal but I don't see a better way at the moment. + -lpthread is suboptimal but I don't see a better way at the + moment. -2002-05-17 11:04 millert +2002-05-17 13:04 millert - * Makefile.in: SecurID API version 5 support from Michael Stroucken + * Makefile.in, auth/securid5.c: SecurID API version 5 support from + Michael Stroucken -2002-05-17 11:02 millert +2002-05-17 13:02 millert * configure.in: Add check for SecurID 5.0 API -2002-05-08 14:46 millert +2002-05-08 16:46 millert * strerror.c: We actually do still need config.h to get the 'const' - definition for K&R C. + definition for K&R C. -2002-05-05 14:43 millert +2002-05-05 16:43 millert * configure: regen with autoconf 2.5.3 -2002-05-05 14:25 millert +2002-05-05 16:25 millert * configure.in: Don't set sysconfdir to '/etc' if the user has - specified a --prefix. + specified a --prefix. -2002-05-05 14:14 millert +2002-05-05 16:14 millert * configure.in: Some fixes for autoconf 2.53 from Robert Uhl o - don't AC_SUBST LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to - workaround a bug + don't AC_SUBST LIBOBJS o force a 4th arg for AC_CHECK_HEADER() + to workaround a bug -2002-05-05 13:58 millert +2002-05-05 15:58 millert * env.c, sudo.c, sudo.h: No need for dump_badenv() now that - dump_defaults() knows how to dump lists. + dump_defaults() knows how to dump lists. + +2002-05-04 21:31 millert -2002-05-04 19:31 millert + * BUGS, INSTALL, Makefile.in, configure.in, version.h, + INSTALL.binary, README: ++version - * BUGS, INSTALL, Makefile.in, configure.in, INSTALL.binary, README: - ++version +2002-05-04 20:57 millert -2002-05-04 18:45 millert + * sudoers.pod: document timestampowner + +2002-05-04 20:45 millert * check.c: Don't call set_perms() when doing timestamp stuff unless - timestamp_uid != 0. + timestamp_uid != 0. -2002-05-04 18:43 millert +2002-05-04 20:43 millert - * check.c, logging.c, parse.c, set_perms.c, sudo.c, sudo.h: g/c - second arg to set_perms--it is no longer used + * check.c, logging.c, parse.c, set_perms.c, sudo.c, sudo.h, + testsudoers.c, auth/sudo_auth.c: g/c second arg to set_perms--it + is no longer used -2002-05-03 16:48 millert +2002-05-03 18:48 millert * check.c, set_perms.c, sudo.c, sudo.h: Add support for non-root - timestamp dirs. This allows the timestamp dir to be shared via NFS - (though this is not recommended). + timestamp dirs. This allows the timestamp dir to be shared via + NFS (though this is not recommended). -2002-05-03 16:47 millert +2002-05-03 18:47 millert * def_data.c, def_data.h, def_data.in: Add timestampowner, "Owner - of the authentication timestamp dir" + of the authentication timestamp dir" -2002-05-02 13:40 millert +2002-05-02 15:40 millert * env.c: Don't try to pre-compute the size of the new envp, just - allocate space up front and realloc as needed. Changes to the new - env pointer must all be made through insert_env() which now keeps - track of spaced used and allocates as needed. + allocate space up front and realloc as needed. Changes to the + new env pointer must all be made through insert_env() which now + keeps track of spaced used and allocates as needed. -2002-04-26 13:12 millert +2002-04-26 15:12 millert * configure: regen -2002-04-26 13:12 millert +2002-04-26 15:12 millert * configure.in: Fix two typo/pastos; from jrj@purdue.edu -2002-04-25 09:36 millert +2002-04-25 11:36 millert * INSTALL.binary, README: ++version -2002-04-25 09:35 millert +2002-04-25 11:35 millert - * sudo.cat, sudo.man.in, configure: regen + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in, configure: regen -2002-04-25 09:31 millert +2002-04-25 11:31 millert * CHANGES, RUNSON, TODO: Sync with 1.6.6 -2002-04-25 09:30 millert +2002-04-25 11:30 millert * check.c: The the loop used to expand %h and %u, the lastchar - variable was not being initialized. This means that if the last - char in the prompt is '%' and the first char is 'h' or 'u' a extra - copy of the host or user name would be copied, for which space had - not been allocated. + variable was not being initialized. This means that if the last + char in the prompt is '%' and the first char is 'h' or 'u' a + extra copy of the host or user name would be copied, for which + space had not been allocated. + +2002-04-18 11:41 millert -2002-04-18 09:41 millert + * BUGS, INSTALL, Makefile.in, configure.in, version.h: crank + version to 1.6.6 - * BUGS, INSTALL, Makefile.in, configure.in: crank version to 1.6.6 +2002-04-18 11:39 millert -2002-04-18 09:38 millert + * auth/afs.c: #undef VOID to get rid of an AFS warning + +2002-04-18 11:38 millert * env.c: Use easprintf instead of emalloc + sprintf for some - things. + things. -2002-03-15 17:45 millert +2002-03-15 19:45 millert * lex.yy.c: regen -2002-03-15 17:44 millert +2002-03-15 19:44 millert - * parse.c, parse.lex, parse.yacc: Remove Chris Jepeway's email - address so people don't bug him ;-) + * parse.c, parse.lex, parse.yacc, testsudoers.c: Remove Chris + Jepeway's email address so people don't bug him ;-) -2002-03-11 20:19 millert +2002-03-11 22:19 millert * sudo.c: Move endpwent() to be after set_perms(PERM_RUNAS, ...) - and also call endgrent() at the same time. + and also call endgrent() at the same time. -2002-02-21 20:23 millert +2002-02-21 22:23 millert * INSTALL: Make it clear which configure options take arguments. -2002-01-25 11:38 millert +2002-01-25 13:38 millert * compat.h: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there - is no RLIM_INFINITY, just pretend it is -1. This works because we - only check for RLIM_INFINITY and do not set anything to that value. + is no RLIM_INFINITY, just pretend it is -1. This works because + we only check for RLIM_INFINITY and do not set anything to that + value. + +2002-01-22 11:43 millert -2002-01-21 20:26 millert + * auth/pam.c: Zero and free allocated memory when there is a + conversation error. + +2002-01-21 22:37 millert + + * auth/bsdauth.c: Use sigaction() not signal() + +2002-01-21 22:26 millert * INSTALL: Mention that some linux kernels have broken POSIX saved - ID support + ID support -2002-01-21 19:03 millert +2002-01-21 21:03 millert * CHANGES: checkpoint for 1.6.5p2 -2002-01-21 19:01 millert +2002-01-21 21:01 millert * configure: regen -2002-01-21 19:01 millert +2002-01-21 21:01 millert * configure.in: Add --disable-setreuid flag -2002-01-21 19:00 millert +2002-01-21 21:00 millert * INSTALL: Document new --disable-setreuid option and change - description for --disable-saved-ids to match new error message. + description for --disable-saved-ids to match new error message. -2002-01-21 19:00 millert +2002-01-21 21:00 millert * set_perms.c: fatal() now takes an argument that determines - whether or not to call perror(). + whether or not to call perror(). -2002-01-21 18:58 millert +2002-01-21 20:58 millert * PORTING, TROUBLESHOOTING: Update for new error messages from - set_perms() + set_perms() + +2002-01-21 17:46 millert + + * auth/pam.c: Make this compile w/o warnings + +2002-01-21 17:36 millert + + * auth/pam.c: Mention that we can't use pam_acct_mgmt() + +2002-01-21 17:25 millert -2002-01-19 17:43 millert + * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c: The user's password + was not zeroed after use when AIX authentication, BSD + authentication, FWTK or PAM was in use. + +2002-01-20 14:21 millert + + * auth/pam.c: Avoid giving PAM a NULL password response, use the + empty string instead. This avoids a log warning when the user + hits ^C at the password prompt when PAM is in use. + +2002-01-19 19:46 millert + + * auth/pam.c: Don't check the return value of pam_setcred(). In + Linux-PAM 0.75 pam_setcred() returns the last saved return code, + not the return code for the setcred module. Because we haven't + called pam_authenticate(), this is not set and so pam_setcred() + returns PAM_PERM_DENIED. + +2002-01-19 19:43 millert * Makefile.binary, Makefile.in: Don't need a '/' between $(DESTDIR) - and a directory. + and a directory. -2002-01-18 12:18 millert +2002-01-18 14:18 millert * configure: regen -2002-01-18 12:18 millert +2002-01-18 14:18 millert * configure.in: o BSDi also has a bogus setreuid() o Old FreeBSD - has a bogus setreuid() o new NetBSD has a real setreuid() o add - check for freeifaddrs() if getifaddrs() exists. + has a bogus setreuid() o new NetBSD has a real setreuid() o add + check for freeifaddrs() if getifaddrs() exists. -2002-01-18 12:17 millert +2002-01-18 14:17 millert * config.h.in, interfaces.c: Older BSDi releases lack freeifaddrs() - so add a test for that and if it is not present just use free(). + so add a test for that and if it is not present just use free(). -2002-01-17 09:30 millert +2002-01-17 11:30 millert * CHANGES, RUNSON: Checkpoint for 1.6.5p1 -2002-01-16 18:00 millert +2002-01-17 10:56 millert + + * auth/passwd.c: Return AUTH_FAILURE in passwd_init() if + skeyaccess() denies access to normal passwords, not AUTH_FATAL + (which just causes an exit). + +2002-01-17 10:35 millert + + * visudo.c: Don't use memory after it has been freed. + +2002-01-17 00:24 millert + + * auth/passwd.c: skeyaccess() wants a struct passwd * not a char *; + Patch from Phillip E. Lobbes + +2002-01-16 20:00 millert * BUGS: ++version -2002-01-16 17:53 millert +2002-01-16 19:53 millert * CHANGES, RUNSON, TODO: checkpoint for sudo 1.6.5 -2002-01-16 16:37 millert +2002-01-16 18:37 millert * configure: regen -2002-01-16 16:37 millert +2002-01-16 18:37 millert * INSTALL, INSTALL.binary, Makefile.in, README, configure.in: - version 1.6.5 + version 1.6.5 -2002-01-16 16:37 millert +2002-01-16 18:37 millert - * sudo.cat, sudo.man.in: sudo version 1.6.5 + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: sudo version 1.6.5 -2002-01-16 14:28 millert +2002-01-16 16:28 millert * logging.c: o when invoking the mailer as root use a hard-coded - environment that doesn't include any info from the user's - environment. Basically paranoia. - - o Add support for the NO_ROOT_MAILER compile-time option and run - the mailer as the user and not root if NO_ROOT_MAILER is defined. + environment that doesn't include any info from the user's + environment. Basically paranoia. + + o Add support for the NO_ROOT_MAILER compile-time option and run + the mailer as the user and not root if NO_ROOT_MAILER is + defined. -2002-01-16 14:27 millert +2002-01-16 16:27 millert * set_perms.c, sudo.h: Bring back PERM_FULL_USER -2002-01-16 14:26 millert +2002-01-16 16:26 millert * configure: regen -2002-01-16 14:26 millert +2002-01-16 16:26 millert + + * version.h: version 1.6.5 + +2002-01-16 16:26 millert * INSTALL, config.h.in, configure.in: Add --disable-root-mailer - option to run the mailer as the user and not root. + option to run the mailer as the user and not root. -2002-01-16 10:44 millert +2002-01-16 12:44 millert * CHANGES: checkpoint for 1.6.4p2 -2002-01-15 17:22 millert +2002-01-15 19:22 millert * PORTING: Mention the "seteuid(0): Operation not permitted" - problem here too just for good measure. + problem here too just for good measure. -2002-01-15 16:43 millert +2002-01-15 18:43 millert * env.c, getspwuid.c, sudo.c: The SHELL environment variable was - preserved from the user's environment instead of being reset based - on the passwd database when the "env_reset" option was used. Now - it is reset as it should be. + preserved from the user's environment instead of being reset + based on the passwd database when the "env_reset" option was + used. Now it is reset as it should be. -2002-01-15 15:47 millert +2002-01-15 17:47 millert * configure: regen -2002-01-15 15:47 millert +2002-01-15 17:47 millert * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c, - sudo.c: Add a configure option to turn off use of POSIX saved IDs + sudo.c: Add a configure option to turn off use of POSIX saved IDs -2002-01-15 13:48 millert +2002-01-15 15:48 millert * configure: regen -2002-01-15 13:48 millert +2002-01-15 15:48 millert * configure.in: add --with-efence option -2002-01-15 13:39 millert +2002-01-15 15:39 millert * sudo.c: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a - problem where "sudo -l" would not work if always_set_home was set. + problem where "sudo -l" would not work if always_set_home was + set. -2002-01-15 11:16 millert +2002-01-15 13:16 millert * lex.yy.c: regen -2002-01-15 11:16 millert +2002-01-15 13:16 millert * parse.lex: Quoted commas were not being treated correctly in - command line arguments. + command line arguments. -2002-01-14 18:53 millert +2002-01-14 20:53 millert * sudo.c: o Move the call to rebuild_env() until after - MODE_RESET_HOME is set. Otherwise, the set_home option has no - effect. - - o Fix use of freed memory when the "fqdn" flag is set. This was - introduced by the fix for the "segv when gethostbynam() fails" bug. - Also, we no longer call set_fqdn() if the "fqdn" flag is not set - so there is no need to check the "fqdn" flag in set_fqdn() - itself. + MODE_RESET_HOME is set. Otherwise, the set_home option has no + effect. -2002-01-14 18:45 millert + o Fix use of freed memory when the "fqdn" flag is set. This was + introduced by the fix for the "segv when gethostbynam() fails" + bug. Also, we no longer call set_fqdn() if the "fqdn" flag is + not set so there is no need to check the "fqdn" flag in + set_fqdn() itself. + +2002-01-14 20:45 millert * env.c: Add 'continue' statements to optimize the switch - statement. From Solar. + statement. From Solar. + +2002-01-13 13:42 millert -2002-01-13 11:29 millert + * sudoers.cat, sudoers.man.in: Regen from new sudoers.pod + +2002-01-13 13:36 millert + + * sudoers.pod: Add caveat about stay_setuid flag + +2002-01-13 13:29 millert * sudo.c: If set_perms == set_perms_posix and the stay_setuid flag - is not set, set all uids to 0 and use set_perms_fallback(). + is not set, set all uids to 0 and use set_perms_fallback(). -2002-01-13 11:28 millert +2002-01-13 13:28 millert * set_perms.c, sudo.h: Remove PERM_FULL_USER (which is no longer - used) and add PERM_FULL_ROOT (used when exec'ing the mailer). + used) and add PERM_FULL_ROOT (used when exec'ing the mailer). -2002-01-13 11:27 millert +2002-01-13 13:27 millert * logging.c: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the - mailer since we never want to run the mailer setuid. + mailer since we never want to run the mailer setuid. -2002-01-12 15:55 millert +2002-01-12 17:55 millert - * sudo.cat, sudo.man.in, sudo.pod: Use sudo.ws instead of - courtesan.com in URLs + * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in, + visudo.pod: Use sudo.ws instead of courtesan.com in URLs -2002-01-12 12:00 millert +2002-01-12 14:00 millert * Makefile.in, Makefile.binary: Fix mansect substitution -2002-01-12 11:15 millert +2002-01-12 13:15 millert * Makefile.in: Substitute man sections in Makefile.binary -2002-01-12 11:15 millert +2002-01-12 13:15 millert * Makefile.binary: Sync install targets with Makefile.in and - substitute in man sections. + substitute in man sections. -2002-01-12 11:09 millert +2002-01-12 13:09 millert * INSTALL, INSTALL.binary: version is 1.6.4 -2002-01-12 10:59 millert +2002-01-12 12:59 millert * Makefile.in: Repair bindist target -2002-01-12 09:43 millert +2002-01-12 11:43 millert * CHANGES: sync for 1.6.4 -2002-01-10 11:00 millert +2002-01-10 13:00 millert * install-sh: Fix case where neither whoami nor id are found -2002-01-09 10:35 millert +2002-01-09 12:35 millert * install-sh: If neither whoami nor id exists, just assume we are - root. + root. -2002-01-09 09:56 millert +2002-01-09 11:56 millert * alloc.c: Add explicit cast to (VOID *) on malloc/realloc. Seems - to be needed on AIX which for some reason isn't pulling in the - malloc prototype. + to be needed on AIX which for some reason isn't pulling in the + malloc prototype. -2002-01-08 08:00 millert +2002-01-08 10:00 millert * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: (c) 2002 -2002-01-08 07:21 millert +2002-01-08 09:21 millert * CHANGES: checkpoint -2002-01-08 07:20 millert +2002-01-08 09:20 millert * sudo.c: Defer assigning new environment until right before the - exec. + exec. -2002-01-08 07:08 millert +2002-01-08 09:08 millert * parse.c: kill extra blank line -2002-01-07 11:59 millert +2002-01-07 13:59 millert * configure: regen -2002-01-07 11:59 millert +2002-01-07 13:59 millert * configure.in: Use -O not -O2 for m88k-motorola-sysv* since - motorola gcc-derived compiler doesn't recognise -O2. + motorola gcc-derived compiler doesn't recognise -O2. -2002-01-06 21:02 millert +2002-01-06 23:02 millert * HISTORY: Clarify origins of Root Group sudo a bit based on info - from billp@rootgroup.com + from billp@rootgroup.com -2002-01-02 20:41 millert +2002-01-02 22:41 millert * LICENSE: 2002 -2002-01-02 20:26 millert +2002-01-02 22:26 millert * CHANGES: checkpoint for 1.6.4rc1 -2002-01-02 15:40 millert +2002-01-02 17:40 millert * config.h.in: now generated via autoheader -2002-01-02 15:40 millert +2002-01-02 17:40 millert * configure: regen -2002-01-02 15:37 millert +2002-01-02 17:37 millert * compat.h: Move in some stuff that was previously in config.h. -2002-01-02 15:36 millert +2002-01-02 17:36 millert * configure.in, aclocal.m4: Add info for autoheader. -2002-01-01 14:53 millert +2002-01-01 16:53 millert * Makefile.in: o Add DESTDIR support - o Use -M, -O, and -G instead of -m, -o, and -g to facilitate - non-root installs + o Use -M, -O, and -G instead of -m, -o, and -g to facilitate + non-root installs -2002-01-01 14:48 millert +2002-01-01 16:48 millert * install-sh: Add -M option (like -m but only for root) If we can't - find "whoami", use "id" w/ some sed. + find "whoami", use "id" w/ some sed. -2002-01-01 12:01 millert +2002-01-01 14:01 millert * configure: regen -2002-01-01 12:00 millert +2002-01-01 14:00 millert * configure.in: allow user to always override mansectsu and - mansectform + mansectform -2001-12-31 15:05 millert +2001-12-31 17:05 millert * mkinstalldirs: update from autoconf 2.52 -2001-12-31 15:03 millert +2001-12-31 17:03 millert * config.guess, config.sub: Update from autoconf 2.52 -2001-12-31 14:57 millert +2001-12-31 16:57 millert * configure: regen with autoconf 2.52 -2001-12-31 14:57 millert +2001-12-31 16:57 millert * configure.in: o Call AC_PROG_CC_STDC to find out how to run the - compiler in ANSI mode - o Remove compiler-specific checks for HP-UX now that we use - AC_PROG_CC_STDC + compiler in ANSI mode + o Remove compiler-specific checks for HP-UX now that we use + AC_PROG_CC_STDC -2001-12-31 10:19 millert +2001-12-31 12:19 millert * RUNSON: Checkpoint -2001-12-31 10:18 millert +2001-12-31 12:18 millert + + * auth/pam.c: o Add pam_prep_user function to call pam_setcred() + for the target user; on Linux this often sets resource limits. + o When calling pam_end(), try to convert the auth->result to a + PAM_FOO value. This is a hack--we really need to stash the + last PAM_FOO value received and use that instead. + +2001-12-31 12:18 millert * set_perms.c, sudo.h: o Add pam_prep_user function to call - pam_setcred() for the target user; on Linux this often sets - resource limits. + pam_setcred() for the target user; on Linux this often sets + resource limits. -2001-12-30 22:53 millert +2001-12-31 00:53 millert * env.c: Fix off by one error in number of bytes allocated via - malloc (does not affected any released version of sudo). + malloc (does not affected any released version of sudo). -2001-12-30 15:12 millert +2001-12-30 17:12 millert * lex.yy.c: regen -2001-12-30 15:12 millert +2001-12-30 17:12 millert * parse.lex: Allow '@', '(', ')', ':' in arguments to a defaults - variable w/o requiring that they be quoted. + variable w/o requiring that they be quoted. + +2001-12-30 14:26 millert -2001-12-30 11:58 millert + * sudoers.cat, sudoers.man.in, sudoers.pod: Mention that no double + quotes are needed when adding/deleting/assigning a single value + to a list. + +2001-12-30 13:58 millert * Makefile.in: Don't rely on mkdefaults being executable, call perl - explicitly. + explicitly. -2001-12-30 11:41 millert +2001-12-30 13:41 millert * parse.yacc: Remove some XXX that are no longer relevant. -2001-12-30 11:40 millert +2001-12-30 13:40 millert * defaults.c: o Roll our own loop instead of using strpbrk() for - better grokability o When adding to a list we must malloc() and use - memcpy(), not strdup() since we must only copy len bytes from - str. + better grokability o When adding to a list we must malloc() and + use memcpy(), not strdup() since we must only copy len bytes + from str. -2001-12-21 14:49 millert +2001-12-21 16:49 millert * parse.yacc: typo in comment -2001-12-19 09:50 millert +2001-12-19 11:50 millert * CHANGES: checkpoint -2001-12-19 08:56 millert +2001-12-19 10:56 millert * configure: regen -2001-12-19 08:56 millert +2001-12-19 10:56 millert * configure.in: avoid the -g flag unless --with-devel was specified -2001-12-19 08:04 millert +2001-12-19 10:04 millert * Makefile.in: mkdefaults, def_data.in and sigaction.c were missing - from the tarball + from the tarball -2001-12-19 07:46 millert +2001-12-19 09:46 millert * Makefile.in: def_data.c was missing -2001-12-18 10:42 millert +2001-12-18 12:42 millert * env.c: Fix setting of $USER and $LOGNAME in the non-reset_env - case. Also allow HOME, SHELL, LOGNAME, and USER to be specified in - keep_env + case. Also allow HOME, SHELL, LOGNAME, and USER to be specified + in keep_env -2001-12-17 18:48 millert +2001-12-17 20:48 millert * TODO: Another TODO item -2001-12-15 08:57 millert +2001-12-17 19:50 millert + + * sudoers: Add comment for Default section so folks know where it + should go. + +2001-12-17 18:56 millert + + * tgetpass.c: Use TCSETAF, not TCSETA to set terminal in termio + case + +2001-12-17 18:35 millert + + * sudoers.man.in, sudoers.cat: regen from sudoers.pod + +2001-12-17 18:33 millert + + * sudoers.pod: o Typo, Runas_User_List should be Runas_List + o a User_List can not contain a uid + o mention that the Defaults section should come after Alias + definitions but before the user specifications + +2001-12-15 11:51 millert + + * sudoers.cat, sudoers.man.in: regen + +2001-12-15 11:51 millert + + * sudoers.pod: Fix listpw and verifypw sections, they were not + being formatted properly. + +2001-12-15 11:39 millert + + * sudoers.cat, sudoers.man.in: regen + +2001-12-15 11:38 millert + + * sudoers.pod: fix typos + +2001-12-15 10:57 millert * configure: regen -2001-12-15 08:57 millert +2001-12-15 10:57 millert * configure.in, config.h.in: use AC_SYS_POSIX_TERMIOS instead of - rolling our own + rolling our own -2001-12-15 08:33 millert +2001-12-15 10:33 millert * README: Reference sudo.ws not courtesan.com -2001-12-15 08:29 millert +2001-12-15 10:29 millert * PORTING: Add notes on shadow passwords -2001-12-14 22:48 millert +2001-12-15 00:48 millert * BUGS: In list mode (sudo -l), characters escaped with a backslash - are shown verbatim with the backslash. + are shown verbatim with the backslash. + +2001-12-15 00:44 millert -2001-12-14 19:53 millert + * sudoers: Add simple examples from OpenBSD (Marc Espie) + +2001-12-15 00:40 millert + + * tgetpass.c: Catch SIGTTIN and SIGTTOU too and treat them like + SIGTSTP. + +2001-12-14 21:53 millert * CHANGES: minor prettyification -2001-12-14 19:43 millert +2001-12-14 21:43 millert * CHANGES: Updated change log -2001-12-14 19:19 millert +2001-12-14 21:27 millert + + * testsudoers.c: Fix CIDR handling here too. + +2001-12-14 21:21 millert + + * auth/pam.c: Apparently a NULL response is OK + +2001-12-14 21:19 millert * TODO: Checkpoint for upcoming beta release -2001-12-14 19:17 millert +2001-12-14 21:17 millert * TROUBLESHOOTING: Many people believe that adding a runas spec - should obviate the need for the -u flag. It does not. + should obviate the need for the -u flag. It does not. -2001-12-14 19:11 millert +2001-12-14 21:11 millert * RUNSON: checkpoint update for upcoming 1.6.4 beta -2001-12-14 18:44 millert +2001-12-14 20:44 millert * config.h.in: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define - HAVE_STRINGS_H even if HAVE_STRING_H is defined -- this is safe now + HAVE_STRINGS_H even if HAVE_STRING_H is defined -- this is safe + now -2001-12-14 18:07 millert +2001-12-14 20:07 millert * PORTING: Add signals section -2001-12-14 18:00 millert +2001-12-14 20:00 millert * configure: regen -2001-12-14 18:00 millert +2001-12-14 20:00 millert * configure.in: Fix check for sigaction_t -2001-12-14 17:45 millert +2001-12-14 19:45 millert - * sudo.c: XXX - should call find_path() as runas user, not root. - Can't do that until the parser changes though. + * sudo.c: XXX - should call find_path() as runas user, not root. + Can't do that until the parser changes though. -2001-12-14 17:38 millert +2001-12-14 19:38 millert * sudo.c: If find_path() fails as root, try again as the invoking - user (useful for NFS). Idea from Chip Capelik. + user (useful for NFS). Idea from Chip Capelik. -2001-12-14 17:28 millert +2001-12-14 19:28 millert - * sudo.cat, sudo.man.in: Regenerate after pod file changes + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: Regenerate + after pod file changes -2001-12-14 17:24 millert +2001-12-14 19:24 millert * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h, - sudo.pod: Add new sudoers option "preserve_groups". Previously - sudo would not call initgroups() if the target user was root. Now - it always calls initgroups() unless the -P command line option or - the "preserve_groups" sudoers option is set. Idea from TJ - Saunders. + sudo.pod, sudoers.pod: Add new sudoers option "preserve_groups". + Previously sudo would not call initgroups() if the target user + was root. Now it always calls initgroups() unless the -P command + line option or the "preserve_groups" sudoers option is set. Idea + from TJ Saunders. -2001-12-14 16:38 millert +2001-12-14 18:38 millert * compat.h, config.h.in: Use new HAVE_SIGACTION_T define -2001-12-14 16:33 millert +2001-12-14 18:33 millert * logging.c: Fix compilation on K&C -2001-12-14 16:14 millert +2001-12-14 18:14 millert * configure: regen -2001-12-14 16:14 millert +2001-12-14 18:14 millert * configure.in: Add check for sigaction_t -- IRIX already defines - this so don't redefine it. + this so don't redefine it. -2001-12-14 15:15 millert +2001-12-14 17:15 millert * snprintf.c: fix typo -2001-12-14 15:12 millert +2001-12-14 17:12 millert * interfaces.c: need stdlib.h here too -2001-12-14 13:31 millert +2001-12-14 15:31 millert * configure: regen -2001-12-14 13:31 millert +2001-12-14 15:31 millert * configure.in: Remove redundant checks for string.h, strings.h and - unistd.h + unistd.h -2001-12-14 13:29 millert +2001-12-14 15:29 millert - * sudo.cat, sudo.man.in: Regen from pod files + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: Regen from pod files -2001-12-14 13:03 millert +2001-12-14 15:03 millert * BUGS: Update for 1.6.4 -2001-12-14 12:59 millert +2001-12-14 14:59 millert * configure, lex.yy.c: regen -2001-12-14 12:56 millert +2001-12-14 14:56 millert * strerror.c: Return EINVAL if errnum > sys_nerr -2001-12-14 12:54 millert +2001-12-14 14:54 millert * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h, - config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, - sudo.pod: o Update copyright year + config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, + sudo.pod, auth/sudo_auth.h: o Update copyright year -2001-12-14 12:54 millert +2001-12-14 14:54 millert * configure.in: o Don't define STDC_HEADERS unconditionally for - IRIX o Update copyright year + IRIX o Update copyright year -2001-12-14 12:53 millert +2001-12-14 14:53 millert * README: update version -2001-12-14 12:52 millert +2001-12-14 14:52 millert * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c, - fnmatch.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, - logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, set_perms.c, - snprintf.c, sudo.c: o Reorder some headers and use STDC_HEADERS - define properly o Update copyright year + fnmatch.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, + set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, + utime.c, visudo.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, + auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/sia.c, auth/sudo_auth.c: o Reorder some headers and use + STDC_HEADERS define properly o Update copyright year -2001-12-13 23:53 millert +2001-12-14 01:53 millert * configure: regen -2001-12-13 23:52 millert +2001-12-14 01:53 millert + + * tgetpass.c: flags set in signal handlers should be volatile + sig_atomic_t + +2001-12-14 01:52 millert * config.h.in, configure.in: Add checks for volatile and - sig_atomic_t + sig_atomic_t -2001-12-13 23:42 millert +2001-12-14 01:42 millert * lex.yy.c, configure: regen -2001-12-13 23:40 millert +2001-12-14 01:40 millert * def_data.c, def_data.h, def_data.in, defaults.c, env.c, - find_path.c, sudo.c: Remove "secure_path" Defaults option since it - cannot work with the existing parser. + find_path.c, sudo.c, sudoers.pod: Remove "secure_path" Defaults + option since it cannot work with the existing parser. -2001-12-13 23:26 millert +2001-12-14 01:26 millert * find_path.c, sudo.c: Unset "secure_path" if user_is_exempt() -2001-12-13 23:24 millert +2001-12-14 01:24 millert * env.c, pathnames.h.in: o Remove assumption that PATH and TERM are - not listed in env_keep o If no PATH is in the environment use a - default value o If TERM is not set in the non-reset case also give - it a default value. + not listed in env_keep o If no PATH is in the environment use a + default value o If TERM is not set in the non-reset case also + give it a default value. -2001-12-13 23:17 millert +2001-12-14 01:17 millert * aclocal.m4, configure.in, defaults.c, pathnames.h.in: - _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works - on systems that define in paths.h + _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works + on systems that define in paths.h + +2001-12-14 01:15 millert -2001-12-12 19:42 millert + * auth/: passwd.c, sudo_auth.c, sudo_auth.h: Add support for + skeyaccess(3) if it is present in libskey. + +2001-12-12 21:42 millert * sudo.c: Only need to do 'lc = login_getclass(NULL)' if lc == NULL -2001-12-12 19:24 millert +2001-12-12 21:24 millert * parse.lex: '\\' is a perfectly legal character to have in a - command line argument. + command line argument. -2001-12-12 18:24 millert +2001-12-12 20:24 millert * sudo.c: o Defer call to set_fqdn() until it is safe to use - log_error() o Don't print errno string value if gethostbyname - fails, it is not relevant + log_error() o Don't print errno string value if gethostbyname + fails, it is not relevant -2001-12-12 18:07 millert +2001-12-12 20:07 millert * parse.c: Fix CIDR -> in_addr_t conversion. -2001-12-12 14:00 millert +2001-12-12 16:21 millert + + * sudoers.pod: Remove an extra "User_List" in the User_Spec + definition From ybertrand AT snoopymail.com + +2001-12-12 16:00 millert * parse.c: Make 'listpw=never' work for users who are not - explicitly mentioned in sudoers. + explicitly mentioned in sudoers. + +2001-12-12 15:40 millert + + * sudoers.pod: Remove gratuitous '=' in EBNF grammar; era AT iki.fi + +2001-12-12 15:34 millert -2001-12-12 13:11 millert + * sudoers.pod: Document new list Defaults type and convert env_keep + and env_delete to lists. Document new env_check option. - * lex.yy.c: regen parser +2001-12-12 15:11 millert -2001-12-12 12:56 millert + * lex.yy.c, sudo.tab.h: regen parser + +2001-12-12 14:56 millert * parse.lex: Don't let '#' appear in a {WORD} and restrict #foo in - a Runas spec to #[0-9-]+. + a Runas spec to #[0-9-]+. -2001-12-12 12:55 millert +2001-12-12 14:55 millert * configure: regen -2001-12-12 12:55 millert +2001-12-12 14:55 millert * aclocal.m4: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK -2001-12-12 12:43 millert +2001-12-12 14:43 millert * config.h.in, configure.in: Add check for skeyaccess(3) -2001-12-11 17:31 millert +2001-12-11 19:47 millert + + * visudo.pod: Document new -c, -f, and -q options + +2001-12-11 19:41 millert + + * visudo.c: o Add -f option (alternate sudoers file) o Convert to + use getopt(3) + +2001-12-11 19:31 millert * configure: regen -2001-12-11 17:31 millert +2001-12-11 19:31 millert * aclocal.m4, config.h.in, configure.in: Add check for isblank and - a replacement macro if it doesn't exist. + a replacement macro if it doesn't exist. + +2001-12-11 18:22 millert -2001-12-11 16:06 millert + * visudo.c: In check-only mode, don't create sudoers if it does not + already exist. + +2001-12-11 18:06 millert * parse.yacc: o Add a new token, DEFVAR, to indicate a Defaults - variable name - o Add support for "+=" and "-=" list operators - o replace some 1 and 0 with TRUE and FALSE for greater legibility. + variable name + o Add support for "+=" and "-=" list operators + o replace some 1 and 0 with TRUE and FALSE for greater + legibility. -2001-12-11 16:05 millert +2001-12-11 18:05 millert * parse.lex: o Use exclusive start conditions to remove some - ambiguity in the - lexer. Also reorder some things for clarity. - o Add support for "+=" and "-=" list operators. - o Use the new DEFVAR token to denote a Defaults variable name. + ambiguity in the + lexer. Also reorder some things for clarity. + o Add support for "+=" and "-=" list operators. + o Use the new DEFVAR token to denote a Defaults variable name. -2001-12-11 16:03 millert +2001-12-11 18:03 millert * sudo.h: Prototype init_envtables() -2001-12-11 16:02 millert +2001-12-11 18:02 millert * env.c: o Convert environment handling to use lists instead of - strings. - This greatly simplifies routines that need to do "foreach" type - operations. - o Add new init_envtables() function to set env_check and - env_delete - defaults based on initial_badenv_table and - initial_checkenv_table - (formerly sudo_badenv_table). - -2001-12-11 16:00 millert + strings. + This greatly simplifies routines that need to do "foreach" + type + operations. + o Add new init_envtables() function to set env_check and + env_delete + defaults based on initial_badenv_table and + initial_checkenv_table + (formerly sudo_badenv_table). + +2001-12-11 18:00 millert * defaults.c, defaults.h: o Add a new LIST type and functions to - manipulate it. - o This is for use with environment handling variables. - o Call new init_envtables() routine inside init_defaults() to - initialize the environment lists. + manipulate it. + o This is for use with environment handling variables. + o Call new init_envtables() routine inside init_defaults() to + initialize the environment lists. -2001-12-11 15:57 millert +2001-12-11 17:57 millert * def_data.c, def_data.h, def_data.in: Convert environment options - to use the new LIST type and add a new one, env_check that only - deletes if the sanity check fails. + to use the new LIST type and add a new one, env_check that only + deletes if the sanity check fails. -2001-12-11 15:53 millert +2001-12-11 17:55 millert + + * testsudoers.c: Add dummy version of init_envtables() + +2001-12-11 17:53 millert * parse.yacc: honor quiet mode -2001-12-10 18:27 millert +2001-12-11 17:51 millert + + * visudo.c: Add check-only mode + +2001-12-10 20:27 millert * mkdefaults: Fix generation of entries with NULL descriptions. -2001-12-08 22:20 millert +2001-12-09 00:27 millert + + * tgetpass.c: Use sigaction_t and quiet a gcc warning. + +2001-12-09 00:20 millert * sudo.c: Must reset signal handlers before we exec -2001-12-08 22:09 millert +2001-12-09 00:16 millert + + * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: Be + carefule now that tgetpass() can return NULL (user hit ^C). PAM + version needs testing. Set SIGTSTP to SIG_DFL during password + entry so user can suspend us. + +2001-12-09 00:14 millert + + * tgetpass.c: Add support for interrupting/suspending tgetpass via + keyboard input. If you suspend sudo from the password prompt and + resume it will re-prompt you. + +2001-12-09 00:09 millert * sudo.c: Don't block keyboard interrupt signals, just set them to - SIG_IGN. + SIG_IGN. -2001-12-08 12:48 millert +2001-12-08 14:48 millert * config.h.in: add back HAVE_SIGACTION -2001-12-08 12:44 millert +2001-12-08 14:44 millert * configure: regen -2001-12-08 12:44 millert +2001-12-08 14:44 millert - * config.h.in, configure.in, logging.c, sudo.c: Kill POSIX_SIGNALS - define and old signal support now that we emulate POSIX ones Also - be sure to correctly initialize struct sigaction. + * config.h.in, configure.in, logging.c, sudo.c, visudo.c: Kill + POSIX_SIGNALS define and old signal support now that we emulate + POSIX ones Also be sure to correctly initialize struct sigaction. -2001-12-08 12:42 millert +2001-12-08 14:42 millert * strerror.c: Don't need config.h or "#ifndef HAVE_STRERROR" - wrapper. + wrapper. -2001-12-08 12:39 millert +2001-12-08 14:39 millert * compat.h: Add scaffolding for POSIX signal emulation -2001-12-08 12:36 millert +2001-12-08 14:36 millert * sigaction.c: o Add missing ';' so this compiles o Can't use NULL - since we don't include stdio.h + since we don't include stdio.h -2001-12-08 12:23 millert +2001-12-08 14:23 millert * sigaction.c: Emulate sigaction() using sigvec() -2001-11-12 17:31 millert +2001-11-12 19:32 millert + + * sudoers.pod: Document new behavior of negative values of + timestamp_timeout Fix a typo + +2001-11-12 19:31 millert * sudo.pod: Add security note about command not being logged after - 'sudo su' and friends. + 'sudo su' and friends. -2001-11-12 17:19 millert +2001-11-12 19:19 millert * sudo.pod: Mention that -V prints default values when run as root, - including the list of environment variables to clear. + including the list of environment variables to clear. -2001-11-12 17:14 millert +2001-11-12 19:14 millert * Makefile.in: Run pod2man with --quotes=none to avoid stupid - quoting of C<> entries. + quoting of C<> entries. -2001-11-12 11:12 millert +2001-11-12 13:12 millert - * def_data.c, def_data.h, def_data.in: Add mail_badpass option Also - modify mail_always behavior to also send mail when the password is - wrong + * def_data.c, def_data.h, def_data.in, sudoers.pod, + auth/sudo_auth.c: Add mail_badpass option Also modify mail_always + behavior to also send mail when the password is wrong -2001-11-12 11:08 millert +2001-11-12 13:08 millert * env.c, sudo.c, sudo.h: Dump default bad env table when 'sudo -V' - is run by root. + is run by root. -2001-11-11 21:51 millert +2001-11-11 23:52 millert + + * sudoers.pod: document env_delete + +2001-11-11 23:51 millert * env.c: Add support for '*' in env_keep when not resetting the - environment (ie: the normal case). + environment (ie: the normal case). -2001-11-11 21:47 millert +2001-11-11 23:47 millert * env.c: Add env_delete variable that lets the user replace/add to - the bad_env_table. Allow '*' wildcard in env_keep entries. + the bad_env_table. Allow '*' wildcard in env_keep entries. -2001-11-06 11:59 millert +2001-11-06 13:59 millert * mkinstalldirs: Force umask to 022 to guarantee sane directory - permissions. + permissions. -2001-11-02 16:09 millert +2001-11-02 18:09 millert * Makefile.in: add sudo.tab.h and sudo.tab.c to sudo.tab.o - dependency + dependency -2001-11-02 15:25 millert +2001-11-02 17:25 millert * mkdefaults: fix breakage in last commit -2001-11-02 15:18 millert +2001-11-02 17:18 millert * Makefile.in: acsite.m4 -> aclocal.m4 -2001-11-02 13:59 millert +2001-11-02 15:59 millert * check.c: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in - previous commit + previous commit -2001-11-02 13:57 millert +2001-11-02 15:57 millert * def_data.c: regenerated from def_data.in -2001-11-02 13:56 millert +2001-11-02 15:56 millert * check.c, defaults.c, defaults.h: Add new T_UINT type that most - things use instead of T_INT If timestamp_timeout is < 0 then treat - the ticket as never expiring (to be expired manually by the user). + things use instead of T_INT If timestamp_timeout is < 0 then + treat the ticket as never expiring (to be expired manually by the + user). -2001-11-02 13:51 millert +2001-11-02 15:51 millert * def_data.in: change most T_INT -> T_UINT -2001-11-02 13:51 millert +2001-11-02 15:51 millert * mkdefaults: fix warning when no args -2001-10-15 23:35 millert +2001-11-02 12:52 millert + + * visudo.c: Change 2 Exit() -> exit() Avoid stdio in Exit() and + call _exit() if we are a signal handler. We no longer print the + signal number but the user can just check the exit value for + that. + +2001-10-16 01:35 millert * logging.c: when setting up pipes in child process check for case - where stdin == pipe fd 0 + where stdin == pipe fd 0 -2001-10-05 14:39 millert +2001-10-11 13:20 millert + + * visudo.c: Ignore editor exit value since XPG4 says vi's exit + value is the count of editing errors made (failed searches, etc). + +2001-10-05 16:39 millert * configure: regen -2001-10-05 14:39 millert +2001-10-05 16:39 millert * configure.in: sco now is identified by config.guess as *-sco-* -2001-10-05 14:24 millert +2001-10-05 16:24 millert * configure.in: Check for getspnam() in -lgen if not in -lc for - UnixWare. + UnixWare. + +2001-09-17 21:48 millert + + * sudoers.pod, visudo.pod: "upper case" -> "uppercase" + +2001-09-17 21:32 millert + + * sudoers.pod: fix typos and grammar; pjanzen@foatdi.harvard.edu + +2001-08-28 10:26 millert + + * sudoers.pod: Missing word (specify); krapht@secureops.com -2001-08-23 15:43 millert +2001-08-23 17:43 millert * sudo.c: If we fail to lookup a login class, apply the default - one. + one. -2001-08-23 15:42 millert +2001-08-23 17:42 millert * logging.c: In log_error() free message, not logline - unconditionally, then free logline if it is not the same as - message. No function change but this mirrors how they are - allocated. + unconditionally, then free logline if it is not the same as + message. No function change but this mirrors how they are + allocated. -2001-07-16 21:33 millert +2001-07-16 23:33 millert * configure: regenerate -2001-07-16 21:33 millert +2001-07-16 23:33 millert * configure.in: remove some backslash quotes that are unneeded -2001-07-16 21:30 millert +2001-07-16 23:30 millert * configure.in: o Tweaks to make this work with autoconf-2.50 o Use - AC_LIBOBJ instead of changing LIBOBJS directly o Use - AC_REPLACE_FUNCS where we can o Use AC_CHECK_FUNCS instead of - AC_CHECK_FUNC so we don't have to AC_DEFINE things manually. + AC_LIBOBJ instead of changing LIBOBJS directly o Use + AC_REPLACE_FUNCS where we can o Use AC_CHECK_FUNCS instead of + AC_CHECK_FUNC so we don't have to AC_DEFINE things manually. -2001-07-16 21:28 millert +2001-07-16 23:28 millert * config.guess, config.sub: Updated from autoconf-2.50 -2001-05-22 17:11 millert +2001-05-22 19:11 millert * README: Update mailing list section. We use mailman now, not - majordomo. + majordomo. -2001-05-10 12:55 millert +2001-05-10 14:55 millert * getspwuid.c, logging.c, sudo.c: Use setpwent()/endpwent() + all - the shadow variants to make sure we don't inadvertantly leak an fd - to the child. Apparently Linux's shadow routines leave the fd open - even if you don't call setspent(). Reported by mike@gistnet.com; - different patch used. + the shadow variants to make sure we don't inadvertantly leak an + fd to the child. Apparently Linux's shadow routines leave the fd + open even if you don't call setspent(). Reported by + mike@gistnet.com; different patch used. -2001-04-12 19:41 millert +2001-04-12 21:43 millert + + * sudoers.pod: s/eg./e.g./ + +2001-04-12 21:42 millert + + * tgetpass.c: select() may return EAGAIN. If so, continue like we + do for EINTR. + +2001-04-12 21:41 millert * logging.c: Fix a non-exploitable buffer overflow in the word - splitting code. This should really be rewritten. + splitting code. This should really be rewritten. -2001-04-12 19:41 millert +2001-04-12 21:41 millert * Makefile.in: FAQ link goes away -2001-04-12 19:40 millert +2001-04-12 21:40 millert * INSTALL: Tell people to look in sample.syslog.conf for examples, - not FAQ + not FAQ -2001-04-12 19:40 millert +2001-04-12 21:40 millert * TROUBLESHOOTING: Update list of env vars that are cleared -2001-04-12 19:36 millert +2001-04-12 21:36 millert * sudo.c: remove struct env_table decl since that stuff has all - moved to env.c + moved to env.c -2001-04-04 11:17 millert +2001-04-04 13:17 millert * fileops.c: Fix a pasto in flock-style unlocking and include - for flock on older systems; twetzel@gwdg.de + for flock on older systems; twetzel@gwdg.de -2001-04-04 11:14 millert +2001-04-04 13:14 millert * configure: regen to get NeXT lockf/flock fix -2001-04-04 11:14 millert +2001-04-04 13:14 millert * configure.in: force NeXT to use flock since lockf is broken -2001-03-30 06:54 millert +2001-03-30 08:54 millert * check.c: Use stashed user_gid when checking against exempt gid - since sudo sets its gid to a a value that makes sudoers readable. - Previously if you used gid 0 as the exempt group everyone would be - exempt. From Paul Kranenburg + since sudo sets its gid to a a value that makes sudoers readable. + Previously if you used gid 0 as the exempt group everyone would + be exempt. From Paul Kranenburg -2001-03-29 11:14 millert +2001-03-29 13:14 millert * configure: regen -2001-03-29 11:08 millert +2001-03-29 13:08 millert * aclocal.m4: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 - aparently defines some types (such as ssize_t) therein. + aparently defines some types (such as ssize_t) therein. -2001-03-02 07:09 millert +2001-03-02 09:09 millert * defaults.c: Fix negation of paths in a boolean context. Problem - found by apt@UH.EDU + found by apt@UH.EDU + +2001-02-23 13:03 millert + + * visudo.c: pasto + +2001-02-17 16:11 millert + + * visudo.c: SA_RESETHAND means the opposite of what I was + thinking--oops To block all signals in old-style signals use ~0, + not 0xffffffff -2001-02-04 09:16 millert +2001-02-04 11:16 millert * defaults.c: coerce difference of pointers to int when used in a - string length printf format; deraadt@openbsd.org + string length printf format; deraadt@openbsd.org -2001-01-07 11:57 millert +2001-01-17 11:34 millert + + * visudo.c: Block all signals in Exit() to avoid a signal race. + There is still a tiny window but I'm not going to worry about it. + +2001-01-07 13:57 millert * env.c: glibc uses the LANGUAGE env var so clear that too; Solar - Designer + Designer -2001-01-07 11:55 millert +2001-01-07 13:55 millert * lex.yy.c: Regenerate with a fix to flex.skl that preserves errno - from clobbering by isatty(). + from clobbering by isatty(). + +2000-12-30 20:39 millert + + * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sia.c, sudo_auth.c: + Some defaults I_ defines got renamed. -2000-12-30 18:38 millert +2000-12-30 20:38 millert * Makefile.in, check.c, def_data.c, def_data.h, def_data.in, - defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, - set_perms.c, sudo.c: Move defaults info into its own files from - which we generate .h and .c files. This makes adding or - rearranging variables much simpler. + defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, + set_perms.c, sudo.c: Move defaults info into its own files from + which we generate .h and .c files. This makes adding or + rearranging variables much simpler. -2000-12-30 14:58 millert +2000-12-30 16:58 millert * configure, configure.in: fix typo in last commit -2000-12-30 14:55 millert +2000-12-30 16:55 millert * compat.h, config.h.in, configure, configure.in: Add check + - emulation for setegid (like seteuid). + emulation for setegid (like seteuid). -2000-12-30 14:22 millert +2000-12-30 16:22 millert * env.c: Make env_keep override badenv_table as documented Fix - traversal of badenv_table (broken in last commit) + traversal of badenv_table (broken in last commit) -2000-12-29 20:59 millert +2000-12-29 22:59 millert * set_perms.c, sudo.c, sudo.h: Don't try and build saved uid - version of set_perms on systems w/o them. Rename - set_perms_saved_uid() -> set_perms_posix() Make set_perms_setreuid - simply be set_perms_fallback() and simply include the appropriate - function at compile time (setreuid() vs. setuid()). + version of set_perms on systems w/o them. Rename + set_perms_saved_uid() -> set_perms_posix() Make + set_perms_setreuid simply be set_perms_fallback() and simply + include the appropriate function at compile time (setreuid() + vs. setuid()). -2000-12-29 20:29 millert +2000-12-29 22:45 millert + + * sudoers.pod, sudoers.cat, sudoers.man.in: PATH is also preserved + when env_reset is in effect + +2000-12-29 22:29 millert * CHANGES, env.c, Makefile.in, check.c, compat.h, config.h.in, - configure, configure.in, defaults.c, defaults.h, find_path.c, - getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, - sudo.pod: New Defaults options: o stay_setuid - sudo will remain - setuid if system has saved uids or setreuid(2) o env_reset - reset - the environment to a sane default o env_keep - preserve - environment variables that would otherwise be cleared - - No longer use getenv/putenv/setenv functions--do environment - munging by hand. Potentially dangerous environment variables can - be cleared only if they contain '/' pr '%' characters to protect - buggy programs. Moved environment routines into env.c (new file) - -2000-12-29 20:17 millert + configure, configure.in, defaults.c, defaults.h, find_path.c, + getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, + sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, + testsudoers.c, visudo.c, visudo.cat, visudo.man.in: New Defaults + options: o stay_setuid - sudo will remain setuid if system has + saved uids or setreuid(2) o env_reset - reset the environment to + a sane default o env_keep - preserve environment variables that + would otherwise be cleared + + No longer use getenv/putenv/setenv functions--do environment + munging by hand. Potentially dangerous environment variables can + be cleared only if they contain '/' pr '%' characters to protect + buggy programs. Moved environment routines into env.c (new file) + +2000-12-29 22:17 millert * INSTALL: Clear up --without-passwd description -2000-12-29 17:39 millert +2000-12-29 19:39 millert + + * sudo_setenv.c, putenv.c: We now build up a new environment from + scratch and assign it to "environ". + +2000-12-18 22:35 millert - * putenv.c: We now build up a new environment from scratch and - assign it to "environ". + * sudo.pod, visudo.pod: Grammatical fixes from Paul Janzen -2000-12-18 20:35 millert +2000-12-14 23:19 millert - * sudo.pod: Grammatical fixes from Paul Janzen + * visudo.c: If there was a syntax error and the user just wants to + quit, unlink sudoers if it is zero length. -2000-12-13 10:23 millert +2000-12-14 23:10 millert + + * visudo.c: 'Q' means ignore parse error, not 'q' + +2000-12-14 22:57 millert + + * visudo.c: Open sudoers for writing with mode SUDOERS_MODE From + Dimitry Andric + +2000-12-13 12:23 millert * set_perms.c: Add missing #ifdef HAVE_LOGIN_CAP_H; - ayamura@ayamura.org + ayamura@ayamura.org -2000-12-09 09:46 millert +2000-12-09 11:46 millert * config.guess, config.sub: Darwin / Mac OS X support from Wilfredo - Sanchez + Sanchez -2000-11-03 07:36 millert +2000-11-03 09:36 millert - * sudo.c: Use exit(127), not exit(-1) + * sudo.c, visudo.c: Use exit(127), not exit(-1) -2000-11-02 22:37 millert +2000-11-03 00:37 millert * defaults.h, set_perms.c, sudo.c, Makefile.in, defaults.c: Move - set_perms() to its own file and use POSIX saved uid or setreuid() - if available. - - Added stay_setuid option for systems that have libraries that - perform extra paranoia checks in system libraries for setuid - programs (ie: anything with issetugid(2)). + set_perms() to its own file and use POSIX saved uid or setreuid() + if available. -2000-11-02 18:28 millert + Added stay_setuid option for systems that have libraries that + perform extra paranoia checks in system libraries for setuid + programs (ie: anything with issetugid(2)). + +2000-11-02 20:28 millert * sudo.c: strip more bits from the environment and add a facility - for stripping things only if they contain '/' or '%' to address - printf format string vulnerabilities in other programs. + for stripping things only if they contain '/' or '%' to address + printf format string vulnerabilities in other programs. -2000-11-02 10:55 millert +2000-11-02 12:55 millert * configure: regen -2000-11-02 10:55 millert +2000-11-02 12:55 millert * configure.in: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache - the existence of strcasecmp(). + the existence of strcasecmp(). -2000-11-02 10:46 millert +2000-11-02 12:46 millert * configure: regen -2000-11-02 10:46 millert +2000-11-02 12:46 millert * configure.in: Check for strcasecmp(3) in -lc89 for NCR Unix -2000-11-01 08:22 millert +2000-11-01 10:22 millert * config.h.in: Define HAVE_INNETGR #ifdef HAVE__INNETGR -2000-11-01 08:17 millert +2000-11-01 10:17 millert * configure: regen -2000-11-01 08:17 millert +2000-11-01 10:17 millert * compat.h, config.h.in, configure.in: Add check for _innetgr(3) - since NCR systems have that instead of innetgr(3). + since NCR systems have that instead of innetgr(3). + +2000-10-31 14:16 millert -2000-10-29 21:00 millert + * auth/securid.c: check return value of creadcfg() call sd_close() + after sd_auth() store username in sd->username so we don't rely + on the USER env variable + +2000-10-29 23:00 millert * INSTALL: document --with-bsdauth -2000-10-29 20:57 millert +2000-10-29 22:57 millert * configure: regen -2000-10-29 20:56 millert +2000-10-29 22:56 millert * configure.in: --with-bsdauth assumes --with-logincap -2000-10-29 15:31 millert +2000-10-29 22:45 millert + + * auth/: bsdauth.c, fwtk.c: When prompting for a response to a + challenge, if the user just hits return then reprompt with echo + turned on. + +2000-10-29 17:31 millert * sudo.c: Remove debugging code that should not have been - committed, oops. + committed, oops. + +2000-10-29 17:31 millert + + * auth/bsdauth.c: Use lower-level routines and get the password + ourselves. Checks for a challenge and if there is one echo is + not turned off. + +2000-10-29 17:30 millert -2000-10-27 16:41 millert + * auth/: pam.c, sudo_auth.h: minor housekeeping, no real code + changes + +2000-10-27 18:41 millert * sudo.c: Fix a coredump in the logging functions if gethostname(2) - fails by deferring the call to log_error() until things are better - setup. - - Fix return value of set_loginclass() in non-BSD-auth case. - - Hard-code 'sudo' in the usage message so we can fit more options on - a line + fails by deferring the call to log_error() until things are + better setup. + + Fix return value of set_loginclass() in non-BSD-auth case. -2000-10-27 16:35 millert + Hard-code 'sudo' in the usage message so we can fit more options + on a line + +2000-10-27 18:35 millert * logging.c: Fix errant ';' (typo) that broken MSG_ONLY -2000-10-26 11:03 millert +2000-10-26 13:03 millert * sudo.cat, sudo.man.in: regen -2000-10-26 11:01 millert +2000-10-26 13:01 millert * sudo.pod: Document -a flag -2000-10-26 10:42 millert +2000-10-26 12:42 millert * Makefile.in, config.h.in, configure, configure.in, getspwuid.c, - sudo.c: Add support for BSD authentication. + sudo.c, auth/sudo_auth.h, auth/bsdauth.c: Add support for BSD + authentication. + +2000-10-19 10:09 millert -2000-10-11 23:30 millert + * sudoers.pod: Fix typo; from sato@complex.eng.hokudai.ac.jp + +2000-10-12 09:49 millert + + * sudoers.pod: Mention negating umask + +2000-10-12 01:30 millert * defaults.c: Allow user to specify umask of 0777 (same as !umask) -2000-10-08 19:46 millert +2000-10-08 21:46 millert - * sudo.pod: Fix a typo and give a URL for the sudo history. + * sudo.pod, visudo.pod: Fix a typo and give a URL for the sudo + history. -2000-10-08 10:25 millert +2000-10-08 12:25 millert * defaults.c, sudo.pod: fix typos; pepper@reppep.com -2000-09-14 14:48 millert +2000-09-14 16:48 millert - * sudo.c, sudo.h: sudo_setenv() now exits on memory alloc failure - instead of returning -1. + * sudo.c, sudo.h, sudo_setenv.c: sudo_setenv() now exits on memory + alloc failure instead of returning -1. -2000-09-07 15:41 millert +2000-09-07 17:41 millert * sudo.c: Strip out NLSPATH and PATH_LOCALE from the environment - for FreeBSD and possibly others. + for FreeBSD and possibly others. -2000-09-07 08:43 millert +2000-09-07 10:43 millert * logging.c: Don't use vsyslog(3) since HP-UX (and others?) lack - it. This means that "%m" won't be expanded but we don't use that - anyway since the logging routines may splat to stderr as well. + it. This means that "%m" won't be expanded but we don't use that + anyway since the logging routines may splat to stderr as well. -2000-09-06 19:35 millert +2000-09-06 21:35 millert - * defaults.c, defaults.h, sudo.c: Add always_set_home variable + * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in, + sudoers.pod: Add always_set_home variable -2000-09-06 19:24 millert +2000-09-06 21:24 millert * configure, configure.in: Have to hard code default values in help - since the defaults are set _after_ the help stuff. + since the defaults are set _after_ the help stuff. -2000-08-31 11:08 millert +2000-08-31 13:08 millert * lex.yy.c, parse.lex: Allow special characters (including '#') to - be embedded in pathnames if quoted by a '\\'. The quoted chars - will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still - prints the '\\'. + be embedded in pathnames if quoted by a '\\'. The quoted chars + will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still + prints the '\\'. -2000-08-13 15:10 millert +2000-08-13 17:10 millert * install-sh: Better path searching for programs we need. -2000-08-13 15:10 millert +2000-08-13 17:10 millert * TROUBLESHOOTING: Add section on "C compiler cannot create - executables" errors. + executables" errors. -2000-08-13 15:10 millert +2000-08-13 17:10 millert - * Makefile.binary, Makefile.in: Crank version + * Makefile.binary, Makefile.in, version.h: Crank version -2000-08-13 15:09 millert +2000-08-13 17:09 millert * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, - sudo.pod: Substitute values from configure into man pages. + sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, + visudo.man.in, visudo.pod: Substitute values from configure into + man pages. -2000-08-12 14:48 millert +2000-08-12 16:48 millert * parse.c, sudo.c: The listpw and verifypw sudoers options would - not take effect because the value of the default was checked - *before* sudoers was parsed. Instead of passing in the value of - PWCHECK_* to sudoers_lookup(), pass in the arg for def_ival() so - the check can be deferred until after sudoers is parsed. + not take effect because the value of the default was checked + *before* sudoers was parsed. Instead of passing in the value of + PWCHECK_* to sudoers_lookup(), pass in the arg for def_ival() so + the check can be deferred until after sudoers is parsed. + +2000-08-11 15:41 millert -2000-06-09 10:25 millert + * tgetpass.c: When writing prompt, no need to write the NUL as + well; hag@linnaean.org + +2000-06-09 12:25 millert * install-sh: When looking for chown, check in /sbin too -2000-06-04 17:57 millert +2000-06-04 22:57 millert + + * visudo.c: Remove extraneous call to init_defaults() and set + runas_user to NULL betweem parses so init_defaults will reset it + each time, thus avoiding a reference to free()d data. + +2000-06-04 19:57 millert * config.h.in, interfaces.c, interfaces.h, sudo.c: Add support for - using getifaddrs() to get the list of ip addr / netmask pairs. - Currently IPv4-only. + using getifaddrs() to get the list of ip addr / netmask pairs. + Currently IPv4-only. + +2000-06-04 19:51 millert -2000-05-12 14:55 millert + * visudo.c: Add a missing check for UserEditor == NULL Add missing + '+' before line number when invoking editor to fix a syntax error - * sudo.c: Call clean_env very early in main() for paranoia's sake. - Idea from Marc Esipovich. +2000-05-12 16:55 millert -2000-05-09 23:11 millert + * sudo.c: Call clean_env very early in main() for paranoia's sake. + Idea from Marc Esipovich. + +2000-05-10 01:11 millert * sudo.h: Update proto for evasprintf and easprintf -2000-05-09 23:10 millert +2000-05-10 01:10 millert * alloc.c: Make easprintf() and evasprintf() return an int. -2000-05-09 22:56 millert +2000-05-10 00:56 millert * check.c: If the targetpw flag is set, use target username as part - of the timestamp path. If tty tickets are in effect cat the tty - and the target username with a ':' as the separator. + of the timestamp path. If tty tickets are in effect cat the tty + and the target username with a ':' as the separator. + +2000-05-09 12:05 millert + + * auth/pam.c: Backout part of last change; setting PAM_USER to the + invoking user breaks things like targetpw. + +2000-05-09 11:52 millert -2000-05-09 09:42 millert + * auth/pam.c: set tty and username via pam_set_item - * check.c, getspwuid.c, sudo.c, sudo.h: Fix root, runas, and target - authentication for non-passwd file auth methods. +2000-05-09 11:42 millert -2000-04-22 12:15 millert + * check.c, getspwuid.c, sudo.c, sudo.h, auth/sudo_auth.c: Fix root, + runas, and target authentication for non-passwd file auth + methods. - * sudo.pod, sudo.man.in, sudo.cat: Use B<-Z> not C<-Z> for command - line flags in all places. This is more consistent and works around - a bug in Pod::Man. +2000-04-22 14:15 millert -2000-04-19 13:30 millert + * sudo.pod, sudo.man.in, sudoers.man.in, sudoers.pod, visudo.pod, + sudo.cat, sudoers.cat, visudo.man.in, visudo.cat: Use B<-Z> not + C<-Z> for command line flags in all places. This is more + consistent and works around a bug in Pod::Man. + +2000-04-22 13:59 millert + + * sudoers.cat, sudoers.man.in, sudoers.pod: Fix an occurence of + 'semicolon' that should be 'colon' + +2000-04-19 15:30 millert * configure, configure.in: Fix --with-badpri help line -2000-04-17 12:01 millert +2000-04-17 14:01 millert * defaults.c, logging.c, sudo.c: Bracket calls to syslog with an - openlog() and closelog() since some authentication methods (like - PAM) may do their own logging via syslog. Since we don't use - syslog much (usually just once per session) this doesn't really - incur a performance penalty. It also Fixes a SEGV with pam_kafs. + openlog() and closelog() since some authentication methods (like + PAM) may do their own logging via syslog. Since we don't use + syslog much (usually just once per session) this doesn't really + incur a performance penalty. It also Fixes a SEGV with pam_kafs. -2000-04-15 14:32 millert +2000-04-15 16:32 millert * sudo.c: Fix -H flag. runas_homedir is only valid after - set_perms(PERM_RUNAS, mode) + set_perms(PERM_RUNAS, mode) -2000-04-12 16:56 millert +2000-04-12 18:56 millert * INSTALL: Clarify the fact that insults are not enabled just by - including them in the binary. + including them in the binary. -2000-04-07 08:39 millert +2000-04-07 10:39 millert - * sudo.man.in, sudo.cat: Regenerated with perl 5.6.0 pod2man + * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, + sudoers.cat, visudo.cat: Regenerated with perl 5.6.0 pod2man -2000-04-07 08:38 millert +2000-04-07 10:38 millert * Makefile.in: Give date string to pod2man since its default is - ugly and it ain't got no alibi. + ugly and it ain't got no alibi. -2000-04-07 08:27 millert +2000-04-07 10:27 millert * Makefile.in: Do section substitution on the output of pod2man and - remove hack needed for old pod2man. + remove hack needed for old pod2man. -2000-04-07 08:26 millert +2000-04-07 10:26 millert - * sudo.pod: Put back real man sections, we will do the substitution - later. + * sudo.pod, sudoers.pod, visudo.pod: Put back real man sections, we + will do the substitution later. -2000-04-02 09:44 millert +2000-04-02 11:44 millert * configure, configure.in: Don't bother checking for the path to vi - if user specified --with-editor + if user specified --with-editor + +2000-04-01 17:25 millert -2000-04-01 15:25 millert + * CHANGES, visudo.c: Visudo now does its own fork/exec instead of + calling system(3). - * CHANGES: Visudo now does its own fork/exec instead of calling - system(3). +2000-04-01 16:23 millert -2000-04-01 14:23 millert + * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.c: Visudo now checks for the existence of an + editor and gives a sensible error if it does not exist. - * CHANGES, INSTALL, Makefile.in: Visudo now checks for the - existence of an editor and gives a sensible error if it does not - exist. - - The path to the editor for visudo is now a colon-separated list of - allowable editors. If the user has $EDITOR set and it matches one - of the allowed editors that editor will be used. If not, the first - editor in the list that actually exists is used. + The path to the editor for visudo is now a colon-separated list + of allowable editors. If the user has $EDITOR set and it matches + one of the allowed editors that editor will be used. If not, the + first editor in the list that actually exists is used. -2000-04-01 14:22 millert +2000-04-01 16:22 millert * sudo.pod, sudo.cat, sudo.man.in: Clear up confusion wrt sudo's - return value. + return value. -2000-03-27 10:08 millert +2000-03-27 12:08 millert * Makefile.in: Strip sudo and visudo for bindist target -2000-03-26 20:26 millert +2000-03-26 22:26 millert - * sudo.cat, sudo.man.in, sudo.pod: Use @mansectsu@ and - @mansectform@ in the man page bodies as well. + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use + @mansectsu@ and @mansectform@ in the man page bodies as well. -2000-03-26 19:57 millert +2000-03-26 22:07 millert + + * visudo.cat, visudo.man.in, visudo.pod: Typo: @sysconf@ -> + @sysconfdir@ + +2000-03-26 21:57 millert * Makefile.in: 'make dist' should not cause any files to be - modified so remove its dependencies. + modified so remove its dependencies. -2000-03-26 19:43 millert +2000-03-26 21:43 millert * CHANGES: Whoops, forgot to add release marker -2000-03-26 09:57 millert +2000-03-26 11:57 millert * CHANGES: Final change for 1.6.3 (or so I hope) -2000-03-26 09:57 millert +2000-03-26 11:57 millert - * sudo.cat: Use SYSV man sections since BSD systems will have - nroff... + * sudo.cat, sudoers.cat, visudo.cat: Use SYSV man sections since + BSD systems will have nroff... -2000-03-24 16:58 millert +2000-03-24 18:58 millert * parse.yacc: When checking to see if the host/user matches in a - defaults spec, check against TRUE, not just non-zero since it might - be -1. + defaults spec, check against TRUE, not just non-zero since it + might be -1. -2000-03-24 13:14 millert +2000-03-24 15:14 millert * configure.in, configure: OSF/1 puts file formats in section 4, - not 5. + not 5. -2000-03-24 13:13 millert +2000-03-24 15:13 millert * CHANGES, INSTALL, sudo.c: Make login class support work on BSD/OS -2000-03-23 18:24 millert +2000-03-23 20:24 millert * RUNSON: Update for 1.6.3 -2000-03-23 18:23 millert +2000-03-23 20:23 millert * configure, configure.in: If there is no inet_addr but there *is* - an __inet_addr that's ok since inet_addr is probably just a macro - then. The better thing to do would be to look for the macro, but - this is fine for now. + an __inet_addr that's ok since inet_addr is probably just a macro + then. The better thing to do would be to look for the macro, but + this is fine for now. -2000-03-23 17:50 millert +2000-03-23 19:50 millert * configure, configure.in: Don't use shlicc for BSD/OS 4.x -2000-03-23 17:40 millert +2000-03-23 19:40 millert * Makefile.in, configure, configure.in: *.man lives in cwd, *.cat - lives in $(srcdir), add a @mansrcdir@ configure variable so we can - deal with this. Also, only remove *.man for 'distclean' not - 'clean'. + lives in $(srcdir), add a @mansrcdir@ configure variable so we + can deal with this. Also, only remove *.man for 'distclean' not + 'clean'. -2000-03-23 17:16 millert +2000-03-23 19:16 millert * sudo.c: set_loginclass() should be static like the proto says -2000-03-23 12:14 millert +2000-03-23 14:14 millert * fnmatch.c: Add #ifdef __STDC__ around the rangematch function - header to avoid promotion of test to int, thus violating the - prototype. Gcc handles this gracefully but more std ANSI compilers - will complain. + header to avoid promotion of test to int, thus violating the + prototype. Gcc handles this gracefully but more std ANSI + compilers will complain. + +2000-03-23 10:11 millert + + * emul/fnmatch.h: Pull in newer fnmatch(3) that supports + FNM_CASEFOLD -2000-03-23 08:11 millert +2000-03-23 10:11 millert * aclocal.m4, configure, fnmatch.3, fnmatch.c: Pull in newer - fnmatch(3) that supports FNM_CASEFOLD Check for FNM_CASEFOLD in - configure + fnmatch(3) that supports FNM_CASEFOLD Check for FNM_CASEFOLD in + configure -2000-03-22 21:41 millert +2000-03-22 23:41 millert * CHANGES, TODO: update for 1.6.3 -2000-03-22 21:38 millert +2000-03-22 23:38 millert - * lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc: Fully - qualified hosts w/ wildcards were not matching the FQHOST token - type. There's really no need for a separate token for - fully-qualified vs. unqualified anymore so FQHOST is now history - and hostname_matches now decides which hostname (short or long) to - check based on whether or not the pattern contains a '.'. + * lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.tab.h, + testsudoers.c, visudo.c: Fully qualified hosts w/ wildcards were + not matching the FQHOST token type. There's really no need for a + separate token for fully-qualified vs. unqualified anymore so + FQHOST is now history and hostname_matches now decides which + hostname (short or long) to check based on whether or not the + pattern contains a '.'. -2000-03-22 21:09 millert +2000-03-22 23:09 millert - * parse.c, parse.h, parse.yacc: Add support for wildcards in the - hostname. + * parse.c, parse.h, parse.yacc, sudoers.pod, testsudoers.c, + visudo.c, sudoers.cat, sudoers.man.in: Add support for wildcards + in the hostname. -2000-03-22 20:50 millert +2000-03-22 22:50 millert * Makefile.in: Add targets for *.man.in, using config.status to - generate *.man from *.man.in + generate *.man from *.man.in -2000-03-22 17:35 millert +2000-03-22 22:20 millert + + * sudoers.cat, sudoers.man.in, sudoers.pod: Document set_logname + option and enbolden refs to sudo and visudo. + +2000-03-22 19:35 millert * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, - sudo.cat, sudo.pod, sudo.man.in: Add FreeBSD login.conf support - (untested on BSD/OS) based on a patch from Michael D. Marchionna. - configure now does substitution on the man pages, allowing us to - fix up the paths and set the section correctly. Based on an idea - from Michael D. Marchionna. + sudo.cat, sudo.pod, sudo.man.in, sudoers.cat, sudoers.pod, + visudo.cat, visudo.pod, sudoers.man.in, visudo.man.in: Add + FreeBSD login.conf support (untested on BSD/OS) based on a patch + from Michael D. Marchionna. configure now does substitution on + the man pages, allowing us to fix up the paths and set the + section correctly. Based on an idea from Michael D. Marchionna. + +2000-03-22 19:27 millert + + * auth/passwd.c: Better fix for handling HP-UX aging info. -2000-03-22 17:20 millert +2000-03-22 19:20 millert * sudo.c: Add support for set_logname run-time default -2000-03-22 17:17 millert +2000-03-22 19:17 millert - * sudo.man.in: configure does substitution on these to produce - *.man + * sudo.man.in, sudoers.man.in, visudo.man.in: configure does + substitution on these to produce *.man -2000-03-22 17:16 millert +2000-03-22 19:16 millert - * sudo.man: These files now get generated from *.man.in at - configure time. + * sudo.man, sudoers.man, visudo.man: These files now get generated + from *.man.in at configure time. -2000-03-22 16:40 millert +2000-03-22 18:40 millert * defaults.c, defaults.h: Add set_logname option so users can turn - off setting of LOGNAME/USER environment variables. + off setting of LOGNAME/USER environment variables. -2000-03-22 08:53 millert +2000-03-22 10:53 millert - * lsearch.c, parse.c: kill register + * testsudoers.c, lsearch.c, parse.c: kill register -2000-03-13 09:05 millert +2000-03-13 15:52 millert + + * auth/passwd.c: HP-UX adds extra info at the end for password + aging so when comparing the result of crypt to pw_passwd we only + compare the first len(epass) bytes *unless* the user entered an + empty string for a password. + +2000-03-13 11:05 millert * logging.c: Get rid of grandchild hack, it was causing problems - and there is really no need for it. This fixes a bug where we spin - eating up CPU when the user runs a long-running process like a - shell. + and there is really no need for it. This fixes a bug where we + spin eating up CPU when the user runs a long-running process like + a shell. -2000-03-07 12:26 millert +2000-03-07 14:26 millert * sudo.c: User can always specify a login class if he/she is - already root. + already root. -2000-03-06 21:29 millert +2000-03-06 23:29 millert * config.h.in, configure, configure.in, defaults.c, defaults.h, - sudo.c, sudo.h: FreeBSD login class (login.conf) support. + sudo.c, sudo.h: FreeBSD login class (login.conf) support. + +2000-03-06 14:42 millert + + * auth/sudo_auth.c: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes + secureware support -2000-03-01 19:01 millert +2000-03-03 18:04 millert + + * auth/passwd.c: Truncate unencrypted password to 8 chars if + encrypted password is exactly 13 characters (indicateing standard + a DES password). Many versions of crypt() do this for you, but + not all (like HP-UX's). + +2000-03-01 21:01 millert * INSTALL, RUNSON: Mention that gcc on dynix may have problems -2000-02-29 15:46 millert +2000-02-29 17:46 millert * Makefile.in: Link visudo with NET_LIBS since we now call syslog - via defaults.c + via defaults.c -2000-02-29 15:41 millert +2000-02-29 17:41 millert * defaults.c: Use Argv[0] as the first arg to openlog() since - visudo uses this too. + visudo uses this too. -2000-02-28 16:58 millert +2000-02-28 18:58 millert * sudo.c: Stash coredumpsize resource limit and retsore it before - the exec() Otherwise the child ends up with a coredumpsize of 0. + the exec() Otherwise the child ends up with a coredumpsize of 0. -2000-02-26 20:56 millert +2000-02-26 22:56 millert * sudo.cat, sudo.man, sudo.pod: document -S flag -2000-02-26 20:54 millert +2000-02-26 22:54 millert * sudo.c: fix usage string -2000-02-26 20:48 millert +2000-02-26 22:48 millert + + * CHANGES, RUNSON, TODO, sudo.c, sudo.h, tgetpass.c, + auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Added + -S flag (read passwd from stdin) and tgetpass_flags global that + holds flags to be passed in to tgetpass(). Change echo_off param + to tgetpass() into a flags field. There are currently 2 possible + flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(), + abstract the echo set/clear via macros and if (flags & TGP_ECHO) + but echo is not set on the terminal, but sure to set it. + +2000-02-26 22:11 millert - * CHANGES, RUNSON, TODO, sudo.c, sudo.h: Added -S flag (read passwd - from stdin) and tgetpass_flags global that holds flags to be passed - in to tgetpass(). Change echo_off param to tgetpass() into a flags - field. There are currently 2 possible flags for tgetpass(): - TGP_ECHO and TGP_STDIN. In tgetpass(), abstract the echo set/clear - via macros and if (flags & TGP_ECHO) but echo is not set on the - terminal, but sure to set it. + * tgetpass.c: Fixed a bug that caused an infinite loop when the + password timeout was disabled. -2000-02-18 10:56 millert +2000-02-18 12:56 millert - * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h: Add - rootpw, runaspw, and targetpw options. + * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h, + sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add rootpw, + runaspw, and targetpw options. -2000-02-18 10:11 millert +2000-02-18 12:11 millert - * CHANGES, defaults.c: enveditor -> env_editor + * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod, + visudo.c: enveditor -> env_editor -2000-02-15 17:07 millert +2000-02-15 19:07 millert * BUGS, INSTALL, Makefile.in, README, configure, configure.in, - sudo.cat, sudo.man: crank versino to 1.6.3 + sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, + visudo.cat, visudo.man: crank versino to 1.6.3 -2000-02-15 17:03 millert +2000-02-15 19:03 millert - * INSTALL, TODO, defaults.c, defaults.h: Add 'editor' and - 'enveditor' sudoers defaults and make visudo honor them. This - means that visudo will now parse the sudoers file *before* it is - edited so a bogus sudoers file will cause a warning to go to - stderr. Also, visudo checks the variables once--it does not check - them after each editor run since that could be confusing. + * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man, + sudoers.pod, visudo.c: Add 'editor' and 'enveditor' sudoers + defaults and make visudo honor them. This means that visudo will + now parse the sudoers file *before* it is edited so a bogus + sudoers file will cause a warning to go to stderr. Also, visudo + checks the variables once--it does not check them after each + editor run since that could be confusing. -2000-02-15 16:49 millert +2000-02-15 18:49 millert * RUNSON: 1.6.2 -> 1.6.2p1 -2000-02-15 16:36 millert +2000-02-15 18:36 millert * check.c, sudo.c, sudo.h: Move user_is_exempt prototype into - sudo.h + sudo.h -2000-02-13 11:38 millert +2000-02-13 13:38 millert * configure, configure.in: Fix thinko, some && should have been || - in the last commit + in the last commit -2000-02-13 11:28 millert +2000-02-13 13:28 millert * configure, configure.in: Don't initialized Makefile variables to - be NULL since the user may want to import variables from their - environment. + be NULL since the user may want to import variables from their + environment. -2000-02-03 19:09 millert +2000-02-03 21:09 millert * configure, configure.in: typo -2000-01-27 13:01 millert +2000-01-27 15:01 millert * INSTALL, RUNSON, configure, configure.in: Make pam work on HP-UX - 11.0;jaearick@colby.edu + 11.0;jaearick@colby.edu -2000-01-27 13:01 millert +2000-01-27 15:01 millert * CHANGES: recent changes; prepare for 1.6.2p1 -2000-01-26 21:31 millert +2000-01-26 23:31 millert * find_path.c: Don't apply SECURE_PATH if user is example; - jmknoble@pobox.com + jmknoble@pobox.com -2000-01-26 14:21 millert +2000-01-26 16:21 millert + + * sudoers.cat, sudoers.man, sudoers.pod: Expanded docs on sudoers + 'defaults' options based on INSTALL file info. + +2000-01-26 16:21 millert * INSTALL: Fix some while lies -2000-01-24 08:48 millert +2000-01-24 10:48 millert * Makefile.in: When making a bindist, link FAQ to TROUBLESHOOTING - instead of copying. + instead of copying. + +2000-01-23 22:57 millert + + * sudoers.cat, sudoers.man, sudoers.pod: Add netgroup caveat -2000-01-23 20:42 millert +2000-01-23 22:42 millert * RUNSON: Last minute updates -2000-01-23 20:26 millert +2000-01-23 22:26 millert * TROUBLESHOOTING: PAM entry -2000-01-23 20:03 millert +2000-01-23 22:23 millert + + * auth/pam.c: correct a comment + +2000-01-23 22:03 millert * CHANGES, RUNSON: update for 1.6.2 -2000-01-20 09:15 millert +2000-01-23 21:59 millert + + * auth/pam.c: Better detection of PAM errors and fix custom prompts + with PAM. Based on patches from "Cloyce D. Spradling" + + +2000-01-20 11:15 millert * snprintf.c: Cast ULONG_MAX to unsigned long long when comparing - to an unsigned long long value. + to an unsigned long long value. -2000-01-19 12:07 millert +2000-01-19 14:07 millert - * CHANGES, config.h.in, configure, configure.in: Fix sudoers - locking in visudo. We now lock the sudoers file itself, not the - temp file (since locking the temp file can foul up editors). The - previous locking scheme didn't work because the fd was closed too - early. + * CHANGES, config.h.in, configure, configure.in, visudo.c: Fix + sudoers locking in visudo. We now lock the sudoers file itself, + not the temp file (since locking the temp file can foul up + editors). The previous locking scheme didn't work because the fd + was closed too early. -2000-01-19 11:37 millert +2000-01-19 13:37 millert * configure, config.h.in, configure.in: Don't need test for - ftruncate() any more. + ftruncate() any more. -2000-01-18 19:23 millert +2000-01-18 21:23 millert * configure, configure.in: Add a test for the -Aa flag w/ HP-UX's - cc. Fixes compilation with the unbundled HP-UX cc. + cc. Fixes compilation with the unbundled HP-UX cc. -2000-01-17 16:46 millert +2000-01-18 17:00 millert + + * sudoers.cat, sudoers.man, sudoers.pod: "a a" -> "a"; Aaron + Campbell + +2000-01-17 18:46 millert * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h, - parse.yacc, sudo.c, sudo.h: update copyright year on changed files + parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, + tgetpass.c, version.h, visudo.c: update copyright year on changed + files -2000-01-17 16:45 millert +2000-01-17 18:45 millert * RUNSON: updates -2000-01-17 16:45 millert +2000-01-17 18:45 millert * CHANGES: aix fix -2000-01-17 16:42 millert +2000-01-17 18:42 millert * INSTALL: Crank version to 1.6.2 -2000-01-17 16:11 millert +2000-01-17 18:11 millert * configure: Crank version to 1.6.2 -2000-01-17 15:46 millert +2000-01-17 17:46 millert * sudo.c: When using rlimit check for RLIM_INFINITY When computing - the value of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) + the value of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) -2000-01-17 10:32 millert +2000-01-17 12:32 millert * CHANGES: recent changes -2000-01-17 10:28 millert +2000-01-17 12:28 millert - * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man: - Crank version to 1.6.2 + * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man, + sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: + Crank version to 1.6.2 -2000-01-17 10:25 millert +2000-01-17 12:25 millert - * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h: Add - 'shell_noargs' runtime option back in. We have to defer checking - until after the sudoers file has been parsed but since there are - now other options that operate that way this one can too. Based on - a patch from bguillory@email.com. + * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: Add + 'shell_noargs' runtime option back in. We have to defer checking + until after the sudoers file has been parsed but since there are + now other options that operate that way this one can too. Based + on a patch from bguillory@email.com. -2000-01-16 21:05 millert +2000-01-16 23:05 millert * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: Add "listpw" and - "verifypw" options. + "verifypw" options. + +2000-01-16 22:57 millert + + * sudoers.cat, sudoers.man, sudoers.pod: o Fix some typos/omissions + o Add section on verifypw and listpw o Define how NOPASSWD + interacts with the -v and -l flags -2000-01-14 10:39 millert +2000-01-14 12:39 millert * configure, configure.in: For HP-UX cc, add -Aa to CPPFLAGS. For - HP-UX always add -D_HPUX_SOURCE to CPPFLAGS. + HP-UX always add -D_HPUX_SOURCE to CPPFLAGS. -2000-01-14 10:29 millert +2000-01-14 12:29 millert * defaults.c, defaults.h: In struct sudo_defs_types, move the union - to the end and don't initialize the union member since that only - works with an ANSI compiler. We set the value of the union by hand - in init_defaults() anyway. This allows sudo to compile on a K&R - compiler again. + to the end and don't initialize the union member since that only + works with an ANSI compiler. We set the value of the union by + hand in init_defaults() anyway. This allows sudo to compile on a + K&R compiler again. -2000-01-11 11:20 millert +2000-01-11 13:20 millert - * parse.c, parse.h, parse.yacc: netgr_matches needs to check shost - as well as host since they may be different. + * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: + netgr_matches needs to check shost as well as host since they may + be different. -2000-01-02 21:53 millert +2000-01-11 13:17 millert + + * tgetpass.c: End on \r as well as \n + +2000-01-02 23:53 millert * sudo.c: Update statbuf.st_mode based on SUDOERS_MODE when we are - chaning from 0400 to whatever SUDOERS_MODE is (converting from the - old sudoers mode). Assumes that SUDOERS_MODE is less restrictive - than 0400 which should always be the case. + chaning from 0400 to whatever SUDOERS_MODE is (converting from + the old sudoers mode). Assumes that SUDOERS_MODE is less + restrictive than 0400 which should always be the case. -2000-01-02 21:43 millert +2000-01-02 23:43 millert * parse.c, parse.yacc, sudo.c, sudo.h: Make treatment of -l and -v - sane wrt NOPASSWD flags. Now allow -l w/o a passwd if there is - *any* entry for the user on the host with a NOPASSWD flag. For -v, - only allow w/o a passwd if *all* entries for the user on the host - w/ the specified runas user have the NOPASSWD flag set. + sane wrt NOPASSWD flags. Now allow -l w/o a passwd if there is + *any* entry for the user on the host with a NOPASSWD flag. For + -v, only allow w/o a passwd if *all* entries for the user on the + host w/ the specified runas user have the NOPASSWD flag set. -2000-01-02 21:26 millert +2000-01-02 23:26 millert * Makefile.in: add check target -1999-12-09 22:09 millert +1999-12-16 13:02 millert + + * visudo.c: Treat EOF at whatnow prompt like 'x' instead of + looping. + +1999-12-10 00:09 millert * CHANGES: recent changes -1999-12-08 21:04 millert +1999-12-08 23:04 millert * config.h.in, configure, configure.in, sudo.c: Add check for - initgroups() since old SYSV lacks this. + initgroups() since old SYSV lacks this. -1999-12-08 20:54 millert +1999-12-08 22:54 millert * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, - configure.in, parse.c: o Kill HAVE_FNMATCH_H o Only define - HAVE_FNMATCH if exists. + configure.in, parse.c, testsudoers.c: o Kill HAVE_FNMATCH_H o + Only define HAVE_FNMATCH if exists. -1999-12-05 23:47 millert +1999-12-06 01:47 millert - * CHANGES, RUNSON, insults.h: Don't allow insults to be enabled if - the insults[] array is empty. Otherwise there would be division by - zero. + * CHANGES, RUNSON, insults.h, auth/sudo_auth.c: Don't allow insults + to be enabled if the insults[] array is empty. Otherwise there + would be division by zero. -1999-12-05 23:25 millert +1999-12-06 01:25 millert * insults.h: Don't care about USE_INSULTS #define since the insult - stuff may be overridden at runtime. + stuff may be overridden at runtime. -1999-12-05 17:14 millert +1999-12-06 01:23 millert + + * auth/sudo_auth.c: Honor insults flag. + +1999-12-05 19:14 millert * CHANGES, parse.c: Don't ask the user for a password if the user - is not allowed to run the command and the authenticate flag (in - sudoers) is false. + is not allowed to run the command and the authenticate flag (in + sudoers) is false. -1999-12-05 17:05 millert +1999-12-05 19:05 millert * CHANGES, RUNSON, lex.yy.c, parse.lex: o Whenever we get a bare - newline we change to the INITIAL state. o Enter GOTRUNAS when we - see Runas_Alias - - This allows #uid to work in a RunasAlias. + newline we change to the INITIAL state. o Enter GOTRUNAS when we + see Runas_Alias -1999-12-05 12:06 millert + This allows #uid to work in a RunasAlias. + +1999-12-05 14:06 millert * CHANGES, parse.yacc: fix parsing of runas lists: o oprunasuser - and runaslist now return a value o in a runasspec, if a runaslist - does not return TRUE, set runas_matches to FALSE. Normally, a - runaslist only returns FALSE for explicitly denied users. o - since runaslist does not modify the stack there is no need for a - push/pop in runasalias. + and runaslist now return a value o in a runasspec, if a runaslist + does not return TRUE, set runas_matches to FALSE. Normally, a + runaslist only returns FALSE for explicitly denied users. o + since runaslist does not modify the stack there is no need for a + push/pop in runasalias. -1999-12-04 19:54 millert +1999-12-04 21:54 millert * check.c, sudo.c: Don't kill the user's tickets until after - sudoers has been parsed since tty_tickets and ticket_dir could be - set in sudoers. + sudoers has been parsed since tty_tickets and ticket_dir could be + set in sudoers. -1999-12-04 19:18 millert +1999-12-04 21:18 millert * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON, - configure, configure.in, sudo.cat, sudo.man: crank version to 1.6 + configure, configure.in, sudo.cat, sudo.man, sudoers.cat, + sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: crank + version to 1.6 + +1999-12-04 21:18 millert -1999-12-02 13:31 millert + * testsudoers.c: add set_fqdn() stub - * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h: o Kill - shell_noargs option, it cannot work since the command needs to be - set before sudoers is parsed. o Fix the "set_home" sudoers option - (only worked at compile time). o Fix "fqdn" sudoers option. We - now set host/shost via set_fqdn which gets called when the "fqdn" - option is set in sudoers. o Move the openlog() to - store_syslogfac() so this gets overriden correctly from the - sudoers file. +1999-12-02 15:31 millert -1999-11-28 18:56 millert + * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat, + sudoers.man, sudoers.pod, visudo.c: o Kill shell_noargs option, + it cannot work since the command needs to be set before sudoers + is parsed. o Fix the "set_home" sudoers option (only worked at + compile time). o Fix "fqdn" sudoers option. We now set + host/shost via set_fqdn which gets called when the "fqdn" + option is set in sudoers. o Move the openlog() to + store_syslogfac() so this gets overriden correctly from the + sudoers file. - * sudo.pod, sudo.cat, sudo.man: fix some syntactic goofs +1999-12-02 15:21 millert -1999-11-28 16:51 millert + * auth/securid.c: SecurID support should compile now. - * sudo.html, Makefile.in: No longer need the .html files as they - are generated automatically on the web site. +1999-11-28 20:56 millert -1999-11-28 16:49 millert + * sudo.pod, visudo.pod, sudo.cat, sudo.man, sudoers.man, + visudo.man, sudoers.cat, visudo.cat: fix some syntactic goofs + +1999-11-28 18:51 millert + + * sudo.html, sudoers.html, Makefile.in, visudo.html: No longer need + the .html files as they are generated automatically on the web + site. + +1999-11-28 18:49 millert * CHANGES, LICENSE: kill characters that made wml unhappy -1999-11-28 16:34 millert +1999-11-28 18:34 millert * HISTORY: typo -1999-11-25 10:05 millert +1999-11-25 12:05 millert * README: majordomo@cs.colorado.edu -> majordomo@courtesan.com -1999-11-24 17:43 millert +1999-11-24 19:43 millert * Makefile.in, configure: Wrap script execution w/ /bin/sh for the - benefit of ctm + benefit of ctm -1999-11-23 20:52 millert +1999-11-23 22:52 millert * sudo.c: Make the -s flag be exclusive too. Also reorder the - flags in the exclusive usage message so they are alphabetical. + flags in the exclusive usage message so they are alphabetical. + +1999-11-23 13:27 millert -1999-11-23 11:07 millert + * auth/pam.c: make pam errors other than PAM_PERM_DENIED fatal + +1999-11-23 13:07 millert + + * auth/API: fix typo + +1999-11-23 13:07 millert * INSTALL: make it clear that /etc/pam.d/sudo is required on linux -1999-11-22 22:43 millert +1999-11-23 13:06 millert + + * auth/pam.c: fix a warning on redhat and spew an error if + pam_authenticate() returns an error other than AUTH_SUCCESS or + PAM_PERM_DENIED + +1999-11-23 00:43 millert * sudo.cat, sudo.html, sudo.man, sudo.pod: Be very clear that the - password required is the user's not root's + password required is the user's not root's -1999-11-19 19:04 millert +1999-11-19 21:04 millert * Makefile.in: add sample.syslog.conf to DISTFILES and BINFILES -1999-11-18 17:13 millert +1999-11-18 19:13 millert * RUNSON: updates from Brian Jackson + some formatting -1999-11-17 19:39 millert +1999-11-17 21:39 millert * INSTALL.binary, Makefile.binary, README, RUNSON: o One RUNSon - update o Changes for automating real binary releases + update o Changes for automating real binary releases -1999-11-17 19:38 millert +1999-11-17 21:38 millert * Makefile.in: Add bindist target -1999-11-16 14:26 millert +1999-11-16 16:26 millert * TROUBLESHOOTING: talk about run-time options in addition to - compile-time options + compile-time options -1999-11-15 23:16 millert +1999-11-16 01:16 millert * CHANGES: fix typos -1999-11-15 23:09 millert +1999-11-16 01:09 millert * sudo.c: need sys/time.h if HAVE_SETRLIMIT -1999-11-15 22:42 millert +1999-11-16 00:42 millert * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man, - sudo.pod: get rid of references to sudo-bugs. Now mention the web - site or the sudo@ alias + sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: get + rid of references to sudo-bugs. Now mention the web site or the + sudo@ alias + +1999-11-16 00:35 millert -1999-11-15 22:28 millert + * sudoers.html: repair pod2html damage + +1999-11-16 00:28 millert * RUNSON, TODO: Update for 1.6 release -1999-11-09 13:06 millert +1999-11-16 00:23 millert + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Add warning + about using ALL in a command context. + +1999-11-09 15:12 millert + + * visudo.c: Call yyrestart() on a parse error to reset the lexer + state. + +1999-11-09 15:06 millert * parse.lex, lex.yy.c: Don't need YY_FLUSH_BUFFER after all Move - yyrestart() into visudo.c since it might not get called in yywrap + yyrestart() into visudo.c since it might not get called in yywrap if we get a parse error (and we only reread the file on error - anyway). + anyway). -1999-11-09 12:32 millert +1999-11-09 14:32 millert * parse.lex, lex.yy.c: Call YY_FLUSH_BUFFER macro in yywrap() to - clean up any buffers that might still exist. Call yyrestart() - instead of using the deprecated YY_NEW_FILE macro. + clean up any buffers that might still exist. Call yyrestart() + instead of using the deprecated YY_NEW_FILE macro. -1999-11-09 10:13 millert +1999-11-09 12:13 millert * lex.yy.c, parse.lex: flex doesn't need %N table size declarations -1999-11-08 16:59 millert +1999-11-08 19:00 millert + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Mention what + characters need to be escaped in names. + +1999-11-08 18:59 millert * configure: regen -1999-11-08 16:59 millert +1999-11-08 18:59 millert * INSTALL: clarify Mac OS X entry -1999-11-08 16:59 millert +1999-11-08 18:59 millert * RUNSON: update -1999-11-08 15:45 millert +1999-11-08 17:45 millert * configure.in: o Use AC_MSG_ERROR throughout o Check syslog - configure options for danity + configure options for danity -1999-11-05 15:11 millert +1999-11-05 17:11 millert * defaults.c: Fix printing of type T_MODE in dump_defaults() -1999-11-05 10:00 millert +1999-11-05 12:00 millert * strcasecmp.c: missing sys/types.h -1999-11-04 22:42 millert +1999-11-05 00:42 millert * INSTALL: Break out options that may be overridden at run time - into their own section. Add a not about Max OS X and correct some - lies. + into their own section. Add a not about Max OS X and correct + some lies. -1999-11-04 12:01 millert +1999-11-04 14:01 millert * CHANGES, config.h.in, configure, configure.in, sudo.c: o Now use - getrlimit to find the highest fd when closing all non-std fd's o - Turn off core dumps via setrlimit for the sake of paranoia + getrlimit to find the highest fd when closing all non-std fd's o + Turn off core dumps via setrlimit for the sake of paranoia -1999-11-04 11:57 millert +1999-11-04 13:57 millert * RUNSON: updates -1999-11-01 08:59 millert +1999-11-01 10:59 millert * CHANGES: updates -1999-11-01 08:43 millert +1999-11-01 10:58 millert + + * tgetpass.c: When read()'ing, do a single character at a time to + be sure we don't go oast the newline. + +1999-11-01 10:43 millert * sudo.c: For the sudo_root option, check against user_uid, not - getuid() since at this point, ruid == euid == 0. + getuid() since at this point, ruid == euid == 0. -1999-10-31 21:14 millert +1999-10-31 23:14 millert * RUNSON: some updates -1999-10-31 21:14 millert +1999-10-31 23:14 millert * logging.h: Fix compilation problem when --with-logging=file was - specified. This means that syslog is now required to build sudo - but that should not be a problem. If it is it can be fixed - trivially with a configure check for syslog() or syslog.h. + specified. This means that syslog is now required to build sudo + but that should not be a problem. If it is it can be fixed + trivially with a configure check for syslog() or syslog.h. + +1999-10-31 23:00 millert -1999-10-20 09:23 millert + * tgetpass.c: Make this work again for things like "sudo echo hi | + more" where the tty gets put into character at a time mode. We + read until we read end of line or we run out of space (similar to + fgets(3)). + +1999-10-20 11:23 millert + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: change ital + to bold + +1999-10-20 11:23 millert * RUNSON: update -1999-10-16 11:56 millert +1999-10-16 13:56 millert * defaults.c: Error out if syslog parameters are given without a - value. For Ultrix or 4.2BSD "syslog" is allowed without a value - since there are no facilities in the 4.2BSD syslog. + value. For Ultrix or 4.2BSD "syslog" is allowed without a value + since there are no facilities in the 4.2BSD syslog. -1999-10-15 14:37 millert +1999-10-15 16:37 millert * defaults.c: Ignore the syslog facility for systems w/ old syslog - like Ultrix. + like Ultrix. -1999-10-15 10:51 millert +1999-10-15 12:51 millert * TROUBLESHOOTING: people with "." early in their path can have - problems running sudo from the build dir ;-) + problems running sudo from the build dir ;-) -1999-10-12 22:18 millert +1999-10-13 00:18 millert * sudo.man, sudo.pod, sudo.cat, sudo.html: Remove -r realm option -1999-10-12 20:34 millert +1999-10-12 22:34 millert - * configure, configure.in, sudo.c: New krb5 code from Frank Cusack - . + * configure, configure.in, sudo.c, auth/kerb5.c, auth/sudo_auth.c, + auth/sudo_auth.h: New krb5 code from Frank Cusack + . -1999-10-12 20:33 millert +1999-10-12 22:33 millert * CHANGES: update to reality -1999-10-11 18:05 millert +1999-10-11 20:53 millert + + * auth/fwtk.c: include to get function prototypes. + +1999-10-11 20:05 millert * sudo.cat, sudo.html, sudo.man, sudo.pod: document -L flag -1999-10-11 17:42 millert +1999-10-11 19:42 millert * sudo.c: in set_perms(), always call setuid(0) before changing the - ruid/euid so we always know it will succeed. + ruid/euid so we always know it will succeed. -1999-10-11 10:24 millert +1999-10-11 12:24 millert * defaults.h: #undef T_FOO to avoid conflicts with system defines - (like on ULTRIX). + (like on ULTRIX). -1999-10-11 09:55 millert +1999-10-11 11:55 millert - * TODO, sample.sudoers: Docuement "Defaults" lines in /etc/sudoers. - Still needs some fleshing out but this is a start. + * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man, + sudoers.pod: Docuement "Defaults" lines in /etc/sudoers. Still + needs some fleshing out but this is a start. -1999-10-10 15:21 millert +1999-10-10 17:21 millert - * defaults.c, defaults.c: use strtol, not strtoul since not - everyone has not strtoul + * defaults.c: use strtol, not strtoul since not everyone has not + strtoul -1999-10-10 13:01 millert +1999-10-10 15:01 millert * lex.yy.c, parse.lex: last {WORD} rule should only apply in the - INITIAL state + INITIAL state -1999-10-10 12:38 millert +1999-10-10 14:38 millert * lex.yy.c, parse.lex: o Add support for escaped characters in the - WORD macro o Modify fill() to squash escape chars + WORD macro o Modify fill() to squash escape chars -1999-10-10 11:56 millert +1999-10-10 13:56 millert * defaults.c, defaults.h: o Add T_PATH flag to allow simple sanity - checks for default values that are supposed to be pathnames. o - Fix a duplicate free when visudo finds an error. + checks for default values that are supposed to be pathnames. o + Fix a duplicate free when visudo finds an error. -1999-10-08 23:01 millert +1999-10-09 01:01 millert * defaults.c, defaults.h, logging.c: mail_if_foo -> mail_foo -1999-10-07 19:12 millert +1999-10-07 21:12 millert - * compat.h, defaults.c, defaults.h, sudo.c: o Add requiretty option - o Move O_NOCTTY to compat.h + * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: o Add + requiretty option o Move O_NOCTTY to compat.h -1999-10-07 19:12 millert +1999-10-07 21:12 millert * logging.c: The exit() in log_error() was mistakenly removed in a - previous version. Put it back... + previous version. Put it back... -1999-10-07 15:20 millert +1999-10-07 17:20 millert * INSTALL, TODO, check.c, config.h.in, configure, configure.in, - defaults.c, defaults.h, find_path.c, getspwuid.c, lex.yy.c, - logging.c, parse.yacc, sudo.c: o Change defaults stuff to put the - value right in the struct. o Implement mailer_flags o Store syslog - stuff both in int and string form. Setting the string form - magically updates the int version. o Add boolean attribute to - strings where it makes sense to say !foo + defaults.c, defaults.h, find_path.c, getspwuid.c, lex.yy.c, + logging.c, parse.yacc, sudo.c, auth/aix_auth.c, auth/fwtk.c, + auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: o + Change defaults stuff to put the value right in the struct. o + Implement mailer_flags o Store syslog stuff both in int and + string form. Setting the string form magically updates the int + version. o Add boolean attribute to strings where it makes sense + to say !foo + +1999-10-07 17:13 millert + + * tgetpass.c: add O_NOCTTY when opening /dev/tty just in case + +1999-10-06 00:48 millert -1999-10-05 22:48 millert + * auth/API: cleanup function no longer takes a status arg + +1999-10-06 00:48 millert * INSTALL: the the -1999-09-15 03:15 millert +1999-09-15 05:15 millert * TODO, config.h.in, configure, configure.in, logging.c: Use - strftime() instead of ctime() if it is available. + strftime() instead of ctime() if it is available. -1999-09-14 10:58 millert +1999-09-14 12:58 millert * defaults.c: fix copyright date -1999-09-14 10:57 millert +1999-09-14 12:57 millert * RUNSON: update ReliantUNIX entry -1999-09-14 10:56 millert +1999-09-14 12:56 millert * defaults.c, defaults.h, logging.c: add log_year option -1999-09-14 02:01 millert +1999-09-14 04:01 millert * configure, configure.in: add --without-sendmail to help output -1999-09-14 01:42 millert +1999-09-14 03:42 millert * configure, configure.in: enforce an otctal arg for - --with-suoders-mode + --with-suoders-mode -1999-09-08 02:06 millert +1999-09-08 04:06 millert * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, check.c, - config.h.in, configure, configure.in, defaults.c, defaults.h, - find_path.c, lex.yy.c, logging.c, parse.h, parse.lex, parse.yacc, - sudo.c, sudo.h: Add support for "Defaults" line in sudoers to make - configuration variables changable at runtime (and on a global, - per-host and per-user basis). Both the names and the internal - representation are still subject to change. It was necessary to - make sudo_user.runas but a char ** instead of a char * since this - value can be changed by a Defaults line. There is a similar (but - more complicated) issue with sudo_user.prompt but it is handled - differently at the moment. - - Add a "-L" flag to list the name of options with their - descriptions. This may only be temporary. - - Move some prototypes to parse.h - - Be much less restrictive on what is allowed for a username. - -1999-09-08 02:01 millert + config.h.in, configure, configure.in, defaults.c, defaults.h, + find_path.c, lex.yy.c, logging.c, parse.h, parse.lex, parse.yacc, + sudo.c, sudo.h, sudo.tab.h, testsudoers.c, version.c, visudo.c, + auth/aix_auth.c, auth/fwtk.c, auth/kerb5.c, auth/pam.c, + auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: Add support for + "Defaults" line in sudoers to make configuration variables + changable at runtime (and on a global, per-host and per-user + basis). Both the names and the internal representation are still + subject to change. It was necessary to make sudo_user.runas but + a char ** instead of a char * since this value can be changed by + a Defaults line. There is a similar (but more complicated) issue + with sudo_user.prompt but it is handled differently at the + moment. + + Add a "-L" flag to list the name of options with their + descriptions. This may only be temporary. + + Move some prototypes to parse.h + + Be much less restrictive on what is allowed for a username. + +1999-09-08 04:01 millert * sample.syslog.conf: Add more info -1999-09-04 01:09 millert +1999-09-04 03:09 millert * fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c, - strcasecmp.c, LICENSE: UCB has dropped the advertising clause from - their license. + strcasecmp.c, LICENSE: UCB has dropped the advertising clause + from their license. + +1999-08-31 05:39 millert + + * auth/sudo_auth.h: move dce_verofy proto to correct section + +1999-08-31 05:39 millert -1999-08-28 04:00 millert + * auth/dce.c: remove XXX - * fnmatch.c, parse.c: Move inclusion of emul/fnmatch.h to be after - sudo.h for __P +1999-08-28 06:00 millert -1999-08-28 03:59 millert + * emul/fnmatch.h: Add fnmatch() prototype + +1999-08-28 06:00 millert + + * fnmatch.c, parse.c, testsudoers.c: Move inclusion of + emul/fnmatch.h to be after sudo.h for __P + +1999-08-28 05:59 millert * sudo.h: add strcasecmp proto -1999-08-28 03:36 millert +1999-08-28 05:50 millert + + * auth/sudo_auth.c: add check for case where there are no auth + methods + +1999-08-28 05:36 millert * configure, configure.in: Define _XOPEN_EXTENDED_SOURCE on AIX and - __USE_FIXED_PROTOTYPES__ on SunOS4 w/ gcc + __USE_FIXED_PROTOTYPES__ on SunOS4 w/ gcc -1999-08-28 03:24 millert +1999-08-28 05:24 millert * getspwuid.c, lex.yy.c, parse.lex, parse.yacc: include strings.h - everywhere we include string.h + everywhere we include string.h + +1999-08-28 05:22 millert + + * version.c: nicer output when showing auth methods + +1999-08-28 05:00 millert -1999-08-28 02:49 millert + * version.c: Add support for SEND_MAIL_WHEN_NO_HOST + +1999-08-28 04:49 millert * config.h.in, configure.in, configure: Add _GNU_SOURCE for Linux -1999-08-28 02:22 millert +1999-08-28 04:22 millert * parse.lex, lex.yy.c: fix definition of OCTECT -1999-08-28 02:10 millert +1999-08-28 04:10 millert * configure, configure.in: aix_auth.o not authenticate.o -1999-08-27 15:02 millert +1999-08-27 17:02 millert * sudo.c: Only block SIGINT, SIGQUIT, SIGTSTP (which can be - generated from the keyboard). Since we run with ruid/euid == 0 the - user can't really signal us in nasty ways. + generated from the keyboard). Since we run with ruid/euid == 0 + the user can't really signal us in nasty ways. + +1999-08-27 17:01 millert -1999-08-27 14:09 millert + * visudo.c: Don't need to worry about catching too many signals + since we do locking on the tmp file. If a lockfile is really + stale, it will be detected and overwritten. + +1999-08-27 16:09 millert * INSTALL, Makefile.in: include auth/API in tarball -1999-08-27 09:53 millert +1999-08-27 16:09 millert + + * auth/sudo_auth.c: move memset() of plaintext pw outside of verify + loop and only do the memset if we are *not* in standalone mode. + +1999-08-27 13:46 millert + + * auth/: sudo_auth.c, sudo_auth.h: DCE is not a standalone method + +1999-08-27 11:53 millert * sudo.c: fix --enable-noargs-shell -1999-08-27 09:06 millert +1999-08-27 11:06 millert * snprintf.c: "#ifdef __STDC__" not "#if __STDC__" (I missed one) -1999-08-27 08:39 millert +1999-08-27 10:54 millert + + * auth/: fwtk.c, sia.c: _cleanup() function returns an int. + +1999-08-27 10:50 millert + + * auth/dce.c: there were still some return(0)'s hanging around, + make them AUTH_FAILURE + +1999-08-27 10:39 millert + + * parse.c: typo in comment + +1999-08-27 10:03 millert + + * version.c: add missing semicolon + +1999-08-27 08:31 millert - * parse.c: typo in comment + * auth/sudo_auth.h: missing backslash -1999-08-26 15:24 millert +1999-08-26 17:24 millert * CHANGES, config.h.in, configure, configure.in: Kill - _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes + _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes -1999-08-26 07:21 millert +1999-08-26 09:21 millert * Makefile.in: add parse.h to HDRS -1999-08-26 07:16 millert +1999-08-26 09:16 millert * Makefile.in, configure, configure.in: Kill VISUDO_LIBS and - VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and LDFLAGS. Common libs go - in LIBS, commong ld flags go in LDFLAGS and network libs like - -lsocket, -lnsl go in NET_LIBS. This allows testsudoers to build - on Solaris and is a bit cleaner in general. + VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and LDFLAGS. Common libs go + in LIBS, commong ld flags go in LDFLAGS and network libs like + -lsocket, -lnsl go in NET_LIBS. This allows testsudoers to build + on Solaris and is a bit cleaner in general. -1999-08-26 04:56 millert +1999-08-26 06:56 millert * UPGRADE: mention ptmp -> sudoers.tmp -1999-08-26 04:12 millert +1999-08-26 06:12 millert * configure.in, configure, config.h.in: Define - _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE + _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE -1999-08-26 03:37 millert +1999-08-26 05:37 millert * RUNSON: add 2 reports -1999-08-26 03:19 millert +1999-08-26 05:20 millert + + * auth/kerb5.c: Minor changes, mostly cosmetic. + verify_krb_v5_tgt() changed to return a value more like a system + function + +1999-08-26 05:19 millert + + * auth/dce.c: Add an XXX + +1999-08-26 05:19 millert * TODO: more things todo! -1999-08-26 03:18 millert +1999-08-26 05:18 millert * sample.sudoers: update based on what is in the man page -1999-08-26 03:10 millert +1999-08-26 05:10 millert * parse.yacc: minor change to first line printed in -l mode -1999-08-26 03:10 millert +1999-08-26 05:10 millert * sudo.cat, sudo.html, sudo.man, sudo.pod: rename "ENVIRONMENT - VARIABLES" section to "ENVIRONMENT" to be more standard and add - "EXAMPLES" section + VARIABLES" section to "ENVIRONMENT" to be more standard and add + "EXAMPLES" section + +1999-08-26 05:08 millert -1999-08-26 03:06 millert + * visudo.cat, visudo.html, visudo.man, visudo.pod: rename + "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more + standard + +1999-08-26 05:06 millert * logging.c, parse.c, sudo.h: add FLAG_NO_CHECK -1999-08-26 03:05 millert +1999-08-26 05:05 millert * parse.lex, lex.yy.c: make an OCTET really be limited to 0-255 -1999-08-26 03:04 millert +1999-08-26 05:04 millert * UPGRADE: mention timestamp changes -1999-08-26 03:04 millert +1999-08-26 05:04 millert * PORTING: cosmetic cleanup -1999-08-24 11:37 millert +1999-08-26 05:00 millert + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: new + sudoers(8) man page + +1999-08-24 13:45 millert + + * version.c: Update comments about syslog name tables + +1999-08-24 13:37 millert * CHANGES, LICENSE, Makefile.in, configure, strcasecmp.c, - configure.in, parse.yacc: include strcasecmp() for those without it + configure.in, parse.yacc: include strcasecmp() for those without + it -1999-08-24 10:43 millert +1999-08-24 12:43 millert * sample.sudoers: Use the : operator some more and fix a typo -1999-08-24 10:43 millert +1999-08-24 12:43 millert * HISTORY: update the history of sudo -1999-08-24 10:42 millert +1999-08-24 12:42 millert - * parse.c, parse.lex: CIDR-style netmask support + * parse.c, parse.lex, testsudoers.c: CIDR-style netmask support -1999-08-24 10:41 millert +1999-08-24 12:41 millert * CHANGES: recent changes -1999-08-24 10:40 millert +1999-08-24 12:40 millert + + * sudo.tab.h: these should be generated with byacc, not bison + +1999-08-24 12:40 millert * lex.yy.c: regen -1999-08-24 09:58 millert +1999-08-24 11:58 millert - * parse.h, parse.yacc: In "sudo -l" mode, the type of the stored - (expanded) alias was not stored with the contents. This could lead - to incorrect output if the sudoers file had different alias types - with the same name. Normal parsing (ie: not in '-l' mode) is - unaffected. + * parse.h, parse.yacc, sudo.tab.h: In "sudo -l" mode, the type of + the stored (expanded) alias was not stored with the contents. + This could lead to incorrect output if the sudoers file had + different alias types with the same name. Normal parsing (ie: + not in '-l' mode) is unaffected. -1999-08-23 10:47 millert +1999-08-23 12:47 millert * configure, configure.in: define _XOPEN_SOURCE to get at crypt() - proto on some systems + proto on some systems -1999-08-22 11:10 millert +1999-08-22 13:10 millert * snprintf.c: fix comment -1999-08-22 05:36 millert +1999-08-22 13:09 millert + + * tgetpass.c: don't need limits.h + +1999-08-22 07:36 millert * snprintf.c: kill bogus reference to vfprintf -1999-08-22 05:26 millert +1999-08-22 07:26 millert - * sample.sudoers: better examples + * sample.sudoers, sudoers: better examples -1999-08-22 05:23 millert +1999-08-22 07:23 millert * snprintf.c: Add some const in the K&R defs. This is safe since - we define const away if the compiler doesn't grok it. + we define const away if the compiler doesn't grok it. -1999-08-22 05:22 millert +1999-08-22 07:22 millert * aclocal.m4, configure: Better test for working long long support. - Ultrix compiler supports basic long long but not all operations on - them. + Ultrix compiler supports basic long long but not all operations + on them. -1999-08-22 03:59 millert +1999-08-22 05:59 millert * aclocal.m4, config.h.in, configure, getspwuid.c, snprintf.c, - sudo.c: Add check for LONG_IS_QUAD #undef MAXINT before including - hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX - in snprintf.c and use LONG_IS_QUAD + sudo.c, auth/secureware.c: Add check for LONG_IS_QUAD #undef + MAXINT before including hpsecurity.h to silence an HP-UX warning + Check for U?LONG_LONG_MAX in snprintf.c and use LONG_IS_QUAD -1999-08-21 13:00 millert +1999-08-21 15:00 millert * LICENSE, aclocal.m4, config.h.in, configure, configure.in, - snprintf.c: UCB-derived snprintf + asprintf support. Supports - quads if the compiler does. No floating point yet, perhaps - later... + snprintf.c: UCB-derived snprintf + asprintf support. Supports + quads if the compiler does. No floating point yet, perhaps + later... -1999-08-20 14:37 millert +1999-08-20 16:37 millert - * check.c, find_path.c, goodpath.c, logging.c, parse.c, sudo.c: Run - most of the code as root, not the invoking user. It doesn't really - gain us anything to run as the user since an attacker can just have - an setuid(0) in their egg. Running as root solves potential - problems wrt signalling. + * check.c, find_path.c, goodpath.c, logging.c, parse.c, sudo.c, + auth/API, auth/sudo_auth.c, auth/sudo_auth.h: Run most of the + code as root, not the invoking user. It doesn't really gain us + anything to run as the user since an attacker can just have an + setuid(0) in their egg. Running as root solves potential + problems wrt signalling. -1999-08-19 11:45 millert +1999-08-19 13:45 millert * logging.c, sudo.c: Don't wait for child to finish in log_error(), - let the signal handler get it if we are still running, else let - init reap it for us. The extra time it takes to wait lets the user - know that mail is being sent. - - Install SIGCHLD handler in main() and for POSIX signals, block - everything *except* SIGCHLD. + let the signal handler get it if we are still running, else let + init reap it for us. The extra time it takes to wait lets the + user know that mail is being sent. + + Install SIGCHLD handler in main() and for POSIX signals, block + everything *except* SIGCHLD. -1999-08-19 10:30 millert +1999-08-19 12:30 millert * logging.c, parse.c, parse.yacc, sudo.c, configure, sudo.h, - INSTALL, config.h.in, configure.in: sudoers_lookup() now returns a - bitmap instead of an int. This makes it possible to express things - like "failed to validate because user not listed for this host". - Some thigns that were previously VALIDATE_FOO are now FLAG_FOO. - This may change later on. - - Reorganized code in log_auth() and sudo.c to deal with above - changes. - - Safer versions of push/pushcp with in the do { ... } while (0) - style - - parse.yacc now saves info on the stack to allow parse.c to - determine if a user was listed, but not for the host he/she tried - to run on. - - Added --with-mail-if-no-host option - -1999-08-17 09:29 millert - - * parse.yacc, sudo.h: o NewArgv and NewArgc don't need to be - externally visible. o If pedantic > 1, it is a parse error. o Add - -s (strict) option to visudo which sets pedantic to 2. - -1999-08-17 09:26 millert + INSTALL, config.h.in, configure.in: sudoers_lookup() now returns + a bitmap instead of an int. This makes it possible to express + things like "failed to validate because user not listed for this + host". Some thigns that were previously VALIDATE_FOO are now + FLAG_FOO. This may change later on. + + Reorganized code in log_auth() and sudo.c to deal with above + changes. + + Safer versions of push/pushcp with in the do { ... } while (0) + style + + parse.yacc now saves info on the stack to allow parse.c to + determine if a user was listed, but not for the host he/she tried + to run on. + + Added --with-mail-if-no-host option + +1999-08-17 11:29 millert + + * parse.yacc, sudo.h, visudo.c, visudo.cat, visudo.html, + visudo.man, visudo.pod: o NewArgv and NewArgc don't need to be + externally visible. o If pedantic > 1, it is a parse error. o + Add -s (strict) option to visudo which sets pedantic to 2. + +1999-08-17 11:26 millert * HISTORY, INSTALL: Just have sudo-bugs contact info in one place -1999-08-17 09:20 millert +1999-08-17 11:20 millert * sudo.cat, sudo.html, sudo.man, sudo.pod: Add BUGS section -1999-08-17 08:29 millert +1999-08-17 10:29 millert * configure, configure.in, Makefile.in: Add testsudoers to default - build target if --with-devel Don't clean generated parser files - unless "distclean". + build target if --with-devel Don't clean generated parser files + unless "distclean". -1999-08-17 06:47 millert +1999-08-17 08:47 millert * parse.yacc: In pedantic mode we need to save *all* the aliases, - not just those that match, or we get spurious warnings. + not just those that match, or we get spurious warnings. -1999-08-17 03:32 millert +1999-08-17 05:32 millert * TROUBLESHOOTING: reference samples.sylog.conf -1999-08-14 09:50 millert +1999-08-14 11:50 millert * sample.syslog.conf: Sample entries for syslog.conf -1999-08-14 09:40 millert +1999-08-14 11:40 millert * CHANGES: recent changes -1999-08-14 09:34 millert +1999-08-14 11:36 millert + + * auth/: API, afs.c, aix_auth.c, dce.c, fwtk.c, kerb4.c, kerb5.c, + pam.c, passwd.c, rfc1938.c, secureware.c, securid.c, sia.c, + sudo_auth.c, sudo_auth.h: In struct sudo_auth, turn need_root and + configured into flags and add a flag to specify an auth method is + running alone (the only one). Pass auth methods their sudo_auth + pointer, not the data pointer. This allows us to get at the + flags and tell if we are the only auth method. That, in turn, + allows the method to be able to decide what should/should not be + a fatal error. Currently only rfc1938 uses it this way, which + allows us to kill the OTP_ONLY define and te hackery that went + with it. With access to the sudo_auth struct, methods can also + get at a string holding their cannonical name (useful in error + messages). + +1999-08-14 11:34 millert * Makefile.in, INSTALL, README, config.h.in, configure, - configure.in, getspwuid.c, lex.yy.c, parse.lex, parse.yacc: o - --with-otp deprecated, use --without-passwd instead o real - dependencies in the Makefile o --with-devel option to enable yacc, - lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL - goes back to being a token, not a string but don't leak memory o - rename hsotspec -> host in parse.yacc + configure.in, getspwuid.c, lex.yy.c, parse.lex, parse.yacc, + sudo.tab.h: o --with-otp deprecated, use --without-passwd instead + o real dependencies in the Makefile o --with-devel option to + enable yacc, lex, and -Wall o style -- "foo -> bar" becomes + "foo->bar" o ALL goes back to being a token, not a string but + don't leak memory o rename hsotspec -> host in parse.yacc -1999-08-12 10:26 millert +1999-08-12 12:26 millert * BUGS, CHANGES: recent changes -1999-08-12 10:24 millert +1999-08-12 12:24 millert * configure, configure.in, interfaces.c, snprintf.c, sudo.c, - sudo.h: o Digital UNIX needs to check for *snprintf() before -ldb - is added to LIBS since -ldb includes a bogus snprintf(). o Add - forward refs for struct mbuf and struct rtentry for Digital UNIX. - o Reorder some functions in snprintf.c to fix -Wall o Add missing - includes to fix more -Wall + sudo.h, auth/sudo_auth.c: o Digital UNIX needs to check for + *snprintf() before -ldb is added to LIBS since -ldb includes a + bogus snprintf(). o Add forward refs for struct mbuf and struct + rtentry for Digital UNIX. o Reorder some functions in snprintf.c + to fix -Wall o Add missing includes to fix more -Wall -1999-08-12 08:37 millert +1999-08-12 10:37 millert * INSTALL, check.c, config.h.in, configure, configure.in, - parse.yacc: o Add a "pedentic" flag to the parser. This makes sudo - warn in cases where an alias may be used before it is defined. - Only turned on for visudo and testsudoers. o Add - --disable-authentication option that makes sudo not require - authentication by default. The PASSWD tag can be used to require - authentication for an entry. We no longer overload - --without-passwd. + parse.yacc, testsudoers.c, version.c, visudo.c, auth/sudo_auth.c: + o Add a "pedentic" flag to the parser. This makes sudo warn in + cases where an alias may be used before it is defined. Only + turned on for visudo and testsudoers. o Add + --disable-authentication option that makes sudo not require + authentication by default. The PASSWD tag can be used to require + authentication for an entry. We no longer overload + --without-passwd. -1999-08-12 08:29 millert +1999-08-12 10:29 millert * lex.yy.c, parse.lex: Break 'WORD' regexp def into HOSTNAME and - USERNAME. These days a username can contain just about anything so - be very permissive. Also drop the unused \. punctuation. + USERNAME. These days a username can contain just about anything + so be very permissive. Also drop the unused \. punctuation. -1999-08-09 16:25 millert +1999-08-09 18:25 millert * parse.yacc: o add a 'val' element to aliasinfo struct and move -> - parse.h o find_alias() now returns an aliasinfo * instead of - boolean o add_alias() now takes a value parameter to store in the - aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now - return: 1) positive match 0) negative match (due to '!') -1) no - match This means setting $$ explicitly in all cases, which I should - have done in the first place. It also means that we always store a - value that is != -1 and when we see a '!' we can set *_matches to - !rv if rv != -1. The upshot of all of this is that '!' now works - the way it should in lists and some of the rules are more uniform - and sensible. - -1999-08-09 16:17 millert + parse.h o find_alias() now returns an aliasinfo * instead of + boolean o add_alias() now takes a value parameter to store in the + aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now + return: 1) positive match 0) negative match (due to '!') -1) no + match This means setting $$ explicitly in all cases, which I + should have done in the first place. It also means that we + always store a value that is != -1 and when we see a '!' we can + set *_matches to !rv if rv != -1. The upshot of all of this is + that '!' now works the way it should in lists and some of the + rules are more uniform and sensible. + +1999-08-09 18:17 millert * Makefile.in: add parse.h dependency -1999-08-09 16:17 millert +1999-08-09 18:17 millert * parse.h: kill unused *_matched macros -1999-08-09 08:35 millert +1999-08-09 10:35 millert * parse.yacc: Allow a list of users as the first thing in a user - spec, not just a single entry. This makes things more uniform, - though it does allow you to write user specs that are hard to read. + spec, not just a single entry. This makes things more uniform, + though it does allow you to write user specs that are hard to + read. -1999-08-09 08:08 millert +1999-08-09 10:08 millert * configure: regen -1999-08-09 08:08 millert +1999-08-09 10:08 millert * configure.in: fix check for crypt() in libufc -1999-08-07 12:03 millert +1999-08-07 14:03 millert * README: sudo-users list now exists -1999-08-07 05:46 millert +1999-08-07 07:46 millert * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: Update to - reality. + reality. -1999-08-07 03:59 millert +1999-08-07 05:59 millert * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h, - config.h.in, configure.in, logging.c, sudo.h, configure, fileops.c: - o Move lock_file() and touch() into fileops.c so visudo can use - them o Visudo now locks the sudoers temp file instead of bailing - when the temp file already exists. This fixes the problem of stale - temp files but it does *require* that you not try to put the temp - file in a world-writable directory. This shoud not be an issue as - the temp file should live in the same dir as sudoers. o Visudo now - only installs the temp file as sudoers if it changed. - -1999-08-06 07:49 millert + config.h.in, configure.in, logging.c, sudo.h, version.c, + visudo.c, configure, fileops.c: o Move lock_file() and touch() + into fileops.c so visudo can use them o Visudo now locks the + sudoers temp file instead of bailing when the temp file already + exists. This fixes the problem of stale temp files but it does + *require* that you not try to put the temp file in a + world-writable directory. This shoud not be an issue as the temp + file should live in the same dir as sudoers. o Visudo now only + installs the temp file as sudoers if it changed. + +1999-08-06 09:49 millert * logging.c: add fcntl locking -1999-08-06 07:33 millert +1999-08-06 09:33 millert * configure, config.h.in, configure.in, logging.c: Lock the log - file. + file. -1999-08-06 03:36 millert +1999-08-06 05:36 millert - * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c: o - /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow - temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP - -> _PATH_SUDOERS_TMP + * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c, + visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o + /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow + temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and + _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP -1999-08-05 15:38 millert +1999-08-05 17:38 millert - * INSTALL, check.c, config.h.in, configure, configure.in: o Kill - *_MESSAGE and replace with NO_LECTURE o Add more things to root - sudo -V config reporting + * INSTALL, check.c, config.h.in, configure, configure.in, + version.c: o Kill *_MESSAGE and replace with NO_LECTURE o Add + more things to root sudo -V config reporting -1999-08-05 08:56 millert +1999-08-05 10:56 millert * configure, configure.in: aix_auth.o not authenticate.o -1999-08-05 08:48 millert +1999-08-05 10:48 millert * config.h.in: Add --with-goodpri and --with-badpri configure - options to specify the syslog priority to use. + options to specify the syslog priority to use. -1999-08-05 08:30 millert +1999-08-05 10:30 millert * INSTALL, configure.in, logging.h, configure: Add --with-goodpri - and --with-badpri configure options to specify the syslog priority - to use. + and --with-badpri configure options to specify the syslog + priority to use. -1999-08-05 08:25 millert +1999-08-05 10:25 millert * compat.h: kill crufty AIX stuff -1999-08-05 04:55 millert +1999-08-05 06:55 millert * Makefile.in: Sigh, some versions of make (like Solaris's) don't - deal with $< like I would expect. Both GNU and BSD makes get this - right but... So, we just expand $< inline at the cost of some - ugliness. + deal with $< like I would expect. Both GNU and BSD makes get + this right but... So, we just expand $< inline at the cost of + some ugliness. + +1999-08-05 06:52 millert -1999-08-05 04:51 millert + * version.c: If the invoking user is root, sudo will now print + configure info in -V mode. Currently just prints logging info, + to be expanded later. + +1999-08-05 06:51 millert * logging.c, logging.h, sudo.c, sudo.h: o new defines for syslog - facility and priority o use new print_version() functino for -V - mode + facility and priority o use new print_version() functino for -V + mode -1999-08-05 04:49 millert +1999-08-05 06:49 millert * check.c: Don't need version.c -1999-08-05 04:21 millert +1999-08-05 06:21 millert * configure, configure.in, aclocal.m4, config.h.in: Add check for - syslog facilities and priorities tables in syslog.h + syslog facilities and priorities tables in syslog.h -1999-08-05 03:23 millert +1999-08-05 05:23 millert * Makefile.in: o authenticate -> aix_auth o add version.c -1999-08-04 11:32 millert +1999-08-05 05:21 millert + + * auth/sudo_auth.c: Missed a prompt -> user_prompt conversion + +1999-08-04 13:32 millert * TODO: sudo should lock its logfile -1999-08-04 11:28 millert +1999-08-04 13:28 millert * parse.yacc: o Add '!' correctly when expanding Aliases. o Add - shortcut macros for append() to make things more readable. o The - separator in append() is now a string instead of a char. o In - append(), only prepend the separator if the last char is not a '!'. - This is a hack but it greatly simplifies '!' handling. o In -l - mode, Runas lists and NOPASSWD/PASSWD tags are now inherited - across entries in a list (matches current behavior). o Fix - formatting in -l mode such that items in a list are separated by - a space. Greatlt improves readability. o Space for name field in - struct aliasinfo is now allocated dyanically instead of using a - (big) buffer. o In add_alias(), only search the list once (lsearch - instead of lfind + lsearch) - -1999-08-04 09:31 millert + shortcut macros for append() to make things more readable. o The + separator in append() is now a string instead of a char. o In + append(), only prepend the separator if the last char is not a + '!'. This is a hack but it greatly simplifies '!' handling. o + In -l mode, Runas lists and NOPASSWD/PASSWD tags are now + inherited across entries in a list (matches current behavior). + o Fix formatting in -l mode such that items in a list are + separated by a space. Greatlt improves readability. o Space + for name field in struct aliasinfo is now allocated dyanically + instead of using a (big) buffer. o In add_alias(), only search + the list once (lsearch instead of lfind + lsearch) - * lex.yy.c: regen +1999-08-04 11:31 millert -1999-08-04 08:54 millert + * lex.yy.c, sudo.tab.h: regen + +1999-08-04 10:54 millert * configure, configure.in: Solais pam doesn't require anye xtra - setup + setup -1999-08-04 03:35 millert +1999-08-04 05:35 millert * parse.yacc: o Simpler '!' support now that the lexer deals with - multiple !'s for us. o In the case of opFOO, have FOO give a - boolean return value and set foo_matches in opFOO, not FOO. o - Treat 'ALL' as a string since it gets fill()'d in parse.lex--fixes - a small memory leak. In the long run it may be better to just - fix parse.lex and make ALL back into a token. However, having it - be a string is useful since it can be easily passed back to the - parent rule if we so desire. + multiple !'s for us. o In the case of opFOO, have FOO give a + boolean return value and set foo_matches in opFOO, not FOO. o + Treat 'ALL' as a string since it gets fill()'d in + parse.lex--fixes a small memory leak. In the long run it may + be better to just fix parse.lex and make ALL back into a token. + However, having it be a string is useful since it can be + easily passed back to the parent rule if we so desire. -1999-08-04 01:54 millert +1999-08-04 03:54 millert * parse.lex: o Remove some unnecessary backslashes o collapse - multiple !'s by using !+ and checking if yyleng is even or odd. - this allows us to simplify ! handling in parse.yacc + multiple !'s by using !+ and checking if yyleng is even or odd. + this allows us to simplify ! handling in parse.yacc -1999-08-04 01:53 millert +1999-08-04 03:53 millert * sudo.c: -u flag was being ignored -1999-08-01 11:04 millert +1999-08-01 13:04 millert * Makefile.in: correct fix -1999-08-01 10:37 millert +1999-08-01 12:37 millert * Makefile.in: work around pod2man stupididy -1999-08-01 10:35 millert +1999-08-01 12:35 millert * Makefile.in: correct dependencies for .cat -1999-08-01 10:26 millert +1999-08-01 12:26 millert - * sudo.cat, sudo.man: regen + * sudo.cat, sudo.man, visudo.cat, visudo.man: regen -1999-08-01 10:25 millert +1999-08-01 12:25 millert - * sudo.pod: Add copyright Update to reality + * sudo.pod, visudo.pod: Add copyright Update to reality -1999-08-01 09:42 millert +1999-08-01 11:42 millert * parse.c, sudo.c, sudo.h: rename validate() to the more - descriptive sudoers_lookup() + descriptive sudoers_lookup() + +1999-08-01 06:49 millert -1999-07-31 10:32 millert + * auth/aix_auth.c: use tgetpass + +1999-07-31 12:32 millert * CHANGES: updates -1999-07-31 10:31 millert +1999-07-31 12:31 millert * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING, - configure, configure.in, sudo.c: Sudo, not CU Sudo + configure, configure.in, sudo.c: Sudo, not CU Sudo -1999-07-31 10:19 millert +1999-07-31 12:19 millert * Makefile.in, alloc.c, check.c, compat.h, config.h.in, - find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, - lex.yy.c, logging.c, logging.h, parse.c, parse.h, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, - LICENSE: add 4th term to license similar to term 5 in the apache - license - -1999-07-31 10:02 millert + find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, + lex.yy.c, logging.c, logging.h, parse.c, parse.h, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, + auth/sudo_auth.c, auth/sudo_auth.h, emul/search.h, emul/utime.h, + LICENSE: add 4th term to license similar to term 5 in the apache + license + +1999-07-31 12:02 millert * LICENSE, aclocal.m4, check.c, configure.in, insults.h, logging.c, - sudo.c, sudo.h: there was a 1995 release too + sudo.c, sudo.h, auth/rfc1938.c: there was a 1995 release too -1999-07-28 03:24 millert +1999-07-28 05:24 millert * CHANGES: updates -1999-07-28 03:21 millert +1999-07-28 05:21 millert * check.c: Use dirs instead of files for timestamp. This allows - tty and non-tty schemes to coexist reasonably. Note, however, that - when you update a tty ticket, the mtime on the user dir gets - updated as well. + tty and non-tty schemes to coexist reasonably. Note, however, + that when you update a tty ticket, the mtime on the user dir gets + updated as well. -1999-07-28 03:17 millert +1999-07-28 05:17 millert * configure.in, configure: Fix getprpwnam() checking on SCO. Need - to link with "-lprot -lx" when linking test program, not just - -lprot. Also add check for getspnam(). The SCO docs indicate that - /etc/shadow can be used but this may be a lie. + to link with "-lprot -lx" when linking test program, not just + -lprot. Also add check for getspnam(). The SCO docs indicate + that /etc/shadow can be used but this may be a lie. + +1999-07-24 03:35 millert + + * auth/API: first cut at auth API description + +1999-07-22 15:48 millert + + * auth/: fwtk.c, kerb4.c, kerb5.c, pam.c, rfc1938.c, secureware.c, + securid.c, sudo_auth.c, sudo_auth.h: auth API change. There is + now an init method that gets run before the main loop. This + allows auth routines to differentiate between initialization that + happens once vs. setup that needs to run each time through the + loop. -1999-07-22 10:23 millert +1999-07-22 12:23 millert - * logging.c: use easprintf() and evasprintf() + * logging.c, auth/kerb5.c: use easprintf() and evasprintf() -1999-07-22 10:22 millert +1999-07-22 12:22 millert * alloc.c, sudo.h: add easprintf() and evasprintf(), error checking - versions of asprintf() and vasprintf() + versions of asprintf() and vasprintf() -1999-07-22 07:14 millert +1999-07-22 09:14 millert * TODO: remove 2 items. One done, one won't do. -1999-07-22 07:10 millert +1999-07-22 09:10 millert - * sudo.man, sudo.cat, sudo.html, configure, lex.yy.c: regen + * sudo.man, visudo.man, sudo.cat, sudo.html, sudoers.html, + visudo.cat, visudo.html, configure, lex.yy.c: regen -1999-07-22 07:06 millert +1999-07-22 09:06 millert * CHANGES: new changes -1999-07-22 07:01 millert +1999-07-22 09:01 millert * sudo.pod: o Document -K flag and update meaning of -k flag. o - BSD-style copyright o Document clearing of BIND resolver - environment variables o Clarify bit about shared libs o suggest rc - files create /tmp/.odus if your OS gives away files + BSD-style copyright o Document clearing of BIND resolver + environment variables o Clarify bit about shared libs o suggest + rc files create /tmp/.odus if your OS gives away files + +1999-07-22 08:59 millert + + * visudo.pod: BSD license + +1999-07-22 08:58 millert + + * tgetpass.c: o BSD copyright o no need to block signals, we now do + that in main() o cosmetic changes + +1999-07-22 08:57 millert + + * testsudoers.c, visudo.c: o BSD-style copyright o Use "struct + sudo_user" instead of old globals. o some cometic cleanup + +1999-07-22 08:56 millert + + * sudo_setenv.c, version.h: BSD-style copyright -1999-07-22 06:56 millert +1999-07-22 08:56 millert * sudo.h: o BSD copyright o logging and parser bits moved to their - own .h files o new "struct sudo_user" to encapsulate many of the - old globals. + own .h files o new "struct sudo_user" to encapsulate many of the + old globals. -1999-07-22 06:55 millert +1999-07-22 08:55 millert * sudo.c: o no longer contains sudo 1.1/1.2 code o BSD copyright o - use new logging routines o simplified flow of control o BIND - resolver additions to badenv_table + use new logging routines o simplified flow of control o BIND + resolver additions to badenv_table -1999-07-22 06:53 millert +1999-07-22 08:53 millert * strerror.c: BSD-style copyright -1999-07-22 06:53 millert +1999-07-22 08:53 millert * snprintf.c: Now compiles on more K&R compilers -1999-07-22 06:52 millert +1999-07-22 08:52 millert * putenv.c: BSD-style copyright, cosmetic changes -1999-07-22 06:51 millert +1999-07-22 08:51 millert - * parse.c, parse.yacc, parse.h, parse.lex: BSD-style copyright. - Move parser-specific defines and structs into parse.h + other - cosmetic changes + * parse.c, parse.yacc, parse.h, parse.lex: BSD-style copyright. + Move parser-specific defines and structs into parse.h + other + cosmetic changes -1999-07-22 06:51 millert +1999-07-22 08:51 millert * logging.h: defines for logging routines -1999-07-22 06:49 millert +1999-07-22 08:49 millert * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.h, pathnames.h.in: BSD-style copyright + interfaces.h, pathnames.h.in: BSD-style copyright -1999-07-22 06:48 millert +1999-07-22 08:48 millert * find_path.c, getspwuid.c, goodpath.c, interfaces.c: BSD-style - copyright, cosmetic changes + copyright, cosmetic changes -1999-07-22 06:46 millert +1999-07-22 08:46 millert * configure.in: o tgetpass.c is no longer optional o kill DCE_OBJS, - add AUTH_OBJS o kill --disable-tgetpass o add --without-passwd o - changes to fill in AUTH_OBJS for new auth api o check for - strerror(), v?snprintf() and v?asprintf() o replace --with-AuthSRV - with --with-fwtk + add AUTH_OBJS o kill --disable-tgetpass o add --without-passwd o + changes to fill in AUTH_OBJS for new auth api o check for + strerror(), v?snprintf() and v?asprintf() o replace + --with-AuthSRV with --with-fwtk -1999-07-22 06:43 millert +1999-07-22 08:43 millert * config.h.in: BSD-style copyright. Remove USE_GETPASS and - HAVE_UTIME_NULL. Add HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, - HAVE_VSNPRINTF, HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and - NO_PASSWD + HAVE_UTIME_NULL. Add HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, + HAVE_VSNPRINTF, HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and + NO_PASSWD -1999-07-22 06:42 millert +1999-07-22 08:42 millert * compat.h: BSD-style copyright; Add S_IFLNK and MIN/MAX id they - are missing. + are missing. -1999-07-22 06:39 millert +1999-07-22 08:39 millert * alloc.c: BSD-style copyright -1999-07-22 06:38 millert +1999-07-22 08:38 millert * TROUBLESHOOTING: no more --with-getpass -1999-07-22 06:34 millert +1999-07-22 08:34 millert * TODO: Take out things I've done... -1999-07-22 06:34 millert +1999-07-22 08:34 millert * README: Refer to LICENSE -1999-07-22 06:34 millert +1999-07-22 08:34 millert * PORTING: --with-getpass no longer exists -1999-07-22 06:33 millert +1999-07-22 08:33 millert * Makefile.in: BSD-style copyright. Update to reflect reality wrt - new files and new auth modules. + new files and new auth modules. -1999-07-22 06:32 millert +1999-07-22 08:32 millert * INSTALL: Remove --with-AuthSRV and --disable-tgetpass. Add - --with-fwtk and --without-passwd. + --with-fwtk and --without-passwd. -1999-07-22 06:31 millert +1999-07-22 08:31 millert * HISTORY: Update history a bit -1999-07-22 06:29 millert +1999-07-22 08:29 millert * COPYING, LICENSE: Now distributed under a BSD-style license -1999-07-22 06:19 millert +1999-07-22 08:28 millert + + * auth/sudo_auth.c: o BSD-style copyright o Add support for + NO_PASSWD/WITHOUT_PASSWD options. o skey/opie replaced by + rfc1938 code o new struct sudo_user global + +1999-07-22 08:25 millert + + * auth/: pam.c, sia.c: BSD-style copyright and use new log + functions + +1999-07-22 08:24 millert + + * auth/kerb5.c: o BSD-style copyright o Use new log functiongs o + Use asprintf() and snprintf() where sensible. + +1999-07-22 08:19 millert * check.c: Rewrote all the old sudo 1.1/1.2 code. Timestamp - handling is now done more reasonably--better sanity checks and - tty-based stamps are now done as files in a directory with the same - name as the invoking user, eg. /var/run/sudo/millert/ttyp1. It is - not currently possible to mix tty and non-tty based ticket schemes - but this may change in the future (it requires sudo to use a - directory instead of a file in the non-tty case). Also, ``sudo - -k'' now sets the ticket back to the epoch and ``sudo -K'' really - deletes the file. That way you don't get the lecture again just - because you killed your ticket in .logout. BSD-style copyright - now. - -1999-07-22 06:13 millert + handling is now done more reasonably--better sanity checks and + tty-based stamps are now done as files in a directory with the + same name as the invoking user, eg. /var/run/sudo/millert/ttyp1. + It is not currently possible to mix tty and non-tty based ticket + schemes but this may change in the future (it requires sudo to + use a directory instead of a file in the non-tty case). Also, + ``sudo -k'' now sets the ticket back to the epoch and ``sudo -K'' + really deletes the file. That way you don't get the lecture + again just because you killed your ticket in .logout. BSD-style + copyright now. + +1999-07-22 08:13 millert * logging.c: o rewritten logging routines. log_error() now takes - printf-style varargs and log_auth() for the return value of - validate(). o BSD-style copyright + printf-style varargs and log_auth() for the return value of + validate(). o BSD-style copyright -1999-07-22 05:04 millert +1999-07-22 07:04 millert * auth.c, check_sia.c, dce_pwent.c, secureware.c: superceded by new - auth API + auth API + +1999-07-22 07:02 millert + + * auth/fwtk.c: Use snprintf() where it makes sense and add a + BSD-style copyright -1999-07-15 09:21 millert +1999-07-22 07:00 millert + + * auth/: afs.c, aix_auth.c, dce.c, passwd.c, rfc1938.c, + secureware.c, securid.c, sudo_auth.h, kerb4.c: BSD-style + copyright + +1999-07-22 06:57 millert + + * emul/utime.h, utime.c: BSD-style copyright + +1999-07-22 06:57 millert + + * emul/search.h: this has been rewritten so use my BSD-style + copyright + +1999-07-15 11:21 millert * snprintf.c: include malloc.h if no stdlib.h -1999-07-15 08:21 millert +1999-07-15 10:21 millert * snprintf.c: KTH snprintf()/asprintf() for systems w/o them -1999-07-15 08:20 millert +1999-07-15 10:20 millert * strerror.c: strerror() for systems w/o it -1999-07-12 04:25 millert +1999-07-12 06:53 millert + + * visudo.c: stylistic changes + +1999-07-12 06:25 millert * parse.c, parse.lex, parse.yacc: Add contribution info in the main - comment + comment -1999-07-08 04:46 millert +1999-07-11 16:10 millert + + * auth/pam.c: remove missed ref to PAM_nullpw + +1999-07-11 16:10 millert + + * auth/sudo_auth.h: pasto + +1999-07-11 15:19 millert + + * auth/kerb5.c: more or less complete now--still untested + +1999-07-11 15:09 millert + + * auth/: afs.c, pam.c: don't use user_name macro, it will go away + +1999-07-11 14:42 millert + + * auth/: opie.c, rfc1938.c, sudo_auth.h, skey.c: combine skey/opie + code into rfc1938.c + +1999-07-11 07:22 millert + + * auth/: dce.c, sudo_auth.h: DCE authentication method; basically + unchanged from dce_pwent.c + +1999-07-11 06:44 millert + + * auth/: aix_auth.c, sudo_auth.h: AIX authenticate() support. + Could probably be much better + +1999-07-11 06:43 millert + + * auth/sia.c: Fix an uninitialized variable and some cleanup. Now + works (tested) + +1999-07-11 05:37 millert + + * auth/: sia.c, sudo_auth.h: SIA support for digital unix + +1999-07-11 05:33 millert + + * auth/pam.c: don't use prompt global, it will go away + +1999-07-11 05:32 millert + + * auth/secureware.c: correct copyright years + +1999-07-10 20:32 millert + + * auth/: afs.c, fwtk.c, kerb4.c, sudo_auth.h, kerb5.c, opie.c, + pam.c, passwd.c, secureware.c, securid.c, skey.c, sudo_auth.c: + New authentication API and methods + +1999-07-08 06:46 millert * parse.yacc: only save an entry if user_matches && host_matches, - even if the stack is empty (fix for previous commit) + even if the stack is empty (fix for previous commit) -1999-07-08 04:35 millert +1999-07-08 06:35 millert - * parse.yacc: 1) Always save an entry on the stack if it is empty. - This fixes the -l and -v flags that were broken by earlier parser - changes. - - 2) In a Runas list, don't negate FALSE -> TRUE since that would - make !foo match any time the user specified a runas user (via -u) - other than foo. + * parse.yacc: 1) Always save an entry on the stack if it is empty. + This fixes the -l and -v flags that were broken by earlier parser + changes. -1999-07-07 12:09 millert + 2) In a Runas list, don't negate FALSE -> TRUE since that would + make !foo match any time the user specified a runas user (via -u) + other than foo. + +1999-07-08 05:45 millert + + * testsudoers.c: interfaces and num_interfaces are now auto, not + extern + +1999-07-07 14:09 millert * auth.c: use a static global to keep stae about empty passwords -1999-07-07 12:08 millert +1999-07-07 14:08 millert * check_sia.c: make PASSWORD_NOT_CORRECT logging consistent with - other modules + other modules -1999-07-05 14:53 millert +1999-07-05 16:53 millert * auth.c: PAM prompt code was wrong, looks like we have to kludge - it after all. + it after all. -1999-07-05 14:35 millert +1999-07-05 16:35 millert * auth.c: In the PAM code, when a user hits return at the first - password prompt, exit without a warning just like the normal auth - code + password prompt, exit without a warning just like the normal auth + code -1999-07-05 14:15 millert +1999-07-05 16:15 millert * configure, configure.in: kludge around cross-compiler false - positives + positives -1999-07-05 14:14 millert +1999-07-05 16:14 millert - * auth.c, check.c, check_sia.c, logging.c, sudo.h: New (correct) - PAM code Tgetpass now takes an echo flag for use with - PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a - useless umask setting Change error from BAD_ALLOCATION -> - BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to - auth.c for consistency + * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: New + (correct) PAM code Tgetpass now takes an echo flag for use with + PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a + useless umask setting Change error from BAD_ALLOCATION -> + BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to + auth.c for consistency -1999-07-05 14:11 millert +1999-07-05 16:11 millert * sudo.c: Some -Wall and kill some trailing spaces -1999-07-05 14:10 millert +1999-07-05 16:10 millert * configure.in: define -D__EXTENSIONS__ for solaris so we get - crypt() proto + crypt() proto -1999-06-22 07:42 millert +1999-06-22 09:42 millert * RUNSON: add Dynix 4.4.4 -1999-06-22 07:30 millert +1999-06-22 09:30 millert * INSTALL, config.h.in, configure.in, configure: for kerberos V < - version, fall back on old kerb4 auth code + version, fall back on old kerb4 auth code -1999-06-22 04:41 millert +1999-06-22 06:41 millert * INSTALL: clarify some things -1999-06-22 04:38 millert +1999-06-22 06:38 millert - * UPGRADE: typos + * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: typos -1999-06-14 17:47 millert +1999-06-14 19:47 millert * sudo.c: mention why DONT_LEAK_PATH_INFO is not the default -1999-06-03 10:06 millert +1999-06-03 12:34 millert + + * tgetpass.c: Fix open(2) return value checking, was NULL for + fopen, should be -1 for open + +1999-06-03 12:06 millert * configure: regen -1999-06-03 10:06 millert +1999-06-03 12:06 millert * configure.in: better wording for solaris pam notice -1999-06-03 09:52 millert +1999-06-03 11:52 millert * CHANGES: document recent changes -1999-06-03 09:52 millert +1999-06-03 11:52 millert * TROUBLESHOOTING: Update shadow password section -1999-06-03 09:51 millert +1999-06-03 11:51 millert * auth.c: move authentication code from check.c to auth.c -1999-06-03 09:51 millert +1999-06-03 11:51 millert * Makefile.in, check.c, sudo.h: move authentication code to auth.c -1999-05-16 19:36 millert +1999-05-16 21:36 millert * Makefile.in, check.c, check_sia.c, compat.h, find_path.c, - getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, - logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, - sudo.h: Move interface-related defines to interfaces.h so we don't - have to include everywhere. + getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, + logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, + sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, visudo.c: Move + interface-related defines to interfaces.h so we don't have to + include everywhere. -1999-05-14 10:30 millert +1999-05-14 12:30 millert * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, - logging.c, parse.yacc, sudo.c: o Replace _PASSWD_LEN braindeath - with our own SUDO_MAX_PASS. - It turns out the old DES crypt does the right thing with - passwords - longert than 8 characters. - o Fix common typo (necesary -> necessary) - o Update TODO list + logging.c, parse.yacc, sudo.c, tgetpass.c: o Replace _PASSWD_LEN + braindeath with our own SUDO_MAX_PASS. + It turns out the old DES crypt does the right thing with + passwords + longert than 8 characters. + o Fix common typo (necesary -> necessary) + o Update TODO list -1999-05-03 10:00 millert +1999-05-03 12:00 millert * sudo.c: set $LOGNAME when we set $USER -1999-04-26 22:00 millert +1999-04-27 00:00 millert * INSTALL: add comment about digital unix and interfaces.c warning - with gcc + with gcc -1999-04-14 23:12 millert +1999-04-15 01:12 millert * sample.sudoers: use modern paths and give examples for some of - the new parser features + the new parser features -1999-04-10 11:03 millert +1999-04-10 13:03 millert * parse.c: fix comment -1999-04-09 22:49 millert +1999-04-10 00:49 millert * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c, - getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, - parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c: - Function names should be flush with the start of the line so they - can be found trivially in an editor and with grep + getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, + parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + Function names should be flush with the start of the line so they + can be found trivially in an editor and with grep -1999-04-09 22:40 millert +1999-04-10 00:40 millert * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, - parse.yacc, sudo.c: free(3) is already void, no need to cast it + parse.yacc, sudo.c, testsudoers.c, tgetpass.c, visudo.c: free(3) + is already void, no need to cast it -1999-04-09 22:37 millert +1999-04-10 00:37 millert * logging.c, sudo.c, sudo.h: catch case where cmnd_safe is not set - (this should not be possible) + (this should not be possible) -1999-04-09 22:10 millert +1999-04-10 00:10 millert - * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h: Stash - the "safe" path (ie: the one listed in sudoers) to the command - instead of stashing the struct stat. Should be safer. + * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, + testsudoers.c, visudo.c: Stash the "safe" path (ie: the one + listed in sudoers) to the command instead of stashing the struct + stat. Should be safer. -1999-04-08 17:56 millert +1999-04-08 19:56 millert * INSTALL, Makefile.in, UPGRADE: notes on updating from an earlier - release + release -1999-04-07 18:20 millert +1999-04-07 20:20 millert * CHANGES: updated -1999-04-07 17:18 millert +1999-04-07 19:18 millert + + * parse.yacc, sudo.tab.h, sudoers.cat, sudoers.html, sudoers.man, + sudoers.pod: You can now specifiy a host list instead of just a + host or alias. Ie: user = host1,host2,ALIAS,!host3 my_command + now works. - * parse.yacc: You can now specifiy a host list instead of just a - host or alias. Ie: user = host1,host2,ALIAS,!host3 my_command now - works. +1999-04-07 02:59 millert -1999-04-07 00:50 millert + * testsudoers.c: Quiet -Wall + +1999-04-07 02:50 millert * parse.yacc: Move the push from the beginning of cmndspec to the - end. This means we no longer have to do a push at the end of - privilege, just reset some values. + end. This means we no longer have to do a push at the end of + privilege, just reset some values. + +1999-04-06 20:24 millert -1999-04-06 12:06 millert + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: runas-lists + and NOPASSWD/PASSWD modifiers are now sticky and you can use "!" + most everywhere + +1999-04-06 14:12 millert + + * sudoers.pod: modernize paths and update su example based on + sample.sudoers one + +1999-04-06 14:06 millert * sample.sudoers: New runas semantics -1999-04-06 11:54 millert +1999-04-06 13:54 millert * CHANGES, Makefile.in, alloc.c, config.h.in, configure, - configure.in, strdup.c, sudo.h: In estrdup(), do the malloc - ourselves so we don't need to rely on the system strdup(3) which - may or may not exist. There is now no need to provide strdup() for - those w/o it. Also, the prototype for estrdup() was wrong, it - returns char * and its param is const. + configure.in, strdup.c, sudo.h: In estrdup(), do the malloc + ourselves so we don't need to rely on the system strdup(3) which + may or may not exist. There is now no need to provide strdup() + for those w/o it. Also, the prototype for estrdup() was wrong, + it returns char * and its param is const. -1999-04-06 11:40 millert +1999-04-06 13:40 millert * getcwd.c: $Sudo tag -1999-04-06 11:20 millert +1999-04-06 13:20 millert * check.c: buf should be prompt; Michael Robokoff - + -1999-04-05 23:40 millert +1999-04-06 01:40 millert * CHANGES, TODO, parse.yacc: It is now possible to use the '!' - operator in a runas list as well as in a Cmnd_Alias, Host_Alias and - User_Alias. + operator in a runas list as well as in a Cmnd_Alias, Host_Alias + and User_Alias. -1999-04-05 23:38 millert +1999-04-06 01:38 millert * logging.c, sudo.h: Kill GLOBAL_NO_SPW_ENT (not used) and crank - GLOBAL_PROBLEM + GLOBAL_PROBLEM -1999-04-05 23:08 millert +1999-04-06 01:08 millert * sudo.h: Definitions of *_matched were wrong--user top, not top-2 - as subscript. + as subscript. -1999-04-05 23:00 millert +1999-04-06 01:00 millert * logging.c, parse.c, parse.yacc, sudo.c, sudo.h: Add - VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a - command but the NOPASSWD flag was set. Make runasspec, runaslist, - runasuser, and nopasswd typeless in parse.yacc Add support for '!' - in the runas list Fix double printing of '%' and '+' for groups and - netgroups respectively Add *_matched macros (no need for local - stack variable). Should only be used directly after a pop (since - top must be >= 2). + VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a + command but the NOPASSWD flag was set. Make runasspec, + runaslist, runasuser, and nopasswd typeless in parse.yacc Add + support for '!' in the runas list Fix double printing of '%' and + '+' for groups and netgroups respectively Add *_matched macros + (no need for local stack variable). Should only be used directly + after a pop (since top must be >= 2). -1999-04-05 21:25 millert +1999-04-05 23:25 millert * aclocal.m4, configure.in: Add copyright, somewhat silly -1999-04-05 14:57 millert +1999-04-05 16:57 millert * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, - check_sia.c, compat.h, config.h.in, configure, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, - sudo.h, sudo.man: Crank version to 1.6 and combine copyright - statements - -1999-04-05 14:30 millert + check_sia.c, compat.h, config.h.in, configure, configure.in, + dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, + sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, + sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c, visudo.cat, visudo.man, emul/utime.h: Crank version to + 1.6 and combine copyright statements + +1999-04-05 16:30 millert * sample.sudoers: Use ! not ^ to do negation -1999-04-05 14:29 millert +1999-04-05 16:29 millert * lex.yy.c: regen -1999-04-05 14:28 millert +1999-04-05 16:28 millert * parse.yacc, parse.lex: Make runas and NOPASSWD tags persistent - across entris in a command list. Add a PASSWD tag to reverse - NOPASSWD. When you override a runas or *PASSWD tag the value given - becomes the new default for the rest of the command list. + across entris in a command list. Add a PASSWD tag to reverse + NOPASSWD. When you override a runas or *PASSWD tag the value + given becomes the new default for the rest of the command list. -1999-04-02 14:03 millert +1999-04-02 16:03 millert * CHANGES, RUNSON: update for 1.5.9 -1999-03-30 14:45 millert +1999-04-02 16:02 millert + + * visudo.c: Shift return value of system(3) by 8 to get real exit + value and if it is not 1 or 0 print the retval along with the + error message. + +1999-03-30 16:45 millert * Makefile.in: testsudoers needs LIBOBJS too -1999-03-30 10:17 millert +1999-03-30 12:17 millert * parse.c, parse.yacc: Fix another parser bug. For a sudoers entry - like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo - would not allow millert to run ls as root. + like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo + would not allow millert to run ls as root. -1999-03-29 23:08 millert +1999-03-30 01:08 millert * CHANGES: new change -1999-03-29 23:03 millert +1999-03-30 01:03 millert * parse.yacc: Save entries that match a ! command on the matching - stack too + stack too -1999-03-29 23:01 millert +1999-03-30 01:01 millert * sudo.c: Make sudo's usage info better when mutually exclusive - args are given and don't rely on argument order to detect this; - nick@zeta.org.au + args are given and don't rely on argument order to detect this; + nick@zeta.org.au -1999-03-29 13:03 millert +1999-03-29 15:03 millert * CHANGES, Makefile.in, RUNSON: updates from CU -1999-03-28 21:38 millert +1999-03-28 23:38 millert * Makefile.in: use gzip -1999-03-28 21:31 millert +1999-03-28 23:31 millert * parse.yacc: Fix off by one error introduced in *alloc changes -1999-03-28 21:05 millert +1999-03-28 23:05 millert * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c, - check_sia.c, compat.h, config.h.in, configure, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, - sudo.h, sudo.man: ++version - -1999-03-28 19:59 millert + check_sia.c, compat.h, config.h.in, configure, configure.in, + dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, + sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, + sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod, + emul/utime.h: ++version + +1999-03-28 21:59 millert * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c, - interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, - putenv.c, secureware.c, strdup.c, sudo.c, sudo.h: Use - emalloc/erealloc/estrdup + interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, + parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, utime.c, visudo.c: Use + emalloc/erealloc/estrdup -1999-03-28 18:29 millert +1999-03-28 20:29 millert * alloc.c: error checking memory allocation routines -1999-03-28 17:23 millert +1999-03-28 19:23 millert * parse.yacc: Still not right, this fixes it for real -1999-03-28 17:08 millert +1999-03-28 19:08 millert * parse.yacc: Fix for previous commit -1999-03-28 17:05 millert +1999-03-28 19:05 millert * CHANGES, INSTALL, parse.yacc: Fix a parser bug that was exposed - when mixing different runas specs and ! commands. For example: - millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would allow - millert to run whoami as root as well as daemon when it should just - allow daemon. The problem was that comma-separated commands in a - list shared the same entry on the matching stack. Now they get - their own entry iff there is a full match. It may be better to - just make the runas spec persistent across all commands in a list - like the user and host entries of the matching stack. However, - since that is a fairly major change it should gets its own minor - rev increase. - -1999-03-28 11:50 millert + when mixing different runas specs and ! commands. For example: + millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would + allow millert to run whoami as root as well as daemon when it + should just allow daemon. The problem was that comma-separated + commands in a list shared the same entry on the matching stack. + Now they get their own entry iff there is a full match. It may + be better to just make the runas spec persistent across all + commands in a list like the user and host entries of the matching + stack. However, since that is a fairly major change it should + gets its own minor rev increase. + +1999-03-28 13:50 millert * check.c, config.h.in: Simplify PAM code and fix a PAM-related - warning on Linux + warning on Linux -1999-03-26 11:17 millert +1999-03-26 13:17 millert * CHANGES: updates -1999-03-26 11:12 millert +1999-03-26 13:12 millert * sample.sudoers: better su entry -1999-03-26 11:10 millert +1999-03-26 13:10 millert * configure: regen -1999-03-26 11:09 millert +1999-03-26 13:09 millert * check.c, configure.in: new pam code that works on solaris, should - work on linux too; aelberg@home.com + work on linux too; aelberg@home.com -1999-03-19 12:44 millert +1999-03-19 14:44 millert * RUNSON: more entries -1999-03-19 12:43 millert +1999-03-19 14:43 millert * config.h.in: only include strings.h if there is no string.h -1999-03-17 13:25 millert +1999-03-17 15:25 millert * config.guess: Sinix is now being called ReliantUNIX; - bjjackso@us.oracle.com + bjjackso@us.oracle.com -1999-03-13 11:37 millert +1999-03-13 13:37 millert * sudo.c: shost must be set before log functions are called #ifdef - HOST_IN_LOG + HOST_IN_LOG -1999-03-07 16:34 millert +1999-03-07 18:34 millert * CHANGES, lex.yy.c, parse.lex: Fix a bug wrt quoting characters in - command args. Stop processing an arg when you hit a backslash so - the quoted-character detection can catch it. + command args. Stop processing an arg when you hit a backslash so + the quoted-character detection can catch it. -1999-02-25 23:19 millert +1999-02-26 01:19 millert - * interfaces.c: include sys/time.h; aparently AIX needs it. - ppz@cdu.elektra.ru + * interfaces.c: include sys/time.h; aparently AIX needs it. + ppz@cdu.elektra.ru -1999-02-23 17:43 millert +1999-02-23 19:43 millert * configure, configure.in: add missing case statement so - --without-sendmail works + --without-sendmail works -1999-02-22 19:51 millert +1999-02-22 21:51 millert * CHANGES: more -1999-02-22 13:10 millert +1999-02-22 15:10 millert * configure, configure.in: only search for -lsun in irix <= 4.x -1999-02-22 13:01 millert +1999-02-22 15:01 millert * configure, configure.in: back out last configure.in change now - that I've hacked autoconf to fix the real problem and add a missing - newline + that I've hacked autoconf to fix the real problem and add a + missing newline -1999-02-22 12:32 millert +1999-02-22 14:32 millert * CHANGES: updated -1999-02-22 12:05 millert +1999-02-22 14:05 millert * getcwd.c: add def of dirfd() for those without it -1999-02-22 08:58 millert +1999-02-22 10:58 millert * configure.in, configure: When falling back to checking for - socket() when linking with "-lsocket -lnsl" check for main() - instead since autoconf has already cached the results of checking - for socket() in -lsocket. This is really an autoconf bug as it - should use the extra libs as part of the cache variable name. + socket() when linking with "-lsocket -lnsl" check for main() + instead since autoconf has already cached the results of checking + for socket() in -lsocket. This is really an autoconf bug as it + should use the extra libs as part of the cache variable name. -1999-02-22 08:47 millert +1999-02-22 10:47 millert * configure.in: typo -1999-02-21 13:18 millert +1999-02-21 15:18 millert * configure.in: fix occurrence of $with_timeout that should be - $with_password_timeout; - Michael.Neef@neuroinformatik.ruhr-uni-bochum.de + $with_password_timeout; + Michael.Neef@neuroinformatik.ruhr-uni-bochum.de -1999-02-17 09:40 millert +1999-02-17 11:40 millert * sudo.cat, sudo.html, sudo.man, sudo.pod: fix grammar; - espie@openbsd.org + espie@openbsd.org -1999-02-10 23:41 millert +1999-02-11 01:41 millert - * parse.yacc, sudo.c: add cast for strdup in places it does not - have it + * parse.yacc, sudo.c, testsudoers.c: add cast for strdup in places + it does not have it -1999-02-09 11:11 millert +1999-02-09 13:11 millert * configure, configure.in: define for_BSD_TYPES irix -1999-02-06 17:47 millert +1999-02-06 19:47 millert * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: Make it - clear that it is the user's password, not root's, that we want. + clear that it is the user's password, not root's, that we want. -1999-02-06 17:43 millert +1999-02-06 19:43 millert * check.c, sudo.h: If the user enters an empty password and really - has no password, accept the empty password they entered. - Perviously, they could enter anything *but* an empty password. - Also, add GETPASS macro that calls either tgetpass() or getpass() - depending on how sudo was configured. Problem noted by - jdg@maths.qmw.ac.uk + has no password, accept the empty password they entered. + Perviously, they could enter anything *but* an empty password. + Also, add GETPASS macro that calls either tgetpass() or getpass() + depending on how sudo was configured. Problem noted by + jdg@maths.qmw.ac.uk -1999-02-02 21:32 millert +1999-02-02 23:32 millert * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, secureware.c, strdup.c, sudo.c, sudo.h: add explicate - copyright + dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, + putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, + emul/utime.h: add explicate copyright -1999-02-02 21:16 millert +1999-02-02 23:16 millert * CHANGES: mention -lsocket, -lnsl configure changes -1999-02-02 15:54 millert +1999-02-02 17:54 millert * sudo.c: Don't clobber errno after calling check_sudoers(). -1999-01-31 17:46 millert +1999-01-31 19:46 millert * configure.in, configure: When linking with both -lsocket and - -lnsl be sure to do so in that order. Also, when we can't find - socket() or inet_addr() and have to try linking with both libs, - issue a warning. + -lnsl be sure to do so in that order. Also, when we can't find + socket() or inet_addr() and have to try linking with both libs, + issue a warning. -1999-01-31 17:45 millert +1999-01-31 19:45 millert * sudo.cat, sudo.man, sudo.pod: clarify bad timestamp and fmt -1999-01-23 10:18 millert +1999-01-23 12:18 millert * INSTALL, RUNSON: be clear that pam is linux-only and add a RUNSON - entry + entry -1999-01-22 11:13 millert +1999-01-22 13:13 millert * configure, CHANGES, INSTALL, configure.in: fix and correctly - document --with-umask; problem noted by adap@adap.org + document --with-umask; problem noted by adap@adap.org -1999-01-19 18:38 millert +1999-01-19 20:38 millert * configure.in, configure: only use /usr/{man,catman}/local to - store man pages if suer didn't override prefix or mandir + store man pages if suer didn't override prefix or mandir -1999-01-19 18:24 millert +1999-01-19 20:24 millert * configure, INSTALL, configure.in: fix typo, make --with-SecurID - take an arg + take an arg -1999-01-18 19:53 millert +1999-01-18 21:53 millert * RUNSON: updates from users -1999-01-18 19:04 millert +1999-01-18 21:04 millert * CHANGES, INSTALL, check.c, configure, configure.in: FWTK - 'authsrv' support from Kevin Kadow + 'authsrv' support from Kevin Kadow -1999-01-18 18:00 millert +1999-01-18 20:00 millert * configure, configure.in: better fix for the problem of unresolved - symbols in -lnsl or -lsocket + symbols in -lnsl or -lsocket -1999-01-18 17:39 millert +1999-01-18 19:39 millert * configure, configure.in: when checking for functions in -lnsl and - -lsocket link with both of them to avoid unresolved symbols on some - weirdo systems + -lsocket link with both of them to avoid unresolved symbols on + some weirdo systems -1999-01-17 18:49 millert +1999-01-17 20:49 millert * BUGS, CHANGES, RUNSON, TODO: old changes that didn't make it into - RCS before the RCS->CVS switch + RCS before the RCS->CVS switch -1999-01-17 16:16 millert +1999-01-17 18:16 millert * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, - configure.in, dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, - sudo.c, sudo.pod: add sudo tags + configure.in, dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, + sudo.c, sudo.pod, sudo_setenv.c, sudoers.pod, testsudoers.c, + tgetpass.c, utime.c, visudo.c, visudo.pod, emul/search.h, + emul/utime.h: add sudo tags -1999-01-17 15:56 millert +1999-01-17 17:53 millert - * sudo.h: testing Sudo tag + * version.h, sudo.h: testing Sudo tag -1999-01-17 15:40 millert +1999-01-17 17:40 millert * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, - compat.h, config.h.in, configure, configure.in, dce_pwent.c, - find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, - logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, - sudo.man: crank version and regen files + compat.h, config.h.in, configure, configure.in, dce_pwent.c, + find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, + logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, + putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, + sudo.man, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, + tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man, + emul/utime.h: crank version and regen files -1999-01-17 15:27 millert +1999-01-17 17:27 millert * Makefile.in: kill rcs goop in update_version and fix now that - version is a const + version is a const -1999-01-17 15:08 millert +1999-01-17 17:08 millert * INSTALL, check.c, config.h.in, configure, configure.in, - logging.c, sudo.c, sudo.h, sudo.pod: kerb5 support from - fcusack@iconnet.net + logging.c, sudo.c, sudo.h, sudo.pod: kerb5 support from + fcusack@iconnet.net -1999-01-17 14:45 millert +1999-01-17 16:45 millert - * realpath.c: we no longer use realpath + * realpath.c, sudo_realpath.c: we no longer use realpath -1999-01-17 14:44 millert +1999-01-17 16:44 millert * qualify.c: replaced by find_path.c -1999-01-17 14:43 millert +1999-01-17 16:43 millert * options.h: all options are now configure flags -1999-01-17 14:42 millert +1999-01-17 16:42 millert * lex.yy.c: regen -1999-01-17 14:41 millert +1999-01-17 16:41 millert * getwd.c: superceded by getcwd.c -1999-01-17 14:36 millert +1999-01-17 16:36 millert * getpass.c: superceded by tgetpass.c -1999-01-17 14:36 millert +1999-01-17 16:36 millert * SUPPORTED: superceded by RUNSON -1999-01-17 14:33 millert +1999-01-17 16:33 millert * OPTIONS: No longer used now that we have configure options for - everything. + everything. -1999-01-17 14:32 millert +1999-01-17 16:32 millert * configure: regen based on configure.in -1999-01-17 14:31 millert +1999-01-17 16:31 millert - * sudo.man, sudo.cat, sudo.html: regen based on sudo.pod, - sudoers.pod, and visudo.pod + * sudo.man, sudoers.man, visudo.man, sudo.cat, sudo.html, + sudoers.cat, visudo.cat, sudoers.html, visudo.html: regen based + on sudo.pod, sudoers.pod, and visudo.pod -1998-12-11 10:16 millert +1998-12-11 12:16 millert * check.c: fix tty tickets in remove_timestamp (didn't use ':') -1998-12-07 14:16 millert +1998-12-07 16:16 millert * interfaces.c: close sock when we are done with it -1998-11-27 17:37 millert +1998-11-27 19:37 millert * parse.yacc: never say "error on line -1" -1998-11-23 21:38 millert +1998-11-23 23:38 millert * configure.in: check for -lnsl before -lsocket -1998-11-23 21:29 millert +1998-11-23 23:29 millert * configure.in: quote '[', ']' used in ranges correctly -1998-11-21 15:54 millert +1998-11-21 17:54 millert * config.h.in: add missing NO_ROOT_SUDO noted by drno@tsd.edu -1998-11-20 16:33 millert +1998-11-20 18:33 millert + + * version.h: 1.5.7 + +1998-11-20 18:33 millert * INSTALL: more info for 1.5.7 -1998-11-20 16:30 millert +1998-11-20 18:30 millert * README: update for 1.5.7 -1998-11-20 12:26 millert +1998-11-20 14:26 millert * parse.yacc: make increases of cm_list_size and ga_list_size be - similar to increases of stacksize (ie: >= not > in initial - compare). + similar to increases of stacksize (ie: >= not > in initial + compare). -1998-11-20 12:22 millert +1998-11-20 14:22 millert * parse.yacc: when we get a syntax error, report it for the - previous line since that's generally where the error occurred. + previous line since that's generally where the error occurred. -1998-11-18 13:31 millert +1998-11-18 15:31 millert * config.h.in, configure.in, interfaces.c: add back check for - sys/sockio.h but only use it if SIOCGIFCONF is not defined + sys/sockio.h but only use it if SIOCGIFCONF is not defined -1998-11-18 13:25 millert +1998-11-18 15:25 millert * config.h.in: define BSD_COMP for svr4 -1998-11-17 21:16 millert +1998-11-17 23:16 millert * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, - goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, - parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c: more -Wall + goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, + parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: more + -Wall -1998-11-17 21:10 millert +1998-11-17 23:10 millert * configure.in: kill check for sockio,h -1998-11-17 21:10 millert +1998-11-17 23:10 millert * config.h.in: no more HAVE_SYS_SOCKIO_H -1998-11-17 20:51 millert +1998-11-17 22:51 millert * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, - goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, - parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c: -Wall + goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, + parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + -Wall -1998-11-16 15:38 millert +1998-11-16 17:38 millert * sudo.c: add missing inform_user() -1998-11-13 17:21 millert +1998-11-13 19:21 millert * find_path.c: return NOT_FOUND if given fully qualified path and - it does not exist previously it would perror(ENOENT) which bypasses - the option to not leak path info + it does not exist previously it would perror(ENOENT) which + bypasses the option to not leak path info -1998-11-13 17:20 millert +1998-11-13 19:20 millert * configure.in: for kerb5, check for -lkerb4, fall back on -lkrb - for kerb, check for -ldes + for kerb, check for -ldes -1998-11-13 12:19 millert +1998-11-13 14:19 millert * INSTALL: tty tickets are user:tty now -1998-11-13 12:10 millert +1998-11-13 14:10 millert * check.c: when using tty tickets make it user:tty not user.tty as - a username could have a '.' in it + a username could have a '.' in it -1998-11-09 17:15 millert +1998-11-09 19:15 millert * sudo.c: add "ignoring foo found in ." for auth successful case -1998-11-09 15:57 millert +1998-11-09 17:57 millert * sudo.c: add missing printf param -1998-11-08 13:56 millert +1998-11-08 15:56 millert * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h: - go back to printing "command not found" unless --disable-path-info - specified. Also, tell user when we ignore '.' in their path and it - would have been used but for --with-ignore-dot. + go back to printing "command not found" unless + --disable-path-info specified. Also, tell user when we ignore + '.' in their path and it would have been used but for + --with-ignore-dot. -1998-11-08 11:51 millert +1998-11-08 13:51 millert * check.c, sudo.c: Only one space after a colon, not two, in - printf's + printf's -1998-11-05 10:59 millert +1998-11-05 12:59 millert * sudo.pod: document setting $USER -1998-11-04 20:24 millert +1998-11-04 22:24 millert * check.c: fix bugs with prompt expansion -1998-11-04 19:21 millert +1998-11-04 21:21 millert * sudo.c: set $USER for root too -1998-11-04 15:13 millert +1998-11-04 17:13 millert * getspwuid.c: typo -1998-11-04 15:07 millert +1998-11-04 17:07 millert * configure.in: HP-UX's iscomsec is in -lsec, not libc -1998-11-03 20:24 millert +1998-11-03 22:24 millert * configure.in: remove some entries in the OS case statement that - did nothing + did nothing -1998-11-03 20:19 millert +1998-11-03 22:19 millert * TROUBLESHOOTING: add "cd" section and flush out syslog section -1998-11-03 18:51 millert +1998-11-03 20:51 millert * Makefile.in: no more sudo-lex.yy.c -1998-11-03 18:50 millert +1998-11-03 20:50 millert * check_sia.c: add custom prompt support -1998-11-03 18:40 millert +1998-11-03 20:40 millert * sudo.c: kill perror("malloc") since we already have a good error - messages pw_ent -> pw for brevity set $USER if -u specified + messages pw_ent -> pw for brevity set $USER if -u specified -1998-11-03 18:39 millert +1998-11-03 20:39 millert * parse.c: kill perror("malloc") since we already have a good error - messages pw_ent -> pw for brevity when checking if %group matches, - look up user in password file so that %groups works in a RunAs - spec. + messages pw_ent -> pw for brevity when checking if %group + matches, look up user in password file so that %groups works in a + RunAs spec. -1998-11-03 18:39 millert +1998-11-03 20:39 millert * logging.c, parse.yacc: kill perror("malloc") since we already - have a good error messages + have a good error messages + +1998-11-03 20:38 millert -1998-11-03 18:38 millert + * check.c, getspwuid.c, interfaces.c, testsudoers.c: kill + perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity - * check.c, getspwuid.c, interfaces.c: kill perror("malloc") since - we already have a good error messages pw_ent -> pw for brevity +1998-11-03 15:03 millert -1998-11-03 13:03 millert + * tgetpass.c: the prompt is expanded before tgetpass is called + +1998-11-03 15:03 millert * sudo.h: tgetpass now has the same args as getpass again -1998-11-03 13:02 millert +1998-11-03 15:02 millert * getspwuid.c: add iscomsec, issecure support -1998-11-03 13:02 millert +1998-11-03 15:02 millert * check.c: we now expand any %h or %u in the prompt before passing - to tgetpass + to tgetpass -1998-11-03 12:58 millert +1998-11-03 14:58 millert * configure.in: add check for syslog(3) in -lsocket, -lnsl, -linet -1998-11-03 12:56 millert +1998-11-03 14:56 millert * config.h.in: add HAVE_ISCOMSEC and HAVE_ISSECURE -1998-11-03 12:55 millert +1998-11-03 14:55 millert * configure.in: add check for iscomsec in HP-UX -1998-11-03 12:51 millert +1998-11-03 14:51 millert * configure.in: check for issecure if we have getpwanam on SunOS - some options are incompatible with DUNIX SIA check for dispcrypt on - DUNIX + some options are incompatible with DUNIX SIA check for dispcrypt + on DUNIX -1998-10-25 13:21 millert +1998-10-25 15:21 millert * config.h.in: add HAVE_DISPCRYPT -1998-10-25 13:21 millert +1998-10-25 15:21 millert * secureware.c: add back support for non-dispcrypt based checking - for older DUNIX + for older DUNIX -1998-10-24 22:51 millert +1998-10-25 00:51 millert * INSTALL: sia changes -1998-10-24 22:48 millert +1998-10-25 00:48 millert * configure.in: SIA becomes the default on Digital UNIX now havbe - --disable-sia to turn it off... + --disable-sia to turn it off... -1998-10-24 21:52 millert +1998-10-24 23:52 millert * check.c: move local includes after system ones -1998-10-24 17:28 millert +1998-10-24 19:28 millert * check.c, check_sia.c, sudo.h: add pass_warn() which prints out - INCORRECT_PASSWORD or an insult to stderr + INCORRECT_PASSWORD or an insult to stderr -1998-10-24 17:07 millert +1998-10-24 19:07 millert * check_sia.c: fix while loop in sia_attempt_auth() that checks the - password. Only the first iteration was working. + password. Only the first iteration was working. -1998-10-21 19:00 millert +1998-10-21 21:00 millert * aclocal.m4: don't trust UID_MAX or MAXUID -1998-10-21 18:35 millert +1998-10-21 20:35 millert * configure.in: fix two pastos -1998-10-21 18:30 millert +1998-10-21 20:30 millert * configure.in: fix typo -1998-10-21 18:19 millert +1998-10-21 20:19 millert * getspwuid.c, secureware.c: init crypt_type to INT_MAX since it is - legal to be negative in DUNX 5.0 + legal to be negative in DUNX 5.0 -1998-10-21 18:15 millert +1998-10-21 20:15 millert * configure.in: for secureware on dunix, use -lsecurity -ldb -laud - -lm but check for -ldb since DUNX < 4.0 lacks it + -lm but check for -ldb since DUNX < 4.0 lacks it -1998-10-21 17:50 millert +1998-10-21 19:50 millert * check.c, compat.h, config.h.in, configure.in, getspwuid.c, - secureware.c, sudo.c: getprpwuid is broken in HP-UX 10.20 at least - (it sleeps for 2 minutes if the shadow files don't exist). + secureware.c, sudo.c, tgetpass.c: getprpwuid is broken in HP-UX + 10.20 at least (it sleeps for 2 minutes if the shadow files don't + exist). -1998-10-20 15:22 millert +1998-10-20 17:22 millert * INSTALL: updated --with-editor blurb -1998-10-20 15:21 millert +1998-10-20 17:21 millert * TROUBLESHOOTING: tell how to put sudoers in a different dir -1998-10-20 14:22 millert +1998-10-20 16:22 millert * configure.in: add missing quotes around $with_editor -1998-10-20 12:00 millert +1998-10-20 14:00 millert * configure.in: typo in --with-editor bits -1998-10-19 23:24 millert +1998-10-20 01:24 millert * INSTALL: I don't expect it to work on Solaris -1998-10-19 23:24 millert +1998-10-20 01:24 millert * check.c: add back security/pam_misc.h -1998-10-19 15:13 millert +1998-10-19 17:13 millert * INSTALL: remove dunix note since configure checks for this now -1998-10-19 14:30 millert +1998-10-19 16:30 millert * configure.in: add check for broken dunix prot.h (4.0 < 4.0D is - bad) + bad) -1998-10-19 12:32 millert +1998-10-19 14:32 millert - * getspwuid.c, secureware.c: new dunix shadow code, use - dispcrypt(3) + * getspwuid.c, secureware.c, tgetpass.c: new dunix shadow code, use + dispcrypt(3) -1998-10-19 12:32 millert +1998-10-19 14:32 millert * config.h.in: add HAVE_INITPRIVS -1998-10-19 12:31 millert +1998-10-19 14:31 millert * sudo.c: call initprivs() if we have it for getprpwuid later on -1998-10-19 12:30 millert +1998-10-19 14:30 millert * Makefile.in: clean pathnames.h too -1998-10-19 12:28 millert +1998-10-19 14:28 millert * configure.in: quote "Sorry, try again." with [] since it has a - comma in it set LIBS when we add stuff to SUDO_LIBS set SECUREWARE - when we find getprpwuid() so we can check for bigcrypt, - set_auth_parameters, and initprivs later. + comma in it set LIBS when we add stuff to SUDO_LIBS set + SECUREWARE when we find getprpwuid() so we can check for + bigcrypt, set_auth_parameters, and initprivs later. -1998-10-19 11:48 millert +1998-10-19 13:48 millert * INSTALL: update Digital UNIX note about acl.h -1998-10-18 18:26 millert +1998-10-18 20:26 millert * INSTALL: add --with-sia --without-root-sudo -> - --disable-root-sudo some reordering + --disable-root-sudo some reordering -1998-10-18 18:22 millert +1998-10-18 20:22 millert * secureware.c: add whitespace -1998-10-18 18:22 millert +1998-10-18 20:22 millert * Makefile.in, check.c, config.h.in, configure.in, logging.c, - sudo.h: add SIA support + sudo.h: add SIA support -1998-10-18 18:21 millert +1998-10-18 20:21 millert * check_sia.c: Initial revision -1998-10-18 17:42 millert +1998-10-18 19:42 millert * configure.in: when checking for -lsocket, -lnsl, and -linet, - check for the specific functions we need from them. + check for the specific functions we need from them. -1998-10-18 17:10 millert +1998-10-18 19:10 millert * config.h.in, sudo.h: move Syslog_* defs into sudo.h -1998-10-18 16:15 millert +1998-10-18 18:15 millert * sudo.h, Makefile.in: added check_secureware -1998-10-18 16:12 millert +1998-10-18 18:12 millert * configure.in: finished adding AC_MSG_CHECKING and AC_MSG_RESULT - bits + bits -1998-10-18 16:00 millert +1998-10-18 18:00 millert * insults.h: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no - other sets defined. configure now does that for us + other sets defined. configure now does that for us -1998-10-18 15:45 millert +1998-10-18 17:45 millert * configure.in: move some --with options around change a bunch of - echo's to AC_MSG_CHECKING, AC_MSG_RESULT pairs + echo's to AC_MSG_CHECKING, AC_MSG_RESULT pairs -1998-10-17 23:09 millert +1998-10-18 01:09 millert * configure.in: change $with_foo-bar -> $with_foo_bar kill extra " - that caused a syntax error add some echo verbage + that caused a syntax error add some echo verbage -1998-10-17 16:08 millert +1998-10-17 18:08 millert * check.c: moved SecureWare stuff into secureware.c -1998-10-17 16:07 millert +1998-10-17 18:07 millert * secureware.c: Initial revision -1998-10-17 15:02 millert +1998-10-17 17:02 millert * INSTALL: update url to solaris gcc bins -1998-10-17 14:39 millert +1998-10-17 16:39 millert * INSTALL: change option formatter and flesh out someentries -1998-10-17 14:18 millert +1998-10-17 16:18 millert - * sudo.pod, TROUBLESHOOTING: environmental variable -> environment - variable + * sudo.pod, visudo.pod, TROUBLESHOOTING: environmental variable -> + environment variable -1998-10-17 14:01 millert +1998-10-17 16:01 millert * BUGS: everything is now done via configure -1998-10-17 14:00 millert +1998-10-17 16:00 millert * README: prev rev was 1.5.6 -1998-10-16 22:33 millert +1998-10-17 00:33 millert * Makefile.in: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID - correctly + correctly -1998-10-16 22:32 millert +1998-10-17 00:32 millert * config.h.in: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from - the Makefile + the Makefile -1998-10-16 22:31 millert +1998-10-17 00:31 millert * Makefile.in: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, - sudoers_gid, sudoers_mode from configure + sudoers_gid, sudoers_mode from configure -1998-10-16 22:30 millert +1998-10-17 00:30 millert * configure.in: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get - substituted into the Makefile, not config.h + substituted into the Makefile, not config.h -1998-10-16 22:30 millert +1998-10-17 00:30 millert * INSTALL: document all --with/--enable options -1998-10-15 00:25 millert +1998-10-15 02:25 millert * insults.h: options.h is no more -1998-10-15 00:25 millert +1998-10-15 02:25 millert * config.h.in: assimilated options.h -1998-10-15 00:24 millert +1998-10-15 02:24 millert * configure.in: moved options from options.h to configure -1998-10-14 23:41 millert +1998-10-15 01:41 millert * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod: no - more options.h + logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod, + sudo_setenv.c, visudo.c: no more options.h -1998-10-14 23:39 millert +1998-10-15 01:39 millert * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: remove references - to options.h + to options.h -1998-10-14 23:32 millert +1998-10-15 01:32 millert * interfaces.c, dce_pwent.c, sudo.c: kill sys/time.h -1998-10-14 22:03 millert +1998-10-15 00:10 millert + + * tgetpass.c: if select return < -1 still prompt for pw + +1998-10-15 00:03 millert * options.h: convert LOGGING, LOGFAC, MAXLOGFILELEN, - IGNORE_DOT_PATH into configure options + IGNORE_DOT_PATH into configure options -1998-10-14 21:57 millert +1998-10-14 23:57 millert * parse.c: FAST_MATCH is no longer an optino -1998-10-14 21:52 millert +1998-10-14 23:52 millert * check.c: remove_timestamp() if timestamp is preposterous -1998-10-14 21:36 millert +1998-10-14 23:36 millert * options.h: convert more options to --with/--enable -1998-10-14 21:36 millert +1998-10-14 23:36 millert * INSTALL, aclocal.m4: logfile -> logpath -1998-10-14 21:31 millert +1998-10-14 23:31 millert * configure.in: convert more options into --with and --enable -1998-10-14 21:15 millert +1998-10-14 23:28 millert + + * tgetpass.c: catch EINTR in select and restart + +1998-10-14 23:15 millert * logging.c: sys/errno -> errno -1998-09-24 09:40 millert +1998-09-24 11:40 millert * sudo.c: UMASK -> SUDO_UMASK. -1998-09-24 09:36 millert +1998-09-24 11:36 millert * check.c, logging.c: time.h, not sys/time.h -1998-09-21 17:52 millert +1998-09-21 19:52 millert * logging.c: MAILER -> _PATH_SENDMAIL -1998-09-20 22:06 millert +1998-09-21 00:06 millert * INSTALL, configure.in: no more --with-C2, now it is - --disable-shadow + --disable-shadow -1998-09-20 22:00 millert +1998-09-21 00:00 millert * aclocal.m4, check.c, compat.h, config.h.in, configure.in, - getspwuid.c, sudo.c: new shadow password scheme. Always include - shadow support if the platform supports it and the user did not - disable it via configure + getspwuid.c, sudo.c, tgetpass.c: new shadow password scheme. + Always include shadow support if the platform supports it and the + user did not disable it via configure -1998-09-20 17:48 millert +1998-09-20 19:48 millert * configure.in: --with-getpass -> --{enable,disable}-tgetpass -1998-09-20 17:16 millert +1998-09-20 19:16 millert * Makefile.in: pathnames.h -> pathnames.h.in -1998-09-20 17:14 millert +1998-09-20 19:14 millert * check.c: fix version string -1998-09-20 17:12 millert +1998-09-20 19:12 millert * check.c: move pam_conv to be static to auth function remove - pam_misc.h (solaris doesn't have one) + pam_misc.h (solaris doesn't have one) -1998-09-20 17:10 millert +1998-09-20 19:10 millert * aclocal.m4: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill - SUDO_PROG_PWD + SUDO_PROG_PWD -1998-09-20 17:10 millert +1998-09-20 19:10 millert * configure.in: munge pathnames.h.in -> pathnames.h kill - SUDO_PROG_PWD + SUDO_PROG_PWD -1998-09-20 17:10 millert +1998-09-20 19:10 millert * pathnames.h.in: convert to pathnames.h.in -1998-09-18 18:20 millert +1998-09-18 20:20 millert * configure.in: fix typo in sysv4 matching case /. -1998-09-17 23:29 millert +1998-09-18 01:29 millert * check.c: pam stuff needs to run as root, not user, for shadow - passwords + passwords -1998-09-17 10:26 millert +1998-09-17 12:26 millert - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h, BUGS, INSTALL, README, - configure.in: updated version + * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in, + dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c, + BUGS, INSTALL, README, configure.in: updated version -1998-09-17 10:13 millert +1998-09-17 12:13 millert * check.c: user version.h for long message -1998-09-17 09:53 millert +1998-09-17 11:53 millert * check.c: this is version 1.5.6 -1998-09-16 11:42 millert +1998-09-16 13:42 millert * Makefile.in: remove errant backslash -1998-09-14 20:25 millert +1998-09-14 22:25 millert * options.h, parse.yacc, pathnames.h.in: fix version string -1998-09-14 20:02 millert +1998-09-14 22:02 millert * BUGS, CHANGES, TODO: updtaed for 1.5.6 -1998-09-14 20:02 millert +1998-09-14 22:02 millert * RUNSON: updated for 1.5.6 -1998-09-14 09:48 millert +1998-09-14 11:48 millert * interfaces.c: kill unused localhost_mask var copy if name to - ifr_tmp after we zero it + ifr_tmp after we zero it -1998-09-13 13:50 millert +1998-09-13 15:50 millert * INSTALL: Better description of new vs. old sudoers modes fix some - typos better description of /usr/ucb/cc gotchas on slowaris + typos better description of /usr/ucb/cc gotchas on slowaris -1998-09-13 13:49 millert +1998-09-13 15:49 millert * Makefile.in: add sample.pam -1998-09-13 13:32 millert +1998-09-13 15:32 millert * sudo.c: set NewArgv[0] to user_shell, not basename(user_shell) -1998-09-12 09:10 millert +1998-09-12 11:10 millert * README: mention TROUBLESHOOTING more fix some typos -1998-09-11 18:30 millert +1998-09-11 20:30 millert * configure.in: move --enable/--disable to be after --with -1998-09-11 18:30 millert +1998-09-11 20:30 millert * INSTALL: document --enable/--disable -1998-09-11 18:26 millert +1998-09-11 20:26 millert * INSTALL: document --with-pam -1998-09-11 17:47 millert +1998-09-11 19:47 millert * configure.in: Add message for pam users -1998-09-11 17:27 millert +1998-09-11 19:27 millert * sample.pam: Initial revision -1998-09-11 17:23 millert +1998-09-11 19:23 millert * config.h.in: fix HAVE_PAM -1998-09-11 17:19 millert +1998-09-11 19:19 millert * check.c, config.h.in, configure.in: pam support, from Gary Calvin - + -1998-09-10 16:51 millert +1998-09-10 18:51 millert * config.h.in: add HOST_IN_LOG and WRAP_LOG -1998-09-10 16:51 millert +1998-09-10 18:51 millert * logging.c: add WRAP_LOG and HOST_IN_LOG -1998-09-10 16:37 millert +1998-09-10 18:37 millert * configure.in: add --enable-log-host and --enable-log-wrap -1998-09-10 16:32 millert +1998-09-10 18:32 millert * aclocal.m4: use AC_DEFINE_UNQUOTED for --with-logfile and - --with-timedir + --with-timedir -1998-09-08 18:45 millert +1998-09-08 20:45 millert * compat.h: add howmany macro -1998-09-07 18:42 millert +1998-09-08 20:43 millert + + * tgetpass.c: include sys/param.h to get howmany macro + +1998-09-07 20:42 millert - * OPTIONS, options.h, parse.yacc, sudo.c: add RUNAS_DEFAULT + * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: + add RUNAS_DEFAULT -1998-09-07 10:51 millert +1998-09-07 12:51 millert * fnmatch.c: bring in stdio.h for NULL -1998-09-07 10:50 millert +1998-09-07 12:50 millert * aclocal.m4: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh -1998-09-07 10:43 millert +1998-09-07 12:43 millert * sudo.c: use HAVE_SET_AUTH_PARAMETERS -1998-09-07 10:42 millert +1998-09-07 12:42 millert * config.h.in: add HAVE_SET_AUTH_PARAMETERS -1998-09-07 10:41 millert +1998-09-07 12:41 millert * configure.in: add *-*-hiuxmpp* add test for set_auth_parameters() - if secureware + if secureware -1998-09-07 10:39 millert +1998-09-07 12:39 millert * config.sub: add support for HI-UX/MPP SR220001 02-03 0 SR2201 -1998-09-07 10:06 millert +1998-09-07 12:06 millert * interfaces.c: initialize previfname -1998-09-07 09:51 millert +1998-09-07 11:51 millert * interfaces.c: Don't use SIOCGIFADDR, we don't need it Use - SIOCGIFFLAGS if we have it check ifr_flags against IFF_UP and - IFF_LOOPBACK instead of kludging it + SIOCGIFFLAGS if we have it check ifr_flags against IFF_UP and + IFF_LOOPBACK instead of kludging it -1998-09-07 09:49 millert +1998-09-07 11:49 millert * configure.in: typo -1998-09-06 22:01 millert +1998-09-07 00:01 millert * Makefile.in: don't need special build line for sudo.tab.o -1998-09-06 21:58 millert +1998-09-06 23:58 millert * Makefile.in: don't clean sudo.tab.[ch] -1998-09-06 21:48 millert +1998-09-06 23:48 millert * sudo.c: Sudo should prompt for a password before telling the user - that a command could not be found. + that a command could not be found. -1998-09-06 21:47 millert +1998-09-06 23:47 millert * BUGS: for 1.5.6 -1998-09-06 21:25 millert +1998-09-06 23:25 millert * INSTALL, README: no longer require yacc -1998-09-06 21:19 millert +1998-09-06 23:19 millert * Makefile.in: typo -1998-09-06 21:18 millert +1998-09-06 23:18 millert * Makefile.in: y.tab -> sudo.tab include pre-yacc'd parse.yacc -1998-09-06 21:09 millert +1998-09-06 23:09 millert * parse.lex: include sudo.tab.h, not y.tab.h don't break out of - command args if you get a '=' + command args if you get a '=' -1998-09-06 20:59 millert +1998-09-06 22:59 millert * insults.h: fix version , -1998-09-06 20:57 millert +1998-09-06 22:57 millert * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: - fix version + fix version -1998-09-06 20:55 millert +1998-09-06 22:55 millert * getcwd.c: getcwd(3) from OpenBSD for those without it. -1998-09-06 20:51 millert +1998-09-06 22:51 millert * sudo.h: HAVE_GETWD -> HAVE_GETCWD -1998-09-06 20:49 millert +1998-09-06 22:49 millert * configure.in: pretend sunos doesn't have getcwd(3) since it opens - a pipe to getpwd! + a pipe to getpwd! -1998-09-06 20:41 millert +1998-09-06 22:41 millert * parse.c: use NAMLEN() macro -1998-09-06 20:34 millert +1998-09-06 22:34 millert * fnmatch.c: remove duplicate include of string.h -1998-09-06 20:28 millert +1998-09-06 22:28 millert * configure.in: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T -1998-09-06 20:28 millert +1998-09-06 22:28 millert * aclocal.m4: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T -1998-09-06 20:28 millert +1998-09-06 22:28 millert * config.h.in: add dev_t and ino_t -1998-07-28 10:44 millert +1998-07-28 12:44 millert * check.c: fix OTP_ONLY for opie -1998-05-18 22:10 millert +1998-06-24 12:22 millert + + * testsudoers.c, tgetpass.c: include stdlib.h for malloc proto + +1998-05-19 00:10 millert * Makefile.in: make update_version saner -1998-05-18 21:32 millert +1998-05-18 23:32 millert * config.h.in: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid() -1998-05-18 21:32 millert +1998-05-18 23:32 millert * configure.in: check for waitpid and wait3 or no waitpid -1998-05-18 21:31 millert +1998-05-18 23:31 millert * logging.c: used waitpid or wait3 if we have 'em -1998-04-27 18:09 millert +1998-05-02 14:16 millert + + * visudo.c: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel + Faigon) + +1998-04-27 20:09 millert * configure.in: don't need to explicately mention -lsocket -lnsl - for sequent + for sequent -1998-04-24 23:56 millert +1998-04-25 01:56 millert * configure.in: dynix should not link with -linet -1998-04-10 13:32 millert +1998-04-10 15:32 millert * INSTALL: mention that HP-UX doesn't ship with yacc -1998-04-06 20:35 millert +1998-04-06 22:35 millert * check.c: ignore kerberos if we can't get the local realm -1998-04-05 21:37 millert +1998-04-05 23:37 millert * configure.in, BUGS, INSTALL, README: ++version -1998-04-05 21:35 millert +1998-04-05 23:36 millert - * Makefile.in, check.c, config.h.in, dce_pwent.c, find_path.c, - getspwuid.c, getcwd.c, goodpath.c, interfaces.c, logging.c, - parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h: updated - version + * version.h: ++ -1998-04-05 21:34 millert +1998-04-05 23:35 millert + + * Makefile.in, emul/utime.h, check.c, config.h.in, dce_pwent.c, + find_path.c, getspwuid.c, getcwd.c, goodpath.c, interfaces.c, + logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, + sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: updated version + +1998-04-05 23:34 millert * check.c, sudo.h: fix version -1998-04-05 21:33 millert +1998-04-05 23:33 millert * getcwd.c: don't use popen/pclose. Do it inline. -1998-04-05 21:25 millert +1998-04-05 23:25 millert * lsearch.c: add rcsid -1998-04-05 21:21 millert +1998-04-05 23:21 millert * sudo.c: typo -1998-04-05 21:17 millert +1998-04-05 23:17 millert * sudo.h, pathnames.h.in, compat.h, options.h, ins_2001.h, - insults.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, - check.c: updated version + insults.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, + check.c: updated version -1998-04-05 21:15 millert +1998-04-05 23:15 millert - * check.c, find_path.c, parse.c, sudo.c: MAX* + 1 -> MAX* + * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: MAX* + 1 -> + MAX* -1998-04-05 21:14 millert +1998-04-05 23:14 millert * Makefile.in: getwd.c -> getcwd.c -1998-04-05 20:49 millert +1998-04-05 22:49 millert * config.h.in: kill HAVE_GETWD -1998-04-05 20:49 millert +1998-04-05 22:49 millert * configure.in: getcwd, not getwd -1998-04-05 20:48 millert +1998-04-05 22:48 millert * getcwd.c: use MAX* not MAX* + 1 always run pwd as using getwd() - defeats the purpose + defeats the purpose -1998-03-30 22:15 millert +1998-03-31 00:15 millert * OPTIONS, options.h: add STUB_LOAD_INTERFACES -1998-03-30 22:05 millert +1998-03-31 00:05 millert - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h: updated version + * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, + dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version -1998-03-30 21:54 millert +1998-03-30 23:54 millert * configure.in: support *-ccur-sysv4 and fix two typos -1998-03-27 17:52 millert +1998-03-27 19:52 millert * configure.in: don't echo about with_logfile and with_timedir -1998-03-27 17:49 millert +1998-03-27 19:49 millert * INSTALL: document --with-logfile and --with-timedir -1998-03-27 17:46 millert +1998-03-27 19:46 millert * aclocal.m4: support --with-logfile and --with-timedir -1998-03-27 17:46 millert +1998-03-27 19:46 millert * configure.in: Add --with-logfile and --with-timedir -1998-03-27 17:27 millert +1998-03-27 19:27 millert * sudo.c: change size computation of NewArgv for UNICOS -1998-02-18 18:10 millert +1998-02-18 20:10 millert * configure.in: treate -*-sysv4* like *-*-svr4 -1998-02-18 16:19 millert +1998-02-18 18:19 millert * configure.in: fix spacing for --with-authenticate help -1998-02-18 14:39 millert +1998-02-18 16:39 millert - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h: updated version + * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, + dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version -1998-02-18 14:23 millert +1998-02-18 16:23 millert * parse.yacc: fix off by one error in push macro -1998-02-16 23:15 millert +1998-02-17 01:15 millert * configure.in: removed bogus alloca hack -1998-02-16 23:15 millert +1998-02-17 01:15 millert * check.c: added AIX 4.x authenticate() support -1998-02-16 23:11 millert +1998-02-17 01:11 millert * parse.yacc: include alloca.h if using bison and not gcc and it - exists. fixes an alloca problem on hpux 10.x + exists. fixes an alloca problem on hpux 10.x -1998-02-16 22:39 millert +1998-02-17 00:39 millert * INSTALL: mention --with-authenticate -1998-02-16 22:37 millert +1998-02-17 00:37 millert * configure.in: added AIX authenticate() support -1998-02-16 22:22 millert +1998-02-17 00:22 millert * config.h.in: add HAVE_AUTHENTICATE -1998-02-16 21:58 millert +1998-02-16 23:58 millert * interfaces.c: dynamically size ifconf buffer -1998-02-16 21:56 millert +1998-02-16 23:56 millert * configure.in: quote '[' and ']' -1998-02-16 19:42 millert +1998-02-16 21:42 millert - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h: updated version + * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in, + dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + +1998-02-16 19:06 millert -1998-02-16 16:57 millert + * visudo.pod: add ERRORS section + +1998-02-16 18:57 millert * TROUBLESHOOTING: add busy stmp file explanation -1998-02-15 16:49 millert +1998-02-15 18:49 millert * configure.in: the name of the cached var that signals whether or - not you are cross compiling changed. It is now ac_cv_prog_cc_cross + not you are cross compiling changed. It is now + ac_cv_prog_cc_cross -1998-02-11 14:26 millert +1998-02-11 16:26 millert * INSTALL: mention glibc 2.07 is fixed wrt lsearch()\. -1998-02-06 19:55 millert +1998-02-06 21:55 millert - * sample.sudoers: better example of su but not root su + * sample.sudoers, sudoers.pod: better example of su but not root su -1998-02-06 13:49 millert +1998-02-06 15:49 millert - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h: updated version + * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, + dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version -1998-02-06 13:48 millert +1998-02-06 15:48 millert * Makefile.in: correct regexp for updating version -1998-02-06 12:05 millert +1998-02-06 14:05 millert + + * tgetpass.c: remove bogus flush of stderr spew prompt before + turning off echo. Seems to fix a weird problem where if sudo + complained about a bogus stamp file the user would sometimes not + have a chance to enter a password + +1998-02-06 14:05 millert * check.c: fix bogus flush of stderr -1998-02-05 17:19 millert +1998-02-05 19:19 millert * sudo.c: close fd's <=2 not <=3 and move that chunk of code up -1998-02-05 17:18 millert +1998-02-05 19:18 millert * configure.in: support hpux1[0-9] not just hpux10 -1998-01-30 12:59 millert +1998-01-30 14:59 millert * parse.c: set sudoers_fp to nil after closing -1998-01-23 23:05 millert +1998-01-24 01:05 millert * config.guess, config.sub: updated from autoconf 2.12 -1998-01-23 22:50 millert +1998-01-24 00:50 millert * configure.in: add *-*-svr4 rule -1998-01-22 20:49 millert +1998-01-22 22:53 millert + + * tgetpass.c: fix select usage for high fd's (dynamically allocate + readfds) + +1998-01-22 22:49 millert * check.c: kill extra whitespace -1998-01-22 17:28 millert +1998-01-22 19:28 millert * sudo.c: do an initgroups() before running a command, unless the - target user is root. + target user is root. -1998-01-22 10:22 millert +1998-01-22 12:22 millert * TROUBLESHOOTING: tell people to use tabs, not spaces, in - syslog.conf + syslog.conf -1998-01-20 23:56 millert +1998-01-21 01:56 millert * parse.lex, Makefile.in, config.h.in, getwd.c, strdup.c, putenv.c, - dce_pwent.c: updated version + emul/utime.h, testsudoers.c, utime.c, dce_pwent.c: updated + version -1998-01-20 23:32 millert +1998-01-21 01:32 millert - * goodpath.c, interfaces.c: updated version + * goodpath.c, sudo_setenv.c, interfaces.c, tgetpass.c, visudo.c: + updated version -1998-01-20 23:29 millert +1998-01-21 01:29 millert * sudo.h, pathnames.h.in, options.h, compat.h, insults.h, - ins_2001.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, - check.c, getspwuid.c, find_path.c, logging.c, parse.c, sudo.c: - updated version + ins_2001.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, + check.c, getspwuid.c, find_path.c, logging.c, parse.c, sudo.c: + updated version -1998-01-20 23:20 millert +1998-01-21 01:20 millert * Makefile.in: more tweaks to update_version -1998-01-20 23:19 millert +1998-01-21 01:19 millert * Makefile.in: fixed up update_version rule -1998-01-20 22:55 millert +1998-01-21 00:55 millert * configure.in: ++version -1998-01-20 22:53 millert +1998-01-21 00:53 millert * Makefile.in: removed supe of check.c -1998-01-20 22:51 millert +1998-01-21 00:51 millert * INSTALL: ++version I missed -1998-01-20 22:51 millert +1998-01-21 00:51 millert * RUNSON: updated -1998-01-20 22:48 millert +1998-01-21 00:48 millert * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, BUGS, INSTALL, - README: updated version + find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c, emul/utime.h, BUGS, INSTALL, README: updated version -1998-01-20 22:47 millert +1998-01-21 00:47 millert * CHANGES: updated for 1.5.5 -1998-01-20 22:35 millert +1998-01-21 00:35 millert * Makefile.in: add rules to update version stuff in files so I - don't need to do it by hand + don't need to do it by hand -1998-01-20 22:04 millert +1998-01-21 00:04 millert * sudo.h: sudoers_fp is now extern -1998-01-20 22:03 millert +1998-01-21 00:03 millert * sudo.c: in check_sudoers, cache the sudoers file handle in - sudoers_fp so we don't have to open it again in the parse. This - may help with weird solaris problems where EAGAIN sometime occurrs. + sudoers_fp so we don't have to open it again in the parse. This + may help with weird solaris problems where EAGAIN sometime + occurrs. -1998-01-20 22:02 millert +1998-01-21 00:02 millert * parse.c: sudoers file open is now done only in check_sudoers() so - we just do a rewind() instead of an open. May help people on - solaris who were getting EAGAIN. + we just do a rewind() instead of an open. May help people on + solaris who were getting EAGAIN. -1998-01-16 09:43 millert +1998-01-16 11:43 millert * INSTALL: mention that newer glibc is fixed -1998-01-13 10:58 millert +1998-01-13 12:58 millert * sudo.c: newer irix uses _RLDN32_* envariables for 32-bit binaries - so ignore _RLD* instead of _RLD_* + so ignore _RLD* instead of _RLD_* -1998-01-13 08:32 millert +1998-01-13 10:32 millert * parse.c: typo -1998-01-13 08:19 millert +1998-01-13 10:19 millert * parse.c: fix that bug for real -1998-01-13 00:39 millert +1998-01-13 02:39 millert * INSTALL: document Linux's libc6 brokenness. -1998-01-13 00:00 millert +1998-01-13 02:00 millert * parse.yacc: -Wall -1998-01-12 23:22 millert +1998-01-13 01:22 millert * RUNSON: updated -1998-01-12 22:50 millert +1998-01-13 00:50 millert * TROUBLESHOOTING: remind people to HUP syslogd -1998-01-12 22:05 millert +1998-01-13 00:05 millert * Makefile.in: add -O flag to tar -1998-01-12 22:00 millert +1998-01-13 00:00 millert * TODO, RUNSON: updated -1998-01-12 21:59 millert +1998-01-12 23:59 millert * sudo.pod: remove author's email addr. people should mail - sudo-bugs + sudo-bugs -1998-01-12 21:49 millert +1998-01-12 23:49 millert * INSTALL: fix version -1998-01-12 21:48 millert +1998-01-12 23:48 millert * README, check.c, compat.h, config.h.in, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h: ++version + dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: ++version -1998-01-12 21:44 millert +1998-01-12 23:44 millert * RUNSON: updated -1998-01-12 21:42 millert +1998-01-12 23:42 millert * INSTALL, Makefile.in: ++version -1998-01-12 21:41 millert +1998-01-12 23:41 millert * CHANGES: updated fort 1.5.4 -1998-01-12 21:41 millert +1998-01-12 23:41 millert * check.c: exit(1) if user enters no passwd -1998-01-12 21:37 millert +1998-01-12 23:37 millert * BUGS: ++version -1998-01-12 21:10 millert +1998-01-12 23:10 millert * parse.c: commands can start with ./* not just /* -- fixes a - serious security hole. + serious security hole. -1997-12-21 16:17 millert +1997-12-21 18:17 millert * sudo.c: Don't set the tty variable to NULL when we lack a tty, - leave it as "unknown". + leave it as "unknown". -1997-11-23 11:29 millert +1997-11-23 13:29 millert * sample.sudoers: fix usage of (username) in conjunction with , and - ! + ! + +1997-11-23 13:28 millert + + * visudo.c: catch the case where the user is not in the passwd file -1997-11-22 23:53 millert +1997-11-23 13:24 millert + + * tgetpass.c: use fileno(input) + 1 instead of getdtablesize() as + the nfds arg to select(2) + +1997-11-23 01:53 millert * sudo.c: define tty global to an initial value to avoid dumping - core in logging functions when passwd file is unavailable. + core in logging functions when passwd file is unavailable. -1997-11-22 23:51 millert +1997-11-23 01:51 millert * sudo.c: do the set_perms(PERM_USER, sudo_mode) after we have - gotten the passwd entry + gotten the passwd entry -1997-11-22 22:21 millert +1997-11-23 00:21 millert * sudo.pod: talk about problem of ALL -1997-10-09 22:54 millert +1997-10-10 00:54 millert * README: new web location -1997-10-09 22:54 millert +1997-10-10 00:54 millert * INSTALL: fdesc bug is fixed in Open/Net BSD -1997-10-09 22:52 millert +1997-10-10 00:52 millert * HISTORY: updates from Nieusma -1997-10-09 16:37 millert +1997-10-09 18:37 millert * dce_pwent.c: move compat.h after the system includes -1997-08-06 12:58 millert +1997-08-06 14:58 millert * logging.c: save errno from being clobbered by wait(). From Theo -1997-05-21 09:57 millert +1997-05-21 11:57 millert * compat.h: fix an occurence of setresuid -> setreuid (typo) -1997-03-19 15:45 millert +1997-03-19 17:45 millert * install-sh: check for path to strip -1997-01-15 17:05 millert +1997-01-15 19:05 millert * logging.c: deal with maxfilelen < 0 case -1997-01-15 17:05 millert +1997-01-15 19:05 millert * OPTIONS: fixed descriptin -1996-12-11 21:10 millert +1996-12-11 23:10 millert * sudo.c: correct error message if mode/owner wrong and not - statable by owner but is statable by root. + statable by owner but is statable by root. -1996-11-23 00:18 millert +1996-11-23 02:18 millert * config.guess, config.sub: autoconf 2.11 -1996-11-16 12:42 millert +1996-11-16 14:42 millert * CHANGES, RUNSON, TODO: sudo 1.5.3. -1996-11-14 13:08 millert +1996-11-14 15:08 millert * sudo.h, parse.yacc: command_alias -> generic_alias -1996-11-13 20:50 millert +1996-11-13 22:50 millert * sample.sudoers: added Runas_Alias example and fixed syntax errors -1996-11-13 20:50 millert +1996-11-13 22:50 millert * OPTIONS, options.h: updated MAILSUBJECT -1996-11-13 20:49 millert +1996-11-13 22:49 millert * logging.c: added %h expansion -1996-11-13 19:37 millert +1996-11-13 21:37 millert * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, INSTALL, - README, configure.in: ++version + find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c, INSTALL, README, configure.in: ++version -1996-11-13 18:02 millert +1996-11-13 20:01 millert - * BUGS: ++version + * emul/utime.h, BUGS: ++version + +1996-11-13 19:45 millert + + * sudoers.pod: document Runas_Alias + +1996-11-13 19:22 millert + + * visudo.pod: q (uid) -> Q + +1996-11-13 19:21 millert -1996-11-13 17:05 millert + * visudo.c: buffer oflow checking q (uit) -> Q if yyparse() fails + drop into whatnow + +1996-11-13 19:05 millert * parse.yacc: add size params to sprintf -1996-11-13 17:04 millert +1996-11-13 19:04 millert * parse.lex: allow trailing space after '\\' but before '\n' -1996-11-13 17:04 millert +1996-11-13 19:04 millert * find_path.c: off by one error in path size check -1996-11-13 17:03 millert +1996-11-13 19:03 millert * check.c: sprintf paranoia -1996-11-12 09:59 millert +1996-11-12 11:59 millert * parse.yacc: fixed more_aliases -1996-11-11 08:49 millert +1996-11-12 11:58 millert + + * visudo.c: now warns if killed by signal ./ + +1996-11-11 10:49 millert * parse.yacc: fix Runas_Alias stuff Alias's in runas list now get - expanded (but it is gross) + expanded (but it is gross) -1996-11-10 18:32 millert +1996-11-10 20:32 millert * sudo.c: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == - 0400 + 0400 -1996-11-10 18:08 millert +1996-11-10 20:08 millert * parse.yacc: add Runas_Alias support change FOO to FOO_ALIAS (ie: - USER_ALIAS) + USER_ALIAS) -1996-11-10 18:02 millert +1996-11-10 20:02 millert * parse.lex: Add Runas_Alias and simplify a rule. -1996-11-10 17:15 millert +1996-11-10 19:15 millert * parse.yacc: always store User_Alias's since they can be used - inside of a runas list. Sigh. Really need a Runas_Alias instead. + inside of a runas list. Sigh. Really need a Runas_Alias + instead. + +1996-10-30 18:04 millert -1996-10-11 21:01 millert + * visudo.c: deal with case where there is no sudoers file + +1996-10-11 23:01 millert * TROUBLESHOOTING: added one -1996-10-10 20:11 millert +1996-10-10 22:11 millert - * HISTORY: developement -> development + * HISTORY, testsudoers.c: developement -> development -1996-10-10 20:08 millert +1996-10-10 22:08 millert * INSTALL: added a note -1996-10-10 18:36 millert +1996-10-10 20:36 millert * RUNSON: for 1.5.2 -1996-10-10 18:36 millert +1996-10-10 20:36 millert * CHANGES: updated -1996-10-09 22:56 millert +1996-10-10 00:56 millert * PORTING: removed seteuid() notes -1996-10-09 11:37 millert +1996-10-09 13:37 millert * compat.h: better seteuid() emulatino -1996-10-09 11:36 millert +1996-10-09 13:36 millert * configure.in: added check for seteuid -1996-10-09 11:36 millert +1996-10-09 13:36 millert * config.h.in: added HAVE_SETEUID -1996-10-08 17:22 millert +1996-10-08 19:22 millert * configure.in: first stab at sequent support -1996-10-08 17:21 millert +1996-10-08 19:21 millert * config.h.in: added HAVE_SYS_SELECT_H -1996-10-08 17:21 millert +1996-10-08 19:21 millert * compat.h: sequent -> _SEQUENT_ -1996-10-08 17:11 millert +1996-10-08 19:11 millert * compat.h: added seteuid() macro for DYNIX -1996-10-06 23:05 millert +1996-10-08 18:54 millert - * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, - getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, interfaces.c, options.h, pathnames.h.in, - BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, - logging.c, parse.c, parse.lex, parse.yacc, putenv.c, strdup.c: - ++version + * tgetpass.c: _AIX -> HAVE_SYS_SELECT_H + +1996-10-07 01:05 millert + + * emul/utime.h, check.c, compat.h, dce_pwent.c, find_path.c, + getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h, + pathnames.h.in, version.h, BUGS, INSTALL, Makefile.in, OPTIONS, + README, config.h.in, logging.c, parse.c, parse.lex, parse.yacc, + putenv.c, strdup.c, sudo_setenv.c, testsudoers.c, utime.c, + visudo.c, tgetpass.c: ++version -1996-10-06 22:59 millert +1996-10-07 00:59 millert * sudo.pod: added -H and SUDO_PS1 -1996-10-06 22:55 millert +1996-10-07 00:55 millert * configure.in: use SUDO_FUNC_FNMATCH -1996-10-06 22:54 millert +1996-10-07 00:54 millert * aclocal.m4: added SUDO_FUNC_FNMATCH -1996-10-06 22:53 millert +1996-10-07 00:53 millert * sudo.c: added -H flag -1996-10-06 22:53 millert +1996-10-07 00:53 millert * sudo.h: added MODE_RESET_HOME / -1996-10-04 22:00 millert +1996-10-05 00:00 millert * INSTALL: mention OPIE -1996-10-04 21:59 millert +1996-10-04 23:59 millert * configure.in: added opie support -1996-10-04 21:59 millert +1996-10-04 23:59 millert * check.c: added HAVE_OPIE and changed to *_OTP_* -1996-10-04 21:58 millert +1996-10-04 23:58 millert * compat.h, config.h.in: added HAVE_OPIE -1996-10-04 21:58 millert +1996-10-04 23:58 millert * OPTIONS, options.h: SKEY -> OTP -1996-10-03 21:27 millert +1996-10-03 23:27 millert * check.c: moved fclose() in skey stuff. -1996-10-03 17:53 millert +1996-10-03 19:53 millert * putenv.c: index -> strchr remove unnecesary stuff -1996-10-03 17:43 millert +1996-10-03 19:43 millert * check.c: now call skeychallenge() to get challenge instead of - making one up ourselves. this way, we get extra goodies in the - prompt. + making one up ourselves. this way, we get extra goodies in the + prompt. -1996-09-09 22:32 millert +1996-09-10 00:32 millert * CHANGES: added one -1996-09-09 22:18 millert +1996-09-10 00:18 millert * parse.lex: allow logins to start with a number (YUCK!) -1996-09-08 13:18 millert +1996-09-08 15:18 millert * TROUBLESHOOTING: added soalris 2.5 vs 2.4 note -1996-09-08 13:15 millert +1996-09-08 15:15 millert * configure.in: DUNIX doesn't need -lnsl -1996-09-07 18:22 millert +1996-09-07 20:22 millert * CHANGES: [no log message] -1996-09-07 18:21 millert +1996-09-07 20:21 millert * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, - getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h: courtesan + getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, + options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, + putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, + tgetpass.c, utime.c, version.h, visudo.c: courtesan -1996-09-07 18:13 millert +1996-09-07 20:13 millert * TROUBLESHOOTING, INSTALL, Makefile.in, PORTING, RUNSON, README: - courtesan + courtesan -1996-09-07 18:00 millert +1996-09-07 20:12 millert - * sudo.pod: courtesan + * visudo.pod: [no log message] -1996-09-07 17:45 millert +1996-09-07 20:00 millert + + * sudo.pod, visudo.pod: courtesan + +1996-09-07 19:45 millert * HISTORY: added courtesan ./ -1996-09-05 22:12 millert +1996-09-06 00:12 millert * sudo.c: added $SUDO_PROMPT support -1996-09-04 15:19 millert +1996-09-04 17:19 millert * check.c: print long skey challemged to stderr, not stdout -1996-08-31 21:10 millert +1996-08-31 23:10 millert * CHANGES: updated for 1.5.1 -1996-08-31 10:34 millert +1996-08-31 23:07 millert + + * emul/utime.h: ++version + +1996-08-31 12:34 millert * RUNSON: updated for 1.5.1 -1996-08-30 08:49 millert +1996-08-30 10:49 millert * check.c: use shost, not host for tgetpass -1996-08-29 22:21 millert +1996-08-30 00:21 millert * OPTIONS, sudo.pod: documented %u and %h -1996-08-29 18:40 millert +1996-08-29 20:40 millert * configure.in: fixed typo -1996-08-29 18:37 millert +1996-08-29 20:37 millert * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h: ++version + dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: ++version -1996-08-29 18:30 millert +1996-08-29 20:30 millert * BUGS: ++version -1996-08-29 16:32 millert +1996-08-29 18:32 millert - * configure.in, Makefile.in: ++version + * configure.in, Makefile.in, version.h: ++version -1996-08-29 15:58 millert +1996-08-29 17:58 millert * sudo.h: new tgetpass() params -1996-08-29 15:58 millert +1996-08-29 17:58 millert * check.c: pass use and host to tgetpass -1996-08-29 14:56 millert +1996-08-29 17:57 millert + + * tgetpass.c: added %u and %h escapes + +1996-08-29 16:56 millert * OPTIONS, options.h, check.c: added NO_MESSAGE -1996-08-29 14:23 millert +1996-08-29 16:23 millert * configure.in: added cray (unicos) support -1996-08-27 09:36 millert +1996-08-27 11:36 millert * OPTIONS, options.h, sudo.c: added SHELL_SETS_HOME -1996-08-25 15:56 millert +1996-08-25 17:56 millert * INSTALL: added note about "make install" -1996-08-25 15:50 millert +1996-08-25 17:50 millert * parse.yacc: changed length/size params from int to size_t -1996-08-25 11:35 millert +1996-08-25 13:35 millert * OPTIONS: now get CSOPS insults as well by default -1996-08-25 11:33 millert +1996-08-25 13:33 millert * insults.h: use csops insults too by default -1996-08-25 11:31 millert +1996-08-25 13:31 millert - * INSTALL, Makefile.in, README, config.h.in, configure.in: version - = 1.5 + * INSTALL, Makefile.in, README, config.h.in, configure.in, + version.h: version = 1.5 -1996-08-25 11:27 millert +1996-08-25 13:27 millert * sudo.c: added runas_homedir -1996-08-25 11:27 millert +1996-08-25 13:27 millert * TODO: updated for 1.5 -1996-08-25 11:23 millert +1996-08-25 13:23 millert * RUNSON: updated for 1.5 -1996-08-25 11:19 millert +1996-08-25 13:19 millert * CHANGES: 1.5 release -1996-08-25 11:17 millert +1996-08-25 13:17 millert * INSTALL: added "upgrading" notes -1996-08-18 10:52 millert +1996-08-22 14:00 millert + + * visudo.c: now do chmod and chown after edit of temp file and + before rename + +1996-08-18 12:52 millert * Makefile.in: ++version added INSTALL.configure -1996-08-18 10:52 millert +1996-08-18 12:52 millert - * configure.in: ++version + * version.h, configure.in: ++version -1996-08-18 10:51 millert +1996-08-18 12:51 millert * TROUBLESHOOTING: [no log message] -1996-08-18 10:50 millert +1996-08-18 12:50 millert * parse.yacc: added missing cast -1996-08-17 18:37 millert +1996-08-17 20:37 millert * sudo.c: sets $HOME to pw_dir of runas user -1996-08-17 18:02 millert +1996-08-17 20:02 millert * sudo.pod: document $HOME change -1996-08-17 17:43 millert +1996-08-17 19:43 millert * sudo.pod: fixed up some wording -1996-08-17 17:25 millert +1996-08-17 19:25 millert * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, - goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, - parse.yacc, putenv.c, strdup.c, sudo.c: ++version + goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, + parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version -1996-08-17 17:21 millert +1996-08-17 19:19 millert - * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, - insults.h, options.h, pathnames.h.in, sudo.h: ++version + * emul/utime.h, compat.h, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h: + ++version -1996-08-17 17:18 millert +1996-08-17 19:18 millert * sudo.h: name nad type changes -1996-08-17 17:07 millert +1996-08-17 19:17 millert + + * testsudoers.c: now works with new sudo + +1996-08-17 19:07 millert * parse.yacc: fixed some XXX -1996-08-17 16:52 millert +1996-08-17 18:52 millert * parse.yacc: some variable name changes + comment headers for - functions. + functions. + +1996-08-17 18:41 millert -1996-08-17 16:34 millert + * tgetpass.c: added extra paren's to make compilers happy + +1996-08-17 18:34 millert * sudo.c: [no log message] -1996-08-17 16:30 millert +1996-08-17 18:30 millert * parse.c: now uses init_parser() if not in sudoers and tries - "list" or "validate" scold but don't be nasty. + "list" or "validate" scold but don't be nasty. -1996-08-17 16:29 millert +1996-08-17 18:29 millert * TROUBLESHOOTING: now can use upper case login names -1996-08-17 16:28 millert +1996-08-17 18:29 millert + + * visudo.c: now uses init_parser() + +1996-08-17 18:28 millert * PORTING: added info about PASSWORD_TIMEOUT -1996-08-17 16:28 millert +1996-08-17 18:28 millert * INSTALL, README: updated -1996-08-17 16:28 millert +1996-08-17 18:28 millert * INSTALL.configure: Initial revision -1996-08-17 16:27 millert +1996-08-17 18:27 millert * BUGS: fixed a bug , -1996-08-17 16:27 millert +1996-08-17 18:27 millert * parse.yacc: now dynamically allocates memory for the stacks -- no - more overflows! + more overflows! -1996-08-17 16:26 millert +1996-08-17 18:26 millert * sudo.pod: -l now explands command aliases -1996-08-17 11:22 millert +1996-08-17 13:22 millert * parse.yacc: hacks to expand command aliases for `sudo -l' -1996-08-17 11:22 millert +1996-08-17 13:22 millert * sudo.c: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, - and bash) + and bash) -1996-08-17 11:22 millert +1996-08-17 13:22 millert * sudo.h: added struct command_alias -1996-08-17 11:20 millert +1996-08-17 13:20 millert * sudo.pod: fixed a bug -1996-08-17 11:15 millert +1996-08-17 13:15 millert * lsearch.c: in compar() key should be first arg -1996-08-15 13:48 millert +1996-08-15 15:48 millert * BUGS: fixed some bugs -1996-08-15 13:47 millert +1996-08-15 15:47 millert * parse.yacc: can now deal with upcase HOST and USER names -1996-08-15 13:47 millert +1996-08-15 15:47 millert * sudo.c: don't yell too loudly at non-sudoers if they do "sudo -l" -1996-08-15 13:46 millert +1996-08-15 15:46 millert * sudo.pod: fixed thinko -1996-08-15 13:46 millert +1996-08-15 15:46 millert * parse.c: fix comment -1996-08-09 16:07 millert +1996-08-09 18:07 millert * parse.c, parse.yacc: added support for new `sudo -l' stuff -1996-08-09 16:06 millert +1996-08-09 18:06 millert * sudo.c: now uses list_matches() -1996-08-09 16:06 millert +1996-08-09 18:06 millert * sudo.h: added struct sudo_match -1996-08-09 15:37 millert +1996-08-09 17:37 millert * configure.in: now more -lgnumalloc -1996-08-01 11:12 millert +1996-08-01 13:12 millert * install-sh: added more paths for chown and whoami -1996-07-31 08:41 millert +1996-07-31 10:41 millert * check.c: typo -1996-07-30 11:45 millert +1996-07-30 13:45 millert * aclocal.m4: fixed DUNIX check for shadow pw -1996-07-30 10:53 millert +1996-07-30 13:41 millert + + * tgetpass.c: now only turn off echo if it is already on. this + fixes a race when you use sudo in a pipelin + +1996-07-30 12:53 millert * INSTALL: updated -1996-07-29 20:29 millert +1996-07-29 22:29 millert * configure.in: changed "test -z $foo && do_this" to if; then - construct + construct -1996-07-28 20:47 millert +1996-07-28 22:47 millert * configure.in: added missing defines of SHADOW_TYPE -1996-07-26 12:10 millert +1996-07-26 14:10 millert * check.c: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since - they are only in dunix 4.x + they are only in dunix 4.x -1996-07-26 12:09 millert +1996-07-26 14:09 millert * getspwuid.c: added AUTH_CRYPT_C1CRYPT support -1996-07-26 11:23 millert +1996-07-26 13:23 millert * parse.c: no longer return VALIDATE_NOT_OK if there was a runas - that didn't match. Now we can have runas stuff on more than one - line. + that didn't match. Now we can have runas stuff on more than one + line. -1996-07-25 21:45 millert +1996-07-25 23:45 millert * configure.in: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always - defined to something + defined to something -1996-07-25 21:45 millert +1996-07-25 23:45 millert * config.h.in: removed HAVE_C2_SECURITY added SPW_BSD -1996-07-25 21:44 millert +1996-07-25 23:44 millert - * compat.h, getspwuid.c, sudo.c: use SHADOW_TYPE instead of - HAVE_C2_SECURITY + * compat.h, getspwuid.c, sudo.c, tgetpass.c: use SHADOW_TYPE + instead of HAVE_C2_SECURITY -1996-07-25 21:44 millert +1996-07-25 23:44 millert * check.c: SHADOW_TYPE is always defined so just against its value -1996-07-25 21:44 millert +1996-07-25 23:44 millert * aclocal.m4: added SUDO_CHECK_SHADOW_DUNIX -1996-07-24 11:02 millert +1996-07-25 18:47 millert + + * sudoers.pod: * -> ?* in one example added another instance of + (runas) and one of NOPASSWD: + +1996-07-24 13:02 millert * configure.in: added back check for config.cache from other host - type + type -1996-07-24 10:49 millert +1996-07-24 12:49 millert * parse.lex: removed an instance of \" -1996-07-24 10:49 millert +1996-07-24 12:49 millert * sample.sudoers: added an example -1996-07-24 08:28 millert +1996-07-24 12:44 millert + + * sudoers.pod: updated wrt new wildcard matching + +1996-07-24 10:28 millert * configure.in: new check for shadow passwords if we don't know - anything + anything -1996-07-24 08:28 millert +1996-07-24 10:28 millert * aclocal.m4: new SUDO_CHECK_SHADOW_GENERIC -1996-07-24 00:19 millert +1996-07-24 02:19 millert * configure.in: added back check for -lsocket (oops) -1996-07-24 00:16 millert +1996-07-24 02:16 millert * configure.in: better (working) check for shadow passwd type if we - know to use C2. + know to use C2. -1996-07-23 23:59 millert +1996-07-24 01:59 millert * configure.in: now uses AC_CANONICAL_HOST to figure out os type -1996-07-23 23:59 millert +1996-07-24 01:59 millert * Makefile.in: added config.{guess,sub} -1996-07-23 23:58 millert +1996-07-24 01:58 millert * aclocal.m4: removed unused stuff to figure out os type -1996-07-23 20:58 millert +1996-07-23 22:58 millert * config.sub: added openbsd -1996-07-23 20:54 millert +1996-07-23 22:54 millert * config.sub: Initial revision -1996-07-23 20:40 millert +1996-07-23 22:40 millert * config.guess: Initial revision -1996-07-23 19:18 millert +1996-07-23 21:18 millert + + * testsudoers.c: don't call fnmatch() with FNM_PATHNAME flag unless + it can only be a pathname. need to check against sudoers_args + even if user_args is nil + +1996-07-23 21:18 millert * parse.c: don't call fnmatch() with FNM_PATHNAME flag unless it - can only be a pathname need to check against sudoers_args even if - user_args is nil + can only be a pathname need to check against sudoers_args even if + user_args is nil -1996-07-23 16:52 millert +1996-07-23 18:52 millert * check.c: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2 -1996-07-22 23:10 millert +1996-07-23 01:18 millert + + * testsudoers.c: now takes command line args and uses cmnd_args + +1996-07-23 01:10 millert * parse.lex: fill_args was adding an extra leading space -1996-07-22 13:50 millert +1996-07-22 15:50 millert + + * visudo.c: fixed dummy command_matches() + +1996-07-22 15:50 millert * parse.yacc: fixed prototype -1996-07-22 13:31 millert +1996-07-22 15:31 millert * sudo.h: added cmnd_args -1996-07-22 13:31 millert +1996-07-22 15:31 millert * parse.yacc: now uses flat args string -1996-07-22 13:30 millert +1996-07-22 15:30 millert * parse.c, parse.lex: now uses flat arg string -1996-07-22 12:30 millert +1996-07-22 15:29 millert + + * visudo.c: added cmnd_args def + +1996-07-22 14:30 millert * sudo.c: now sets cmnd_args global -1996-07-22 12:30 millert +1996-07-22 14:30 millert * logging.c: cmnd_args is now exported from sudo.[ch] -1996-07-21 16:41 millert +1996-07-21 18:41 millert * parse.yacc: can't rely on cmnd_matches as much as I thought -- - added some $$ stuff back in to prevent namespace pollution - problems. + added some $$ stuff back in to prevent namespace pollution + problems. -1996-07-21 16:01 millert +1996-07-21 18:01 millert * parse.yacc: Simplified parse rules wrt runas and NOPASSWD (more - consistent). + consistent). -1996-07-19 22:45 millert +1996-07-20 00:45 millert * parse.lex: NOPASSWD may now have blanks before the ':' '(' only - starts a 'runas' if in the initial state to avoid collision with - command args + starts a 'runas' if in the initial state to avoid collision with + command args -1996-07-19 22:23 millert +1996-07-20 00:23 millert * configure.in: added checks for specific shadow passwd schemes -1996-07-19 22:18 millert +1996-07-20 00:18 millert * aclocal.m4: added routines to check for specific shadow passwd - types + types -1996-07-18 16:27 millert +1996-07-18 18:27 millert * configure.in: added support for ncr boxen -1996-07-18 16:26 millert +1996-07-18 18:26 millert * aclocal.m4: added support for detecting ncr boxen -1996-07-16 12:57 millert +1996-07-16 14:57 millert * configure.in: added sinix support -1996-07-13 20:29 millert +1996-07-13 22:29 millert * TROUBLESHOOTING: added info about "config.cache from other other" - error. + error. -1996-07-13 20:22 millert +1996-07-13 22:22 millert * aclocal.m4: now makes sure you don't have a config.cache file - from another OS + from another OS -1996-07-13 19:36 millert +1996-07-13 21:36 millert * configure.in: now sets $LIBS when needed to configure links with - libs when doing tests hpux10 now uses SPW_SECUREWARE for C2 added - check for bigcrypt(3) if SPW_SECUREWARE + libs when doing tests hpux10 now uses SPW_SECUREWARE for C2 added + check for bigcrypt(3) if SPW_SECUREWARE -1996-07-13 19:30 millert +1996-07-13 21:30 millert * getspwuid.c: fixed typo -1996-07-13 19:05 millert +1996-07-13 21:05 millert + + * tgetpass.c: now include stuff for SPW_SECUREWARE to get + AUTH_MAX_PASSWD_LENGTH + +1996-07-13 21:05 millert * getspwuid.c: no more SPW_HPUX10 -1996-07-13 19:04 millert +1996-07-13 21:04 millert * config.h.in: no more SPW_HPUX10 added HAVE_BIGCRYPT -1996-07-13 19:04 millert +1996-07-13 21:04 millert * compat.h: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE -1996-07-13 19:04 millert +1996-07-13 21:04 millert * check.c: SPW_SECUREWARE now uses bigcrypt -1996-07-13 16:24 millert +1996-07-13 18:24 millert * sample.sudoers: fixed 2 syntax errors -1996-07-11 18:59 millert +1996-07-13 18:24 millert + + * sudoers: root may now run ALL as ALL + +1996-07-11 20:59 millert * interfaces.c: fixed a typo/thinko that broke BSD's with sa_len -1996-07-08 14:08 millert +1996-07-08 16:08 millert * check.c, configure.in: updated AFS support -1996-07-08 14:07 millert +1996-07-08 16:07 millert * TROUBLESHOOTING: added entry about /usr/ucb/cc -1996-07-08 14:06 millert +1996-07-08 16:06 millert * INSTALL: prep no longer holds gcc binaries -1996-07-08 13:48 millert +1996-07-08 15:48 millert * INSTALL: updated AFS note -1996-07-08 13:43 millert +1996-07-08 15:43 millert * Makefile.in: added @AFS_LIBS@ -1996-07-08 13:33 millert +1996-07-08 15:33 millert * compat.h: AFS allows long passwords -1996-07-08 12:16 millert +1996-07-08 14:16 millert + + * testsudoers.c: fixed -u user support + +1996-07-08 14:16 millert * parse.c: sudo -v now groks VALIDATE_OK_NOPASS -1996-07-08 11:30 millert +1996-07-08 13:30 millert * parse.yacc: fixed no_passwd vs. runas_matched -1996-07-08 08:30 millert +1996-07-08 10:30 millert * TROUBLESHOOTING: took out stuff about NFS-mounting since it is no - longer an issue + longer an issue -1996-07-08 08:30 millert +1996-07-08 10:30 millert * INSTALL: added --with-libraries > --with-libpath --with-incpath -1996-07-08 08:21 millert +1996-07-08 10:21 millert * parse.yacc: was setting runas_matches to -1 in wrong place -1996-07-08 07:58 millert +1996-07-08 09:58 millert * check.c: removed usersec.h which is not present in new AFS - versions + versions + +1996-07-08 09:55 millert -1996-07-08 07:51 millert + * tgetpass.c: now deals with timeout <= 0 + +1996-07-08 09:51 millert * OPTIONS: updated -1996-07-07 22:04 millert +1996-07-08 00:04 millert * configure.in: BSD/OS >= 2.0 now uses shlicc instead of just gcc -1996-07-07 20:30 millert +1996-07-07 22:30 millert * sudo.c: fixed backwards compatibility with sudo 1.4 sudoers mode - for root readable/writable filesystems + for root readable/writable filesystems -1996-07-07 18:49 millert +1996-07-07 20:49 millert * Makefile.in: now gives INSTALL -c flag -1996-07-07 18:34 millert +1996-07-07 20:34 millert * parse.yacc: slightly simpler initialization of no_passwd and - runas_matches + runas_matches + +1996-07-07 20:33 millert -1996-07-07 18:32 millert + * testsudoers.c: added -u username support + +1996-07-07 20:32 millert * configure.in: improved --with-libraries support -1996-07-07 14:27 millert +1996-07-07 16:27 millert * configure.in: added --with-incpath, --with-libpath, - --with-libraries + --with-libraries -1996-07-07 14:01 millert +1996-07-07 16:01 millert * parse.yacc: now initializes some fields that weren't getting set - to -1 pretty gross -- need a rewrite. + to -1 pretty gross -- need a rewrite. -1996-06-25 21:19 millert +1996-06-25 23:19 millert * alloca.c: removed emacs'isms -1996-06-25 20:29 millert +1996-06-25 22:29 millert * configure.in: no longer add -lPW to *_LIBS since we include - alloca.c + alloca.c -1996-06-25 20:29 millert +1996-06-25 22:29 millert * config.h.in: added HAVE_ALLOCA_H -1996-06-25 20:28 millert +1996-06-25 22:28 millert * Makefile.in: added alloca.c -1996-06-25 20:18 millert +1996-06-25 22:18 millert * alloca.c: Initial revision -1996-06-25 19:58 millert +1996-06-25 21:58 millert * configure.in: ++version -1996-06-25 17:32 millert +1996-06-25 19:32 millert * sudo.c: now set uid to 1 instead of nobody for PERM_SUDOERS since - nobody is not always set to a valid uid. + nobody is not always set to a valid uid. -1996-06-25 17:31 millert +1996-06-25 19:31 millert * OPTIONS: fixed entry for SUDO_MODE -1996-06-25 16:02 millert +1996-06-25 18:02 millert * sudo.c: Fixed NFS-mounted sudoers file under solaris both uid - *and* gid were being set to -2. Now beat NFS to the punch and set - uid to "nobody" ourselves, preserving group 0 to read sudoers. + *and* gid were being set to -2. Now beat NFS to the punch and + set uid to "nobody" ourselves, preserving group 0 to read + sudoers. -1996-06-25 16:02 millert +1996-06-25 18:02 millert * parse.c: moved set_perms(PERM_ROOT) to be before yyparse() -1996-06-25 16:00 millert +1996-06-25 18:00 millert * logging.c: fixed a typo -1996-06-25 16:00 millert +1996-06-25 18:00 millert * configure.in: no longer need AC_PROG_INSTALL -1996-06-25 15:59 millert +1996-06-25 17:59 millert * Makefile.in: always use install-sh to avoid install(1)'s that use - get{pw,gr}nam + get{pw,gr}nam -1996-06-25 14:07 millert +1996-06-25 16:07 millert * INSTALL: make clean -> make distclean -1996-06-19 23:17 millert +1996-06-20 01:17 millert * parse.yacc: removed some unnecsary if's -1996-06-19 23:16 millert +1996-06-20 01:16 millert - * Makefile.in: ++version + * Makefile.in, version.h: ++version -1996-06-19 23:16 millert +1996-06-20 01:16 millert - * parse.c: now includes netgroup.h + * parse.c, testsudoers.c: now includes netgroup.h -1996-06-19 22:45 millert +1996-06-20 00:45 millert * interfaces.c: removed cats of ioctl to int since they didn't shut - up -Wall + up -Wall -1996-06-19 22:43 millert +1996-06-20 00:43 millert * interfaces.c: explicately cast ioctl() to int since it it not - always declared + always declared -1996-06-19 22:41 millert +1996-06-20 00:41 millert * sudo.h: added declarations for yyparse() and yylex() -1996-06-19 22:27 millert +1996-06-20 00:27 millert * parse.yacc: fixed an occurence of '==' -> '=' -1996-06-19 22:22 millert +1996-06-20 00:22 millert * config.h.in, configure.in: added check for netgroup.h -1996-06-19 22:20 millert +1996-06-20 00:20 millert * sudo.c: fixed 2 compiler warnings -1996-06-19 22:08 millert +1996-06-20 00:08 millert * sudo.c: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] - weren't being initialized + weren't being initialized -1996-06-19 11:53 millert +1996-06-19 13:53 millert * sudo.pod: fixed a typo -1996-06-17 10:19 millert +1996-06-17 12:19 millert * parse.yacc: fixed a formatting thingie -1996-06-17 10:16 millert +1996-06-17 12:16 millert * parse.c, parse.yacc: fixed -u support with multiple user lists on - a line + a line -1996-06-17 08:23 millert +1996-06-17 10:23 millert * configure.in: unixware needs -lgen -1996-06-17 08:23 millert +1996-06-17 10:23 millert * README: updated ftp location -1996-06-16 22:07 millert +1996-06-17 00:08 millert + + * sudoers.pod: add net_addr/netmask support + +1996-06-17 00:07 millert * sample.sudoers: added net_addr/mask example -1996-06-16 22:02 millert +1996-06-17 00:02 millert * parse.lex, parse.c: added support for net_addr/netmask -1996-06-15 16:12 millert +1996-06-15 20:13 millert + + * sudoers.pod: ^ -> ! + +1996-06-15 18:12 millert * RUNSON: updated for 1.4.3 -1996-06-15 16:12 millert +1996-06-15 18:12 millert * CHANGES: udpated for 1.4.3 -1996-06-15 16:11 millert +1996-06-15 18:11 millert * TROUBLESHOOTING, TODO, BUGS: updated -1996-06-15 16:11 millert +1996-06-15 18:11 millert * sample.sudoers: updated with examples of new stuff -1996-06-15 16:10 millert +1996-06-15 18:10 millert * INSTALL, README: ++version -1996-06-15 15:58 millert +1996-06-15 18:01 millert + + * sudoers.pod: updated wrt -u and NOPASSWD + +1996-06-15 17:58 millert * sudo.pod: updated wrt -u and CAVEATS -1996-06-08 21:15 millert +1996-06-08 23:15 millert * sudo.c: fixed usage() -1996-06-08 20:57 millert +1996-06-08 22:57 millert * parse.lex: now use :foo: character classes (makes no diff for - generated lexer) + generated lexer) -1996-06-07 12:33 millert +1996-06-07 14:33 millert * check.c: fixed LONG_SKEY_PROMPT stuff -1996-06-06 13:03 millert +1996-06-06 15:35 millert + + * visudo.c: fixed a comment + +1996-06-06 15:03 millert * lsearch.c: make more like NetBSD one -- now compiles w/o warnings -1996-06-05 20:20 millert +1996-06-06 15:02 millert + + * emul/search.h: fixed decls of lsearch() + +1996-06-05 22:20 millert * config.h.in, configure.in, getspwuid.c: added SPW_HPUX10 -1996-06-05 20:20 millert +1996-06-05 22:20 millert * check.c: hpux 10 uses bigcrypt() if C2 -1996-06-04 17:57 millert +1996-06-04 19:57 millert * parse.c: now always uses fnmatch to match args -1996-05-28 20:14 millert +1996-06-04 19:40 millert + + * tgetpass.c: back to using stdio instead of raw i/o since that + caused some problems + +1996-05-28 22:14 millert * sudo.c: now give usage warning if use -l,-v,-k with args -1996-05-28 16:22 millert +1996-05-28 18:22 millert * sudo.c: NewArgc is now set to 1 for -l, -v, -k -1996-05-28 10:50 millert +1996-05-28 12:50 millert * sudo.c: now sets sudoers to correct group if mode is 0400 -1996-05-28 10:02 millert +1996-05-28 12:02 millert * install-sh: updated to version used by inn and bind -1996-05-27 22:08 millert +1996-05-28 00:08 millert * configure.in: now uses -lgnumalloc if it exists -1996-05-27 22:02 millert +1996-05-28 00:02 millert * Makefile.in: "make install" now sets uid/gid and mode on sudoers - if it exists + if it exists -1996-05-27 22:01 millert +1996-05-28 00:01 millert * sudo.c: rmeoved debugging statements -1996-05-27 22:00 millert +1996-05-28 00:00 millert * parse.yacc: added a missing free() -1996-05-27 21:58 millert +1996-05-27 23:58 millert * sudo.c: now uses user_gid instead of getegid (which was wrong - anyway) to set SUDO_GID Now sets command line args in SUDO_COMMAND - envariabled (logging.c depends on args being in the environment) + anyway) to set SUDO_GID Now sets command line args in + SUDO_COMMAND envariabled (logging.c depends on args being in the + environment) -1996-05-27 21:57 millert +1996-05-27 23:57 millert * logging.c: now uses SUDO_COMMAND envariable to get command args - rather than building it up again. + rather than building it up again. -1996-05-27 20:42 millert +1996-05-27 22:42 millert * parse.c: now uses user_gid -1996-05-27 18:02 millert +1996-05-27 20:02 millert * sudo.c: fixed off by one error in allocation NewArgv -1996-05-27 18:01 millert +1996-05-27 20:01 millert * parse.c: in sudoers, 'command ""' now means command with no args -1996-05-27 18:01 millert +1996-05-27 20:01 millert * configure.in: added check for fnmatch(3) and fnmatch.h -1996-05-27 18:01 millert +1996-05-27 20:01 millert * config.h.in: added HAVE_FNMATCH -1996-05-27 18:00 millert +1996-05-27 20:00 millert * Makefile.in: replaced wildcat.* with fnmatch.* -1996-05-27 17:38 millert +1996-05-27 20:00 millert + + * testsudoers.c: now uses fnmatch() + +1996-05-27 19:38 millert * parse.c: now uses fnmatch() instead of wildmat a trailing star - (*) by itself now matches multiple args added support for wildcards - in the pathname in sudoers + (*) by itself now matches multiple args added support for + wildcards in the pathname in sudoers -1996-05-25 17:23 millert +1996-05-25 19:23 millert * fnmatch.c: now includes compat.h and config.h -1996-05-25 16:09 millert +1996-05-25 18:09 millert * config.h.in: added HAVE_FNMATCH_H -1996-05-25 16:07 millert +1996-05-25 18:07 millert * configure.in: now checks for alloca() (if needed by bison or dce) - and links with -lPW if it contains alloca() and libv and compiler - do not. + and links with -lPW if it contains alloca() and libv and compiler + do not. -1996-05-25 16:03 millert +1996-05-25 18:03 millert - * fnmatch.3, fnmatch.c: Initial revision + * fnmatch.3, fnmatch.c, emul/fnmatch.h: Initial revision -1996-04-28 20:38 millert +1996-04-28 22:38 millert * sudo.c: now fixes mode on sudoers if set to 0400 to aid in - upgrade + upgrade -1996-04-28 15:44 millert +1996-04-28 17:44 millert * Makefile.in: fixed pod2man usage -1996-04-28 15:40 millert +1996-04-28 17:40 millert + + * configure.in, Makefile.in, version.h: ++version + +1996-04-28 17:20 millert - * configure.in, Makefile.in: ++version + * testsudoers.c, visudo.c: runas_user is now initialized to "root" -1996-04-28 15:20 millert +1996-04-28 17:20 millert * sudo.h: removed PERM_FULL_ROOT -1996-04-28 15:18 millert +1996-04-28 17:18 millert * sudo.c: runas_user defaults to "root" so no more need to - PERM_RUNAS + PERM_RUNAS -1996-04-28 15:16 millert +1996-04-28 17:16 millert * parse.c: will now only running commands as root if there was no - runas list (or if root is in the runas list) + runas list (or if root is in the runas list) -1996-04-28 15:15 millert +1996-04-28 17:15 millert * logging.c: now logs "USER=%s" -1996-04-28 15:12 millert +1996-04-28 17:12 millert * parse.yacc: runas_matches is now set to false if we get a - negative match + negative match -1996-04-28 13:01 millert +1996-04-28 15:01 millert * parse.lex: make #uid work + some minor cleanup -1996-04-27 19:04 millert +1996-04-27 21:04 millert * sample.sudoers: added support for NOPASSWD and "runas" from - garp@opustel.com / + garp@opustel.com / -1996-04-27 19:02 millert +1996-04-27 21:03 millert + + * visudo.c: added support for "runas" from garp@opustel.com + replaced SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added + support for SUDOERS_MODE + +1996-04-27 21:03 millert + + * testsudoers.c: added support for "runas" from garp@opustel.com + +1996-04-27 21:02 millert * sudo.h: added support for NO_PASSWD and runas from - garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and - SUDOERS_GID and added support fro SUDOERS_MODE + garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and + SUDOERS_GID and added support fro SUDOERS_MODE -1996-04-27 19:00 millert +1996-04-27 21:00 millert * sudo.c: added support for NO_PASSWD and runas from - garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and - SUDOERS_GID and added support fro SUDOERS_MODE + garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and + SUDOERS_GID and added support fro SUDOERS_MODE -1996-04-27 19:00 millert +1996-04-27 21:00 millert * parse.yacc: added support for NO_PASSWD and runas from - garp@opustel.com + garp@opustel.com -1996-04-27 18:58 millert +1996-04-27 20:58 millert * parse.c, parse.lex: added support for NO_PASSWD and runas from - garp@opustel.com + garp@opustel.com -1996-04-27 18:56 millert +1996-04-27 20:56 millert * logging.c: added support for SUDOERS_WRONG_MODE and "runas" -1996-04-27 18:40 millert +1996-04-27 20:40 millert * configure.in: added --with-CC only link with -lshadow on linux - (with shadow pw) if libc lacks getspnam() + (with shadow pw) if libc lacks getspnam() -1996-04-27 18:39 millert +1996-04-27 20:39 millert * OPTIONS, options.h: removed NO_PASSWD since it is not possible to - do this in the sudoers file itself. Replaced SUDOERS_OWNER with - SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE. + do this in the sudoers file itself. Replaced SUDOERS_OWNER with + SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE. -1996-04-27 18:26 millert +1996-04-27 20:26 millert * Makefile.in: now uses SUDOERS_UID and SUDOERS_GID -1996-04-27 09:20 millert +1996-04-27 11:20 millert * INSTALL: added --with-CC -1996-04-06 14:31 millert +1996-04-06 16:31 millert * parse.lex: added double quote support -1996-04-05 14:53 millert +1996-04-06 16:29 millert + + * sudoers.pod: documented double quoting + +1996-04-05 16:53 millert * mkinstalldirs: Initial revision -1996-04-05 14:53 millert +1996-04-05 16:53 millert * check.c: fixed some indentation -1996-04-05 14:48 millert +1996-04-05 16:48 millert * Makefile.in: fixed a typo -1996-04-04 17:39 millert +1996-04-04 19:39 millert * Makefile.in: added install-dirs . -1996-04-04 12:16 millert +1996-04-04 14:16 millert * dce_pwent.c: new version from "Jeff A. Earickson" - + -1996-04-03 11:40 millert +1996-04-03 13:40 millert * configure.in: $CSOPS -> $with_csops (whoops, missed one) -1996-04-03 11:40 millert +1996-04-03 13:40 millert * BUGS: updated -1996-04-03 11:36 millert +1996-04-03 13:36 millert * parse.lex: FQHOST now has same constraints as non-FQHOST -1996-04-02 17:00 millert +1996-04-02 19:00 millert * INSTALL: added note about OS's w/ shadow passwords turned on by - default + default -1996-04-02 16:58 millert +1996-04-02 18:58 millert * configure.in: fixed a typo -1996-04-02 16:48 millert +1996-04-02 18:48 millert * configure.in: added support for --without-THING sanitized shadow - pw situtation by adding support for --without-C2 + pw situtation by adding support for --without-C2 + +1996-04-02 16:42 millert + + * tgetpass.c: fixed a typo wrt placement of an end paren -1996-04-02 12:57 millert +1996-04-02 14:57 millert * check.c: was closing an fd that may not have been opened -1996-03-21 17:55 millert +1996-03-21 19:55 millert * sudo.c, OPTIONS, options.h: added NO_PASSWD -1996-03-19 17:40 millert +1996-03-19 19:40 millert * configure.in: now always use shadow pw on some arches -1996-03-19 15:07 millert +1996-03-19 17:07 millert * configure.in: added pyramid support -1996-03-19 15:04 millert +1996-03-19 17:04 millert * configure.in: no longer check for C2 if alternate passwd method - is used no longer check for some libs twice + is used no longer check for some libs twice -1996-03-19 15:00 millert +1996-03-19 17:00 millert * parse.yacc: moved fqdn stuff into parse.lex (FQHOST) -1996-03-19 15:00 millert +1996-03-19 17:00 millert * parse.lex: added FQHOST rules -1996-03-18 17:37 millert +1996-03-18 20:57 millert + + * tgetpass.c: now define TCSASOFT in necesary + +1996-03-18 20:31 millert + + * tgetpass.c: now uses read/write instead of stdio string goop to + avoid problems with select(2) + +1996-03-18 19:37 millert * OPTIONS, find_path.c, options.h: -DNO_DOT_PATH -> - -DIGNORE_DOT_PATH + -DIGNORE_DOT_PATH -1996-03-17 14:18 millert +1996-03-17 16:18 millert * INSTALL: added note about no shadow auto-detect if using - alternate auth schemes + alternate auth schemes -1996-03-17 13:33 millert +1996-03-17 15:33 millert * configure.in: don't check for C2 if AFS or DCE (unless they said - --with-C2) + --with-C2) -1996-03-17 13:01 millert +1996-03-17 15:08 millert + + * testsudoers.c: now groks shost + +1996-03-17 15:01 millert * options.h, OPTIONS, find_path.c: added NO_DOT_PATH -1996-03-16 12:43 millert +1996-03-16 14:43 millert * find_path.c: checkdot now works correctly -1996-03-12 16:01 millert +1996-03-12 18:01 millert * configure.in: can't have DCE and C2 passwords both... -1996-03-11 12:05 millert +1996-03-11 14:05 millert - * parse.yacc, sudo.c, sudo.h: now uses shost even if not FQDN + * parse.yacc, sudo.c, sudo.h, visudo.c: now uses shost even if not + FQDN -1996-03-11 12:04 millert +1996-03-11 14:04 millert * configure.in: now looks for skey in /usr/lib and doesn't require - libskey to be in /usr/local/lib just because skey.h is (for my - netbsd box :-) + libskey to be in /usr/local/lib just because skey.h is (for my + netbsd box :-) -1996-03-11 00:00 millert +1996-03-11 02:00 millert * aclocal.m4, config.h.in, pathnames.h.in: _SUDO_PATH_ -> - _CONFIG_PATH_ + _CONFIG_PATH_ -1996-03-10 19:01 millert +1996-03-10 21:01 millert * aclocal.m4, sudo.pod: /var/run/.odus -> /var/run/sudo -1996-03-10 18:59 millert +1996-03-10 20:59 millert * pathnames.h.in: now uses _SUDO_PATH_TIMEDIR -1996-03-10 18:59 millert +1996-03-10 20:59 millert * OPTIONS: udpated FQDN -1996-03-10 18:58 millert +1996-03-10 20:58 millert * config.h.in: added _SUDO_PATH_TIMEDIR -1996-03-10 18:58 millert +1996-03-10 20:58 millert * aclocal.m4, configure.in: added SUDO_TIMEDIR -1996-03-10 18:58 millert +1996-03-10 20:58 millert * sudo.pod: updated wrt /var/run/sudo -1996-03-10 18:16 millert +1996-03-10 20:16 millert * sudo.c, sudo.h: added support for shost if FQDN -1996-03-10 18:14 millert +1996-03-10 20:14 millert - * parse.yacc: now uses shost if FQDN + * parse.yacc, visudo.c: now uses shost if FQDN -1996-03-10 18:12 millert +1996-03-10 20:12 millert * check.c: Now use skeylookup() instead off skeychallenge() -1996-02-27 18:41 millert +1996-02-27 20:41 millert * logging.c: mail_argv should not contain ALERTMAIL as it includes - "-t" + "-t" -1996-02-22 15:06 millert +1996-02-22 17:06 millert - * INSTALL, Makefile.in, README, configure.in: ++version + * INSTALL, Makefile.in, README, version.h, configure.in: ++version -1996-02-22 14:27 millert +1996-02-22 16:27 millert * compat.h: added more _PASSWD_LEN stuff -- now uses PASS_MAX too -1996-02-05 17:20 millert +1996-02-22 16:27 millert + + * tgetpass.c: now includes limits.h moved _PASSWD_LEN -> compat.h + +1996-02-05 19:20 millert * README, INSTALL: ++version -1996-02-05 17:20 millert +1996-02-05 19:20 millert * Makefile.in: ++versoin -1996-02-05 17:16 millert +1996-02-05 19:16 millert * Makefile.in: fixed a typo -1996-02-05 17:16 millert +1996-02-05 19:16 millert * configure.in: ++version -1996-02-05 16:53 millert +1996-02-05 18:53 millert * RUNSON: updated -1996-02-05 16:47 millert +1996-02-05 18:47 millert * CHANGES: done for 1.4.1 (I hope) -1996-02-05 16:39 millert +1996-02-05 18:45 millert + + * sudoers.pod: added info on wildcards + +1996-02-05 18:39 millert * sample.sudoers: added wildcard example -1996-02-05 15:03 millert +1996-02-05 17:03 millert * Makefile.in: now uses *.pod to build *.man and *.cat & *.html -1996-02-05 15:03 millert +1996-02-05 17:03 millert * configure.in: addedSUDO_PROG_BSHELL !ll -1996-02-05 14:10 millert +1996-02-05 16:10 millert + + * visudo.pod: fixed up some formatting + +1996-02-05 16:10 millert + + * sudoers.pod: redid section describing sample sudoers stuff + +1996-02-05 16:10 millert * sudo.pod: fixed some formatting -1996-02-04 20:50 millert +1996-02-04 22:50 millert * getspwuid.c: now treats "" as bourne shell -1996-02-04 20:49 millert +1996-02-04 22:49 millert * Makefile.in: TESTOBJS nwo includes wildmat.o -1996-02-04 19:59 millert +1996-02-04 22:48 millert + + * testsudoers.c: now works with NewArg[cv] + +1996-02-04 21:59 millert * sudo.c: removed an XXX (fixed it in getspwuid.c) -1996-02-04 19:58 millert +1996-02-04 21:58 millert * aclocal.m4: added check for bourne shell -1996-02-04 19:58 millert +1996-02-04 21:58 millert * pathnames.h.in: added _PATH_BSHELL -1996-02-04 19:58 millert +1996-02-04 21:58 millert * config.h.in: added _SUDO_PATH_BSHELL -1996-02-04 14:24 millert +1996-02-04 16:36 millert + + * visudo.c: unixware vi returns 256 instead of 0 + +1996-02-04 16:24 millert * INSTALL: added Linux note -1996-02-04 14:13 millert +1996-02-04 16:13 millert * logging.c: fixed up some XXX's. file log format now looks a - little more like real syslog(3) format. + little more like real syslog(3) format. -1996-02-04 14:13 millert +1996-02-04 16:13 millert * README, TROUBLESHOOTING: updated wrt lex/flex -1996-02-04 14:11 millert +1996-02-04 16:11 millert * Makefile.in: commented out rule to build lex.yy.c from parse.lex - since we ship with a pre-flex'd parser + since we ship with a pre-flex'd parser -1996-02-04 14:09 millert +1996-02-04 16:09 millert - * parse.c, parse.yacc: path_matches -> command_matches + * parse.c, parse.yacc, visudo.c: path_matches -> command_matches -1996-02-04 00:28 millert +1996-02-04 02:28 millert * logging.c: eliminated some strcat()'s -1996-02-04 00:10 millert +1996-02-04 02:10 millert * configure.in: no longer checks for lex/flex (now assumes flex) -1996-02-04 00:08 millert +1996-02-04 02:08 millert * configure.in: now checks for $kerb_dir_candidate/krb.h instead of - just kerb_dir_candidate + just kerb_dir_candidate -1996-02-02 18:48 millert +1996-02-02 20:48 millert * parse.yacc: now use a 'hook' expression instead of an iffy one - :-) + :-) + +1996-02-02 01:14 millert + + * visudo.c: now works with new sudo arg stuff -1996-02-01 23:14 millert +1996-02-02 01:14 millert * parse.yacc: fixed dereferencing deadbeef -1996-02-01 21:53 millert +1996-02-01 23:53 millert * sudo.c: changed an occurrence of Argv to NewArgv -1996-02-01 21:53 millert +1996-02-01 23:53 millert * parse.lex: took out support for quoted commands since there is no - need... + need... -1996-02-01 21:52 millert +1996-02-01 23:52 millert * parse.c: fixed a typo in a for() loop -1996-02-01 21:52 millert +1996-02-01 23:52 millert * logging.c: protected against dereferencing rogue pointers -1996-02-01 20:34 millert +1996-02-01 22:34 millert * sudo.c: now uses NewArgv amd NewArgc so cmnd_aegs is no longer - needed this also allows us to eliminate some kludges in - parse_args() and eliminate superfluous code. + needed this also allows us to eliminate some kludges in + parse_args() and eliminate superfluous code. -1996-02-01 20:34 millert +1996-02-01 22:34 millert * logging.c: no longer uses cmnd_args, now uses NewArgv instead. -1996-02-01 20:32 millert +1996-02-01 22:32 millert * sudo.h: added struct sudo_command, NewArgc, and NewArgv removed - cmnd_args (no longer used) + cmnd_args (no longer used) -1996-02-01 20:31 millert +1996-02-01 22:31 millert * Makefile.in: added wildmat.c to SRCS & SUDOBJS -1996-02-01 20:30 millert +1996-02-01 22:30 millert * parse.yacc: COMMAND is now a struct containing the path and args -1996-02-01 20:30 millert +1996-02-01 22:30 millert - * parse.lex: replaced append() with fill_cmnd() and fill_args. - command args from a sudoers entry are now stored in an arrary for - easy matching. + * parse.lex: replaced append() with fill_cmnd() and fill_args. + command args from a sudoers entry are now stored in an arrary for + easy matching. -1996-02-01 20:28 millert +1996-02-01 22:28 millert * parse.c: command line args from sudoers file are now in an array - like ones passed in from the command line + like ones passed in from the command line -1996-01-31 18:59 millert +1996-01-31 20:59 millert * parse.c: wildwat stuff now works -1996-01-28 22:44 millert +1996-01-29 00:44 millert + + * version.h: ++version + +1996-01-29 00:44 millert * Makefile.in: ++version added wildmat.* -1996-01-28 15:55 millert +1996-01-28 17:55 millert * parse.lex: added support for quoted commands (w/ or w/o args) -1996-01-21 23:55 millert +1996-01-22 01:55 millert + + * sudo.pod, visudo.pod: cleaned up formatting + +1996-01-21 20:53 millert - * sudo.pod: cleaned up formatting + * sudo.pod, visudo.pod: Initial revision -1996-01-21 18:53 millert +1996-01-21 02:07 millert - * sudo.pod: Initial revision + * sudoers.pod: looks reasonable, could be mroe readable -1996-01-16 12:38 millert +1996-01-20 23:47 millert + + * sudoers.pod: Initial revision + +1996-01-16 14:38 millert * RUNSON: updated -1996-01-16 12:37 millert +1996-01-16 14:37 millert * OPTIONS: updated NO_ROOT_SUDO entry -1996-01-15 09:37 millert +1996-01-15 11:37 millert * RUNSON: [no log message] -1996-01-15 09:34 millert +1996-01-15 11:34 millert * sudo.c: fixed SECURE_PATH -1996-01-14 18:55 millert +1996-01-14 20:55 millert * RUNSON: udpa`ted for 1.4 -1996-01-14 18:52 millert +1996-01-14 20:52 millert * configure.in: AIX aixcrypt.exp now uses $(srcdir) -1996-01-14 18:32 millert +1996-01-14 20:32 millert * TROUBLESHOOTING: added entry for anal ansi compilers -1996-01-14 14:13 millert +1996-01-14 16:13 millert * INSTALL: added info on libcrypt_i for SCO -1996-01-14 14:05 millert +1996-01-14 16:05 millert * TODO: [no log message] -1996-01-14 13:39 millert +1996-01-14 15:39 millert * sample.sudoers: added comments -1996-01-14 13:25 millert +1996-01-14 15:25 millert * TODO: 1.4 release -1996-01-14 13:22 millert +1996-01-14 15:22 millert * README, config.h.in, configure.in, CHANGES: ++version -1996-01-14 13:21 millert +1996-01-14 15:21 millert * BUGS: ++version and fixed ISC -1996-01-14 13:19 millert +1996-01-14 15:19 millert * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, - getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h, - logging.c, putenv.c, strdup.c, sudo.c, INSTALL, OPTIONS: ++version + getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h, + logging.c, putenv.c, strdup.c, sudo.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c, INSTALL, OPTIONS: + ++version -1996-01-14 13:16 millert +1996-01-14 15:16 millert * interfaces.c: added STUB_LOAD_INTERFACES ++version -1996-01-14 13:14 millert +1996-01-14 15:14 millert - * Makefile.in, parse.c, parse.lex, parse.yacc: ++version + * Makefile.in, version.h, parse.c, parse.lex, parse.yacc, + emul/utime.h: ++version -1996-01-14 13:13 millert +1996-01-14 15:13 millert * PORTING: added info about fd_set in tgetpass added info on - interfaces.c + interfaces.c -1996-01-11 11:22 millert +1996-01-11 13:22 millert * dce_pwent.c: added sudo header -1996-01-11 11:01 millert +1996-01-11 13:04 millert + + * tgetpass.c: fixed a typo + +1996-01-11 13:01 millert * Makefile.in: tgetpass.o is now only linked in with sudo (not - visudo) + visudo) -1996-01-09 10:56 millert +1996-01-09 12:56 millert * BUGS, INSTALL, OPTIONS, README, Makefile.in, config.h.in, - configure.in: ++version + configure.in: ++version -1996-01-09 10:52 millert +1996-01-09 12:54 millert + + * emul/utime.h: added copyright notice + +1996-01-09 12:52 millert * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h: ++version + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: ++version + +1996-01-09 12:46 millert + + * tgetpass.c: minor cleanup and now includes sys/bsdtypes for + svr4'ish boxen -1996-01-09 10:42 millert +1996-01-09 12:42 millert * configure.in: ISC now gets -lcrypt now check for sys/bsdtypes.h -1996-01-09 10:41 millert +1996-01-09 12:41 millert * config.h.in: added check for sys/bsdtypes.h -1996-01-07 14:00 millert +1996-01-07 16:00 millert * parse.yacc: removed debugging stuff (setting freed ptr to NULL) -1996-01-07 13:55 millert +1996-01-07 15:55 millert * TROUBLESHOOTING: added 2 entries -1996-01-07 13:55 millert +1996-01-07 15:55 millert * Makefile.in: added FAQ -1996-01-07 12:26 millert +1996-01-07 14:26 millert * TROUBLESHOOTING: added section on syslog -1996-01-07 12:25 millert +1996-01-07 14:25 millert * configure.in: added AC_ISC_POSIX for better ISC support -1996-01-07 12:25 millert +1996-01-07 14:25 millert * config.h.in: fixed typo -1996-01-07 12:25 millert +1996-01-07 14:25 millert * config.h.in: added define for _POSIX_SOURCE -1996-01-03 22:41 millert +1996-01-04 00:41 millert * configure.in: fixed check for lsearch() -1995-12-21 19:53 millert +1995-12-21 21:53 millert * interfaces.c: fixed for AIX now deal if num_interfaces == 0 - (should not happen) + (should not happen) -1995-12-20 15:02 millert +1995-12-20 17:02 millert * configure.in: now only define HAVE_LSEARCH if there is a - corresponding search.h + corresponding search.h -1995-12-20 13:52 millert +1995-12-20 15:52 millert * interfaces.c: works on ISC again -1995-12-18 15:36 millert +1995-12-18 17:36 millert * configure.in: now define HAVE_LSEARCH if we find lsearch() in - libcompat + libcompat -1995-12-18 15:32 millert +1995-12-18 17:32 millert * lsearch.c: char * -> const char * -1995-12-18 15:29 millert +1995-12-18 17:29 millert * configure.in: now looks in -lcompat for lsearch() -1995-12-18 15:23 millert +1995-12-18 17:23 millert * Makefile.in: remove sudo.core visudo.core for clan target -1995-12-17 20:53 millert +1995-12-17 22:53 millert * aclocal.m4: added UID_MAX support in check for MAX_UID_T_LEN -1995-12-17 20:36 millert +1995-12-17 22:36 millert * Makefile.in: fixed another occurence of sudo_getpwuid.* -1995-12-17 20:30 millert +1995-12-17 22:30 millert * getspwuid.c, Makefile.in: sudo_getpwuid.c -> getspwuid.c -1995-12-17 20:22 millert +1995-12-17 22:22 millert * configure.in: moved the "echo" -1995-12-17 20:09 millert +1995-12-17 22:09 millert * CHANGES, BUGS, INSTALL, Makefile.in, OPTIONS, README, check.c, - compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, - getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, interfaces.c, logging.c, options.h, - parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, - sudo.c, sudo.h: ++version + compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, + getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, logging.c, options.h, + parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, + tgetpass.c, utime.c, version.h, visudo.c: ++version -1995-12-17 20:00 millert +1995-12-17 22:04 millert + + * testsudoers.c: added group support + +1995-12-17 22:00 millert * sample.sudoers: added group entry -1995-12-17 19:50 millert +1995-12-17 21:59 millert + + * sudoers.man: documented group support + +1995-12-17 21:50 millert - * parse.c, parse.lex, parse.yacc: added group support + * parse.c, parse.lex, visudo.c, parse.yacc: added group support -1995-12-15 15:45 millert +1995-12-15 17:45 millert * check.c: tkfile was too short and overflowed the kerberos realm -1995-12-11 15:09 millert +1995-12-11 17:09 millert * sudo.c: now copy command args directly from Argv -1995-12-11 13:55 millert +1995-12-11 15:55 millert * sudo.c: replaced code to copy cmnd_args so that is does not use - realloc since most realloc()'s really stink + realloc since most realloc()'s really stink -1995-12-08 12:11 millert +1995-12-08 14:11 millert * configure.in: syslog() fixed in hpux 10.01 -1995-12-06 15:45 millert +1995-12-06 17:45 millert * configure.in: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS - if appropriate) + if appropriate) -1995-12-06 15:30 millert +1995-12-06 17:30 millert * configure.in: better error if cannot find skey incs or libs -1995-12-06 15:26 millert +1995-12-06 17:26 millert * aclocal.m4: now use a temp file for determining max len of uid_t - in string form. the old hacky way broke on netbsd + in string form. the old hacky way broke on netbsd -1995-12-05 17:02 millert +1995-12-05 19:02 millert * sudo.c: added set of parens and a space -1995-12-05 16:58 millert +1995-12-05 18:58 millert * dce_pwent.c: fixes from Jeff Earickson , -1995-12-05 16:58 millert +1995-12-05 18:58 millert * check.c: modified a comment -1995-12-05 16:57 millert +1995-12-05 18:57 millert * Makefile.in: fixed up testsudoers target -1995-12-05 16:56 millert +1995-12-05 18:56 millert * configure.in: DCE changes from Jeff Earickson - LIBS -> SUDO_LIBS and VISUDO_LIBS LDFLAGS -> - SUDO_FDFLAGS and VISUDO_LDFLAGS + LIBS -> SUDO_LIBS and VISUDO_LIBS LDFLAGS -> + SUDO_FDFLAGS and VISUDO_LDFLAGS -1995-12-05 16:17 millert +1995-12-05 18:17 millert * Makefile.in: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> - SUDO_LDFLAGS, VISUDO_LDFLAGS + SUDO_LDFLAGS, VISUDO_LDFLAGS -1995-11-27 21:32 millert +1995-11-27 23:32 millert * configure.in: fix for C2 on hpux 10 now uses -linet if it exists -1995-11-27 21:17 millert +1995-11-27 23:17 millert * check.c: LONG_SKEY_PROMPT is less of a klusge / -1995-11-27 21:17 millert +1995-11-27 23:17 millert * configure.in: fixed typos w/ dce stuff -1995-11-27 21:14 millert +1995-11-27 23:14 millert * Makefile.in: added dce_pwent.c -1995-11-26 11:48 millert +1995-11-26 13:48 millert * INSTALL: amended section on combining authentication mechanisms -1995-11-26 11:48 millert +1995-11-26 13:48 millert * PORTING: minor updates for 1.3.6 -1995-11-26 11:47 millert +1995-11-26 13:47 millert * TROUBLESHOOTING: added 2 more entries -1995-11-26 11:39 millert +1995-11-26 13:39 millert * BUGS: updated for 1.3.6 -1995-11-26 11:39 millert +1995-11-26 13:39 millert * README: overhauled -1995-11-25 19:23 millert +1995-11-25 21:23 millert * INSTALL: rewrote for sudo 1.3.6 -1995-11-25 19:23 millert +1995-11-25 21:23 millert * TROUBLESHOOTING: added 3 entries -1995-11-25 11:53 millert +1995-11-25 13:53 millert * find_path.c, getspwuid.c, sudo.c: added explict casts for strdup - since many includes don't prototype it. gag me. + since many includes don't prototype it. gag me. -1995-11-25 11:23 millert +1995-11-25 13:23 millert * sudo.h: removed prototype for sudo_getpwuid() since convex C - compiler choked on it. + compiler choked on it. -1995-11-25 11:23 millert +1995-11-25 13:23 millert * sudo.c: added prototype for sudo_getpwuid() -1995-11-25 11:23 millert +1995-11-25 13:23 millert * lsearch.c: now compiles on strict ANSI compilers -1995-11-24 21:56 millert +1995-11-24 23:56 millert * check.c: added LONG_SKEY_PROMPT support -1995-11-24 21:55 millert +1995-11-24 23:55 millert * Makefile.in: added extra $'s for make to eat up, yum. -1995-11-24 21:38 millert +1995-11-24 23:38 millert * OPTIONS, options.h: added LONG_SKEY_PROMPT -1995-11-24 16:48 millert +1995-11-24 18:48 millert * check.c: s/key support now works with normal s/key as well as - logdaemon + logdaemon -1995-11-24 16:46 millert +1995-11-24 18:46 millert * options.h, OPTIONS: added SKEY_ONLY -1995-11-24 16:46 millert +1995-11-24 18:46 millert * compat.h: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY -1995-11-23 22:42 millert +1995-11-24 00:42 millert * INSTALL: added DCE note added more AIX notes -1995-11-23 22:39 millert +1995-11-24 00:39 millert * sudo.c: now include pthread.h for DCE support -1995-11-23 20:22 millert +1995-11-23 22:22 millert * check.c: dce_pwent() is ok after all ., -1995-11-23 20:21 millert +1995-11-23 22:21 millert * logging.c: now uses SYSLOG() macro that equates to either - syslog() or syslog_wrapper + syslog() or syslog_wrapper -1995-11-23 19:44 millert +1995-11-23 21:44 millert * dce_pwent.c: minor formatting changes. renamed check() to - somthing less generic + somthing less generic -1995-11-23 19:27 millert +1995-11-23 21:27 millert - * check.c, logging.c, parse.yacc, sudo.c, sudo.h: now uses - user_pw_ent and simple macros to get at the contents + * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c, + visudo.c: now uses user_pw_ent and simple macros to get at the + contents -1995-11-22 18:35 millert +1995-11-22 20:35 millert * check.c: simpler dec unix C2 support -1995-11-22 18:35 millert +1995-11-22 20:35 millert * getspwuid.c: now sets crypt_type for DEC unix C2 -1995-11-21 16:00 millert +1995-11-21 18:00 millert * configure.in: added csops paths for skey -1995-11-21 14:27 millert +1995-11-21 16:27 millert * getspwuid.c: now includes string.h for strdup() prototype -1995-11-20 23:47 millert +1995-11-21 01:47 millert * getspwuid.c: fixed a few typos -1995-11-20 20:59 millert +1995-11-20 22:59 millert * check.c: now includes skey.h -1995-11-20 20:10 millert +1995-11-20 22:10 millert * getspwuid.c: fixed up comments -1995-11-20 20:04 millert +1995-11-20 22:04 millert * check.c: moved a lot of the shadow passwd crap to sudo_getpwuid() -1995-11-20 20:01 millert +1995-11-20 22:01 millert * sudo.c: now uses sudo_pw_ent -1995-11-20 19:28 millert +1995-11-20 21:50 millert + + * testsudoers.c: now uses sudo_pw_ent + +1995-11-20 21:40 millert + + * visudo.c: now sets sudo_pw_ent + +1995-11-20 21:28 millert * getspwuid.c: Initial revision -1995-11-20 19:27 millert +1995-11-20 21:28 millert + + * tgetpass.c: moved dce stuff into compat.h + +1995-11-20 21:27 millert * sudo.h, logging.c: now uses sudo_pw_ent -1995-11-20 19:27 millert +1995-11-20 21:27 millert * Makefile.in: added sudo_getpwuid.c -1995-11-20 19:25 millert +1995-11-20 21:25 millert * compat.h: added dce support -1995-11-20 19:13 millert +1995-11-20 21:13 millert * parse.yacc: now uses sudo_pw_ent -1995-11-20 12:40 millert +1995-11-20 14:40 millert * check.c: fixed exempt_group stuff for OS's that don't put base - gid in group vector + gid in group vector -1995-11-19 23:39 millert +1995-11-20 01:39 millert * check.c: S/Key support now works with sunos4 shadow passwords -1995-11-19 20:31 millert +1995-11-19 22:31 millert * Makefile.in: fixed clean rule -1995-11-19 20:31 millert +1995-11-19 22:31 millert * config.h.in, configure.in: added DCE support -1995-11-19 20:30 millert +1995-11-19 22:30 millert + + * tgetpass.c: DCE & KERB support + +1995-11-19 22:30 millert * check.c: first stab at dce support -1995-11-19 20:24 millert +1995-11-19 22:24 millert * dce_pwent.c: now smells like sudo -1995-11-19 20:11 millert +1995-11-19 22:11 millert * dce_pwent.c: Initial revision -1995-11-19 19:36 millert +1995-11-19 21:36 millert * check.c: skey'd sudo now works w/ normal password as well -1995-11-19 16:37 millert +1995-11-19 18:37 millert * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, - find_path.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h: updated version number + find_path.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, + options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, + putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, + tgetpass.c, utime.c, version.h, visudo.c: updated version number -1995-11-19 16:32 millert +1995-11-19 18:32 millert * README: updated to reflect version change -1995-11-19 16:27 millert +1995-11-19 18:27 millert * configure.in: --with options now line up ++version -1995-11-19 16:26 millert +1995-11-19 18:26 millert * sudo.h: removed unecesary S/Key stuff -1995-11-19 16:25 millert +1995-11-19 18:25 millert * configure.in: fixed S/Key support -1995-11-19 16:24 millert +1995-11-19 18:24 millert * Makefile.in: -I stuff now goes in CPPFLAGS -1995-11-19 16:23 millert +1995-11-19 18:23 millert * check.c: fixed SKey support -1995-11-19 13:23 millert +1995-11-19 15:23 millert * README: updated version -1995-11-19 11:59 millert +1995-11-19 13:59 millert * OPTIONS: fixed description of EXEMPTGROUP -1995-11-19 08:47 millert +1995-11-19 10:47 millert * sudo.c: more people use _RLD_ than just alphas... -1995-11-18 19:35 millert +1995-11-18 21:35 millert * Makefile.in: replaced $man_prefix with $mandir -1995-11-18 19:30 millert +1995-11-18 21:30 millert * configure.in: fixed a typo -1995-11-18 19:28 millert +1995-11-18 21:28 millert * Makefile.in: now use more GNU'ish dir names -1995-11-18 19:27 millert +1995-11-18 21:27 millert * configure.in: now set *dir correctly (can override from command - line) + line) -1995-11-18 17:17 millert +1995-11-18 19:17 millert * sudo.c: now deal with situations where we getwd() fails -1995-11-16 22:37 millert +1995-11-17 00:37 millert * Makefile.in: added etc_dir, bin_dir, sbin_dir -1995-11-16 22:37 millert +1995-11-17 00:37 millert * configure.in: added sbin_dir -1995-11-16 19:28 millert +1995-11-16 21:28 millert * Makefile.in: now ship a flex-generated lex.yy.c -1995-11-16 19:09 millert +1995-11-16 21:09 millert * Makefile.in: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, - SUDOERS_OWNER + SUDOERS_OWNER -1995-11-16 19:06 millert +1995-11-16 21:06 millert * pathnames.h.in: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now - overridden via Makefile + overridden via Makefile -1995-11-16 19:05 millert +1995-11-16 21:05 millert * options.h: no more error for redefining SUDOERS_OWNER -1995-11-16 19:05 millert +1995-11-16 21:05 millert * OPTIONS: expanded SUDOERS_OWNER section -1995-11-16 00:55 millert +1995-11-16 03:05 millert + + * visudo.c: now warn if chown(2) failed + +1995-11-16 02:55 millert * logging.c: better default warning for NO_SUDOERS_FILE -1995-11-16 00:54 millert +1995-11-16 02:54 millert * sudo.c: added missing set_perms() no more cryptic message if the - sudoers file is zero length, now just give a parse error + sudoers file is zero length, now just give a parse error -1995-11-16 00:42 millert +1995-11-16 02:42 millert * logging.c: better diagnostics if NO_SUDOERS_FILE -1995-11-16 00:41 millert +1995-11-16 02:41 millert * sudo.c: check_sudoers() now catches sudoers files that are not - readable (but are stat'able). + readable (but are stat'able). -1995-11-12 23:12 millert +1995-11-13 01:12 millert * configure.in: now add -D__STDC__ for convex cc (not gcc) -1995-11-12 22:52 millert +1995-11-13 00:52 millert * configure.in: MAN_PREFIX -> man_prefix now sets prefix and - exec_prefix + exec_prefix -1995-11-12 22:52 millert +1995-11-13 00:52 millert * Makefile.in: now uses exec_prefix & prefix from configure -1995-11-12 22:16 millert +1995-11-13 00:16 millert * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, - parse.c, parse.lex, parse.yacc, sudo.c, sudo.h: options.h is now <> - instead of "" so shadow build trees can have a custom copy of - options.h + parse.c, parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, + tgetpass.c, utime.c, visudo.c: options.h is now <> instead of "" + so shadow build trees can have a custom copy of options.h -1995-11-12 22:15 millert +1995-11-13 00:15 millert * check.c: user_is_exempt() is no longer a hack, it now uses - getgrnam() + getgrnam() -1995-11-12 21:56 millert +1995-11-12 23:56 millert * options.h: EXEMPTGROUP is now "sudo" -1995-11-12 20:25 millert +1995-11-12 22:25 millert * configure.in: MAN_POSTINSTALL now contains a leading space -1995-11-12 20:25 millert +1995-11-12 22:25 millert * Makefile.in: removed leading tab if @MAN_POSTINSTALL@ not defined - now removes testsudoers in clean: + now removes testsudoers in clean: + +1995-11-12 22:24 millert + + * tgetpass.c: includes pwd.h to get _PASSWD_LEN definition -1995-10-30 13:51 millert +1995-10-30 15:51 millert * sudo.c: unset the KRB_CONF envariable if using kerberos so we - don't get spoofed into using a bogus server + don't get spoofed into using a bogus server -1995-09-29 15:50 millert +1995-09-29 17:50 millert * parse.yacc: now explicately initialize match[] tp be FALSE -1995-09-23 14:48 millert +1995-09-23 16:48 millert * sudo.c: removed unused variable now passes -Wall -1995-09-23 14:48 millert +1995-09-23 16:48 millert * parse.yacc: yyerror and dumpaliases are now void's now passes - -Wall + -Wall -1995-09-23 14:48 millert +1995-09-23 16:48 millert * parse.lex: added prototype for yyerror -1995-09-23 14:47 millert +1995-09-23 16:47 millert * interfaces.c: rmeoved unused cruft now passes -Wall -1995-09-23 14:47 millert +1995-09-23 16:47 millert * check.c, logging.c, parse.c: now passes -Wall -1995-09-23 14:46 millert +1995-09-23 16:46 millert * Makefile.in: fixed headers that moved to emul dir -1995-09-23 10:05 millert +1995-09-23 12:05 millert * logging.c: fixed deref of nil pointer if no args -1995-09-15 17:18 millert +1995-09-15 19:18 millert * OPTIONS: added a caveat to FQDN section -1995-09-13 17:48 millert +1995-09-13 19:48 millert * Makefile.in: more $srcdir support for install targets -1995-09-13 15:17 millert +1995-09-13 17:17 millert * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, - putenv.c, strdup.c, sudo.c: don't include malloc.h if we include - stdlib.h + putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, + visudo.c: don't include malloc.h if we include stdlib.h -1995-09-12 19:44 millert +1995-09-12 21:44 millert * parse.yacc: local search.h now lives in emul -1995-09-12 19:41 millert +1995-09-12 21:41 millert * lsearch.c: local search.h now lives in emul -1995-09-12 19:41 millert +1995-09-12 21:41 millert - * check.c: local utime.h now lives in emul dir + * check.c, utime.c: local utime.h now lives in emul dir -1995-09-12 19:38 millert +1995-09-12 21:38 millert * Makefile.in: added support for building in other than the - sourcedir + sourcedir -1995-09-10 12:01 millert +1995-09-10 14:01 millert * OPTIONS: annotated CSOPS_INSULTS option -1995-09-10 11:56 millert +1995-09-10 13:56 millert * TROUBLESHOOTING: updated shadow passwords blurb -1995-09-09 19:00 millert +1995-09-09 21:00 millert * sudo.c: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a - shell and passes along foo as the arguments + shell and passes along foo as the arguments -1995-09-09 16:52 millert +1995-09-09 18:52 millert * parse.lex: collapsed pathname and dir sections into one -- its - now less expensive + now less expensive -1995-09-09 16:34 millert +1995-09-09 18:34 millert * parse.lex: fixed spacing quoting [,:\\=] now works correctly - append() and fill() now take args to make the above work + append() and fill() now take args to make the above work -1995-09-08 18:51 millert +1995-09-08 20:51 millert * sudo.c: fixed a typo that caused commands with no tty on fd 0 but - a tty on fd 1 to erroneously have "none" as their tty + a tty on fd 1 to erroneously have "none" as their tty -1995-09-04 13:35 millert +1995-09-04 15:35 millert * check.c: timestampfile is now a global static removed decl of - timestampfile in remove_timestamp since we can just use the global - one + timestampfile in remove_timestamp since we can just use the + global one -1995-09-04 13:28 millert +1995-09-04 15:28 millert * check.c: created touch() to update timestamps added - USE_TTY_TICKETS support (bit of a kludge) + USE_TTY_TICKETS support (bit of a kludge) -1995-09-04 13:28 millert +1995-09-04 15:28 millert * compat.h: added _S_IFDIR and S_ISDIR -1995-09-04 13:22 millert +1995-09-04 15:22 millert * OPTIONS, options.h: added USE_TTY_TICKETS -1995-09-03 22:38 millert +1995-09-04 00:38 millert * parse.yacc: removed const from casts for lsearch() & lfind() to - placate irix 4.x C compiler + placate irix 4.x C compiler -1995-09-03 12:12 millert +1995-09-03 14:12 millert * sudo.c: now only strip '/dev/' off of a tty if it starts with - '/dev/' + '/dev/' -1995-09-03 12:12 millert +1995-09-03 14:12 millert * pathnames.h.in: added _PATH_DEV -1995-09-03 12:11 millert +1995-09-03 14:11 millert * configure.in: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for - tcgetattr only if have termios.h + tcgetattr only if have termios.h -1995-09-03 11:19 millert +1995-09-03 14:09 millert + + * tgetpass.c: fixed incorrect #ifdef termio uses "unsigned short" + not int for c_?flag + +1995-09-03 13:19 millert * parse.lex, parse.yacc: fixed a spelling error -1995-09-03 11:17 millert +1995-09-03 13:17 millert * Makefile.in: fixed typo -1995-09-02 10:55 millert +1995-09-02 12:55 millert * Makefile.in: fixed a comment -1995-09-02 10:54 millert +1995-09-02 12:54 millert * parse.yacc: added dotcat() to cat 2 strings w/ a dot effeciently - now that we dynamically allocate strings they need to be free()'d + now that we dynamically allocate strings they need to be free()'d -1995-09-02 10:46 millert +1995-09-02 12:46 millert * parse.lex: dynamically allocates space for strings -1995-09-02 10:34 millert +1995-09-02 12:34 millert * sudo.h: no more MAXCOMMANDLENGTH -1995-09-01 20:25 millert +1995-09-01 22:25 millert * sudo.h: added decl of tty -1995-09-01 20:25 millert +1995-09-01 22:25 millert * logging.c, sudo.c: moved tty stuff into sudo.c -1995-09-01 12:18 millert +1995-09-01 14:18 millert * parse.c: fixed a logic bug. Was denying a command if user gave - command line args but there were none in the sudoers file which is - wrong. + command line args but there were none in the sudoers file which + is wrong. -1995-08-31 23:18 millert +1995-09-01 01:18 millert * sudo.h: MAXCOMMMANDLEN dropped down to 1K -1995-08-31 23:13 millert +1995-09-01 01:13 millert * parse.lex: return foo; -> return(foo); -1995-08-31 23:03 millert +1995-09-01 01:03 millert * parse.yacc: fixed netgr_matches() prototype -1995-08-31 23:02 millert +1995-09-01 01:02 millert * parse.lex: added support for escaping "termination" characters -1995-08-31 22:55 millert +1995-09-01 00:55 millert * parse.c: buf is now of size MAXPATHLEN+1 since it never holds - command args + command args -1995-08-31 22:50 millert +1995-09-01 00:50 millert * sudo.c: fixed comments -1995-08-31 22:49 millert +1995-09-01 00:49 millert * goodpath.c: fixed negation problem (doh!) -1995-08-31 22:25 millert +1995-09-01 00:25 millert * parse.yacc: fixed 2nd parameter to lfind() -1995-08-31 22:24 millert +1995-09-01 00:24 millert * parse.lex: now do bounds checking in fill() and append() -1995-08-31 22:23 millert +1995-09-01 00:23 millert * sudo.c: include netdb.h as we should added a missing void cast - added SHELL_IF_NO_ARGS support now use realloc() properly. would - fail if realloc actually moved the string instead of shrinking it + added SHELL_IF_NO_ARGS support now use realloc() properly. would + fail if realloc actually moved the string instead of shrinking it -1995-08-31 22:17 millert +1995-09-01 00:17 millert * sample.sudoers: updated with examples of new features -1995-08-31 22:05 millert +1995-09-01 00:05 millert * goodpath.c: now set errno to EACCES if not a regular file or not - executable + executable -1995-08-31 22:04 millert +1995-09-01 00:04 millert * find_path.c: if given a fully-qualified or relative path we now - check it with sudo_goodpath() and error out with the appropriate - error message if the file does not exist or is not executable + check it with sudo_goodpath() and error out with the appropriate + error message if the file does not exist or is not executable -1995-08-31 22:03 millert +1995-09-01 00:03 millert - * lsearch.c: now use correct args for lfind + * lsearch.c, emul/search.h: now use correct args for lfind -1995-08-31 22:03 millert +1995-09-01 00:03 millert * logging.c: added a comment -1995-08-31 21:52 millert +1995-08-31 23:52 millert * insults.h: added in CSOps insults -1995-08-31 21:51 millert +1995-08-31 23:51 millert * ins_csops.h: Initial revision -1995-08-31 20:56 millert +1995-08-31 23:35 millert + + * tgetpass.c: added RCS id + +1995-08-31 22:56 millert * sudo.h: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> - HAVE_GETWD + HAVE_GETWD -1995-08-31 20:55 millert +1995-08-31 22:55 millert * OPTIONS: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS -1995-08-31 20:54 millert +1995-08-31 22:54 millert * sudo.c: fixed -k load_interfaces() now gets called if FQDN is set - -p now works with -s + -p now works with -s -1995-08-31 20:54 millert +1995-08-31 22:54 millert * parse.c: don't try to stat() "pseudo commands" like "validate" -1995-08-31 20:53 millert +1995-08-31 22:53 millert * options.h: added CLASSIC_INSULTS added CSOPS_INSULTS added - SHELL_IF_NO_ARGS + SHELL_IF_NO_ARGS -1995-08-31 20:53 millert +1995-08-31 22:53 millert * configure.in: added SecurID support added other insults to - --with-csops + --with-csops -1995-08-31 20:52 millert +1995-08-31 22:52 millert * config.h.in: added HAVE_SECURID -1995-08-31 20:52 millert +1995-08-31 22:52 millert * Makefile.in: added clobber target added ins_csops.h now gets - CFLAGS from configure + CFLAGS from configure -1995-08-31 20:46 millert +1995-08-31 22:46 millert * aclocal.m4: relaxed SUDO_FULL_VOID -1995-08-31 20:42 millert +1995-08-31 22:44 millert + + * visudo.c: function comment blocks are now in same style as rest + of code + +1995-08-31 22:44 millert + + * testsudoers.c: added support for command line args in + /etc/sudoers + +1995-08-31 22:43 millert + + * sudoers.man: updated to have command args in the sudoers file + +1995-08-31 22:42 millert * sudo.man: added -s and -- flags added SHELL to ENVIRONMENT - VARIABLES section + VARIABLES section -1995-08-19 17:32 millert +1995-08-19 19:32 millert * parse.yacc: PATH renamed to COMMAND -1995-08-19 17:31 millert +1995-08-19 19:31 millert * parse.lex: it is now a parse error for directories to have args - attached to them + attached to them -1995-08-19 17:30 millert +1995-08-19 19:30 millert * logging.c: now say command args if telling user to buzz off -1995-08-19 17:30 millert +1995-08-19 19:30 millert * sudo.c: -s no longer indicates end of args sped up loading on - cmnd_args in load_cmnd() + cmnd_args in load_cmnd() -1995-08-19 17:29 millert +1995-08-19 19:29 millert * parse.c: removed an unreachable statement -1995-08-19 15:53 millert +1995-08-19 17:53 millert * parse.lex: made more efficient by pulling out the terminators - when in GOTCMND state and making them their own rule + when in GOTCMND state and making them their own rule -1995-08-13 22:07 millert +1995-08-14 00:07 millert * sudo.h: removed MAXLOGLEN since it is no longer used -1995-08-13 22:07 millert +1995-08-14 00:07 millert * parse.lex: now allows command args -1995-08-13 22:06 millert +1995-08-14 00:06 millert * parse.c: now groks command arguments -1995-08-13 21:39 millert +1995-08-13 23:39 millert * logging.c: now sets tty correctly when piped input -1995-08-13 21:35 millert +1995-08-13 23:35 millert * sudo.c: fixed loading of cmnd_args (was including command name - too) + too) -1995-08-13 21:34 millert +1995-08-13 23:34 millert * logging.c: fixed a core dump due to incorrect if construct -1995-08-12 22:33 millert +1995-08-13 00:33 millert * configure.in: only add -lsun is irix < 5 don't look for -lnsl or - -lsocket if irix + -lsocket if irix -1995-08-12 22:33 millert +1995-08-13 00:33 millert * aclocal.m4: fixed check for ISC -1995-08-12 22:32 millert +1995-08-13 00:32 millert * sudo.c: now sets cmnd_args used by log_error() and that will be - used by the parse to check against command args + used by the parse to check against command args -1995-08-12 22:32 millert +1995-08-13 00:32 millert * sudo.h: added cmnd_args -1995-08-12 22:31 millert +1995-08-13 00:31 millert * logging.c: now dynamically allocate logline since we can guess at - its size + its size -1995-08-05 11:52 millert +1995-08-05 13:52 millert * logging.c: cleaned up a bunch of unnecesary #ifdef's eliminated a - buffer remove "register" since the compiler knows more than I do - now do a "basename" of the tty + buffer remove "register" since the compiler knows more than I do + now do a "basename" of the tty -1995-07-31 16:20 millert +1995-07-31 18:20 millert * configure.in: ++version -1995-07-30 20:37 millert +1995-07-30 22:37 millert * sudo.h: added shell extern changed MODE_* to be bit masks to - allow for several options together + allow for several options together -1995-07-30 20:36 millert +1995-07-30 22:36 millert * sudo.c: added -s (shell) option made MODE_* masks so we can do - bitwise & and | to see if multiple flags are set. + bitwise & and | to see if multiple flags are set. -1995-07-30 20:01 millert +1995-07-30 22:01 millert * check.c: added securid support -1995-07-30 12:38 millert +1995-07-30 14:38 millert * logging.c: removed a bunch of unnecesary strncpy()'s and replaced - with strcat() + with strcat() -1995-07-29 15:17 millert +1995-07-29 17:17 millert - * Makefile.in: ++version + * Makefile.in, version.h: ++version -1995-07-27 04:52 millert +1995-07-27 06:52 millert * parse.yacc: fixed free() of an uninitialized pointer (yuck) -1995-07-26 19:29 millert +1995-07-26 22:00 millert + + * testsudoers.c: added netgr_matches + +1995-07-26 21:29 millert * parse.c: cleaned up netgr_matches -1995-07-25 22:26 millert +1995-07-26 00:26 millert * RUNSON: updated for 1.3.4 -1995-07-24 19:51 millert +1995-07-24 21:51 millert * Makefile.in: now installs sudoers.man -- really should clean this - up though. + up though. -1995-07-24 19:18 millert +1995-07-24 21:18 millert * Makefile.in: added sudoers.cat and sudoers.man -1995-07-24 19:15 millert +1995-07-24 21:15 millert * sudo.man: pulled out stuff on the sudoers file format into a - separate man page + separate man page + +1995-07-24 21:14 millert -1995-07-24 19:04 millert + * sudoers.man: Initial revision + +1995-07-24 21:04 millert * HISTORY: fixed up my email address -1995-07-24 18:03 millert +1995-07-24 20:03 millert * configure.in: added checks for innetgr and getdomainname -1995-07-24 18:01 millert +1995-07-24 20:02 millert + + * visudo.c: added dummy netgr_matches function + +1995-07-24 20:01 millert * parse.c: added netgr_matches -1995-07-24 18:01 millert +1995-07-24 20:01 millert * parse.lex, parse.yacc: added NETGROUP support -1995-07-24 18:01 millert +1995-07-24 20:01 millert * config.h.in: added HAVE_INNETGR & HAVE_GETDOMAINNAME -1995-07-24 16:07 millert +1995-07-24 18:07 millert * sudo.c: rewrote clean_env() that has rm_env() builtin -1995-07-23 17:58 millert +1995-07-23 19:58 millert * check.c: now cast uid to long in sprintf -1995-07-23 17:58 millert +1995-07-23 19:58 millert * OPTIONS: added _INSULTS suffix to HAL & GOONS end -1995-07-23 17:57 millert +1995-07-23 19:57 millert * options.h: added _INSULTS suffix to HAL & GOONS -1995-07-23 17:35 millert +1995-07-23 19:35 millert * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: converted to - new scheme of insult "unions" end + new scheme of insult "unions" end -1995-07-23 15:48 millert +1995-07-23 17:48 millert * sudo.c: now uses MAX_UID_T_LEN -1995-07-23 15:48 millert +1995-07-23 17:48 millert * configure.in: added SUDO_UID_T_LEN !l -1995-07-23 15:48 millert +1995-07-23 17:48 millert * config.h.in: added MAX_UID_T_LEN -1995-07-23 15:47 millert +1995-07-23 17:47 millert * check.c: now use MAX_UID_T_LEN -1995-07-23 15:47 millert +1995-07-23 17:47 millert * aclocal.m4: added check for max len of uid_t fixed sco vs. isc - check + check -1995-07-19 17:05 millert +1995-07-19 19:05 millert * configure.in: corrected version -1995-07-19 15:29 millert +1995-07-19 17:29 millert * configure.in: added sco support -1995-07-19 15:29 millert +1995-07-19 17:29 millert * aclocal.m4: hack to check for sco -1995-07-18 19:27 millert +1995-07-18 21:27 millert * interfaces.c: removed #include since it was hosing - some OS's + some OS's -1995-07-18 11:35 millert +1995-07-18 13:35 millert * find_path.c: fixed prreadlink() prototype -1995-07-17 21:54 millert +1995-07-17 23:54 millert * check.c: added parens in #if's -1995-07-17 21:53 millert +1995-07-17 23:53 millert * configure.in: added SPW_ prefix -1995-07-17 21:20 millert +1995-07-17 23:20 millert * sudo.h: moved SPW_* to config.h.in -1995-07-17 21:19 millert +1995-07-17 23:19 millert * sudo.c: added a set of parens -1995-07-17 21:19 millert +1995-07-17 23:19 millert * config.h.in: added SPW_* -1995-07-17 20:50 millert +1995-07-17 22:50 millert * sudo.h: added SPW_* reordered error codes -1995-07-17 20:49 millert +1995-07-17 22:49 millert * check.c: moved SPW_* to sudo.h -1995-07-17 12:29 millert +1995-07-17 14:29 millert * logging.c: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT -1995-07-17 12:29 millert +1995-07-17 14:29 millert * configure.in: AUTH -> SECUREWARE -1995-07-17 12:29 millert +1995-07-17 14:29 millert * check.c, sudo.c: SPW_AUTH -> SPW_SECUREWARE -1995-07-16 22:22 millert +1995-07-17 00:22 millert * check.c: now uses SHADOW_TYPE to make shadow pw support more - readable and modular. It's a start... + readable and modular. It's a start... -1995-07-16 22:21 millert +1995-07-17 00:21 millert * configure.in: added autodetection of shadow passwords -1995-07-16 22:20 millert +1995-07-17 00:20 millert * sudo.c: now uses SHADOW_TYPE define -1995-07-16 22:19 millert +1995-07-17 00:19 millert * config.h.in: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ - defines + defines -1995-07-16 22:19 millert +1995-07-17 00:19 millert * aclocal.m4: added SUDO_CHECK_SHADOW -1995-07-12 15:09 millert +1995-07-12 17:09 millert * configure.in: define SVR4 for ISC define BROKEN_SYSLOG for hpux - took out test for memmove() since we dno longer use it... + took out test for memmove() since we dno longer use it... -1995-07-12 15:08 millert +1995-07-12 17:08 millert * CHANGES: updated -1995-07-12 15:05 millert +1995-07-12 17:05 millert * logging.c: added BROKEN_SYSLOG support -1995-07-12 15:05 millert +1995-07-12 17:05 millert * config.h.in: added BROKEN_SYSLOG -1995-07-12 15:04 millert +1995-07-12 17:04 millert * check.c: now only bitch it timestamp > time_now + 2 * timeout to - allow for a machine udpating its time from a server + allow for a machine udpating its time from a server -1995-07-12 15:04 millert +1995-07-12 17:04 millert * sudo.man: added 2 security notes updated Nieusma's email addr -1995-07-12 12:18 millert +1995-07-12 14:18 millert * lsearch.c: changed a memmove() to memcpy() since we don't have to - worry about overlapping segments. + worry about overlapping segments. -1995-07-11 13:41 millert +1995-07-11 15:41 millert * interfaces.c: cleanup up the loop when interfaces are groped in - so that it is readable + so that it is readable -1995-07-11 12:52 millert +1995-07-11 14:52 millert - * Makefile.in: ++version + * Makefile.in, version.h: ++version -1995-07-09 16:17 millert +1995-07-09 18:17 millert * CHANGES: annotated 124-126 -1995-07-07 14:06 millert +1995-07-07 16:06 millert * check.c: fixed permissions check on /tmp/.odus -1995-07-06 17:35 millert +1995-07-06 19:35 millert * check.c: fixed some comments -1995-07-06 12:49 millert +1995-07-06 14:49 millert * check.c: now checks owner & mode of timedir also checks for bogus - dates on timestamp file + dates on timestamp file -1995-07-06 12:49 millert +1995-07-06 14:49 millert * OPTIONS: updated TIMEOUT info -1995-07-06 12:48 millert +1995-07-06 14:48 millert * logging.c, sudo.h: added BAD_STAMPDIR and BAD_STAMPFILE -1995-07-06 12:47 millert +1995-07-06 14:47 millert * compat.h: added definition of S_IRWXU -1995-07-06 12:47 millert +1995-07-06 14:47 millert * CHANGES: updated -1995-07-03 12:16 millert +1995-07-03 14:16 millert * interfaces.c: added #ifdef to make it compile on strange arches -1995-07-02 16:13 millert +1995-07-02 18:13 millert * aclocal.m4: fixed check for fulkl void impl. -1995-07-02 07:56 millert +1995-07-02 09:56 millert * check.c: added mssing "static" -1995-07-01 18:41 millert +1995-07-01 20:41 millert * insults.h: replaced #elif with #else #if constructs for ancient C - compilers + compilers -1995-07-01 18:18 millert +1995-07-01 20:18 millert * INSTALL: updated irix c2 & kerb5 info -1995-07-01 18:15 millert +1995-07-01 20:15 millert * configure.in: added shadow pw support for irix -1995-07-01 14:07 millert +1995-07-01 16:07 millert * CHANGES: last changes for sudo 1.3.3 -1995-07-01 14:07 millert +1995-07-01 16:07 millert * TODO, BUGS: updated -1995-07-01 14:04 millert +1995-07-01 16:04 millert * configure.in: now calls SUDO_SOCK_SA_LEN -1995-07-01 14:04 millert +1995-07-01 16:04 millert * config.h.in: added HAVE_SA_LEN -1995-07-01 14:04 millert +1995-07-01 16:04 millert * aclocal.m4: added SUDO_SOCK_SA_LEN -1995-07-01 13:49 millert +1995-07-01 15:49 millert * interfaces.c: now works with ip implementations that use sa_len - in sockaddr + in sockaddr -1995-07-01 12:26 millert +1995-07-01 14:26 millert * INSTALL: added note about buggy AIX compiler -1995-07-01 12:24 millert +1995-07-01 14:24 millert * interfaces.c: now include sys/time.h for AIX -1995-06-27 20:35 millert +1995-06-27 22:35 millert * Makefile.in: getcwd -> getwd -1995-06-27 19:28 millert +1995-06-27 21:28 millert * interfaces.c: now works for ISC and others. yay. -1995-06-26 12:24 millert +1995-06-26 14:24 millert - * Makefile.in: version++ + * Makefile.in, version.h: version++ -1995-06-22 18:26 millert +1995-06-22 20:26 millert * aclocal.m4: fixed test for full void impl -1995-06-22 18:25 millert +1995-06-22 20:25 millert * sudo.c: now check to see that st_dev is non-zero before assuming - that we are being spoofed + that we are being spoofed -1995-06-20 14:56 millert +1995-06-20 16:56 millert * aclocal.m4, configure.in: SUDO_FUNC_UTIME_NULL -> - AC_FUNC_UTIME_NULL + AC_FUNC_UTIME_NULL -1995-06-19 14:32 millert +1995-06-19 16:32 millert * aclocal.m4: fixed include file order for SUDO_FUNC_UTIME_POSIX -1995-06-19 14:10 millert +1995-06-19 16:10 millert * logging.c: added cast for ttyname() -1995-06-19 13:23 millert +1995-06-19 15:23 millert * configure.in: fixed typo -1995-06-19 13:19 millert +1995-06-19 15:19 millert * check.c: now deal correctly with all known variation of utime() - -- yippe + -- yippe -1995-06-19 13:19 millert +1995-06-19 15:19 millert * configure.in: added SUDO_FUNC_UTIME_POSIX -1995-06-19 13:19 millert +1995-06-19 15:19 millert * aclocal.m4: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX -1995-06-19 13:14 millert +1995-06-19 15:14 millert * config.h.in: added HAVE_UTIME_POSIX -1995-06-19 11:38 millert +1995-06-19 13:38 millert * check.c: fixed a typo -1995-06-19 11:29 millert +1995-06-19 13:29 millert * check.c: no longer assume !HAVE_UTIME_NULL means old BSD utime() -1995-06-19 11:20 millert +1995-06-19 13:20 millert * check.c: fixed fascist C compiler warning -1995-06-18 21:14 millert +1995-06-18 23:14 millert * interfaces.c: now set strioctl.ic_timout in STRSET() now - initialize num_interfaces to 0 (just to be anal) + initialize num_interfaces to 0 (just to be anal) -1995-06-18 16:06 millert +1995-06-18 18:06 millert * sudo.h: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname -1995-06-18 16:05 millert +1995-06-18 18:05 millert * logging.c: added tty logging -1995-06-18 14:04 millert +1995-06-18 16:04 millert * interfaces.c: reworked the ISC code -1995-06-18 13:27 millert +1995-06-18 15:27 millert - * Makefile.in: updated version + * Makefile.in, version.h: updated version -1995-06-18 13:24 millert +1995-06-18 15:24 millert * check.c: now expect old-style utime(3) if utime() can't take NULL - as an arg + as an arg -1995-06-18 13:08 millert +1995-06-18 15:08 millert * configure.in: added check for utime.h -1995-06-18 13:08 millert +1995-06-18 15:08 millert * config.h.in: added HAVE_UTIME_H -1995-06-18 12:48 millert +1995-06-18 14:48 millert * Makefile.in: added CPPFLAGS STATIC_FLAGS -> LDFLAGS -1995-06-18 11:58 millert +1995-06-18 13:58 millert * configure.in: now search for kerb libs and includes -1995-06-18 11:03 millert +1995-06-18 13:03 millert * check.c: added support for utime(2)'s that can't take a NULL - parameter + parameter -1995-06-17 18:46 millert +1995-06-18 13:03 millert + + * utime.c: moved HAVE_UTIME_NULL stuff to update_timestamp() where + t belongs + +1995-06-17 20:46 millert * configure.in: added utime(s) stuff -1995-06-17 18:46 millert +1995-06-17 20:46 millert * check.c: now use utime() -1995-06-17 18:46 millert +1995-06-17 20:46 millert * config.h.in: added HAVE_UTIME and HAVE_UTIME_NULL -1995-06-17 16:24 millert +1995-06-17 19:12 millert + + * utime.c: now use HAVE_UTIME_NULL + +1995-06-17 19:02 millert + + * utime.c, emul/utime.h: Initial revision + +1995-06-17 18:24 millert * check.c: need to setuid(0) to make kerb4 stuff work. -1995-06-17 16:13 millert +1995-06-17 18:14 millert + + * tgetpass.c: no more special case for kerberos + +1995-06-17 18:13 millert * config.h.in: took out setreuid and setresuid stuff added kerb5 - stuff (use kerb4 emulation) + stuff (use kerb4 emulation) -1995-06-17 16:13 millert +1995-06-17 18:13 millert * compat.h: no longer need setreuid() emulation now set _PASSWD_LEN - to 128 if kerberos + to 128 if kerberos -1995-06-17 16:12 millert +1995-06-17 18:12 millert * check.c: now use private ticket file for kerberos support to - avoid trouncing on system one + avoid trouncing on system one -1995-06-14 22:48 millert +1995-06-15 00:48 millert * sudo.h: added SPOOF_ATTEMPT & cmnd_st -1995-06-14 22:47 millert +1995-06-15 00:47 millert * sudo.c: added anti-spoofing support -1995-06-14 22:47 millert +1995-06-15 00:47 millert * parse.c: now use global cmnd_st -1995-06-14 22:47 millert +1995-06-15 00:47 millert * logging.c: added SPOOF_ATTEMPT suypport -1995-06-14 21:40 millert +1995-06-14 23:41 millert + + * testsudoers.c, visudo.c: added void casts where appropriate + +1995-06-14 23:40 millert * parse.yacc: fixed up spacing and added void casts where - appropriate + appropriate -1995-06-14 21:27 millert +1995-06-14 23:27 millert * sudo.c: fixed problem with "-p prompt" but no args -1995-06-14 02:43 millert +1995-06-14 04:43 millert * sudo.man: added BUGS and annotated -l description -1995-06-14 02:43 millert +1995-06-14 04:43 millert * sudo.h: validate() now takes a flag -1995-06-14 02:43 millert +1995-06-14 04:43 millert * sudo.c: validate() now takes a flag added -l -1995-06-14 02:42 millert +1995-06-14 04:42 millert * parse.yacc: added support for -l -1995-06-14 02:41 millert +1995-06-14 04:41 millert * parse.c: validate() now takes a flag that says whether or not to - check the command + check the command -1995-06-07 19:36 millert +1995-06-07 21:36 millert * logging.c: now deals with Argv == 1 -1995-06-07 19:34 millert +1995-06-07 21:34 millert * sudo.man: added -p option -1995-06-07 19:27 millert +1995-06-07 21:27 millert * sudo.c: added prompt support reworked parse_args() -1995-06-07 18:49 millert +1995-06-07 20:49 millert * sudo.h: added prompt -1995-06-07 18:49 millert +1995-06-07 20:49 millert * options.h: added PASSPROMPT -1995-06-07 18:48 millert +1995-06-07 20:48 millert * check.c: now use BUFSIZ as length of kerb password added kpass so - pass is always a char * now use prompt global when asking for a - password + pass is always a char * now use prompt global when asking for a + password + +1995-06-07 20:47 millert + + * tgetpass.c: now use BUFSIZ as _PASSWD_LEN if using kerberos -1995-06-07 18:43 millert +1995-06-07 20:43 millert * OPTIONS: added PASSPROMPT -1995-06-06 23:44 millert +1995-06-07 01:44 millert * configure.in: only look for -lufc or -lcrypt if crypt() not in - libc + libc -1995-06-06 23:43 millert +1995-06-07 01:43 millert * check.c: don't exit on kerb error, just warn if k_errno == - KDC_PR_UNKNOWN (unknown user) silently fail + KDC_PR_UNKNOWN (unknown user) silently fail -1995-06-06 20:44 millert +1995-06-06 22:44 millert * INSTALL: added kerb4 note -1995-06-06 20:41 millert +1995-06-06 22:43 millert + + * tgetpass.c: HAVE_KERBEROS -> HAVE_KERB4 + +1995-06-06 22:41 millert * check.c: removed debugging printf -1995-06-06 20:33 millert +1995-06-06 22:33 millert * configure.in: KERBEROS -> KERB4 added checks for setreuid & - setresuid + setresuid -1995-06-06 20:32 millert +1995-06-06 22:32 millert * config.h.in: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and - HAVE_SETRESUID + HAVE_SETRESUID -1995-06-06 20:32 millert +1995-06-06 22:32 millert * compat.h: added deif of UID_NO_CHANGE & GID_NO_CHANGE added - setreuid emulation with setresuid if applic + setreuid emulation with setresuid if applic -1995-06-06 20:31 millert +1995-06-06 22:31 millert * check.c: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid - chown() hack if no setreuid() or a broken one + chown() hack if no setreuid() or a broken one -1995-06-05 21:44 millert +1995-06-05 23:44 millert * config.h.in: added HAVE_KERBEROS -1995-06-05 21:42 millert +1995-06-05 23:43 millert + + * tgetpass.c: added KERBEROS support (long passwords) + +1995-06-05 23:42 millert * check.c, configure.in: added kerberos support -1995-06-03 17:36 millert +1995-06-03 19:36 millert * sudo.h: added MODE_BACKGROUND -1995-06-03 17:36 millert +1995-06-03 19:36 millert * sudo.man: escaped dashes added -b option -1995-06-03 17:34 millert +1995-06-03 19:34 millert * sudo.c: added -b option -1995-06-03 16:52 millert +1995-06-03 18:52 millert * check.c: added crypt() for osf/1 3.x enhanced secuiry -1995-06-03 16:18 millert +1995-06-03 18:18 millert * configure.in: now check for -lcrypt -1995-06-03 16:00 millert +1995-06-03 18:00 millert * interfaces.c: added ENXIO like EADDRNOTAVAIL -1995-05-07 21:14 millert +1995-05-07 23:14 millert * configure.in: now emulate getwd(), not getcwd() -1995-05-07 21:13 millert +1995-05-07 23:13 millert * sudo.c: getcwd() -> getwd() -1995-05-07 21:12 millert +1995-05-07 23:12 millert * getwd.c: getcwd -> getwd -1995-05-01 23:34 millert +1995-05-02 01:34 millert - * insults.h: broke out insults into separate include files + * ins_2001.h, ins_classic.h, ins_goons.h: Initial revision -1995-05-01 23:34 millert +1995-05-02 01:34 millert - * ins_2001.h, ins_classic.h, ins_goons.h: Initial revision + * insults.h: broke out insults into separate include files -1995-05-01 23:32 millert +1995-05-02 01:32 millert * options.h, OPTIONS: added GOONS -1995-05-01 23:32 millert +1995-05-02 01:32 millert * Makefile.in: added ins_2001.h ins_classic.h ins_goons.h -1995-05-01 21:34 millert +1995-05-01 23:34 millert - * Makefile.in: ++version + * Makefile.in, version.h: ++version + +1995-05-01 23:34 millert -1995-05-01 21:33 millert + * visudo.c: moved signal handler setup to setup_signals() + +1995-05-01 23:33 millert * sudo.h: added load_interfaces() -1995-05-01 21:33 millert +1995-05-01 23:33 millert * sudo.c: moved load_interfaces to interfaces.c -1995-05-01 21:33 millert +1995-05-01 23:33 millert * parse.yacc: added clearaliases -1995-05-01 21:33 millert +1995-05-01 23:33 millert * OPTIONS, options.h: added FAST_MATCH -1995-05-01 21:32 millert +1995-05-01 23:32 millert * parse.lex: now uses clearaliases variable -1995-05-01 21:31 millert +1995-05-01 23:31 millert * interfaces.c: Initial revision -1995-05-01 21:31 millert +1995-05-01 23:31 millert * Makefile.in: added interfaces.[co] -1995-05-01 20:47 millert +1995-05-01 23:30 millert + + * testsudoers.c: now uses ip addrs and netmasks via + load_interfaces() + +1995-05-01 22:47 millert * sudo.c: now remove IFS instead of setting to "sane" value -1995-05-01 14:30 millert +1995-05-01 16:30 millert * parse.c: added FAST_MATCH -1995-04-29 18:19 millert +1995-04-29 20:19 millert * Makefile.in: sudo_goodpath.c-> goodpath.c -1995-04-29 18:15 millert +1995-04-29 20:15 millert * sudo.c: added Andy's new ISC changes -1995-04-14 12:06 millert +1995-04-14 14:06 millert * OPTIONS: added a sentence to SECURE_PATH info -1995-04-14 11:57 millert +1995-04-14 13:57 millert * BUGS: added one -1995-04-14 11:54 millert +1995-04-14 13:54 millert * RUNSON, CHANGES: updated -1995-04-13 15:04 millert +1995-04-13 17:04 millert * RUNSON: updated for beta3 -1995-04-13 12:32 millert +1995-04-13 14:32 millert - * Makefile.in: ++version + * Makefile.in, version.h: ++version -1995-04-13 11:56 millert +1995-04-13 13:56 millert * aclocal.m4: sendmail is now looked for in /usr/ucblib -1995-04-13 11:54 millert +1995-04-13 13:54 millert * sudo.c: fixed indentation -1995-04-13 11:35 millert +1995-04-13 13:35 millert * aclocal.m4: fixed a typo -1995-04-13 11:19 millert +1995-04-13 13:19 millert * sudo.c: updated ISC mods -1995-04-13 11:19 millert +1995-04-13 13:19 millert * configure.in: added unixware case -1995-04-13 11:19 millert +1995-04-13 13:19 millert * check.c: user_is_exempt is no longer hidden -1995-04-13 11:19 millert +1995-04-13 13:19 millert * RUNSON: updated -1995-04-13 11:19 millert +1995-04-13 13:19 millert * aclocal.m4: isc and riscos changes -1995-04-13 11:18 millert +1995-04-13 13:18 millert * OPTIONS: added NOTE about new interaction of EXEMPTGROUP and - SECURE_PATH + SECURE_PATH -1995-04-13 11:18 millert +1995-04-13 13:18 millert * Makefile.in: fixed a typo and added testsudoers stuff -1995-04-12 17:31 millert +1995-04-13 12:34 millert + + * testsudoers.c: Initial revision + +1995-04-12 19:31 millert * parse.yacc: applied fixed patch from Chris -1995-04-11 12:30 millert +1995-04-11 14:30 millert * Makefile.in: fixed a typo -1995-04-11 12:14 millert +1995-04-11 14:14 millert * parse.yacc: added a set of braces for bison -1995-04-11 12:01 millert +1995-04-11 14:01 millert * parse.yacc: merged in Chris' changes to dekludge the parser. -1995-04-10 22:38 millert +1995-04-11 00:38 millert * logging.c: send_mail() was calling find_path() which is wrong - since find_path() stores cmnd in a static var. Anyhow, it doesn't - make much sense since MAILER should always be fully qualified + since find_path() stores cmnd in a static var. Anyhow, it + doesn't make much sense since MAILER should always be fully + qualified -1995-04-10 17:51 millert +1995-04-10 19:51 millert * sample.sudoers: added User_Alias stuff -1995-04-10 17:50 millert +1995-04-10 19:50 millert * aclocal.m4: SUDO_NEXT now looks for - /usr/lib/NextStep/software_version + /usr/lib/NextStep/software_version -1995-04-10 17:50 millert +1995-04-10 19:50 millert * RUNSON: added DEC UNIX 3.0 w/ gcc -1995-04-10 16:04 millert +1995-04-10 19:49 millert + + * visudo.c: Exit was being used in places where exit should be used + +1995-04-10 19:44 millert + + * sudoers: added "User alias specification" + +1995-04-10 18:04 millert * parse.yacc: fixed probs caused by making nslots and naliases a - size_t + size_t -1995-04-10 13:09 millert +1995-04-10 15:09 millert * RUNSON: added KSR, upped rev to 1.3.1b2 -1995-04-10 13:07 millert +1995-04-10 15:07 millert * logging.c, parse.yacc: 1024 -> BUFSIZ -1995-04-10 13:05 millert +1995-04-10 15:05 millert * parse.yacc: void * -> VOID * naliases and nslots are now size_t - to appease lsearch on 64-bit machines + to appease lsearch on 64-bit machines -1995-04-09 17:30 millert +1995-04-09 19:30 millert * TODO: did a bunch of things and added a bunch :-) -1995-04-09 17:30 millert +1995-04-09 19:30 millert * PORTING: updated -1995-04-09 17:15 millert +1995-04-09 19:24 millert + + * visudo.man: closer to BSD manpage style + +1995-04-09 19:15 millert * sudo.man: closer to standard BSD man format -1995-04-09 16:58 millert +1995-04-09 18:58 millert * compat.h, config.h.in, insults.h, options.h, pathnames.h.in, - sudo.h: added RCS id + sudo.h, version.h, emul/search.h: added RCS id -1995-04-09 15:35 millert +1995-04-09 17:35 millert * sudo.h: removed crufty #defines that are no longer used -1995-04-09 15:13 millert +1995-04-09 17:13 millert * BUGS: fixed a bug -1995-04-09 15:12 millert +1995-04-09 17:12 millert * sudo.man: updated based on sudo changes -1995-04-09 15:11 millert +1995-04-09 17:11 millert * parse.yacc: now allow ALL keyword in User_Aliases now allow ALL - keyword as well as a NAME or ALIAS + keyword as well as a NAME or ALIAS -1995-04-09 15:11 millert +1995-04-09 17:11 millert * CHANGES: updated -1995-04-09 15:04 millert +1995-04-09 17:04 millert * sudo.c: now sets SUDO_COMMAND and SUDO_GID envariables. -1995-04-09 13:24 millert +1995-04-09 15:24 millert * aclocal.m4: fixed bug with full void impl check -1995-04-08 21:11 millert +1995-04-08 23:11 millert * parse.yacc: fixed User_Alias supoprt -1995-04-08 20:27 millert +1995-04-08 22:27 millert * parse.yacc: added stubs for User_Alias support -1995-04-08 20:27 millert +1995-04-08 22:27 millert * sudo.c: now sets removes # bogus interfaces from num_interfaces -1995-04-08 20:26 millert +1995-04-08 22:26 millert * parse.lex: added User_Alias support -1995-04-07 19:10 millert +1995-04-07 21:10 millert * Makefile.in: removed extraneous TODO -1995-04-07 13:38 millert +1995-04-07 19:48 millert + + * visudo.c: ntwk_matches -> addr_matches + +1995-04-07 15:38 millert * parse.yacc: ntwk_matches -> addr_matches -1995-04-07 13:37 millert +1995-04-07 15:37 millert * parse.c: ntwk_matches -> addr_matches now use inet_addr() not - inet_network() (which expects octet boundaries) fixes for OSF - (sizeof(int) != sizeof(long)) + inet_network() (which expects octet boundaries) fixes for OSF + (sizeof(int) != sizeof(long)) -1995-04-07 13:08 millert +1995-04-07 15:08 millert * sudo.c: took out debugging info -1995-04-06 21:45 millert +1995-04-06 23:45 millert * aclocal.m4: OS was being set to unknown before non-uname based - host checks. This caused no checks to happen since $OS was not - zero-length. + host checks. This caused no checks to happen since $OS was not + zero-length. -1995-04-06 21:30 millert +1995-04-06 23:30 millert * sudo.c: fixed loading of interfaces struct still has debugging - info in though + info in though -1995-04-06 20:23 millert +1995-04-06 22:23 millert * parse.c: fixed typo -1995-04-06 14:17 millert +1995-04-06 16:17 millert * Makefile.in: ++version -1995-04-06 14:13 millert +1995-04-06 16:16 millert + + * version.h: ++ + +1995-04-06 16:16 millert + + * visudo.c: removed extraneous extern decl of "top + +1995-04-06 16:14 millert + + * visudo.c: now zeros "top" + +1995-04-06 16:13 millert * parse.yacc: removed parser_cleanup (no need for it now) -1995-04-06 14:13 millert +1995-04-06 16:13 millert * parse.lex: now calls reset_aliases() directly -1995-04-04 16:21 millert +1995-04-04 18:21 millert * OPTIONS: added a sentence to SECURE_PATH description -1995-04-04 16:17 millert +1995-04-04 18:17 millert * parse.c: fixed my stupid bug where I used NAMLEN on something I - wanted to just get the name from. argh. + wanted to just get the name from. argh. -1995-04-03 14:58 millert +1995-04-03 16:58 millert * lsearch.c: fixed argument order of memmove() that i hosed when - converting from bcopy(). arghh. + converting from bcopy(). arghh. -1995-04-03 13:33 millert +1995-04-03 15:33 millert * Makefile.in: finally fixed DISTFILES line -1995-04-03 13:21 millert +1995-04-03 15:21 millert * Makefile.in: tabs -> spaces -1995-04-03 13:15 millert +1995-04-03 15:15 millert * Makefile.in: added missing files to DISTFILES -1995-04-03 12:50 millert +1995-04-03 14:50 millert * Makefile.in: SUPPORTED -> RUNSON -1995-04-01 01:12 millert +1995-04-01 03:12 millert * TODO: updated -1995-03-31 23:54 millert +1995-04-01 01:54 millert * RUNSON: updated for pl5b1 release -1995-03-31 23:53 millert +1995-04-01 01:53 millert * BUGS, TODO: updated -1995-03-31 23:52 millert +1995-04-01 01:52 millert * check.c: fixed bug where if you hit return at first sudo prompt - it would still log as a failure + it would still log as a failure -1995-03-31 23:29 millert +1995-04-01 01:29 millert * CHANGES: updated -1995-03-31 23:25 millert +1995-04-01 01:25 millert * aclocal.m4: better test for bogus void * implementation -1995-03-31 18:33 millert +1995-03-31 20:33 millert * logging.c: added PASSWORDS_NOT_CORRECT -1995-03-31 18:32 millert +1995-03-31 20:32 millert * check.c: added PASSWORDS_NOT_CORRECT stuff] -1995-03-31 18:30 millert +1995-03-31 20:30 millert * sudo.h: added PASSWORDS_NOT_CORRECT -1995-03-31 17:16 millert +1995-03-31 19:16 millert + + * tgetpass.c: moved pathnames.h + +1995-03-31 19:16 millert * sudo.c: removed some unused vars and fixed up uid2str -1995-03-31 17:15 millert +1995-03-31 19:15 millert * putenv.c: moved compat.h -1995-03-31 17:14 millert +1995-03-31 19:14 millert * getcwd.c, getwd.c: added pathnames.h -1995-03-31 16:18 millert +1995-03-31 18:18 millert * parse.yacc: fixed a typo I introduced in the last checkin :-( -1995-03-31 16:11 millert +1995-03-31 18:11 millert * parse.lex: can't have #ifdef's where N is defined so just do this - the broken way for AIX + the broken way for AIX -1995-03-31 16:08 millert +1995-03-31 18:08 millert * parse.yacc: better hack from Chris (but still a hack) -1995-03-31 16:05 millert +1995-03-31 18:05 millert * parse.lex: stupid hack for broken aix lex -1995-03-31 15:27 millert +1995-03-31 17:47 millert + + * tgetpass.c: now includes compat.h  + +1995-03-31 17:27 millert + + * visudo.c: now includes fcntl.h + +1995-03-31 17:27 millert * compat.h: added FD_SET and FD_ZERO for 4.2BSD -1995-03-31 14:12 millert +1995-03-31 16:12 millert * parse.yacc: dirty hack to fix parser bug. i don't really like - this but it works for now... + this but it works for now... -1995-03-31 14:12 millert +1995-03-31 16:12 millert * sudo.c: uid2str is now static like the prototype says -1995-03-29 21:48 millert +1995-03-29 23:48 millert * RUNSON: Initial revision -1995-03-29 21:47 millert +1995-03-29 23:47 millert * TODO, CHANGES, SUPPORTED, TROUBLESHOOTING: updated -1995-03-29 21:46 millert +1995-03-29 23:46 millert * sudo.c: check_sudoers now returns an error code and sudo calls - inform_user and log_error based on the return value. + inform_user and log_error based on the return value. -1995-03-29 21:45 millert +1995-03-29 23:45 millert * logging.c, sudo.h: added entries for new errors -1995-03-29 21:03 millert +1995-03-29 23:03 millert * parse.c: now set uid to that of SUDOERS_OWNER while parsing - sudoers file + sudoers file -1995-03-29 20:52 millert +1995-03-29 22:52 millert * Makefile.in: took out testsudoers  -1995-03-29 20:36 millert +1995-03-29 22:36 millert * sudo.c: now explicately checks that it is setuid root -1995-03-29 20:28 millert +1995-03-29 22:28 millert * sudo.c: If a user has no passwd entry sudo would segv (writing to - a garbage pointer). Now allocate space before writing :-) + a garbage pointer). Now allocate space before writing :-) -1995-03-29 20:06 millert +1995-03-29 22:06 millert * configure.in: reordered AC_CHECK_FUNCS -1995-03-29 20:06 millert +1995-03-29 22:06 millert * config.h.in: fixed memset macro -1995-03-29 19:47 millert +1995-03-29 21:47 millert * logging.c: bzero -> memset when a parse error is logged the line - number of the error is now logged too + number of the error is now logged too + +1995-03-29 21:46 millert + + * tgetpass.c, visudo.c: bzero -> memset -1995-03-29 19:46 millert +1995-03-29 21:46 millert * INSTALL: added Sunos to blurb about c2 security -1995-03-29 19:45 millert +1995-03-29 21:45 millert * configure.in: added a SUN4 define for C2 security -1995-03-29 19:44 millert +1995-03-29 21:44 millert * config.h.in: bcopy -> memmove bzero -> memset -1995-03-29 19:43 millert +1995-03-29 21:43 millert * lsearch.c: bcopy -> memmove char * -> VOID * -1995-03-29 19:30 millert +1995-03-29 21:30 millert * check.c: added support for sunos with C2 security -1995-03-29 19:12 millert +1995-03-29 21:12 millert * OPTIONS, options.h: reordered -1995-03-29 19:12 millert +1995-03-29 21:12 millert * pathnames.h.in: _PATH_SUDO_LOGFILE now set based on configure -1995-03-29 19:12 millert +1995-03-29 21:12 millert * configure.in: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T -1995-03-29 19:12 millert +1995-03-29 21:12 millert * config.h.in: added _SUDO_PATH_LOGFILE -1995-03-29 19:11 millert +1995-03-29 21:11 millert * aclocal.m4: added SUDO_LOGFILE to find where to put sudo.log - added SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) - added SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) + added SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h + too) added SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) -1995-03-29 16:17 millert +1995-03-29 18:17 millert * TROUBLESHOOTING: Initial revision -1995-03-29 15:59 millert +1995-03-29 17:59 millert * sudo.c: now do set_perms(PERM_ROOT) before the getpwuid() in - load_global() to work around a problem is trusted hpux shadow - passwords. yuck. + load_global() to work around a problem is trusted hpux shadow + passwords. yuck. -1995-03-29 15:41 millert +1995-03-29 17:41 millert * parse.yacc: backed out a change in malloc/realloc -1995-03-29 15:38 millert +1995-03-29 17:38 millert * parse.yacc: now include stdlib.h -1995-03-29 15:20 millert +1995-03-29 17:22 millert + + * visudo.c: now do an freopen() of the stmp file so that yyin will + always point to the same thing. This is important for flex since + we are doing a YY_NEWFILE + +1995-03-29 17:20 millert * parse.yacc: replaced yywrap() with parser_cleanup() since - yywrap() needs to be in parse.lex to be able to use YY_NEW_FILE. - sigh. + yywrap() needs to be in parse.lex to be able to use YY_NEW_FILE. + sigh. -1995-03-29 15:18 millert +1995-03-29 17:18 millert * parse.lex: now have a rule that matches anything that doesn't - match an explicite rule. well, you know what i mean (. matches - anything not yet matched). However, this means that there is input - still queued up so we need to do a YY_NEW_FILE; in yywrap. So, - yywrap has moved into parse.lex and it calls parser_cleanup() which - is most of the old yywrap() sigh. + match an explicite rule. well, you know what i mean (. matches + anything not yet matched). However, this means that there is + input still queued up so we need to do a YY_NEW_FILE; in yywrap. + So, yywrap has moved into parse.lex and it calls parser_cleanup() + which is most of the old yywrap() sigh. -1995-03-29 15:17 millert +1995-03-29 17:17 millert * SUPPORTED: no longer used -1995-03-29 14:13 millert +1995-03-29 16:13 millert * getcwd.c, getwd.c: moved compat.h to be the last include file -1995-03-29 14:11 millert +1995-03-29 16:11 millert * parse.yacc: fixed type of aliascmp() args -1995-03-29 13:58 millert +1995-03-29 15:58 millert * find_path.c: NULL -> '\0' -1995-03-29 13:42 millert +1995-03-29 15:42 millert * parse.yacc: added casts to lfind and lsearch args for irix -1995-03-29 06:20 millert +1995-03-29 08:20 millert * Makefile.in: bsdinstall -> install-sh -1995-03-29 06:20 millert +1995-03-29 08:20 millert * INSTALL: added info about make realclean -1995-03-29 06:17 millert +1995-03-29 08:17 millert * Makefile.in: updated VERSION added dependencies for visudo.cat -1995-03-29 06:16 millert +1995-03-29 08:17 millert + + * version.h: -> pl5b1 + +1995-03-29 08:16 millert * sudo.c: took out -l -1995-03-28 22:03 millert +1995-03-29 00:03 millert * Makefile.in: now there is a real visudo.man and visudo.cat -1995-03-28 21:54 millert +1995-03-28 23:54 millert * sudo.man: took out visudo stuff -1995-03-28 21:12 millert +1995-03-28 23:54 millert + + * visudo.man: Initial revision + +1995-03-28 23:12 millert * parse.c, parse.lex, parse.yacc: updated copyright -1995-03-28 21:05 millert +1995-03-28 23:05 millert * README: updated for pl5 -1995-03-28 18:02 millert +1995-03-28 20:02 millert * sudo.man: updated Nieusma & Hieb email addresses -1995-03-28 17:57 millert +1995-03-28 19:57 millert * INSTALL: updated to include options.h and OPTIONS -1995-03-28 17:35 millert +1995-03-28 19:35 millert * CHANGES, TODO: updated -1995-03-28 17:35 millert +1995-03-28 19:35 millert * BUGS: eliminated bug #1 (yay) -1995-03-28 17:31 millert +1995-03-28 19:31 millert * configure.in: sunos no longer gets linked statically -1995-03-28 16:58 millert +1995-03-28 18:58 millert * parse.lex: prototype now uses __P() -1995-03-28 16:49 millert +1995-03-28 18:49 millert * parse.lex: make fill() non-ansi -1995-03-28 13:26 millert +1995-03-28 15:26 millert * parse.c: made -v (validate) work -1995-03-28 13:26 millert +1995-03-28 15:26 millert * logging.c: now gives host -1995-03-28 08:34 millert +1995-03-28 10:34 millert * find_path.c: don't check for execute/statable if fq or relative - path given + path given -1995-03-27 23:07 millert +1995-03-28 01:07 millert * parse.c: added a cast -1995-03-27 22:48 millert +1995-03-28 00:49 millert + + * visudo.c: now include ctype.h for islower and tolower macros + +1995-03-28 00:48 millert * goodpath.c: moved _S_IFMT & _S_ISREG to compat.h -1995-03-27 22:48 millert +1995-03-28 00:48 millert * sudo.c: moved a set of parens -1995-03-27 22:48 millert +1995-03-28 00:48 millert * strdup.c: now include compat.h -1995-03-27 22:47 millert +1995-03-28 00:47 millert * parse.yacc: now cast malloc & realloc return vals added search - for HAVE_LSEARCH now use strcmp if no strcasecmp available + for HAVE_LSEARCH now use strcmp if no strcasecmp available -1995-03-27 22:46 millert +1995-03-28 00:46 millert - * lsearch.c: void * -> VOID * + * lsearch.c, emul/search.h: void * -> VOID * -1995-03-27 22:45 millert +1995-03-28 00:45 millert * config.h.in: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, - HAVE_SYS_NDIR_H, HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH + HAVE_SYS_NDIR_H, HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH -1995-03-27 22:44 millert +1995-03-28 00:44 millert * compat.h: added _S_IFMT, _S_IFREG, and S_ISREG -1995-03-27 22:44 millert +1995-03-28 00:44 millert * aclocal.m4: took out SUDO_PROG_INSTALL 1.x to 2.x changes added - echo and results to most SUDO_* macros + echo and results to most SUDO_* macros -1995-03-27 22:43 millert +1995-03-28 00:43 millert * Makefile.in: no more -I. -1995-03-27 22:22 millert +1995-03-28 00:22 millert * configure.in: various 1.x ro 2.x autoconf changes now check for - strcasecmp now use AC_INSTALL_PROG instead of custom one added - check for fully woorking void implementation + strcasecmp now use AC_INSTALL_PROG instead of custom one added + check for fully woorking void implementation -1995-03-27 22:02 millert +1995-03-28 00:02 millert * Makefile.in: added lsearch & search.h visudo links into - $(LIBOBJS) + $(LIBOBJS) -1995-03-27 21:43 millert +1995-03-27 23:43 millert * aclocal.m4: partial 1.x to 2.x changes added SUDO_FULL_VOID -1995-03-27 19:15 millert +1995-03-27 23:40 millert + + * visudo.c: whatnow_help was prototyped to be static be was not + declared as such + +1995-03-27 21:15 millert * configure.in: autoconf 2.x changes took out HAVE_FLEX (no longer - used) added check for dirent/dir/ndir.h + used) added check for dirent/dir/ndir.h -1995-03-27 19:09 millert +1995-03-27 21:09 millert * parse.c: now use groovy gnu autoconf macro AC_HEADER_DIRENT -1995-03-27 18:38 millert +1995-03-27 20:38 millert * getcwd.c, getwd.c: MAXPATHLEN -> MAXPATHLEN+1 -1995-03-27 18:23 millert +1995-03-27 20:23 millert - * lsearch.c: Initial revision + * emul/search.h, lsearch.c: Initial revision -1995-03-27 16:26 millert +1995-03-27 18:26 millert * parse.yacc: eliminated bison warnings -1995-03-27 15:10 millert +1995-03-27 17:10 millert * parse.lex: added missing case -1995-03-27 13:16 millert +1995-03-27 17:04 millert + + * visudo.c: now iincludes signal.h + +1995-03-27 15:16 millert * parse.yacc: only clear data structures on a parse error -1995-03-27 12:53 millert +1995-03-27 15:01 millert + + * visudo.c: whatnow() now gives help on invalid input + +1995-03-27 14:54 millert + + * visudo.c: added a whatnow() function (sort of like mh) + +1995-03-27 14:53 millert * parse.yacc: kill_aliases -> reset_aliases yywrap() now cleans up - by calling reset_aliases() and clearing top took reset stuff out of - yyerror() since it doesn't beling there (and doesn't work anyway). - errorlineno is now initially set to -1 so we can set it to the - first error that occurrs (it was getting set to the last) + by calling reset_aliases() and clearing top took reset stuff out + of yyerror() since it doesn't beling there (and doesn't work + anyway). errorlineno is now initially set to -1 so we can set it + to the first error that occurrs (it was getting set to the last) -1995-03-27 12:53 millert +1995-03-27 14:53 millert * parse.lex: added a void cast -1995-03-25 23:33 millert +1995-03-27 13:26 millert + + * visudo.c: rewrote from scratch based on 4.3BSD vipw.c + +1995-03-26 01:33 millert * sudo.c, sudo.h: removed ocmnd -1995-03-25 23:19 millert +1995-03-26 01:19 millert * sudo.h: no more sudo_realpath() and find_path() changed params -1995-03-25 23:19 millert +1995-03-26 01:19 millert * sudo.c: find_path() changed since no more realpath() -1995-03-25 23:18 millert +1995-03-26 01:18 millert * parse.yacc: on error, errorlineno is set to the line where the - error occurred added kill_aliases() to free the aliases struct now - clean up in yyerror() so we can reparse cleanly + error occurred added kill_aliases() to free the aliases struct + now clean up in yyerror() so we can reparse cleanly -1995-03-25 23:17 millert +1995-03-26 01:17 millert * logging.c: changed to use new find_path() -1995-03-25 23:17 millert +1995-03-26 01:17 millert * options.h, parse.c: no more USE_REALPATH -1995-03-25 23:16 millert +1995-03-26 01:16 millert * find_path.c: removed all the realpath() stuff -1995-03-25 23:16 millert +1995-03-26 01:16 millert * Makefile.in: sudo_realpath.c -> sudo_goodpath.c -1995-03-25 22:04 millert +1995-03-26 01:12 millert + + * visudo.c: now works correctly with utk parser + +1995-03-26 00:04 millert * goodpath.c: Initial revision -1995-03-25 19:56 millert +1995-03-25 23:23 millert + + * sudo_realpath.c: eliminated a compiler warning + +1995-03-25 21:56 millert * sudo.c: elinated compiler warning -1995-03-25 18:40 millert +1995-03-25 20:40 millert + + * sudo_realpath.c: added sudo_goodpath() + +1995-03-25 20:40 millert * sudo.h: added prototype for sudo_goodpath -1995-03-25 18:39 millert +1995-03-25 20:39 millert * parse.c: added support for /sys/dir.h -1995-03-25 18:39 millert +1995-03-25 20:39 millert * options.h: USE_REALPATH turned off -1995-03-25 18:39 millert +1995-03-25 20:39 millert * find_path.c: added calls to sudo_goodpath() -1995-03-25 18:39 millert +1995-03-25 20:39 millert * configure.in: added check for dirent.h -1995-03-25 18:38 millert +1995-03-25 20:38 millert * config.h.in: added HAVE_DIRENT_H -1995-03-25 17:27 millert +1995-03-25 19:27 millert * configure.in: added in linux shadow pass stuff  -1995-03-24 12:17 millert +1995-03-24 14:43 millert + + * visudo.c: added back host, user, cmnd, parse_error + +1995-03-24 14:19 millert + + * visudo.c: added in utk changes plus some minor cosmetic changes + +1995-03-24 14:17 millert - * sudo.c: added void casts for printf's + * sudo.c, sudo_realpath.c: added void casts for printf's -1995-03-24 12:17 millert +1995-03-24 14:17 millert * options.h: added a define of USE_REALPATH -1995-03-24 12:17 millert +1995-03-24 14:17 millert * configure.in: there is no more visudoers/Makefile -1995-03-24 12:16 millert +1995-03-24 14:16 millert * Makefile.in: added in utk changes (visudo is now built from the - toplevel) + toplevel) -1995-03-24 12:15 millert +1995-03-24 14:15 millert * find_path.c: added (void) casts to printf's -1995-03-23 20:32 millert +1995-03-23 22:32 millert - * parse.c, parse.lex, parse.yacc, sudo.h: merged in utk changes + * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: merged + in utk changes -1995-03-22 21:13 millert +1995-03-22 23:13 millert * find_path.c: now check to see that what we are trying to run is a - file (or a link to a file, we do a stat(2) so there is no diff) + file (or a link to a file, we do a stat(2) so there is no diff) -1995-03-13 13:56 millert +1995-03-13 15:56 millert * CHANGES: updated -1995-03-13 13:56 millert +1995-03-13 15:56 millert * Makefile.in: aclocal.m4 -> acsite.m4 make realclean updated for - new autoconf  + new autoconf  -1995-03-13 13:11 millert +1995-03-13 15:11 millert * sudo.man: added myself as maintainer -1995-02-16 21:31 millert +1995-02-16 23:31 millert * sudo.c: changed setegid -> setgid -1995-02-06 15:43 millert +1995-02-06 17:43 millert * configure.in: fixed the test for irix 5.x to skip bad libs -1995-02-06 15:43 millert +1995-02-06 17:43 millert * aclocal.m4: now initialize OS and OSREV -1995-01-26 18:52 millert +1995-01-26 20:52 millert * configure.in: irix5 changes -1995-01-26 18:28 millert +1995-01-26 20:28 millert * configure.in: AC_WITH -> AC_ARG_WITH changes other misc changes - for autoconf 2.1 compatibility + for autoconf 2.1 compatibility -1995-01-16 16:44 millert +1995-01-18 19:49 millert + + * visudo.c: use YY_NEW_FILE, not yyrestart since OSF flex doesn't + do the righ thing wrt yyrestart (grrrr) + +1995-01-16 18:44 millert * Makefile.in: added visudoers/compat.h to DISTFILES -1995-01-16 15:01 millert +1995-01-16 17:01 millert * configure.in: fixed an echo -1995-01-16 14:36 millert +1995-01-16 16:36 millert * sudo.c: added ocmnd declaration adjusted for find_path()'s new - parameters + parameters -1995-01-16 14:35 millert +1995-01-16 16:35 millert * sudo.h: added ocmnd extern adjusted find_path() prototype -1995-01-16 14:34 millert +1995-01-16 16:34 millert * parse.c: cmndcmp() now takes 3 arguments and checks against the - qualified as well as the unqualified pathname. more code that - should use cmndcmp() but did not, now does + qualified as well as the unqualified pathname. more code that + should use cmndcmp() but did not, now does -1995-01-16 14:34 millert +1995-01-16 16:34 millert * options.h: added to a comment -1995-01-16 14:33 millert +1995-01-16 16:33 millert * logging.c: changed to use new find_path() parameter passing -1995-01-16 14:32 millert +1995-01-16 16:32 millert * find_path.c: find_path() now takes 2 copyout parameters (one for - the qualified pathname and one for the unqualified pathname). The - third parameter may be NULL. + the qualified pathname and one for the unqualified pathname). + The third parameter may be NULL. -1995-01-16 14:31 millert +1995-01-16 16:31 millert * configure.in: no longer munge pathnames.h -1995-01-16 14:30 millert +1995-01-16 16:30 millert * pathnames.h.in: changed _PATH_* to use _SUDO_PATH_* (which are - defined in config.h) as a result, pathnames.h does not need to be - run through configure and the user can override the configured - values easily. + defined in config.h) as a result, pathnames.h does not need to be + run through configure and the user can override the configured + values easily. -1995-01-16 14:30 millert +1995-01-16 16:30 millert * config.h.in: added _SUDO_PATH_* entries -1995-01-16 14:30 millert +1995-01-16 16:30 millert * aclocal.m4: _PATH* -> _SUDO_PATH_* -1995-01-16 14:28 millert +1995-01-16 16:28 millert * Makefile.in: updated DISTFILES and HDRS .o's now depend on - config.h + config.h -1995-01-13 10:52 millert +1995-01-13 12:52 millert * compat.h: removed extraneous #endif -1995-01-13 10:48 millert +1995-01-13 12:48 millert * aclocal.m4: added SUDO_PROG_MV -1995-01-13 10:47 millert +1995-01-13 12:47 millert * configure.in: added SUDO_PROG_MV added riscos and isc os types - took out -DSHORT_MESSAGE from --with-csops since it is now the - default + took out -DSHORT_MESSAGE from --with-csops since it is now the + default -1995-01-13 10:46 millert +1995-01-13 12:46 millert * sudo.c: move the include of id.h to compat.h now includes - options.h + options.h -1995-01-13 10:45 millert +1995-01-13 12:45 millert * sudo.h: moved compatibility #defines to compat.h -1995-01-13 10:45 millert +1995-01-13 12:45 millert * pathnames.h.in: added _PATH_MV -1995-01-13 10:43 millert +1995-01-13 12:43 millert * config.h.in: move __P to compat.h -1995-01-13 10:39 millert +1995-01-13 12:39 millert * getcwd.c, getwd.c, putenv.c: now includes compat.h -1995-01-13 10:39 millert +1995-01-13 12:39 millert * compat.h: Initial revision -1995-01-11 17:11 millert +1995-01-11 19:11 millert * sudo.h: pull user-configurable stuff out and put in options.h -1995-01-11 16:43 millert +1995-01-11 18:43 millert - * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc: - now includes options.h + * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c, + sudo_setenv.c, parse.lex, parse.yacc, visudo.c: now includes + options.h -1995-01-11 16:41 millert +1995-01-11 18:41 millert * Makefile.in: added visudoers/options.h -1995-01-11 16:40 millert +1995-01-11 18:40 millert * options.h, OPTIONS: Initial revision -1995-01-11 16:39 millert +1995-01-11 18:39 millert * Makefile.in: added OPTIONS and options.h -1995-01-11 16:36 millert +1995-01-11 18:36 millert * logging.c: changed #ifdef's to use LOGGING and - SLOG_SYSLOG/SLOG_FILE + SLOG_SYSLOG/SLOG_FILE -1995-01-11 09:02 millert +1995-01-11 11:02 millert * check.c, sudo.h: changed PASSWORD_TIMEOUT to minutes -1994-12-15 18:32 millert +1994-12-17 18:18 millert + + * visudo.c: now only do Editor +line_num if line_num != 0 + +1994-12-15 21:06 millert + + * visudo.c: now use mv if rename(2) fails + +1994-12-15 20:32 millert * BUGS: added a visudo bug -1994-12-15 17:46 millert +1994-12-15 19:46 millert * check.c: expanded comment -1994-11-12 16:33 millert +1994-11-12 18:33 millert * check.c: fixed user_is_exempt to return 0 if EXEMPTGROUP is not - set + set -1994-11-09 17:49 millert +1994-11-09 19:49 millert * sudo.c: added mips & isc support -1994-11-09 17:49 millert +1994-11-09 19:49 millert * parse.c: added support for non-root owned sudoers file -1994-11-09 17:48 millert +1994-11-09 19:48 millert * check.c: added exempt group support -1994-11-09 17:47 millert +1994-11-09 19:47 millert * sudo.h: added set_perms() support added SUDOERS_OWNER so can have - non-root own sudoers file added exempt group support added isc - support + non-root own sudoers file added exempt group support added isc + support + +1994-11-09 19:46 millert + + * visudo.c: now copy sudoers to temp file via read/write (not + stdio) now chown new sudoers file to SUDOERS_OWNER -1994-11-07 18:40 millert +1994-11-07 20:40 millert * configure.in: added skey support -1994-11-07 18:39 millert +1994-11-07 20:39 millert * sudo.h: fixed typo added set_perms support added skey support - added seteuid()/setegid() emulation for AIX + added seteuid()/setegid() emulation for AIX -1994-11-07 18:38 millert +1994-11-07 20:38 millert * sudo.c: be_* -> setperms() now check to make sure sudoers file is - owned by root nread/write by only root + owned by root nread/write by only root -1994-11-07 18:38 millert +1994-11-07 20:38 millert - * logging.c, parse.c: be_* -> setperms() + * logging.c, parse.c, sudo_realpath.c: be_* -> setperms() -1994-11-07 18:38 millert +1994-11-07 20:38 millert * check.c: be_* -> set_perms() added skey support -1994-11-06 16:59 millert +1994-11-06 18:59 millert * Makefile.in: ++version -1994-10-21 11:16 millert +1994-11-06 18:59 millert + + * version.h: ++ + +1994-10-21 13:16 millert * sudo.c: now sets IFS -1994-10-21 10:02 millert +1994-10-21 12:02 millert * insults.h: fixed typo -1994-10-15 13:48 millert +1994-10-15 15:48 millert * config.h.in: added HAVE_SKEY -1994-10-04 11:00 millert +1994-10-04 13:00 millert * CHANGES: updated -1994-10-04 10:57 millert +1994-10-04 12:57 millert * Makefile.in: ++version -1994-10-04 10:56 millert +1994-10-04 12:57 millert + + * version.h: ++ + +1994-10-04 12:56 millert * sudo.c: now bail if ARgv[1] > MAXPATHLEN -1994-10-04 10:56 millert +1994-10-04 12:56 millert * configure.in: added function check for tcgetattr(3) -1994-10-04 10:55 millert +1994-10-04 12:55 millert * config.h.in: only define HAVE_TERMIOS_H if you have tcgetattr(3) -1994-10-04 10:53 millert +1994-10-04 12:53 millert * config.h.in: added check for tcgetattr -1994-09-26 15:38 millert +1994-09-26 17:38 millert * CHANGES: updated -1994-09-22 11:30 millert +1994-09-22 13:30 millert * parse.lex: now only include unistd.h for linux -1994-09-21 12:29 millert +1994-09-21 14:29 millert * Makefile.in: added visudo.8 generation -1994-09-21 12:07 millert +1994-09-21 14:07 millert * configure.in: added -Wl,-bI:./aixcrypt.exp to aix flags -1994-09-20 17:39 millert +1994-09-20 19:39 millert * BUGS: added one -1994-09-20 17:39 millert +1994-09-20 19:39 millert * CHANGES: updated -1994-09-20 17:38 millert +1994-09-20 19:38 millert * README: added mailing list info -1994-09-20 17:37 millert +1994-09-20 19:37 millert * parse.yacc: now use sudolineno instead of yylineno fixed bison - warnings + warnings -1994-09-20 17:37 millert +1994-09-20 19:37 millert * configure.in: now use -no_library_replacement for osf don't make - a static binary for hpux >= 9.0 + a static binary for hpux >= 9.0 -1994-09-20 17:21 millert +1994-09-20 19:21 millert + + * tgetpass.c: added string.h/strings.h inclusion + +1994-09-20 19:21 millert * config.h.in: added ssize_t def -1994-09-20 17:18 millert +1994-09-20 19:18 millert * parse.lex: added inclusion of string.h/strings.h -1994-09-20 16:48 millert +1994-09-20 18:48 millert * aclocal.m4: fixed uname | sed (needed to quote the '[') -1994-09-20 16:42 millert +1994-09-20 18:42 millert * parse.lex: replaced yylineno with sudolineno fixed bison syntax - errors + errors + +1994-09-20 18:13 millert + + * visudo.c: changed yylineno to sudolineno since yylineno cannot be + counted upon. -1994-09-20 16:10 millert +1994-09-20 18:10 millert * TODO: updated -1994-09-20 15:52 millert +1994-09-20 17:52 millert * parse.c: added code to support command listings -1994-09-20 15:36 millert +1994-09-20 17:36 millert * sudo.c: added code for -l flag -1994-09-20 15:35 millert +1994-09-20 17:35 millert * sudo.man: fixed typo added info for -l flag -1994-09-20 12:45 millert +1994-09-20 14:45 millert * configure.in: AC_SSIZE_T -> SUDO_SSIZE_T -1994-09-20 12:45 millert +1994-09-20 14:45 millert * aclocal.m4: added SUDO_SSIZE_T -1994-09-20 12:44 millert +1994-09-20 14:44 millert * sudo.h: added MODE_LIST -1994-09-20 12:43 millert +1994-09-20 14:43 millert * configure.in: added AC_SSIZE_T -1994-09-19 18:53 millert +1994-09-19 20:53 millert - * find_path.c: readlink() is now declared as returning ssize~_t + * find_path.c, sudo_realpath.c: readlink() is now declared as + returning ssize~_t -1994-09-19 18:44 millert +1994-09-19 20:44 millert * configure.in: added -laud for OSF c2 -1994-09-02 13:55 millert +1994-09-02 15:55 millert - * config.h.in, parse.lex, parse.yacc, pathnames.h.in, Makefile.in: - changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu + * config.h.in, parse.lex, parse.yacc, pathnames.h.in, visudo.c, + Makefile.in: changed sudo-bugs.cs.colorado.edu -> + sudo-bugs@cs.colorado.edu -1994-09-02 13:54 millert +1994-09-02 15:54 millert * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c, - parse.c, putenv.c, strdup.c, sudo.c, sudo.h: changed - sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed + parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c, + sudo_setenv.c, tgetpass.c, version.h: changed + sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed -1994-09-01 13:56 millert +1994-09-01 15:56 millert * Makefile.in: ++version -1994-09-01 13:55 millert +1994-09-01 15:55 millert + + * version.h: ++ + +1994-09-01 15:55 millert * logging.c: added host to alertmail messages -1994-09-01 13:55 millert +1994-09-01 15:55 millert * CHANGES, TODO: udpated -1994-09-01 13:26 millert +1994-09-01 15:26 millert * logging.c: fixed logging problem where mail would not say which - user it was + user it was -1994-09-01 11:45 millert +1994-09-01 13:45 millert * configure.in: added -laud for gcc if osf & c2 -1994-09-01 11:39 millert +1994-09-01 13:39 millert * check.c: moved set_auth_parameters to sudo.c -1994-09-01 11:38 millert +1994-09-01 13:38 millert * sudo.c: added set_auth_parameters for osf -1994-09-01 11:22 millert +1994-09-01 13:22 millert * configure.in: cleaned up -static stuff -1994-09-01 11:15 millert +1994-09-01 13:15 millert * Makefile.in: ++version -1994-09-01 11:15 millert +1994-09-01 13:15 millert + + * version.h: ++ + +1994-09-01 13:15 millert * sudo.c: changed setenv() to sudo_setenv() -1994-09-01 11:12 millert +1994-09-01 13:12 millert * check.c: fixed osf problem -1994-08-31 20:17 millert +1994-08-31 22:17 millert * configure.in: added OSF C2 stuff -1994-08-31 20:00 millert +1994-08-31 22:00 millert * CHANGES: updated -1994-08-31 19:56 millert +1994-08-31 21:56 millert * check.c: added osf auth support & removed some extra spaces -1994-08-31 19:52 millert +1994-08-31 21:52 millert * INSTALL, SUPPORTED: added osf C2 stuff -1994-08-31 17:52 millert +1994-08-31 19:52 millert * TODO: added 2 suggestions -1994-08-31 17:33 millert +1994-08-31 19:33 millert * Makefile.in: removed README.v1.3.1 and added VERSION stuff -1994-08-30 16:30 millert +1994-08-31 18:48 millert + + * version.h: pl1 + +1994-08-30 18:31 millert + + * version.h: 1.3.1final + +1994-08-30 18:30 millert * Makefile.in: added HISTORY -1994-08-30 16:30 millert +1994-08-30 18:30 millert * sudo.man: mention HISTPRY file -1994-08-30 16:30 millert +1994-08-30 18:30 millert * sudo.c: use sizeof instead of a constant in 1 place -1994-08-30 16:30 millert +1994-08-30 18:30 millert * parse.yacc: added unistd.h -1994-08-30 16:29 millert +1994-08-30 18:29 millert * parse.lex: added unistd.h -1994-08-30 16:27 millert +1994-08-30 18:27 millert * README: udpated -1994-08-30 16:15 millert +1994-08-30 18:15 millert * HISTORY: Initial revision -1994-08-17 10:39 millert +1994-08-17 12:45 millert + + * version.h: ++ + +1994-08-17 12:39 millert * CHANGES: updated -1994-08-16 13:46 millert +1994-08-17 12:36 millert + + * sudo_setenv.c: added unistd.h include + +1994-08-16 15:46 millert * sudo.c: added sys/time.h for AIX -1994-08-14 19:22 millert +1994-08-14 21:22 millert * configure.in: added check for -lsocket and sys/sockio.h -1994-08-14 19:21 millert +1994-08-14 21:21 millert * config.h.in: took out libshadow check and added in sys/sockio.h - check + check -1994-08-14 19:21 millert +1994-08-14 21:21 millert * sudo.c: now include sockio.h instead of ioctl.h if it exists - "sudo -" now gets a better error message + "sudo -" now gets a better error message -1994-08-14 18:47 millert +1994-08-14 20:47 millert * sample.sudoers: now has a dir and subnet entry -1994-08-13 16:15 millert +1994-08-13 18:15 millert * sudo.c: removed if_ether.h -1994-08-13 15:16 millert +1994-08-13 17:16 millert * TODO: added an item -1994-08-13 15:15 millert +1994-08-13 17:15 millert * sudo.man: added network and ip addresses to man page -1994-08-13 15:09 millert +1994-08-13 17:09 millert * sudo.c: no error if can't get interfaces or netmask since - networking may not be in the kernel. + networking may not be in the kernel. -1994-08-13 15:08 millert +1994-08-13 17:08 millert * parse.c: nwo check for interfaces == NULL -1994-08-12 19:22 millert +1994-08-12 21:22 millert * parse.c: fixed a bug that caused directory specs in a Cmnd_Alias - to fail if the last entry in the spec failed (ie: it was only - looking at the last entry). CLeaned things up by adding the - cmndcmp() function--all neat & tidy + to fail if the last entry in the spec failed (ie: it was only + looking at the last entry). CLeaned things up by adding the + cmndcmp() function--all neat & tidy -1994-08-12 19:21 millert +1994-08-12 21:21 millert * CHANGES: added one -1994-08-11 21:42 millert +1994-08-11 23:42 millert * sudo.c: now do two passes to skip bogus interfaces (lo0, etc) -1994-08-11 19:58 millert +1994-08-11 21:58 millert + + * logging.c, sudo_realpath.c, sudo_setenv.c: added ninclude of + netinet/in.h + +1994-08-11 21:58 millert - * logging.c: added ninclude of netinet/in.h + * check.c, find_path.c, getcwd.c, getwd.c, parse.lex, parse.yacc, + visudo.c: added include of netinet/in.h -1994-08-11 19:58 millert +1994-08-11 21:57 millert - * check.c, find_path.c, getcwd.c, getwd.c, parse.lex, parse.yacc: - added include of netinet/in.h + * version.h: ++ -1994-08-11 19:57 millert +1994-08-11 21:57 millert * sudo.h: added interfaces global -1994-08-11 19:56 millert +1994-08-11 21:56 millert * parse.c: now uses new interfaces global -1994-08-11 19:56 millert +1994-08-11 21:56 millert * sudo.c: now ip addresses are gleaned fw/o dns -1994-08-10 17:21 millert +1994-08-10 19:21 millert * sudo.c: added load_ip_addrs() to load the ip_addrs global var -1994-08-10 17:21 millert +1994-08-10 19:21 millert * parse.c: added hostcmp() to compare hostnames, ip addrs, and - network addrs + network addrs -1994-08-10 17:20 millert +1994-08-10 19:20 millert * sudo.h: added ip_addrs def added load_ip_addrs prototype -1994-08-08 14:03 millert +1994-08-08 16:03 millert * CHANGES: updated -1994-08-08 13:57 millert +1994-08-08 15:57 millert * Makefile.in: removed multiple entries in DISTFILES -1994-08-08 11:05 millert +1994-08-08 13:05 millert + + * visudo.c: ansified the !STDC_HEADERS decls + +1994-08-08 13:05 millert * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: don't do - malloc decl if gnuc + malloc decl if gnuc -1994-08-08 11:04 millert +1994-08-08 13:04 millert * sudo.c: can't use getopt(3) since it munges args to the command - to be run as root don't do malloc decl if gnuc + to be run as root don't do malloc decl if gnuc -1994-08-07 22:41 millert +1994-08-08 00:41 millert - * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c: - ansi-fied !STDC_HEADER function prottypes + * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c, + sudo_realpath.c, sudo_setenv.c: ansi-fied !STDC_HEADER function + prottypes -1994-08-07 22:27 millert +1994-08-08 00:27 millert * getcwd.c, getwd.c: added missing paren -1994-08-07 22:23 millert +1994-08-08 00:23 millert * Makefile.in: added putenv.c to DISTFILES -1994-08-07 22:07 millert +1994-08-08 00:08 millert + + * sudo_setenv.c: added params to func decls when STDC_HEADERS is + not defined now can count on putenv() being there + +1994-08-08 00:08 millert + + * sudo_realpath.c: took out errno decl since sudo.h does it for us + fixed up a next cc warning added params to func decls when + STDC_HEADERS is not defined + +1994-08-08 00:07 millert * sudo.h: took out environ extern added local declaratio of - putenv() if local version is needed + putenv() if local version is needed -1994-08-07 22:05 millert +1994-08-08 00:05 millert * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: added params to - func decls when STDC_HEADERS is not defined + func decls when STDC_HEADERS is not defined -1994-08-07 22:04 millert +1994-08-08 00:04 millert * config.h.in: added memcpy check check to see that ansi vs bsd - macros are ntot already defiend before defining (ie: avoid - redefinition) + macros are ntot already defiend before defining (ie: avoid + redefinition) -1994-08-07 22:03 millert +1994-08-08 00:03 millert * configure.in: removed fluff setenv check plus check w/ replace - for putenv if also no setenv + for putenv if also no setenv -1994-08-07 22:01 millert +1994-08-08 00:01 millert * putenv.c: Initial revision -1994-08-06 17:19 millert +1994-08-06 19:19 millert + + * sudo_setenv.c: Initial revision + +1994-08-06 19:19 millert * sudo.h: rm'd s realp[ath added sudo_realpath and sudo_setenv -1994-08-06 17:19 millert +1994-08-06 19:19 millert * sudo.c: now use sudo_setenvc -1994-08-06 17:18 millert +1994-08-06 19:18 millert * configure.in: added puteenv and setenv, removed realpath -1994-08-06 17:18 millert +1994-08-06 19:18 millert * config.h.in: added putenv & setenv -1994-08-06 17:18 millert +1994-08-06 19:18 millert * Makefile.in: added sudo_setenv -1994-08-05 17:43 millert +1994-08-06 19:16 millert + + * version.h: ++ + +1994-08-05 19:43 millert * configure.in: added MAN_POSTINSTALL and /usr/share/catman for - irix + irix -1994-08-05 17:43 millert +1994-08-05 19:43 millert * Makefile.in: added MAN_POSTINSTALL -1994-08-05 17:43 millert +1994-08-05 19:43 millert * CHANGES: added -1994-08-05 17:10 millert +1994-08-05 19:10 millert * sudo.man: added SUDO_* plus new options -1994-08-05 17:10 millert +1994-08-05 19:10 millert * CHANGES: added one -1994-08-05 17:07 millert +1994-08-05 19:07 millert * configure.in: took out shadow lib -1994-08-05 16:35 millert +1994-08-05 18:35 millert * TODO: adde done -1994-08-05 15:49 millert +1994-08-05 17:52 millert + + * visudo.c: now use yyrestart() if flex now reset yylineno to 0 + +1994-08-05 17:49 millert * Makefile.in: support for installing a cat page instead of a man - page if no nroff + page if no nroff -1994-08-05 15:48 millert +1994-08-05 17:48 millert * configure.in: now defines HAVE_FLEX fixed up man stuff so that it - looks for nroff to determine whether or not to install a cat or man - page + looks for nroff to determine whether or not to install a cat or + man page -1994-08-05 15:48 millert +1994-08-05 17:48 millert * config.h.in: added HAVE_FLEX -1994-08-05 14:14 millert +1994-08-05 16:14 millert * sudo.c: not set ret to MODE_RUN initially -1994-08-05 14:12 millert +1994-08-05 16:12 millert * find_path.c: made command (and therefor cmnd dynamically - allocated) + allocated) -1994-08-04 18:25 millert +1994-08-04 20:25 millert * TODO: did #8 -1994-08-04 18:24 millert +1994-08-04 20:24 millert + + * version.h: ++ + +1994-08-04 20:24 millert + + * sudo_realpath.c: changed bufs from MAXPATHLEN to MAXPATHLEN+1 + +1994-08-04 20:24 millert * sudo.h: added MODE_ removed validate_only and added - remove_timestamp() + remove_timestamp() -1994-08-04 18:22 millert +1994-08-04 20:22 millert * sudo.c: usage() now takes an int (exit value) added parse_args() - to parse command line arguments moved call to find_path() from - load_globals to new function load_cmnd() removed validate_only - global -- now use the concept of "modes" added -h and -k options + to parse command line arguments moved call to find_path() from + load_globals to new function load_cmnd() removed validate_only + global -- now use the concept of "modes" added -h and -k options -1994-08-04 18:21 millert +1994-08-04 20:21 millert * parse.c: no longer use global validate_only now checks for - command called "validate" removed check for non-fully qualified - commands since that is done by find_path + command called "validate" removed check for non-fully qualified + commands since that is done by find_path -1994-08-04 18:20 millert +1994-08-04 20:20 millert * find_path.c: changed MAXPATHLEN r to MAXPATHLEN+1 -1994-08-04 18:17 millert +1994-08-04 20:17 millert * find_path.c: fixed off by one error with MAXPATHLEN and fixed a - comment + comment -1994-08-04 18:17 millert +1994-08-04 20:17 millert * check.c: check_timestamp no longer runs reminder(), it is implied - in the return val added remove_timestamp() + in the return val added remove_timestamp() -1994-08-04 18:16 millert +1994-08-04 20:16 millert * CHANGES: updated -1994-08-04 14:38 millert +1994-08-04 16:38 millert * BUGS: fixed on -1994-08-04 14:37 millert +1994-08-04 16:38 millert + + * sudo_realpath.c: took out old_errno + +1994-08-04 16:37 millert * CHANGES: updated -1994-08-03 10:08 millert +1994-08-03 12:08 millert * logging.c: moved send_mail to after syslog -1994-08-02 20:41 millert +1994-08-02 22:41 millert * sudo.c: now set SUDO_ envariables -1994-08-01 11:39 millert +1994-08-01 13:40 millert + + * version.h: ++ + +1994-08-01 13:39 millert + + * sudo_realpath.c: now print error if chdir fails + +1994-08-01 13:39 millert * find_path.c: removed an XXX -1994-07-25 18:40 millert +1994-07-25 20:40 millert * CHANGES: updated -1994-07-25 18:36 millert +1994-07-25 20:36 millert * configure.in: no more static binaries for aix -1994-07-25 16:37 millert +1994-07-25 18:37 millert * INSTALL: fixed typo -1994-07-25 16:31 millert +1994-07-25 18:33 millert + + * sudo_realpath.c: took out stuff not needed for sudo now does + be_root/be_user itself now uses cwd global + +1994-07-25 18:32 millert + + * version.h: +=2 + +1994-07-25 18:31 millert * logging.c, sudo.c: be_root/be_user is now down in sudo_realpath() -1994-07-25 16:26 millert +1994-07-25 18:26 millert * logging.c, sudo.h: now works with 4.2BSD syslog (blech) -1994-07-25 16:25 millert +1994-07-25 18:25 millert * find_path.c: now use sudo_realpath() -1994-07-25 16:25 millert +1994-07-25 18:25 millert * config.h.in: took out realpth() stuff since we now use - sudo_realpath() + sudo_realpath() -1994-07-25 16:25 millert +1994-07-25 18:25 millert * configure.in: ultrix enhanced sec -1994-07-25 16:25 millert +1994-07-25 18:25 millert * SUPPORTED: added ultrix enhanced sec. -1994-07-25 16:24 millert +1994-07-25 18:24 millert * INSTALL: updated -1994-07-25 16:21 millert +1994-07-25 18:21 millert * check.c: ultrix enhanced security suport -1994-07-25 16:20 millert +1994-07-25 18:20 millert * Makefile.in: added sudo_realpath.c -1994-07-25 16:18 millert +1994-07-25 18:18 millert * CHANGES: updated -1994-07-25 11:17 millert +1994-07-25 14:28 millert + + * tgetpass.c: increased passwd len to 24 for c2 security + +1994-07-25 13:17 millert * BUGS: updated BUGS -1994-07-15 09:49 millert +1994-07-15 11:49 millert * check.c: now use user global var -1994-07-15 09:48 millert +1994-07-15 11:48 millert * configure.in: took out -ls -1994-07-14 17:11 millert +1994-07-14 19:11 millert * configure.in: added AFS libs -1994-07-14 15:45 millert +1994-07-14 17:45 millert * sudo.h: user is now a char * added epasswd -1994-07-14 15:43 millert +1994-07-14 17:43 millert * sudo.c: added tzset() to load_globals added epasswd (encrypted - password) global made user dynamically allocated + password) global made user dynamically allocated -1994-07-14 15:43 millert +1994-07-14 17:43 millert * configure.in: added tzset test -1994-07-14 15:43 millert +1994-07-14 17:43 millert * config.h.in: added HAVE_TZSET -1994-07-14 15:42 millert +1994-07-14 17:42 millert * check.c: cleaned up encrypted passwd grab somewhat -1994-07-14 10:34 millert +1994-07-14 12:34 millert * configure.in: fixed AFS typo -1994-07-14 10:34 millert +1994-07-14 12:34 millert * INSTALL: added AFS not -1994-07-14 10:34 millert +1994-07-14 12:34 millert * CHANGES: udpated -1994-07-14 10:33 millert +1994-07-14 12:33 millert * logging.c: can now log to both syslog & a file -1994-07-14 10:12 millert +1994-07-14 12:12 millert * sudo.h: added BOTH_LOGS -1994-07-14 09:34 millert +1994-07-14 11:34 millert * CHANGES: updated -1994-07-14 09:32 millert +1994-07-14 11:32 millert * configure.in: --with-AFS -1994-07-14 09:32 millert +1994-07-14 11:32 millert * config.h.in: added HAVE_AFS -1994-07-14 09:31 millert +1994-07-14 11:31 millert * check.c: added afs changes -1994-07-14 09:21 millert +1994-07-14 11:21 millert * sudo.h: removed AFS stuff :-) -1994-07-14 09:17 millert +1994-07-14 11:19 millert + + * tgetpass.c: include sys/select for AIX + +1994-07-14 11:17 millert * sudo.h: added AFS -1994-07-07 12:45 millert +1994-07-14 11:16 millert + + * version.h: ++ + +1994-07-07 14:45 millert * SUPPORTED, CHANGES: updated -1994-07-07 12:44 millert +1994-07-07 14:44 millert * logging.c: can now have MAILER undefined -1994-07-07 12:37 millert +1994-07-07 14:37 millert * INSTALL: new sub-note about MAILER -1994-07-06 21:11 millert +1994-07-06 23:11 millert * sudo.man: added blurb about password timeout -1994-07-06 18:52 millert +1994-07-06 20:52 millert * configure.in: convex c2 changes -1994-07-06 18:52 millert +1994-07-06 20:52 millert * aclocal.m4: took out duplicate define of _CONVEX_SOURCE -1994-07-06 18:51 millert +1994-07-06 20:51 millert * Makefile.in: added OSDEFS -1994-07-06 18:46 millert +1994-07-06 20:46 millert * config.h.in: added spaces -1994-07-06 18:08 millert +1994-07-06 20:08 millert + + * tgetpass.c: added a goto if fgets fails + +1994-07-06 20:08 millert * sudo.h: use __hpux not hpux convex c2 stuff -1994-07-06 18:08 millert +1994-07-06 20:08 millert * sudo.c: use __hpux not hpux -1994-07-06 18:08 millert +1994-07-06 20:08 millert * logging.c: convex c2 stuff -1994-07-06 18:07 millert +1994-07-06 20:07 millert * config.h.in: define ansi-ish cpp os defines if non-ansi are - defined for hpux & convex + defined for hpux & convex -1994-07-06 18:07 millert +1994-07-06 20:07 millert * INSTALL: updated to say we support sonvex C2 -1994-07-06 18:05 millert +1994-07-06 20:05 millert * check.c: added convex c2 support -1994-06-29 15:04 millert +1994-07-01 12:06 millert + + * tgetpass.c: no more ioctl never returns NULL uses fgets() and + select() to timeout + +1994-06-29 17:04 millert * configure.in: things were testing -n "$GCC" instead of -z "$GCC" -1994-06-26 14:38 millert +1994-06-29 16:39 millert + + * tgetpass.c: now works + uses fgets() + +1994-06-28 18:25 millert + + * tgetpass.c: select doesn't seem to recognize a single '\n' as + input waiting so we can;t use it, sigh. + +1994-06-26 16:38 millert * PORTING: updated tgetpass() blurb -1994-06-26 14:35 millert +1994-06-26 16:35 millert * configure.in: added --with-getpass -1994-06-26 14:35 millert +1994-06-26 16:35 millert * Makefile.in: added tgetpass stuff -1994-06-24 17:48 millert +1994-06-26 15:25 millert + + * tgetpass.c: now uses stdio + +1994-06-26 15:17 millert + + * version.h: ++ + +1994-06-24 19:48 millert * PORTING: updated ,. -1994-06-24 17:46 millert +1994-06-24 19:46 millert * config.h.in: added USE_GETPASS && HAVE_C2_SECURITY -1994-06-24 17:45 millert +1994-06-24 19:45 millert * configure.in: fixed a test aded --with-C2 and --with-tgetpass -1994-06-24 17:45 millert +1994-06-24 19:45 millert * check.c: added hpux C2 shit -1994-06-24 17:45 millert +1994-06-24 19:45 millert * Makefile.in: took out tgetpass.* -1994-06-24 17:45 millert +1994-06-24 19:45 millert * INSTALL: added C2 blurb -1994-06-13 13:54 millert +1994-06-13 15:54 millert * configure.in: no termio(s) for ultrix since it is broken -1994-06-13 13:41 millert +1994-06-13 15:41 millert * check.c: added a space (yeah, anal) -1994-06-13 13:17 millert +1994-06-13 15:17 millert - * realpath.c: fixed it (duh, rtfm) + * realpath.c, sudo_realpath.c: fixed it (duh, rtfm) -1994-06-08 12:34 millert +1994-06-08 14:34 millert * config.h.in: took out bsd signal stuff for irix -1994-06-08 12:09 millert +1994-06-08 14:26 millert + + * visudo.c: comments in #endif + +1994-06-08 14:09 millert * configure.in: don't define BSD signals for irix -1994-06-08 10:57 millert +1994-06-08 12:57 millert * TODO: did some... -1994-06-08 10:57 millert +1994-06-08 12:57 millert * CHANGES: updated -1994-06-08 10:56 millert +1994-06-08 12:56 millert - * realpath.c: took out unneeded code by changing where a strings - was terminated + * realpath.c, sudo_realpath.c: took out unneeded code by changing + where a strings was terminated -1994-06-07 17:21 millert +1994-06-07 19:21 millert - * realpath.c: fix bug where /dirname would return NULL + * realpath.c, sudo_realpath.c: fix bug where /dirname would return + NULL -1994-06-07 15:40 millert +1994-06-07 17:40 millert * sudo.h: move __P to config.h -1994-06-07 15:40 millert +1994-06-07 17:40 millert - * getcwd.c, getwd.c, realpath.c: added errno definition + * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: added errno + definition -1994-06-07 15:40 millert +1994-06-07 17:40 millert * config.h.in: added __P -1994-06-07 15:21 millert +1994-06-07 17:21 millert * config.h.in: added HAVE_FCHDIR -1994-06-07 15:18 millert +1994-06-07 17:18 millert * strdup.c: now include stdio -1994-06-07 12:55 millert +1994-06-07 14:55 millert - * realpath.c: now works if no fchdir + * realpath.c, sudo_realpath.c: now works if no fchdir -1994-06-07 12:54 millert +1994-06-07 14:55 millert + + * visudo.c: define SA_RESETHAND to null if not defined + +1994-06-07 14:54 millert * configure.in: added check & replace -1994-06-06 18:05 millert +1994-06-06 20:05 millert * configure.in: took out -static for nextstep -- it doesn't work -1994-06-06 17:59 millert +1994-06-06 19:59 millert * logging.c: moved #endif to where it belongs -1994-06-06 17:54 millert +1994-06-06 19:54 millert * SUPPORTED: correction -1994-06-06 17:42 millert +1994-06-06 19:42 millert * configure.in: now checks for strdup realpath getcwd bzero -1994-06-06 17:31 millert +1994-06-06 19:31 millert * config.h.in: emulate bzero -1994-06-06 14:57 millert +1994-06-06 16:57 millert + + * visudo.c: added posic signals + +1994-06-06 16:57 millert + + * tgetpass.c: bzero cast + +1994-06-06 16:57 millert * logging.c: added posix signals -1994-06-06 14:56 millert +1994-06-06 16:56 millert * configure.in: removed BROKEN_GETPASS added new srcs toreplace - missing functions + missing functions -1994-06-06 14:56 millert +1994-06-06 16:56 millert * config.h.in: added posix signal stuff -1994-06-06 14:56 millert +1994-06-06 16:56 millert * Makefile.in: added new srcs -1994-06-05 18:17 millert +1994-06-06 12:53 millert + + * visudo.c: updated useag + +1994-06-06 12:39 millert + + * tgetpass.c: now uses posix signals + +1994-06-05 20:17 millert * PORTING: updated sto reflect major changes -1994-06-05 18:05 millert +1994-06-05 20:05 millert * TODO, CHANGES: updated -1994-06-05 18:04 millert +1994-06-05 20:04 millert + + * tgetpass.c: uses sysconf() if available + +1994-06-05 20:04 millert * sudo.h: added PASSWORD_TIMEOUT + prototypes for new functions -1994-06-05 18:04 millert +1994-06-05 20:04 millert - * realpath.c: for those w/o this in libc + * realpath.c, sudo_realpath.c: for those w/o this in libc -1994-06-05 18:03 millert +1994-06-05 20:03 millert * getcwd.c, getwd.c: Initial revision -1994-06-05 18:03 millert +1994-06-05 20:03 millert * find_path.c: rewrote to use realpath(3) - nis now all my code -1994-06-05 18:02 millert +1994-06-05 20:02 millert * config.h.in: added HAVE_REALPATH -1994-06-05 18:02 millert +1994-06-05 20:02 millert * check.c: now use tgetpass -1994-06-05 18:02 millert +1994-06-05 20:02 millert * Makefile.in: added LIBOBJS use tgetpass.c -1994-06-05 15:17 millert +1994-06-05 18:55 millert + + * tgetpass.c: works now :-) + +1994-06-05 18:27 millert + + * tgetpass.c: Initial revision + +1994-06-05 17:17 millert * pathnames.h.in: added /dev/tty -1994-06-04 13:29 millert +1994-06-04 17:12 millert + + * version.h: incremented + +1994-06-04 15:29 millert * sudo.c: always use getcwd -1994-06-04 12:49 millert +1994-06-04 14:49 millert * config.h.in: added check for getwd -1994-06-04 12:48 millert +1994-06-04 14:48 millert * configure.in: replace strdup & realpath & getcwd if missing -1994-06-04 12:47 millert +1994-06-04 14:47 millert * pathnames.h.in: added _PATH_PWD -1994-06-04 12:46 millert +1994-06-04 14:46 millert * aclocal.m4: added SUDO_PROG_PWD -1994-06-04 12:37 millert +1994-06-04 14:37 millert - * realpath.c, strdup.c: Initial revision + * realpath.c, sudo_realpath.c, strdup.c: Initial revision -1994-06-03 09:31 millert +1994-06-03 11:31 millert * configure.in: quoted quare brackets -1994-06-02 15:49 millert +1994-06-02 17:49 millert * sudo.c: no need to strdup() a constant -1994-06-02 13:45 millert +1994-06-02 15:45 millert * CHANGES: updated -1994-06-02 13:44 millert +1994-06-02 15:44 millert * sudo.man: added validate -1994-06-02 13:42 millert +1994-06-02 15:42 millert * sudo.c: added -v to usage -1994-06-02 13:41 millert +1994-06-02 15:41 millert * parse.c, sudo.c, sudo.h: added validate_only stuff -1994-05-29 19:29 millert +1994-05-29 21:29 millert * configure.in: now finds sed -1994-05-29 19:28 millert +1994-05-29 21:28 millert * aclocal.m4: $OSREV is now an int -1994-05-29 17:13 millert +1994-05-29 19:13 millert * configure.in: added mtxinu to caser -1994-05-29 16:37 millert +1994-05-29 18:37 millert * sudo.h: added EXEC macro -1994-05-29 16:36 millert +1994-05-29 18:36 millert * sudo.c: now use the EXEC nmacro now only do a gethostbyname() if - FQDN is set + FQDN is set -1994-05-29 16:36 millert +1994-05-29 18:36 millert * logging.c: changed mail_argv[] def now use EXEC() macro -1994-05-29 16:35 millert +1994-05-29 18:35 millert * check.c: took out crypt() definition -1994-05-29 13:52 millert +1994-05-29 17:23 millert + + * version.h: upped the version + +1994-05-29 15:52 millert * configure.in: always look for -lnsl -1994-05-29 13:29 millert +1994-05-29 15:29 millert * aclocal.m4: added an echo -1994-05-29 13:25 millert +1994-05-29 15:25 millert * sudo.h: SHORT_MESSAGE is now the default -1994-05-29 13:18 millert +1994-05-29 15:18 millert * config.h.in: fixed typo -1994-05-28 23:29 millert +1994-05-29 01:29 millert * configure.in: added missing AC_DEFINE(SVR4) for solaris -1994-05-28 18:42 millert +1994-05-28 20:42 millert * sudo.man: documented the -v flag -1994-05-28 18:34 millert +1994-05-28 20:34 millert * SUPPORTED: updated -1994-05-28 18:31 millert +1994-05-28 20:31 millert * check.c: proto-ized crypt() -1994-05-28 18:28 millert +1994-05-28 20:28 millert * config.h.in: added LIBSHADOW undef -1994-05-28 18:18 millert +1994-05-28 20:18 millert * configure.in: nwo set OS to be lowercase -1994-05-28 17:36 millert +1994-05-28 19:36 millert * configure.in: now use SUDO_OSTYPE to set $OS -1994-05-28 17:36 millert +1994-05-28 19:36 millert * aclocal.m4: now use uname to determine os -1994-05-28 13:13 millert +1994-05-28 16:23 millert + + * visudo.c: added prototypes & moved sig handler around + +1994-05-28 15:13 millert * sudo.h: added prototyppes -1994-05-28 13:13 millert +1994-05-28 15:13 millert * parse.c: added comment -1994-05-28 13:12 millert +1994-05-28 15:12 millert * config.h.in: nwo use _BSD_SIGNALS not _BSD_COMPAT -1994-05-28 13:11 millert +1994-05-28 15:11 millert * check.c, logging.c, sudo.c: added prototypes -1994-05-28 13:11 millert +1994-05-28 15:11 millert * aixcrypt.exp: Initial revision -1994-05-28 13:11 millert +1994-05-28 15:11 millert * Makefile.in: added aixcrypt.exp -1994-05-28 11:21 millert +1994-05-28 13:21 millert * parse.lex, parse.yacc: moved config.h to top of includes -1994-05-25 13:48 millert +1994-05-25 15:48 millert * find_path.c: now don't bitch if get EACCESS (treat like EPERM) -1994-05-24 21:08 millert +1994-05-24 23:08 millert + + * visudo.c: added -v flag and usage() + +1994-05-24 23:08 millert + + * version.h: fixed a typo + +1994-05-24 23:08 millert * sudo.c: cast Argv to a const for exec added -v flag -1994-05-24 21:07 millert +1994-05-24 23:07 millert * logging.c: mail_argv is now a const -1994-05-24 21:07 millert +1994-05-24 23:07 millert * configure.in: only set RETSIGTYPE if it is not set already -1994-05-24 21:07 millert +1994-05-24 23:07 millert * aclocal.m4: now defines & STDC_HEADERS for Irix -1994-05-24 21:07 millert +1994-05-24 23:07 millert * Makefile.in: added version.h -1994-05-24 19:25 millert +1994-05-24 21:25 millert * insults.h, sudo.h: prevent multiple inclusion -1994-05-24 19:09 millert +1994-05-24 21:20 millert + + * version.h: Initial revision + +1994-05-24 21:09 millert * parse.lex, parse.yacc: now includes config.h -1994-05-24 18:54 millert +1994-05-24 20:54 millert * aclocal.m4: now talks about sunos 4.x -1994-05-24 16:00 millert +1994-05-24 20:23 millert + + * visudo.c: calls to Exit now pass an arg + +1994-05-24 18:00 millert + + * visudo.c: signal handler now takes an int argument + +1994-05-24 18:00 millert * CHANGES: updated -1994-05-24 15:44 millert +1994-05-24 17:44 millert * sudo.c: ok, the getcwd() is now *really* done as the user -1994-05-24 15:44 millert +1994-05-24 17:44 millert * configure.in: changed AIX STATIC_FLAGS -1994-05-24 14:27 millert +1994-05-24 16:27 millert * aclocal.m4: solaris now defines SVR4 -1994-05-24 14:18 millert +1994-05-24 16:18 millert * sudo.h: added cwd and fixed stupid core dump that makes no sense. - sigh. + sigh. -1994-05-24 14:18 millert +1994-05-24 16:18 millert * sudo.c: moved getcwd stuff into load_globals -1994-05-24 14:18 millert +1994-05-24 16:18 millert * parse.c: took out externs that are in suod.h -1994-05-24 14:18 millert +1994-05-24 16:18 millert * logging.c: moved cwd into load_globals -1994-05-24 14:17 millert +1994-05-24 16:17 millert * find_path.c: moved cwd stuff -1994-05-24 13:55 millert +1994-05-24 15:55 millert * Makefile.in: fixed make distclean & realclean -1994-05-24 10:51 millert +1994-05-24 12:51 millert * TODO: updated ., -1994-05-24 10:51 millert +1994-05-24 12:51 millert * CHANGES: added solaris changes -1994-05-24 10:51 millert +1994-05-24 12:51 millert * aclocal.m4: added solaris changes, need to rework -1994-05-24 10:50 millert +1994-05-24 12:50 millert * configure.in: cleaned up for solaris -1994-05-24 10:13 millert +1994-05-24 12:13 millert * logging.c: reinstall reapchild signal handler for non-bsd signals -1994-05-24 10:03 millert +1994-05-24 12:03 millert * sudo.h: took out getdtablesize() emulation for HP-UX (no longer - needed) + needed) -1994-05-24 10:03 millert +1994-05-24 12:03 millert * sudo.c: support for HAVE_SYSCONF -1994-05-23 18:26 millert +1994-05-24 12:02 millert + + * visudo.c: added for solaris & reorg'd the includes + + minor prettying up / + +1994-05-23 20:26 millert * config.h.in: added HAVE_SYSCONF -1994-05-16 16:57 millert +1994-05-16 18:57 millert * configure.in: now tells you what os you are running /. -1994-05-16 16:56 millert +1994-05-16 18:56 millert * aclocal.m4: took out extra ',' -1994-05-14 15:56 millert +1994-05-14 17:56 millert * config.h.in: added _BSD_COMPAT -1994-05-14 15:56 millert +1994-05-14 17:56 millert * aclocal.m4: fixed for irix5 -1994-05-14 15:55 millert +1994-05-14 17:55 millert * CHANGES: updated -1994-05-14 15:27 millert +1994-05-14 17:27 millert * sudo.c: uid seinitialized to -2 -1994-04-28 10:36 millert +1994-04-28 12:36 millert * sudo.c: now removes LIBPATH for AIX -1994-03-12 18:41 millert +1994-03-12 20:41 millert * configure.in: now uses ufc if it finds it -1994-03-12 15:42 millert +1994-03-12 17:42 millert * sudo.h: no longer define yyval & yylval since yacc does it -1994-03-12 15:42 millert +1994-03-12 17:42 millert * parse.lex: now defines yylval as extenr -1994-03-12 15:41 millert +1994-03-12 17:41 millert * configure.in: BROKEN_GETPASS is now an OPTION -1994-03-12 15:41 millert +1994-03-12 17:41 millert * config.h.in: took out BROKEN_GETPASS -1994-03-12 15:20 millert +1994-03-12 17:20 millert * Makefile.in: took out big comment -1994-03-12 14:24 millert +1994-03-12 16:24 millert * README: updated -1994-03-12 14:20 millert +1994-03-12 16:20 millert * Makefile.in: took out README.beta -1994-03-12 14:19 millert +1994-03-12 16:19 millert * SUPPORTED: Initial revision -1994-03-12 14:19 millert +1994-03-12 16:19 millert * INSTALL: now reference SUPPORTED ., -1994-03-12 14:17 millert +1994-03-12 16:17 millert * config.h.in: now check for convex OR __convex__ -1994-03-12 14:16 millert +1994-03-12 16:16 millert * aclocal.m4: now check for convex or __convex__ -1994-03-12 14:15 millert +1994-03-12 16:15 millert * Makefile.in: added dist target -1994-03-12 13:19 millert +1994-03-12 15:19 millert * aclocal.m4: use __convex__ -1994-03-12 12:33 millert +1994-03-12 14:33 millert * find_path.c: now use _S_* stat stuff to be ansi-like -1994-03-12 12:11 millert +1994-03-12 14:11 millert * INSTALL: updated for configure directions -1994-03-12 12:05 millert +1994-03-12 14:05 millert * Makefile.in: distclean now removes config.h and pathnames.h -1994-03-12 12:03 millert +1994-03-12 14:03 millert * CHANGES: updated -1994-03-12 12:00 millert +1994-03-12 14:00 millert * TODO: fixed typoe -1994-03-12 11:57 millert +1994-03-12 13:57 millert - * Makefile.in: updated version + * Makefile.in, visudo.c: updated version -1994-03-12 11:57 millert +1994-03-12 13:57 millert * config.h.in, pathnames.h.in: added copyright header -1994-03-12 11:55 millert +1994-03-12 13:55 millert * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex, - parse.yacc, sudo.c, sudo.h: udpated version + parse.yacc, sudo.c, sudo.h: udpated version + +1994-03-12 13:39 millert + + * visudo.c: udpated to use configure + pathnames.h -1994-03-12 11:37 millert +1994-03-12 13:37 millert * Makefile.in, config.h.in, configure.in, aclocal.m4: updated -1994-03-12 11:37 millert +1994-03-12 13:37 millert * sudo.h: now works with configure -1994-03-12 11:36 millert +1994-03-12 13:36 millert * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c: - updated to work with configure + pathnames.h + updated to work with configure + pathnames.h -1994-03-12 08:40 millert +1994-03-12 10:40 millert * Makefile.in: added LEXLIB -1994-03-10 01:18 millert +1994-03-10 03:18 millert * COPYING: updated gnu general licence to versio 2 -1994-03-10 00:44 millert +1994-03-10 02:44 millert * pathnames.h.in, config.h.in: Initial revision -1994-03-09 23:43 millert +1994-03-10 01:43 millert * sudo.h: changed to work with configure -1994-03-09 16:51 millert +1994-03-09 18:51 millert * Makefile.in, aclocal.m4, configure.in: Initial revision -1994-03-01 14:31 millert +1994-03-09 17:36 millert + + * visudo.c: now uses defines used by configure + +1994-03-01 16:31 millert * find_path.c: sudo won't bitch about EPERM now, for real -1994-02-27 22:36 millert +1994-02-28 00:36 millert * logging.c: renamed exec_argv to eliminate a libc name clash with - ksros + ksros -1994-02-27 22:28 millert +1994-02-28 00:28 millert * CHANGES: corrected -1994-02-27 22:27 millert +1994-02-28 00:27 millert * logging.c, sudo.c, sudo.h: execve -> execv -1994-02-27 21:27 millert +1994-02-27 23:27 millert * TODO: upated -1994-02-27 21:19 millert +1994-02-27 23:19 millert * PORTING: added 2 mroe items -1994-02-27 21:12 millert +1994-02-27 23:12 millert * CHANGES: updated -1994-02-27 21:11 millert +1994-02-27 23:11 millert * sudo.h: added UMASK and mode_t declaration -1994-02-27 21:11 millert +1994-02-27 23:11 millert * sudo.c: added UMASK -1994-02-27 18:55 millert +1994-02-27 20:55 millert * logging.c: now opens log file with mode 077 -1994-02-27 18:55 millert +1994-02-27 20:55 millert * check.c: saved current umask ans restores it -1994-02-27 18:36 millert +1994-02-27 20:36 millert * sudo.h: added MAXLOGFILELEN -1994-02-27 18:35 millert +1994-02-27 20:35 millert * logging.c: split long log lines. FOr syslog, split into multiple - entries, for a log file, indent the extra for readability + entries, for a log file, indent the extra for readability -1994-02-27 15:22 millert +1994-02-27 17:22 millert * CHANGES: added changes -1994-02-27 15:18 millert +1994-02-27 17:18 millert * sudo.h: MAXLOGLEN & MAXSYSLOGLEN are now different (as they - should be) + should be) -1994-02-25 14:04 millert +1994-02-25 16:04 millert * TODO: added input from Brett M Hogden -1994-02-16 11:35 millert +1994-02-16 13:35 millert * sudo.c: added rmenv() to remove stuff from environ. can now uses - execvp() OR execve() becuase of this. + execvp() OR execve() becuase of this. -1994-02-16 11:35 millert +1994-02-16 13:35 millert * logging.c: now uses execvp() OR execve() -1994-02-16 11:31 millert +1994-02-16 13:31 millert * sudo.h: added USE_EXECVE -1994-02-16 11:27 millert +1994-02-16 13:27 millert * sudo.h: added environ -1994-02-16 10:53 millert +1994-02-16 12:53 millert * find_path.c: now ignore EPERM -1994-02-15 21:52 millert +1994-02-15 23:52 millert * sudo.h: moved some func decls out of sudo.h and into sudo.c as - statics /. + statics /. -1994-02-15 21:52 millert +1994-02-15 23:52 millert * CHANGES: updated -1994-02-15 21:40 millert +1994-02-15 23:40 millert * sudo.h: took out Envp -1994-02-14 10:28 millert +1994-02-14 12:28 millert * BUGS: Initial revision -1994-02-10 12:29 millert +1994-02-10 14:29 millert * sudo.c, sudo.h, CHANGES: added SECURE_PATH -1994-02-10 12:05 millert +1994-02-10 14:05 millert * sudo.h: added SECURE_PATH -1994-02-10 11:50 millert +1994-02-10 13:50 millert * INSTALL: added sample.sudoers note -1994-02-09 12:54 millert +1994-02-10 13:47 millert + + * sudoers: Initial revision + +1994-02-09 14:54 millert * find_path.c: fixed typo -1994-02-08 21:06 millert +1994-02-08 23:06 millert * PORTING: took out SAVED_UID garbage -1994-02-08 20:55 millert +1994-02-08 22:55 millert * INSTALL: mentioned HAL -1994-02-08 20:50 millert +1994-02-08 22:50 millert * sudo.h: added HAL line -1994-02-08 20:48 millert +1994-02-08 22:48 millert * insults.h: added HAL insults -1994-02-08 20:48 millert +1994-02-08 22:48 millert * TODO: updated -1994-02-08 20:02 millert +1994-02-08 22:02 millert * logging.c: more verbose error if mailer not found -1994-02-08 20:02 millert +1994-02-08 22:02 millert * check.c: now do getpwent as root for soem shadow password systems - (bsdi) + (bsdi) -1994-02-08 11:22 millert +1994-02-08 13:22 millert * sudo.h: took out SAVED_UID garbade -1994-02-08 11:21 millert +1994-02-08 13:21 millert * sudo.c: took out SAVED_UID garbage since it don't work -1994-02-06 15:43 millert +1994-02-06 17:43 millert * README: updated -1994-02-06 15:40 millert +1994-02-06 17:40 millert * insults.h: added a missing space :-) -1994-02-05 17:48 millert +1994-02-05 19:48 millert * sudo.c, sudo.h: took out multimax cruft -1994-02-05 17:30 millert +1994-02-05 19:30 millert * INSTALL: minor update -1994-02-05 17:30 millert +1994-02-05 19:30 millert * PORTING: finished -1994-02-05 17:19 millert +1994-02-05 19:19 millert * sudo.c: fixed a typo + indentation -1994-02-05 16:43 millert +1994-02-05 18:43 millert * sudo.h: took outumoved some defines to the config file ,. ,. -1994-02-05 13:17 millert +1994-02-05 15:17 millert * PORTING: Initial revision -1994-02-05 13:17 millert +1994-02-05 15:17 millert * TODO: did #6 -1994-02-05 13:16 millert +1994-02-05 15:16 millert * sudo.h: added HAS_SAVED_UID -1994-02-05 13:16 millert +1994-02-05 15:16 millert * sudo.c: put back AIX cruft -1994-02-02 22:44 millert +1994-02-03 00:44 millert * sudo.c: aix changes -1994-02-01 23:31 millert +1994-02-02 01:31 millert * CHANGES: updated -1994-02-01 23:30 millert +1994-02-02 01:30 millert * check.c, logging.c, parse.c, sudo.c, sudo.h: now is only root - when abs necesary + when abs necesary -1994-02-01 20:21 millert +1994-02-01 22:21 millert * check.c: added missing %s\n -1994-01-31 00:06 millert +1994-01-31 02:06 millert * install-sh: Initial revision -1994-01-30 23:58 millert +1994-01-31 01:58 millert * CHANGES, TODO: updated -1994-01-30 23:56 millert +1994-01-31 01:56 millert * sudo.c: now removed _RLD_* for alphas -1994-01-30 23:50 millert +1994-01-31 01:50 millert * INSTALL: updated for new config scheme -1994-01-30 17:42 millert +1994-01-30 19:42 millert * find_path.c: more verbose eror messages -1994-01-27 12:08 millert +1994-01-27 14:08 millert * TODO: now have solaris -1994-01-27 12:07 millert +1994-01-27 14:07 millert * sudo.h: define __svr4__ for SOLARIS -1994-01-27 12:07 millert +1994-01-27 14:07 millert * check.c: added svr4 junk for shadow pws for solaris 2.x -1994-01-27 11:19 millert +1994-01-27 13:19 millert - * check.c, sudo.c: took out setuid(0) and setreuid(udi) garbage. - Its not needed since we start out setuid with the correct perms. + * check.c, sudo.c: took out setuid(0) and setreuid(udi) garbage. + Its not needed since we start out setuid with the correct perms. -1994-01-26 17:51 millert +1994-01-26 19:51 millert * check.c, sudo.c, sudo.h: now use setreuid() -1994-01-26 16:58 millert +1994-01-26 18:58 millert * sudo.man: revised AUTHORS secrtion & added ENV_EDITOR stuff to - VARIABLES sectoin + VARIABLES sectoin -1994-01-26 16:52 millert +1994-01-26 18:52 millert + + * visudo.c: now uses ENV_EDITOR if you want to use the EDITOR envar + +1994-01-26 18:52 millert * sudo.h: now uses ENV_EDITOR if you want to use the EDITOR envar - >> . + >> . -1993-12-06 23:33 millert +1993-12-07 01:33 millert * README: minor update + spell fix -1993-12-06 23:33 millert +1993-12-07 01:33 millert * INSTALL: rewrote most of this -1993-12-06 23:13 millert +1993-12-07 01:13 millert * sudo.h: added all options that are in the Makefile -1993-12-06 22:23 millert +1993-12-07 00:23 millert * getpass.c: now use USE_TERMIO #define for sgi & hpux -1993-12-06 21:19 millert +1993-12-06 23:19 millert * TODO: todo: posix sigs -1993-12-05 23:12 millert +1993-12-06 01:12 millert * check.c, find_path.c: always include strings.h -1993-12-05 18:30 millert +1993-12-05 20:34 millert + + * visudo.c: added STATICEDITOR + +1993-12-05 20:30 millert * sudo.h: sgi has vi in /usr/bin too -1993-12-05 18:23 millert +1993-12-05 20:23 millert * sudo.man: added VISUAL -1993-12-02 20:20 millert +1993-12-02 22:20 millert * sudo.h: sue /usr/bin/vi on some systems -1993-12-02 20:19 millert +1993-12-02 22:19 millert * sudo.c: fixed warning (include strings.h) -1993-12-02 20:06 millert +1993-12-02 22:06 millert * sudo.man: added John_Rouillard@dl5000.bc.edu's changes (new - features) + features) -1993-12-02 19:38 millert +1993-12-02 21:38 millert * CHANGES: changes from John_Rouillard@dl5000.bc.edu -1993-12-02 19:34 millert +1993-12-02 21:35 millert + + * visudo.c: added EDITOR envar + +1993-12-02 21:34 millert * check.c, find_path.c, parse.c, sudo.c: added patches from - John_Rouillard directory spec uses EDITOR + John_Rouillard directory spec uses EDITOR -1993-12-01 17:32 millert +1993-12-01 19:32 millert * getpass.c: added flush for hpux -1993-11-30 11:37 millert +1993-11-30 13:37 millert * sudo.c: no longer assume malloc returns a char * -1993-11-29 18:35 millert +1993-11-29 20:35 millert * sudo.c: alpha change to remove LD_-like thing fixed SHLIB_PATH - stuff -- now gets removed correctly + stuff -- now gets removed correctly -1993-11-29 17:31 millert +1993-11-29 19:31 millert * sudo.h: added STD_HEADERS macro -1993-11-29 17:14 millert +1993-11-29 19:14 millert * sudo.c: now uses STD_HEADERS macor for ansi -1993-11-29 17:14 millert +1993-11-29 19:14 millert * find_path.c: now uses STD_HEADERS macro -1993-11-29 17:13 millert +1993-11-29 19:13 millert * check.c: niceties for C compiler bitches -- no real change -1993-11-28 14:35 millert +1993-11-29 13:04 millert + + * visudo.c: now doesn't fclose a file never opened. + +1993-11-28 16:35 millert * sudo.man: added visudo line -1993-11-28 14:31 millert +1993-11-28 16:31 millert * sudo.man: added error stuff added me in there... -1993-11-28 01:12 millert +1993-11-28 03:12 millert * CHANGES: noted insults -1993-11-28 01:01 millert +1993-11-28 03:01 millert * INSTALL: added blurb about reading stuff -1993-11-28 01:00 millert +1993-11-28 03:00 millert * sudo.h: added insults -1993-11-28 01:00 millert +1993-11-28 03:00 millert * insults.h: corrected somments and removed newlines -1993-11-28 01:00 millert +1993-11-28 03:00 millert * check.c: now uses insults -1993-11-28 00:45 millert +1993-11-28 02:45 millert * insults.h: Initial revision -1993-11-27 17:46 millert +1993-11-27 19:46 millert * INSTALL: added dec syslog note -1993-11-27 17:25 millert +1993-11-27 19:25 millert * sample.sudoers: added real stuff in there -1993-11-27 17:24 millert +1993-11-27 19:24 millert * TODO: added a todo -1993-11-27 17:10 millert +1993-11-27 19:10 millert * TODO: added one -1993-11-27 16:59 millert +1993-11-27 18:59 millert * sample.sudoers: Initial revision -1993-11-27 16:59 millert +1993-11-27 18:59 millert * sudo.man: updated with changes -1993-11-27 16:52 millert +1993-11-27 18:52 millert * sudo.man: Initial revision -1993-11-27 16:48 millert +1993-11-27 18:48 millert * CHANGES, COPYING, INSTALL, README, TODO, indent.pro: Initial - revision + revision -1993-11-27 16:42 millert +1993-11-27 18:46 millert + + * visudo.c: updated version number and took out jeff's old addr + since it is no good + +1993-11-27 18:42 millert * sudo.h, check.c, find_path.c, logging.c, parse.c, parse.lex, - parse.yacc, sudo.c: updated version number and took out jeff's - email (since it is invalid) + parse.yacc, sudo.c: updated version number and took out jeff's + email (since it is invalid) -1993-10-28 07:36 millert +1993-10-28 09:36 millert * check.c: added fflush() -1993-10-22 18:46 millert +1993-10-22 20:46 millert * find_path.c: now return NULL instead pfof exiting for - nopnn-fatal errors + nopnn-fatal errors -1993-10-21 14:57 millert +1993-10-21 16:57 millert * check.c: new banner -1993-10-21 14:42 millert +1993-10-21 16:42 millert * parse.lex: now sudo.h gets included first -1993-10-17 18:31 millert +1993-10-17 20:31 millert * parse.lex: now can use flex -1993-10-17 18:31 millert +1993-10-17 20:31 millert * sudo.h: linux patch -1993-10-17 18:30 millert +1993-10-17 20:30 millert * sudo.c: hpux 9 fix, removes SHLIB_PATH linux patch -1993-10-17 18:30 millert +1993-10-17 20:30 millert * check.c: linux diff -1993-10-15 14:03 millert +1993-10-15 16:03 millert * find_path.c: stat now ignores EINVAL -1993-10-05 19:48 millert +1993-10-05 21:48 millert * find_path.c, sudo.c: now declare strdup as extern -1993-10-04 13:10 millert +1993-10-04 15:23 millert + + * visudo.c: reformatted with indent + by hand + +1993-10-04 15:10 millert * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, - sudo.h: used indent to "fix" coding style + sudo.h: used indent to "fix" coding style -1993-10-03 18:12 millert +1993-10-03 20:12 millert * find_path.c: now checks '.' or '.' or '' in PATH -- but does it - LAST should maybe move the code that does this into the loop body. - makes it messier tho. hmmm. + LAST should maybe move the code that does this into the loop + body. makes it messier tho. hmmm. -1993-09-08 09:53 millert +1993-09-08 11:53 millert * find_path.c: redid the fix for non-executable files in an easier - to read way plus some minor aethetic changes + to read way plus some minor aethetic changes -1993-09-08 09:39 millert +1993-09-08 11:39 millert * find_path.c: fixed bug with non-executable tings of same name in - path introduced by checkig errno after stat(2). + path introduced by checkig errno after stat(2). -1993-09-05 08:02 millert +1993-09-05 10:02 millert * sudo.c: fixed off by one error -1993-09-05 07:55 millert +1993-09-05 09:55 millert * find_path.c: now handles decending below '/' correctly -1993-09-05 06:35 millert +1993-09-05 08:35 millert * sudo.c: now actually builds Envp instead of munging envp -1993-09-04 13:42 millert +1993-09-04 15:42 millert * parse.yacc: now includes sys/param.h -1993-09-04 13:30 millert +1993-09-04 15:41 millert + + * visudo.c: now includes sys/param.h + +1993-09-04 15:30 millert * sudo.h: fixed ifndef -> ifdef -1993-09-04 13:19 millert +1993-09-04 15:19 millert * qualify.c: make more like find_path.c -1993-09-04 13:18 millert +1993-09-04 15:18 millert * find_path.c: rewritten by millert -1993-09-04 13:17 millert +1993-09-04 15:17 millert * sudo.h: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP - added info about new defines in the comment + added info about new defines in the comment -1993-09-04 13:15 millert +1993-09-04 15:15 millert * logging.c: now uses USE_CWD -1993-09-04 12:10 millert +1993-09-04 14:10 millert * sudo.h: added delc for clean_envp() and Envp -1993-09-04 12:09 millert +1993-09-04 14:09 millert * sudo.c: now rips LD_* env vars out of envp and passed sanitized - Envp to exec + Envp to exec -1993-09-04 12:09 millert +1993-09-04 14:09 millert * logging.c: now uses execve() -1993-09-04 12:08 millert +1993-09-04 14:08 millert * find_path.c: ENOTDIR is ok now too (in case part of the path is - bogus) + bogus) -1993-09-04 06:17 millert +1993-09-04 08:17 millert * qualify.c: now works correctly (ttaltotal rewrite) -1993-09-04 05:59 millert +1993-09-04 07:59 millert * parse.lex: now includes sys/param.h didn't match trailing / -- - fix from rouilj@cs.umb.edu + fix from rouilj@cs.umb.edu -1993-06-11 16:04 millert +1993-06-11 18:04 millert * sudo.c: moved around the #ifndef _AIX -1993-06-11 16:03 millert +1993-06-11 18:03 millert * check.c, logging.c, parse.c: Initial revision -1993-03-20 05:57 millert +1993-03-20 07:57 millert * qualify.c: Initial revision -1993-03-13 13:09 millert +1993-03-13 15:09 millert * find_path.c: now works if you do sudo bin/test -1993-03-13 12:20 millert +1993-03-13 14:20 millert * find_path.c: works -1993-03-02 16:28 millert +1993-03-02 18:28 millert * sudo.h: Initial revision -1993-03-02 09:32 millert +1993-03-02 11:35 millert + + * visudo.c: Initial revision + +1993-03-02 11:32 millert * parse.lex, parse.yacc: Initial revision -1993-02-16 11:24 millert +1993-02-16 13:24 millert * sudo.c: took out errno.h -1993-02-16 11:22 millert +1993-02-16 13:22 millert * sudo.c: now spews error if exec fails and exits with -1 -1993-02-16 10:07 millert +1993-02-16 12:07 millert * sudo.c: Initial revision -1993-02-15 20:27 millert +1993-02-15 22:27 millert * find_path.c: now only execs files with (an) executable bit set. -1993-02-15 20:01 millert +1993-02-15 22:01 millert * find_path.c: Initial revision -1993-02-15 12:32 millert +1993-02-15 14:32 millert * getpass.c: added nice comment -1993-02-15 12:19 millert +1993-02-15 14:19 millert * getpass.c: now works on sgi's -1993-02-15 11:57 millert +1993-02-15 13:57 millert * getpass.c: Initial revision