]> granicus.if.org Git - sudo/log
sudo
21 years agoBack out portions of the -i commit that set NewArgv[0] in set_runaspw.
Todd C. Miller [Tue, 20 Jan 2004 19:22:46 +0000 (19:22 +0000)]
Back out portions of the -i commit that set NewArgv[0] in set_runaspw.
It is far to late to set NewArgv[0] there and will have no effect
anyway as cmnd and safe_cmnd have already been set.

21 years agoPrefer VISUAL over EDITOR like old vipw did.
Todd C. Miller [Tue, 20 Jan 2004 19:18:44 +0000 (19:18 +0000)]
Prefer VISUAL over EDITOR like old vipw did.

21 years agoIn -i mode always set new environment based on the runas user's passwd entry.
Todd C. Miller [Mon, 19 Jan 2004 01:17:00 +0000 (01:17 +0000)]
In -i mode always set new environment based on the runas user's passwd entry.

21 years agoDocument the new -i flag and sync SYNOPSIS section with usage() in sudo.c.
Todd C. Miller [Sun, 18 Jan 2004 22:56:27 +0000 (22:56 +0000)]
Document the new -i flag and sync SYNOPSIS section with usage() in sudo.c.
Also sort the flags in the OPTIONS section.

21 years agoo Add -i that acts similar to "su -", based on patches from David J. MacKenzie
Todd C. Miller [Sun, 18 Jan 2004 22:55:32 +0000 (22:55 +0000)]
o Add -i that acts similar to "su -", based on patches from David J. MacKenzie
o Sort the flags in the usage message

21 years agoAdd a missing @runas_default@ substitution.
Todd C. Miller [Sun, 18 Jan 2004 22:22:01 +0000 (22:22 +0000)]
Add a missing @runas_default@ substitution.

21 years agoChange euid to runas user before calling find_path(). Unfortunately,
Todd C. Miller [Sat, 17 Jan 2004 21:34:05 +0000 (21:34 +0000)]
Change euid to runas user before calling find_path().  Unfortunately,
though runas_user can be modified in sudoers we haven't parsed sudoers yet.

21 years agoAdd missing defintion of Parameter_List and use single pipes in the
Todd C. Miller [Sat, 17 Jan 2004 21:25:40 +0000 (21:25 +0000)]
Add missing defintion of Parameter_List and use single pipes in the
Defaults EBNF definition.

21 years agoFix a bug when set_runaspw() is used as a callback. We don't want to
Todd C. Miller [Sat, 17 Jan 2004 18:49:59 +0000 (18:49 +0000)]
Fix a bug when set_runaspw() is used as a callback.  We don't want to
reset the contents of runas_pw if the user specified a user via the -u flag.

Avoid unnecessary passwd lookups in set_authpw().  In most cases we already
have the info in runas_pw.

21 years agoAdd Stan Lee / Uncle Ben quote to the lecture from RedHat
Todd C. Miller [Fri, 16 Jan 2004 23:16:24 +0000 (23:16 +0000)]
Add Stan Lee / Uncle Ben quote to the lecture from RedHat

21 years agoUpdate sudo_getepw() proto and add one for set_runaspw()
Todd C. Miller [Fri, 16 Jan 2004 23:12:03 +0000 (23:12 +0000)]
Update sudo_getepw() proto and add one for set_runaspw()

21 years agoIf we can't stat the command as root, try as the runas user instead.
Todd C. Miller [Fri, 16 Jan 2004 23:10:13 +0000 (23:10 +0000)]
If we can't stat the command as root, try as the runas user instead.

21 years agoAdd stub set_runaspw() function
Todd C. Miller [Fri, 16 Jan 2004 23:09:34 +0000 (23:09 +0000)]
Add stub set_runaspw() function

21 years agoAdd set_runaspw() function to fill in runas_pw. This will be used
Todd C. Miller [Fri, 16 Jan 2004 23:09:20 +0000 (23:09 +0000)]
Add set_runaspw() function to fill in runas_pw.  This will be used
as a callback to update runas_pw when the runas user changes.

21 years agoPERM_RUNAS -> PERM_FULL_RUNAS
Todd C. Miller [Fri, 16 Jan 2004 23:07:03 +0000 (23:07 +0000)]
PERM_RUNAS -> PERM_FULL_RUNAS

21 years agoRename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
Todd C. Miller [Fri, 16 Jan 2004 23:05:47 +0000 (23:05 +0000)]
Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
changes the euid.

21 years agoMake sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
Todd C. Miller [Fri, 16 Jan 2004 23:04:07 +0000 (23:04 +0000)]
Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
one chunk for easy free()ing.  Also change it from static to extern.

21 years agoAdd callback support
Todd C. Miller [Fri, 16 Jan 2004 23:03:02 +0000 (23:03 +0000)]
Add callback support

21 years agoAdd a callback field and use it for runas_default
Todd C. Miller [Fri, 16 Jan 2004 23:02:18 +0000 (23:02 +0000)]
Add a callback field and use it for runas_default

21 years agoAdd a callback field and use it for runas_default
Todd C. Miller [Fri, 16 Jan 2004 23:02:18 +0000 (23:02 +0000)]
Add a callback field and use it for runas_default

21 years agoAdd support for chalnecho and display server responses used by fwtk >= 2.0
Todd C. Miller [Thu, 15 Jan 2004 20:13:47 +0000 (20:13 +0000)]
Add support for chalnecho and display server responses used by fwtk >= 2.0

21 years agold.so is ld.so.1 on solaris
Todd C. Miller [Mon, 12 Jan 2004 23:39:00 +0000 (23:39 +0000)]
ld.so is ld.so.1 on solaris

21 years agoUse closefrom() instead of doing the equivalent inline.
Todd C. Miller [Mon, 12 Jan 2004 19:03:54 +0000 (19:03 +0000)]
Use closefrom() instead of doing the equivalent inline.

21 years agoclosefrom(3) for systems w/o it
Todd C. Miller [Mon, 12 Jan 2004 18:55:30 +0000 (18:55 +0000)]
closefrom(3) for systems w/o it

21 years agoUpdate from .pod file.
Todd C. Miller [Fri, 9 Jan 2004 21:29:05 +0000 (21:29 +0000)]
Update from .pod file.

21 years agoSubstitute noexec_file for the sudoers man page
Todd C. Miller [Fri, 9 Jan 2004 21:26:46 +0000 (21:26 +0000)]
Substitute noexec_file for the sudoers man page

21 years agoMention noexec
Todd C. Miller [Fri, 9 Jan 2004 21:24:50 +0000 (21:24 +0000)]
Mention noexec

21 years agoDocument noexec
Todd C. Miller [Fri, 9 Jan 2004 21:16:52 +0000 (21:16 +0000)]
Document noexec

21 years agoMove PAM_CONST macro definition from config.h to pam.c where it belongs.
Todd C. Miller [Fri, 9 Jan 2004 19:39:00 +0000 (19:39 +0000)]
Move PAM_CONST macro definition from config.h to pam.c where it belongs.
We can't have this in config.h since that gets included too early.

21 years agoSome PAM implementations put their headers in /usr/include/pam instead
Todd C. Miller [Fri, 9 Jan 2004 19:35:54 +0000 (19:35 +0000)]
Some PAM implementations put their headers in /usr/include/pam instead
of /usr/include/security.

21 years agoI missed changing the EXEC macro -> EXECV here when I changed this in
Todd C. Miller [Fri, 9 Jan 2004 19:32:43 +0000 (19:32 +0000)]
I missed changing the EXEC macro -> EXECV here when I changed this in
config.h.in and sudo.c a while ago.

21 years agoOpenBSD vax/m88k/hppa don't do shared libs
Todd C. Miller [Fri, 9 Jan 2004 18:15:54 +0000 (18:15 +0000)]
OpenBSD vax/m88k/hppa don't do shared libs

21 years agoo merge the hpux case entries into a single entry w/ its own sub-case statement.
Todd C. Miller [Fri, 9 Jan 2004 08:29:33 +0000 (08:29 +0000)]
o merge the hpux case entries into a single entry w/ its own sub-case statement.
o HP-UX >= 11 support getspnam(), use it in preference to getprpwuid()

21 years agoeval $shrext so that it expands nicely on MacOS X
Todd C. Miller [Fri, 9 Jan 2004 07:58:04 +0000 (07:58 +0000)]
eval $shrext so that it expands nicely on MacOS X

21 years agoDon't lie about making a module, it does the wrong thing on mach
Todd C. Miller [Fri, 9 Jan 2004 07:50:12 +0000 (07:50 +0000)]
Don't lie about making a module, it does the wrong thing on mach

21 years agoRemove requirement that libs must begin with "lib". They don't when
Todd C. Miller [Fri, 9 Jan 2004 07:49:50 +0000 (07:49 +0000)]
Remove requirement that libs must begin with "lib".  They don't when
we point directly at the lib using LD_PRELOAD or its equivalent.

21 years agoDisable support for c++, f77 and java. We don't need it, it takes a lot
Todd C. Miller [Fri, 9 Jan 2004 07:01:15 +0000 (07:01 +0000)]
Disable support for c++, f77 and java.  We don't need it, it takes a lot
of time, and it hosed our check for shared lib support.

21 years agoregen
Todd C. Miller [Fri, 9 Jan 2004 07:00:18 +0000 (07:00 +0000)]
regen

21 years agoCall AC_ENABLE_SHARED and check the status of enable_shared to know when
Todd C. Miller [Fri, 9 Jan 2004 07:00:01 +0000 (07:00 +0000)]
Call AC_ENABLE_SHARED and check the status of enable_shared to know when
shared libs are available.

21 years agoDuh, OpenBSD suports shared libs too
Todd C. Miller [Fri, 9 Jan 2004 06:37:08 +0000 (06:37 +0000)]
Duh, OpenBSD suports shared libs too

21 years agoOnly OpenPAM and Linux PAM use const qualifiers.
Todd C. Miller [Fri, 9 Jan 2004 06:18:10 +0000 (06:18 +0000)]
Only OpenPAM and Linux PAM use const qualifiers.

21 years agoo No need to check for sed, libtool config does that for us
Todd C. Miller [Fri, 9 Jan 2004 06:15:34 +0000 (06:15 +0000)]
o No need to check for sed, libtool config does that for us
o move check for --with-noexec until after libtool magic is run so we
  can use $can_build_shared and $shrext

21 years agoDon't print a bunch of crap about library installs since we are not
Todd C. Miller [Fri, 9 Jan 2004 06:14:31 +0000 (06:14 +0000)]
Don't print a bunch of crap about library installs since we are not
really installing a library.

21 years agoMake format_env() varargs
Todd C. Miller [Fri, 9 Jan 2004 05:38:58 +0000 (05:38 +0000)]
Make format_env() varargs
Add noexec support for Darwin, MacOS X, Irix, and Tru64

21 years agoUpdate to libtool 1.5 with local changes:
Todd C. Miller [Fri, 9 Jan 2004 05:32:55 +0000 (05:32 +0000)]
Update to libtool 1.5 with local changes:
 o no ldconfig in the finish step
 o assume no libprefix or version is needed

21 years agoFix compilation under K&R
Todd C. Miller [Fri, 9 Jan 2004 05:15:38 +0000 (05:15 +0000)]
Fix compilation under K&R

21 years agocheckpoint
Todd C. Miller [Tue, 6 Jan 2004 14:31:35 +0000 (14:31 +0000)]
checkpoint

21 years agostub execve() that just returns EACCES; used for noexec functionality
Todd C. Miller [Tue, 6 Jan 2004 14:28:49 +0000 (14:28 +0000)]
stub execve() that just returns EACCES; used for noexec functionality

21 years agoRegen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with generated code.
Todd C. Miller [Tue, 6 Jan 2004 06:42:14 +0000 (06:42 +0000)]
Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with generated code.

21 years agoRegen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with generated code.
Todd C. Miller [Tue, 6 Jan 2004 06:42:14 +0000 (06:42 +0000)]
Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with generated code.

21 years agoMove the environment defaults to the end and shorten a few of the descriptions.
Todd C. Miller [Mon, 5 Jan 2004 21:10:19 +0000 (21:10 +0000)]
Move the environment defaults to the end and shorten a few of the descriptions.

21 years agono shared libs on ultris or convexos
Todd C. Miller [Mon, 5 Jan 2004 20:05:29 +0000 (20:05 +0000)]
no shared libs on ultris or convexos

21 years agoBuild sudo_noexec shared object using libtool; could use some cleanup.
Todd C. Miller [Mon, 5 Jan 2004 20:03:09 +0000 (20:03 +0000)]
Build sudo_noexec shared object using libtool; could use some cleanup.

21 years agolibtool scaffolding
Todd C. Miller [Mon, 5 Jan 2004 19:59:56 +0000 (19:59 +0000)]
libtool scaffolding

21 years agoMerge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
Todd C. Miller [Mon, 5 Jan 2004 19:56:43 +0000 (19:56 +0000)]
Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
important.

21 years agoupdate copyright year
Todd C. Miller [Mon, 5 Jan 2004 17:15:32 +0000 (17:15 +0000)]
update copyright year

21 years agoAdd _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option.
Todd C. Miller [Mon, 5 Jan 2004 03:58:39 +0000 (03:58 +0000)]
Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option.
The default value of noexec_file is set to this.

21 years agoAdd support for preloading a shared object containing a dummy execve()
Todd C. Miller [Mon, 5 Jan 2004 02:48:09 +0000 (02:48 +0000)]
Add support for preloading a shared object containing a dummy execve()
function that just sets error and returns -1.  This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally.  There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.

21 years agoadd missing newline to usage statement
Todd C. Miller [Mon, 5 Jan 2004 02:40:02 +0000 (02:40 +0000)]
add missing newline to usage statement

21 years agoRename EXEC macro -> EXECV
Todd C. Miller [Mon, 5 Jan 2004 01:39:57 +0000 (01:39 +0000)]
Rename EXEC macro -> EXECV

21 years agoDon't truncate usernames to 8 characters in the log message.
Todd C. Miller [Mon, 5 Jan 2004 01:16:24 +0000 (01:16 +0000)]
Don't truncate usernames to 8 characters in the log message.

21 years agoUpdate copyright year
Todd C. Miller [Mon, 5 Jan 2004 01:13:50 +0000 (01:13 +0000)]
Update copyright year

21 years agoAdd a new option, lecture_file, that can be used to point to a custom
Todd C. Miller [Mon, 5 Jan 2004 01:12:22 +0000 (01:12 +0000)]
Add a new option, lecture_file, that can be used to point to a custom
sudo lecture.

21 years agoAdd a zero_bytes() function to do the equivalent of bzero in such a
Todd C. Miller [Wed, 31 Dec 2003 22:46:10 +0000 (22:46 +0000)]
Add a zero_bytes() function to do the equivalent of bzero in such a
way that will heopfully not be optimized away by sneaky compilers.

21 years agoAdd a zero_bytes() function to do the equivalent of bzero in such a
Todd C. Miller [Wed, 31 Dec 2003 22:46:08 +0000 (22:46 +0000)]
Add a zero_bytes() function to do the equivalent of bzero in such a
way that will heopfully not be optimized away by sneaky compilers.

21 years agoAdd a zero_bytes() function to do the equivalent of bzero in such a
Todd C. Miller [Wed, 31 Dec 2003 22:46:08 +0000 (22:46 +0000)]
Add a zero_bytes() function to do the equivalent of bzero in such a
way that will heopfully not be optimized away by sneaky compilers.

21 years agoUse #ifdef __STDC__, not #if __STDC__.
Todd C. Miller [Wed, 31 Dec 2003 18:35:02 +0000 (18:35 +0000)]
Use #ifdef __STDC__, not #if __STDC__.

21 years agoAlways put at least one space between the def_* macro name and its
Todd C. Miller [Tue, 30 Dec 2003 22:41:52 +0000 (22:41 +0000)]
Always put at least one space between the def_* macro name and its
definition.

21 years agoAdjust code for --without-lecture to match new values.
Todd C. Miller [Tue, 30 Dec 2003 22:34:28 +0000 (22:34 +0000)]
Adjust code for --without-lecture to match new values.

21 years agoregen after pasto fix
Todd C. Miller [Tue, 30 Dec 2003 22:33:50 +0000 (22:33 +0000)]
regen after pasto fix

21 years agoDocument that "lecture" has changed from a flag to a tuple.
Todd C. Miller [Tue, 30 Dec 2003 22:31:56 +0000 (22:31 +0000)]
Document that "lecture" has changed from a flag to a tuple.

21 years agoAdd support for tuples in def_data.in; these are implemented as an
Todd C. Miller [Tue, 30 Dec 2003 22:31:30 +0000 (22:31 +0000)]
Add support for tuples in def_data.in; these are implemented as an
enum type.  Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples.  This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.

lecture is now a tuple with the following values: never, once, always

We no longer use both an int and string entry for syslog facilities
and priorities.  Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.

21 years agoCreate def_* macros for each defaults value so we no longer need
Todd C. Miller [Tue, 30 Dec 2003 22:20:21 +0000 (22:20 +0000)]
Create def_* macros for each defaults value so we no longer need
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.

21 years agocheckpoint
Todd C. Miller [Tue, 30 Dec 2003 20:55:17 +0000 (20:55 +0000)]
checkpoint

21 years agoIf we are in -k/-K mode, just spew to stderr. It is not unusual for
Todd C. Miller [Tue, 23 Dec 2003 02:18:13 +0000 (02:18 +0000)]
If we are in -k/-K mode, just spew to stderr.  It is not unusual for
users to place "sudo -k" in a .logout file which can cause sudo to
be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
Previously, this would result in useless mail and logging.

21 years agofix pasto in VISUAL description
Todd C. Miller [Tue, 16 Dec 2003 18:51:45 +0000 (18:51 +0000)]
fix pasto in VISUAL description

21 years agoregen
Todd C. Miller [Wed, 10 Dec 2003 03:09:00 +0000 (03:09 +0000)]
regen

21 years agocheckpoint
Todd C. Miller [Wed, 10 Dec 2003 03:08:16 +0000 (03:08 +0000)]
checkpoint

21 years agoSome OSes (like Solaris) allow export w/ nosuid too
Todd C. Miller [Wed, 10 Dec 2003 03:02:09 +0000 (03:02 +0000)]
Some OSes (like Solaris) allow export w/ nosuid too

21 years agoWe don't use FD_ZERO anymore so just define FD_SET (if not already there).
Todd C. Miller [Tue, 12 Aug 2003 20:45:22 +0000 (20:45 +0000)]
We don't use FD_ZERO anymore so just define FD_SET (if not already there).

21 years agoFix a core dump on Solaris by preserving the pam_handle_t we used
Todd C. Miller [Sun, 29 Jun 2003 01:31:55 +0000 (01:31 +0000)]
Fix a core dump on Solaris by preserving the pam_handle_t we used
during authentication for pam_prep_user().  If we didn't authenticate
(ie: ticket still valid), we call pam_init() from pam_prep_user().
This is something of a hack; it may be better to change the auth
API and add an auth_final() function that acts like pam_prep_user().

21 years agoAdd explicit declaration of printerr variable in function header
Todd C. Miller [Sat, 21 Jun 2003 16:50:56 +0000 (16:50 +0000)]
Add explicit declaration of printerr variable in function header
(was defaulting to int which is OK but oh so K&R :-).  From Theo.

21 years agos/HAVE_STOW/USE_STOW/
Todd C. Miller [Mon, 9 Jun 2003 23:00:20 +0000 (23:00 +0000)]
s/HAVE_STOW/USE_STOW/

21 years agoAlso exit waitpid() loop when pid == 0. Fixes a problem where the sudo
Todd C. Miller [Mon, 9 Jun 2003 20:07:56 +0000 (20:07 +0000)]
Also exit waitpid() loop when pid == 0.  Fixes a problem where the sudo
process would spin eating up CPU until sendmail finished when it has
to send mail.

21 years agoRemove advertising clause, UCB has disavowed it
Todd C. Miller [Fri, 30 May 2003 20:22:31 +0000 (20:22 +0000)]
Remove advertising clause, UCB has disavowed it

21 years agoRemove advertising clause, UCB has disavowed it
Todd C. Miller [Fri, 30 May 2003 20:22:31 +0000 (20:22 +0000)]
Remove advertising clause, UCB has disavowed it

21 years agoDon't assume that getgrnam() calls don't modify contents of
Todd C. Miller [Thu, 22 May 2003 01:53:01 +0000 (01:53 +0000)]
Don't assume that getgrnam() calls don't modify contents of
struct passwd returned by getpwnam().  On FreeBSD w/ NIS this
can happen.  Based on a patch from Kirk Webb.

21 years agomissing ;;
Todd C. Miller [Tue, 6 May 2003 15:25:36 +0000 (15:25 +0000)]
missing ;;

21 years agodarwin has a broken setreuid() in at least some versions
Todd C. Miller [Tue, 6 May 2003 04:53:21 +0000 (04:53 +0000)]
darwin has a broken setreuid() in at least some versions

21 years agoFix an off by one error when reallocating the environment; Kevin Pye
Todd C. Miller [Tue, 6 May 2003 04:31:24 +0000 (04:31 +0000)]
Fix an off by one error when reallocating the environment; Kevin Pye

21 years agoFix User_Spec definition; SEKINE Tatsuo
Todd C. Miller [Wed, 30 Apr 2003 18:04:58 +0000 (18:04 +0000)]
Fix User_Spec definition; SEKINE Tatsuo

21 years agoMore info on the early days from Coggs.
Todd C. Miller [Mon, 28 Apr 2003 23:30:32 +0000 (23:30 +0000)]
More info on the early days from Coggs.

21 years agoremove errant semicolon that prevented compilation under heimdal
Todd C. Miller [Mon, 21 Apr 2003 18:47:05 +0000 (18:47 +0000)]
remove errant semicolon that prevented compilation under heimdal

21 years agoadd DARPA credit on affected files
Todd C. Miller [Wed, 16 Apr 2003 00:42:10 +0000 (00:42 +0000)]
add DARPA credit on affected files

21 years agoadd DARPA credit on affected files
Todd C. Miller [Wed, 16 Apr 2003 00:42:10 +0000 (00:42 +0000)]
add DARPA credit on affected files

21 years agoadd DARPA credit on affected files
Todd C. Miller [Wed, 16 Apr 2003 00:42:10 +0000 (00:42 +0000)]
add DARPA credit on affected files

21 years agoadd DARPA credit on affected files
Todd C. Miller [Wed, 16 Apr 2003 00:42:10 +0000 (00:42 +0000)]
add DARPA credit on affected files

21 years agoadd DARPA credit on affected files
Todd C. Miller [Wed, 16 Apr 2003 00:42:10 +0000 (00:42 +0000)]
add DARPA credit on affected files

21 years agoadd DARPA credit on affected files
Todd C. Miller [Wed, 16 Apr 2003 00:42:10 +0000 (00:42 +0000)]
add DARPA credit on affected files

21 years agoadd DARPA credit on affected files
Todd C. Miller [Wed, 16 Apr 2003 00:42:10 +0000 (00:42 +0000)]
add DARPA credit on affected files