From c0f149b5331d1f9ed4bedc1b64c6805e47c62715 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 18 Jan 2010 07:12:06 -0500 Subject: [PATCH] Generate the ChangeLog as part of "make dist" instead of having it in the repo. --HG-- branch : 1.7 --- ChangeLog | 20222 -------------------------------------------------- Makefile.in | 4 +- 2 files changed, 2 insertions(+), 20224 deletions(-) delete mode 100644 ChangeLog diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 15e7d2e0c..000000000 --- a/ChangeLog +++ /dev/null @@ -1,20222 +0,0 @@ -2009-06-30 08:41 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Add missing single - quotes around a colon in Runas_Spec definition. From Elias - Benali. - -2009-06-29 09:36 millert - - * redblack.c: In rbrepair, re-color the root or the first non-block - node we find to be black. Re-coloring the root is probably not - needed but won't hurt. - -2009-06-29 09:35 millert - - * sudo.cat, sudoers.cat, sudo.man.in, sudoers.man.in: regen - -2009-06-26 16:40 millert - - * redblack.c: When repairing the tree, don't touch the root node. - -2009-06-25 08:44 millert - - * set_perms.c: Protect call to setegid in runas_setup with #ifdef - HAVE_SETEUID. Reported by Josef Schmid. - -2009-06-23 14:29 millert - - * sudoers.pod: Document that we accept env_pam-style environment - files - -2009-06-23 14:24 millert - - * env.c: Adapt to accept pam_env-style /etc/environment which - allows shell-style lines such as: export EDITOR="/usr/bin/vi" - -2009-06-23 12:22 millert - - * sudoers.pod: Make it clear that env_delete only works when - !env_reset. From Loïc Minier - -2009-06-15 17:19 millert - - * sudo.pod, sudoers.pod: Add non-unix group bits, adapted from - Quest - -2009-06-15 17:18 millert - - * Makefile.in: build the .cat page in the current working dir, not - the src dir - -2009-06-15 09:10 millert - - * env.c: Return EINVAL in setenv() if var is NULL or the empty - string to match glibc behavior. - -2009-06-13 16:52 millert - - * configure, configure.in: Use AS_HELP_STRING for AC_ARG_WITH and - AC_ARG_ENABLE - -2009-06-11 16:29 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen - -2009-06-09 10:08 millert - - * INSTALL: Document --with-libvas and --with-libvas-rpath - -2009-05-29 09:43 millert - - * ldap.c, sudoers.ldap.pod: For netscape-derived LDAP SDKs the cert - and key paths may be a directory or a file. However, version 5.0 - of the SDK only seems to support using a directory. If - ldapssl_clientauth_init fails and the cert or key paths look like - they could be files, strip off the last path element and try - again. - -2009-05-29 09:40 millert - - * Makefile.in: Add non-Unix group .o to COMMON_OBJS and substitute - in path to flex. - -2009-05-26 20:49 millert - - * configure, configure.in, match.c, sudo.c, vasgroups.c: Update - non-Unix group support from Quest, as reworked by me. - -2009-05-26 20:47 millert - - * toke.c: regen - -2009-05-26 20:46 millert - - * toke.l: Add support for escaped hex chars in names, e.g. \x20 for - space. - -2009-05-25 08:02 millert - - * LICENSE, Makefile.in, aclocal.m4, alias.c, check.c, env.c, - fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, - logging.c, logging.h, match.c, parse.c, parse.h, pathnames.h.in, - pwutil.c, set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, - sudo_nss.h, sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, - testsudoers.c, tgetpass.c, toke.l, visudo.c, auth/aix_auth.c, - auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h: Update copyright - years. - -2009-05-24 08:33 millert - - * interfaces.c, lbuf.c: Minor fixes for Minix-3 - -2009-05-22 06:37 millert - - * set_perms.c: Handle getgroups() returning 0. Also add missing - check for HAVE_GETGROUPS. - -2009-05-19 17:24 millert - - * Makefile.in, config.h.in, configure, configure.in, sudo.c, - version.h, visudo.c: Replace version.h with PACKAGE_VERSION set - via AC_INIT in configure. - -2009-05-18 06:33 millert - - * set_perms.c: Remove group setting code in setusercontext case, we - will do it ourselves later on in runas_setup. Set the gid after - initgroups/setgroups is called, since on Mac OS X it seems to - change the egid. - -2009-05-17 18:19 millert - - * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c, - vasgroups.c: Initial bits of non-unix group support using Quest - Authentication Services - -2009-05-17 16:52 millert - - * toke.c, toke.l: Accept %:foo as a non-Unix group - -2009-05-17 16:22 millert - - * toke.c, toke.l: Allow user/group to be double quoted in the case - of non-Unix groups which contain spaces. - -2009-05-11 12:47 millert - - * match.c: Don't allow the user to specify the default runas user - if their sudoers entry only allows them to run as a group. - -2009-05-10 07:59 millert - - * sudo.c: Must call audit_success before we change uids. - -2009-05-10 07:52 millert - - * logging.c, set_perms.c, sudo.h, testsudoers.c: Add option for - set_perm to not exit on failure and use this in the logging - routines. - -2009-05-10 07:33 millert - - * parse.c: In -l mode, if the user is only allowed to run as a - group, display the user's name, not root's before the allowed - group. - -2009-05-09 21:00 millert - - * sudo.c: Fix -g mode, broken by rev 1.503 which had the side - effect of setting the runas user to root unilaterally. - -2009-05-08 16:19 millert - - * fileops.c: When unlocking a file with fcntl, use F_SETLK, not - F_SETLKW. - -2009-05-08 13:07 millert - - * pwutil.c: Only cache by the method we fetched for pwd and grp - lookups. Previously we cached both by namd and id but this can - cause problems for entries that share the same id. Also add more - info in the error message in case the insert fails (which should - now be impossible). - -2009-04-30 15:04 millert - - * sudoers.pod: Add a clarification from Nick Sieger - -2009-04-25 12:49 millert - - * env.c: Inline the setting of the environment string. - -2009-04-24 14:53 millert - - * env.c: setenv(3) in Linux treats a NUL value as the empty string - setenv(3) in BSD doesn't return an error if the name has '=' in - it, it just treats the '=' as end of string. - -2009-04-22 16:32 millert - - * toke.c, toke.l: Not all systems have d_namlen - -2009-04-20 13:53 millert - - * sudoers.pod: Fix up some pod2html issues. - -2009-04-19 14:09 millert - - * interfaces.c: Check for NULL ifa_addr and ifa_netmask. Adapted - from a diff from Quest Software. - -2009-04-19 09:01 millert - - * sudoers.pod: Ignore files ending in '~' in sudo.d (emacs backup - files) - -2009-04-19 08:56 millert - - * toke.c, toke.l: Ignore files ending in '~' in sudo.d (emacs - backup files) - -2009-04-18 19:37 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: For - #includedir, ignore any file containing a dot - -2009-04-18 19:25 millert - - * Makefile.in, version.h: Bump version - -2009-04-18 19:25 millert - - * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat, - sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l, - visudo.c: Implement #includedir directive. Files in an - includedir are not edited by visudo unless they contain a syntax - error. - -2009-04-18 12:06 millert - - * ChangeLog: sync - -2009-04-18 10:27 millert - - * WHATSNEW: Forgot umask_override - -2009-04-18 09:25 millert - - * ChangeLog, TODO: sync - -2009-04-16 08:22 millert - - * visudo.c: Rewind stream if we fdopen sudoers since it may not be - at the beginning. Set the keepopen flag on already-open files - too so the lexer doesn't close them out from under us. - -2009-04-16 08:18 millert - - * visudo.c: Print the proper file name when there is a parse error - in an include file. - -2009-04-11 07:45 millert - - * WHATSNEW: Sync - -2009-04-10 16:59 millert - - * configure, configure.in: Fix a warning when --without-ldap is - specified. - -2009-04-05 12:25 millert - - * alias.c, parse.h, visudo.c: Store aliases that we remove during - check_aliases in a freelist and free them at the end so we don't - leak memory. - -2009-03-28 09:30 millert - - * visudo.c: Check aliases in -c mode too. - -2009-03-28 09:09 millert - - * alias.c, parse.h, visudo.c: Make alias_remove return the alias - struct instead of freeing it directly. Fixes a use after free in - alias_remove_recursive, the only consumer. - -2009-03-28 09:07 millert - - * alias.c, match.c, parse.c, parse.h, visudo.c: Rename find_alias - -> alias_find for consistency. - -2009-03-27 19:29 millert - - * visudo.c: When checking for unused aliases, recurse if the alias - points to another alias. - -2009-03-16 12:11 millert - - * ldap.c: Back out rev 1.105 for now. Real ldapux_client.conf - support will be done later after some refactoring. - -2009-03-14 12:02 millert - - * ldap.c: Treat ldap_hostport the same as "host" for ldapux. - -2009-03-13 21:04 millert - - * configure, configure.in: Only check for - ldap_sasl_interactive_bind_s if we can find sasl.h. Fixes - compilation with ldapux. - -2009-03-11 20:03 millert - - * fileops.c: fix char subscript - -2009-03-11 19:19 millert - - * Makefile.in: remove errant carriage returns - -2009-03-11 19:01 millert - - * audit.c, env.c: fix K&R compilation - -2009-03-11 12:12 millert - - * sudo.man.in, sudo.cat, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen - -2009-03-10 17:34 millert - - * config.h.in: Add missing HAVE_BSM_AUDIT - -2009-03-10 17:21 millert - - * WHATSNEW: Add 1.7.1 features - -2009-03-10 17:10 millert - - * INSTALL: Mention --with-netsvc - -2009-03-10 17:08 millert - - * sudoers.ldap.pod: Document netsvc.conf support - -2009-03-10 16:44 millert - - * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, - sudo_nss.h: Add support for AIX netsvc.conf (like nsswitch.conf). - -2009-03-08 16:57 millert - - * configure, config.h.in, configure.in, env.c: Add - --enable-env-debug flag to enable environment sanity checks. - -2009-03-08 11:51 millert - - * sudoers.ldap.pod, sudoers.pod: Work around some pod2html issue. - -2009-03-07 17:10 millert - - * env.c: Only sync environ for putenv, setenv, and unsetenv. We - need to make sure that sudo_putenv and sudo_setenv only modify - env.envp, not environ. - -2009-03-02 14:19 millert - - * env.c: Really fix UNSETENV_VOID - -2009-03-02 14:18 millert - - * env.c: Fix unsetenv when UNSETENV_VOID - -2009-03-02 08:00 millert - - * aclocal.m4, configure: Fix SUDO_FUNC_PUTENV_CONST - -2009-03-02 07:36 millert - - * ldap.c: tivoli-based ldap does not have ldapssl_err2string - -2009-03-02 07:30 millert - - * configure: regen - -2009-03-01 16:20 millert - - * config.h.in, configure, configure.in, ldap.c: Add support for - Tivoli-based LDAP start TLS as seen in AIX. Untested. - -2009-03-01 08:52 millert - - * env.c: Add sanity checks for setenv/unsetenv - -2009-02-28 20:17 millert - - * Makefile.in: Include bsm_audit.h in the tarball - -2009-02-28 20:00 millert - - * Makefile.in, version.h: bump version for sudo 1.7.1 - -2009-02-28 19:58 millert - - * aclocal.m4, config.h.in, configure, configure.in, env.c, ldap.c, - sudo.h, auth/aix_auth.c: Replace sudo_setenv/sudo_unsetenv with - calls to setenv/unsetenv and provide our own - setenv/unsetenv/putenv that operates on own env pointer. Make - sync_env() inline in setenv/unsetenv/putenv functions. - -2009-02-25 07:33 millert - - * sudo.c: Make "sudoedit -h" work as expected - -2009-02-25 07:21 millert - - * auth/pam.c: Make sure def_prompt is always defined. This is a - workaround for pam configs that prompt for a password in the - session but don't have an auth line. A better fix is to expand - the sudo prompt earlier and set def_prompt to that when - initializing. - -2009-02-25 06:17 millert - - * sudo.pod: Mention that the helper for -A may be graphical. - -2009-02-25 06:16 millert - - * TROUBLESHOOTING: Document what happens if there is no tty. - -2009-02-25 06:05 millert - - * sudo.c: cosmetic changes - -2009-02-25 05:47 millert - - * term.c: Fix term_restore - -2009-02-24 20:23 millert - - * sudo.c: Fix "sudo -k" with no other args - -2009-02-24 08:04 millert - - * check.c, sudo.c, sudo.pod, sudo_usage.h.in: Allow the -k flag to - be specified in conjunction with a command or another option that - may require authentication. - -2009-02-23 09:18 millert - - * configure, configure.in: Remove unneeded AC_CANONICAL_TARGET; - from Diego E. 'Flameeyes' - -2009-02-23 09:15 millert - - * Makefile.in: Parallel make fix. From Diego E. 'Flameeyes' - -2009-02-21 17:03 millert - - * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: - Implement umask_override - -2009-02-21 16:51 millert - - * toke.c: regen - -2009-02-21 16:49 millert - - * sudoers.pod, toke.l, visudo.c: Implement %h escape in sudoers - include filenames. - -2009-02-21 08:43 millert - - * audit.c: Need to include compat.h - -2009-02-21 08:37 millert - - * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, - sudo.c: Make audit_success and audit_failure generic functions in - preparation for integrating linux audit support. - -2009-02-21 08:06 millert - - * term.c: remove duplicate include - -2009-02-20 16:13 millert - - * bsm_audit.c: Add missing include - -2009-02-20 15:55 millert - - * sudo.c: May need to update the runas user after parsing - command-based defaults. - -2009-02-18 10:53 millert - - * glob.c: Add missing pair of braces introduced with character - class support. - -2009-02-15 15:53 millert - - * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: - Rename pwstars to pwfeedback - -2009-02-10 20:25 millert - - * bsm_audit.c, bsm_audit.h: Add const to make MacOS happy. - -2009-02-10 20:18 millert - - * Makefile.in, bsm_audit.c, bsm_audit.h, configure, configure.in, - sudo.c, auth/sudo_auth.c: Add bsm audit support from Christian - S.J. Peron - -2009-02-10 19:58 millert - - * term.c: This is new code, no DARPA notice. - -2009-02-10 14:04 millert - - * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Rename - simple_glob -> fast_glob - -2009-02-10 09:39 millert - - * match.c: g/c unused var - -2009-02-10 08:09 millert - - * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: Add - simple_glob option to use fnmatch() instead of glob(). This is - useful when you need to specify patterns that reference network - file systems. - -2009-02-10 07:58 millert - - * tgetpass.c: add term_* proto - -2009-02-10 07:51 millert - - * sudoers.pod: mention glob() - -2009-02-09 07:59 millert - - * tgetpass.c: Delete any pwstars we wrote after the user hits - return. That way there is no record on screen as to the user's - password length. - -2009-02-08 10:27 millert - - * term.c: Move terminal setting bits from tgetpass.c to term.c - -2009-02-07 19:50 millert - - * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod, - tgetpass.c: Add pwstars sudoers option that causes sudo to print - a star every time the user presses a key. - -2009-02-03 10:10 millert - - * Makefile.in: Fix up F<> brokenness for visudo.man.in and - sudoers.ldap.man.in. - -2009-01-27 11:54 millert - - * ldap.c: For ldap_search_ext_s() the sizelimit param should be 0, - not -1, to indicate no limit. From Mark Janssen. - -2009-01-17 17:36 millert - - * toke.c, toke.l: Comments that begin with #- should not be parsed - as uids. - -2009-01-08 19:13 millert - - * sudo.c: Do not try to set the close on exec flag if we didn't - actually open sudoers. - -2008-12-19 12:40 millert - - * ChangeLog: regen - -2008-12-14 17:40 millert - - * TODO: sync - -2008-12-09 18:48 millert - - * auth/pam.c: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user - enters ^C at the password prompt. - -2008-12-09 16:13 millert - - * configure.in, configure: Don't try to build sudo_noexec.so on - HP-UX with the bundled compiler as it cannot generate shared - objects. - -2008-12-09 15:55 millert - - * glob.c, lbuf.c, tgetpass.c, emul/charclass.h: K&R compilation - fixes - -2008-12-09 08:49 millert - - * parse.c: Use tq_foreach_fwd when checking pseudo-commands to make - it clear that we are not short-circuiting on last match. When - pwcheck is 'all', initialize nopass to TRUE and override it with - the first non-TRUE entry. - -2008-12-08 10:02 millert - - * parse.c: Do not short circuit pseudo commands when we get a match - since, depending on the settings, we may need to examine all - commands for tags. - -2008-12-03 15:58 millert - - * sudoers.cat, sudoers.man.in: regen - -2008-12-03 15:57 millert - - * sudoers.pod: hostnames may also contain wildcards - -2008-12-03 15:40 millert - - * Makefile.in: remove stamp-* files and linux core files in clean - target - -2008-12-02 12:30 millert - - * config.h.in, configure, configure.in, auth/sudo_auth.h: Use - HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX - -2008-11-26 15:10 millert - - * configure, configure.in: correctly enable SIA on Digital UNIX - -2008-11-25 20:06 millert - - * TODO: checkpoint - -2008-11-25 20:05 millert - - * ChangeLog: sync - -2008-11-25 12:01 millert - - * check.c, sudo.h, tgetpass.c: Even if neither stdin nor stdout are - ttys we may still have /dev/tty available to us. - -2008-11-24 10:09 millert - - * sudoers.cat, sudoers.man.in: regen - -2008-11-24 10:08 millert - - * sudoers.pod: fix typos; Markus Lude - -2008-11-24 07:08 millert - - * ChangeLog: sync - -2008-11-23 19:42 millert - - * toke.c: regen - -2008-11-23 19:41 millert - - * toke.l: Fix matching of a line that only consists of a comment - char - -2008-11-22 13:17 millert - - * auth/pam.c: MacOS pam will retry conversation function if it - fails so just treat ^C as an empty password. - -2008-11-22 10:12 millert - - * visudo.c: When checking for alias use, also check defaults - bindings. - -2008-11-22 10:01 millert - - * redblack.c: unused var - -2008-11-22 09:42 millert - - * redblack.c: Replace my rbdelete with Emin's version (which - actually works ;-) - -2008-11-19 12:01 millert - - * testsudoers.c: malloc debugging - -2008-11-19 07:37 millert - - * visudo.c: malloc options in devel mode for visudo too - -2008-11-18 10:57 millert - - * sudo.c: fix compilation on non-C99; from Theo - -2008-11-18 10:50 millert - - * visudo.c: fix check_aliases - -2008-11-18 08:29 millert - - * alias.c: when destroying an alias, free the correct data pointer - -2008-11-18 07:54 millert - - * auth/sudo_auth.h: add proto for aixauth_cleanup; from Dale King - -2008-11-15 13:34 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2008-11-15 13:34 millert - - * sudo.pod, sudoers.pod, visudo.pod: standardize on the term - 'option' for command line options (not flag) - -2008-11-14 06:18 millert - - * INSTALL: Add note on configuring HP-UX pam - -2008-11-11 13:28 millert - - * check.c, sudo.c: Move tty checks into check_user() so we only do - them if we actually need a password. - -2008-11-11 12:34 millert - - * sudo.c: Don't error out if no tty or askpass unless we actually - need to authenticate. - -2008-11-10 15:20 millert - - * ChangeLog: regen - -2008-11-10 08:07 millert - - * pathnames.h.in, sudo.c: s/overriden/overridden/; from Tobias - Stoeckmann - -2008-11-09 15:18 millert - - * visudo.c, WHATSNEW: check sudoers owner and mode in strict mode - -2008-11-09 09:15 millert - - * gram.c, toke.c: regen - -2008-11-09 09:13 millert - - * alias.c, alloc.c, closefrom.c, compat.h, defaults.c, defaults.h, - env.c, fileops.c, gettime.c, gram.y, ins_csops.h, insults.h, - interfaces.c, interfaces.h, lbuf.c, license.pod, list.c, - logging.c, logging.h, parse.c, parse.h, pwutil.c, redblack.c, - redblack.h, snprintf.c, sudo.c, sudo.pod, sudo_edit.c, - sudo_nss.h, testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, - version.h, visudo.c, zero_bytes.c, LICENSE, sudoers.pod, - visudo.pod, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, - auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, - sudo.man.in, sudoers.man.in, visudo.man.in: Update copyright - years. - -2008-11-09 08:48 millert - - * fnmatch.c, glob.c, emul/charclass.h: add my copyright - -2008-11-08 10:40 millert - - * toke.c, toke.l: The loop in fill_cmnd() was going one byte too - far past the end, resulting in a NUL being written immediately - after the buffer end. - -2008-11-08 10:31 millert - - * UPGRADE, WHATSNEW: add sections on tgetpass changes - -2008-11-08 10:30 millert - - * tgetpass.c: Treat EOF w/o newline as an error. - -2008-11-07 17:42 millert - - * parse.c: Fix "sudo -v" when NOPASSWD is set. - -2008-11-07 12:45 millert - - * auth/: bsdauth.c, fwtk.c, pam.c, sudo_auth.c, sudo_auth.h: No - longer treat an empty password at the prompt as special. To quit - out of sudo you now need to hit ^C at the password prompt. - -2008-11-06 21:07 millert - - * sudoers.cat, sudoers.man.in: regen - -2008-11-06 21:06 millert - - * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: Sudo - will now refuse to run if no tty is present unless the new - visiblepw sudoers flag is set. - -2008-11-05 19:42 millert - - * aix.c: just use RLIM_INFINITY for RLIM_SAVED_MAX if - RLIM_SAVED_MAX not defined - -2008-11-05 19:40 millert - - * aix.c: fix fallback value for RLIM_SAVED_MAX - -2008-11-05 19:14 millert - - * auth/: aix_auth.c, sudo_auth.h: Move clearing of AUTHSTATE into - aixauth_cleanup. - -2008-11-05 19:08 millert - - * env.c, auth/aix_auth.c: Unset AUTHSTATE after calling - authenticate() as it may not be correct for the user we are - running the command as. - -2008-11-05 19:05 millert - - * isblank.c: Add isblank() function for systems without it. Needed - for POSIX character class matching in fnmatch.c and glob.c. - -2008-11-05 11:02 millert - - * TROUBLESHOOTING: expound on sudo and cd - -2008-11-04 15:52 millert - - * ChangeLog: regen - -2008-11-04 15:46 millert - - * sudoers.cat, sudoers.man.in: regen - -2008-11-04 15:45 millert - - * sudoers.pod: mention defauts parse order - -2008-11-03 13:19 millert - - * Makefile.in, aclocal.m4, compat.h, configure: Add isblank() - function for systems without it. Needed for POSIX character - class matching in fnmatch.c and glob.c. - -2008-11-03 12:54 millert - - * Makefile.in: add emul/charclass.h to HDRS - -2008-11-02 14:08 millert - - * TODO: checkpoint - -2008-11-02 14:06 millert - - * parse.c, defaults.c, testsudoers.c, visudo.c: Move - update_defaults into defaults.c and call it properly from visudo - and testsudoers. - -2008-11-02 09:51 millert - - * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, - tgetpass.c, tsgetgrpw.c: use zero_bytes() instead of memset() for - consistency - -2008-11-02 09:45 millert - - * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, - tgetpass.c, visudo.c: Zero out sigaction_t before use in case it - has non-standard entries. - -2008-11-02 09:35 millert - - * match.c: quiet gcc - -2008-11-02 09:28 millert - - * match.c: Short circuit glob() checks if basename(pattern) != - basename(command). Refactor code that checks for a command in a - directory and use it in the glob case if the resolved pattern - ends in a '/'. - -2008-11-01 09:20 millert - - * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: Defer - setting runas defaults until after runaspw/gr is setup. - -2008-10-29 13:26 millert - - * match.c, sudo.c, testsudoers.c: Use MAXHOSTNAMELEN+1 when - allocating host/domain name since some systems do not include - space for the NUL in the size. Also manually NUL-terminate - buffer from gethostname() since POSIX is wishy-washy on this. - -2008-10-26 17:13 millert - - * sudo.c, sudoers.pod: When setting the umask, use the union of the - user's umask and the default value set in sudoers so that we - never lower the user's umask when running a command. - -2008-10-26 16:43 millert - - * sudo.c: Don't try to read from a zero-length sudoers file. - Remove the bogus Solaris work-around for EAGAIN. Since we now - use fgetc() it should not be a problem. - -2008-10-25 09:22 millert - - * parse.c: In update_defaults() check the return value of - user*_matches against ALLOW so we don't inadvertantly match on - UNSPEC. - -2008-10-24 09:52 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen man pages; no more hyphenation - -2008-10-24 09:49 millert - - * sudo.c: Don't error out on a zero-length sudoers file. With the - advent of #include the user could create a situation where sudo - is unusable. - -2008-10-23 12:06 millert - - * config.h.in, configure, configure.in, auth/kerb5.c: Newer heimdal - has 2-argument krb5_get_init_creds_opt_free() like MIT krb5. - Really old heimdal has no krb5_get_init_creds_opt_alloc() at all. - Add configure tests to handle all the cases. - -2008-10-08 17:28 millert - - * sudo.pod: resort ENVIRONMENT - -2008-10-08 17:09 millert - - * sudoers.pod: document sudoers_locale - -2008-10-08 16:56 millert - - * sudo.pod, sudo_edit.c: add SUDO_EDITOR variable that sudoedit - uses in preference to VISUAL or EDITOR - -2008-10-08 14:27 millert - - * toke.c, toke.l: In fill_cmnd(), collapse any escaped - sudo-specific characters. Allows character classes to be used in - pathnames. - -2008-10-03 16:02 millert - - * lbuf.c: fix typo in non-C89 function declaration - -2008-10-03 15:56 millert - - * sudoers.pod: Mention POSIX characters classes now that out - fnmatch() and glob() support them. - -2008-10-03 15:55 millert - - * sample.sudoers, sudoers.pod: Replace [A-z] (which won't match in - UTF8) with [A-Za-z] which is locale agnostic. - -2008-10-03 10:02 millert - - * parse.h: use __signed char if we are going to assign a negative - value since on Power, char is unsigned by default - -2008-10-03 09:59 millert - - * configure, configure.in, config.h.in: Add tests for __signed char - and signed char. - -2008-10-03 09:19 millert - - * aix.c: Fix AIX limit setting. getuserattr() returns values in - disk blocks rather than bytes. The default hard stack size in - newer AIX is RLIM_SAVED_MAX. From Dale King. - -2008-09-26 17:13 millert - - * fnmatch.c, glob.c, emul/charclass.h: Add character class support - to included glob(3) and fnmatch(3). - -2008-09-16 08:28 millert - - * emul/fnmatch.h: Remove UCB advertising clause and some - compatibility defines. - -2008-09-14 16:07 millert - - * sudo_edit.c: Check EDITOR/VISUAL to make sure sudoedit is not - re-invoking itself or sudo. This allows one to set EDITOR to - sudoedit without getting into an infinite loop of sudoedit - running itself until the path gets too big. - -2008-09-13 20:45 millert - - * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: Add - sudoers_locale Defaults option to override the default sudoers - locale of "C". - -2008-09-13 14:09 millert - - * sudo.c: Set locale to system default except for during sudoers - parse. - -2008-09-12 09:34 millert - - * match.c: Redo change in 1.34 to use pointer arithmetic. - -2008-09-11 07:06 millert - - * match.c: Fix a dereference (read) of a freed pointer. Reported - by Patrick Williams. - -2008-08-23 19:09 millert - - * sudo.c: Set locale to "C" to avoid interpretation issues with - character ranges in sudoers. May want to make the locale a - sudoers option in the future. - -2008-08-20 07:45 millert - - * config.h.in: we no longer use setproctitle - -2008-08-20 07:41 millert - - * sudo.h: remove #if 1 - -2008-08-20 07:40 millert - - * LICENSE, mkstemp.c: Use my replacement mkstemp() from the mktemp - package. - -2008-07-12 08:53 millert - - * gram.c: regen with yacc skeleton bug fixed - -2008-07-12 08:48 millert - - * sudoers.pod: Remove duplicate "as root". From Martin Toft. - -2008-07-02 06:27 millert - - * pwutil.c, sudo.c, testsudoers.c, sudo.h: Flesh out the fake - passwd entry used for running commands as a uid not listed in the - passwd database. Fixes an issue with some PAM modules. - -2008-07-01 07:57 millert - - * sudo.c: Error out in -i mode if the user has no shell. This can - happen when running commands as a uid with no password entry. - -2008-06-26 07:49 millert - - * toke.c, toke.l: Better fix for line continuation inside double - quotes. Now accepts whitespace between the backslash and the - newline like the main lexer. - -2008-06-25 14:31 millert - - * toke.c, toke.l: Fix line continuation in strings. It was only - being honored if preceded by whitespace. - -2008-06-22 16:19 millert - - * config.h.in, configure, configure.in, logging.c: Replace the - double fork with a fork + daemonize. - -2008-06-21 14:59 millert - - * env.c, sudo.c: The -i flag should imply env_reset. This got - broken in sudo 1.6.9. - -2008-06-20 20:34 millert - - * logging.c, sudo.c, sudo_edit.c, visudo.c: Change how the mailer - is waited for. Instead of having a SIGCHLD handler, use the - double fork trick to orphan the child that opens the pipe to - sendmail. Fixes a problem running su on some Linux distros. - -2008-06-20 17:16 millert - - * configure, configure.in: Fix configure test for dirfd() on Linux - where DIR is opaque. - -2008-06-17 17:42 millert - - * tgetpass.c: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If - QNX still has this problem we'll need to revisit this again. - -2008-06-10 21:13 millert - - * logging.c: Ignore SIGPIPE instead of blocking it when piping to - the mailer. If we only block the signal it may be delivered - later when we unblock. Also, there is no need to block SIGCHLD - since we no longer do the double fork. The normal SIGCHLD - handler is sufficient. - -2008-06-08 17:37 millert - - * configure, configure.in: Add description for NO_PAM_SESSION, from - a redhat patch. - -2008-06-06 09:36 millert - - * sudo.cat, sudo.man.in, sudo.pod: Fix typos in -i usage - -2008-05-18 13:54 millert - - * configure, configure.in: Redo the test for dgettext() in a way - that hopefully will work around the libintl_dgettext() undefined - problem. - -2008-05-11 09:21 millert - - * schema.ActiveDirectory: change filename in comment - -2008-05-10 09:18 millert - - * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.ldap.pod: Reference schema.ActiveDirectory - -2008-05-09 14:49 millert - - * schema.OpenLDAP, schema.iPlanet: Mark sudoRunAs as deprecated. - -2008-05-09 14:48 millert - - * schema.ActiveDirectory: add sudoRunAsUser and sudoRunAsGroup - -2008-05-09 14:01 millert - - * schema.ActiveDirectory: Active Directory schema by Chantal - Paradis and Eric Paquet - -2008-05-08 17:54 millert - - * parse.c: remove an XXX that was fixed - -2008-05-08 12:53 millert - - * ChangeLog: sync - -2008-05-08 12:49 millert - - * parse.c: Initialize tags to UNSPEC instead of def_* in "sudo -l" - mode. This fixes a problem where the tag value printed was - influenced by defaults set in the first pass through the parser. - -2008-05-03 21:29 millert - - * Makefile.in, sudo.psf: No point in packaging the TODO file - -2008-05-03 21:24 millert - - * ChangeLog: sync - -2008-05-02 20:53 millert - - * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c, - sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: Add env_file - Defaults option that is similar to /etc/environment on some - systems. - -2008-05-02 16:38 millert - - * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in, - sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.man.in, version.h, visudo.cat, visudo.man.in: change - version to 1.7.0 - -2008-05-02 16:37 millert - - * UPGRADE: initial valgrind pass done - -2008-04-23 08:30 millert - - * ldap.c: Fix typo/think in sudo_ldap_read_secret() when storing - the secret. - -2008-04-11 10:03 millert - - * ldap.c: define LDAPS_PORT if the system headers do not - -2008-04-10 14:54 millert - - * gram.c, gram.y: Fix another memory leak in init_parser(). - -2008-04-10 12:51 millert - - * configure, configure.in: There was a missing space before the - ldap libs in SUDO_LIBS for some configurations. - -2008-04-10 11:28 millert - - * alias.c, gram.c, gram.y, toke.c, toke.l: Clean up some memory - leaks pointed out by valgrind. - -2008-04-07 14:39 millert - - * sudo.c: fix "sudo -s" broken by mode/flags breakout - -2008-04-07 14:26 millert - - * configure, configure.in: remove duplicate check for dgettext - -2008-04-05 15:54 millert - - * aix.c: Fall back to default stanza if no user-specific limit is - found. - -2008-04-02 15:56 millert - - * snprintf.c: include stdint.h if present - -2008-04-02 15:28 millert - - * snprintf.c: Use LLONG_MAX, not the old QUAD_MAX - -2008-04-01 19:18 millert - - * sudoers.ldap.pod: fix cut and pasto - -2008-03-31 11:24 millert - - * pwutil.c: Add #ifdef PURITY - -2008-03-30 17:36 millert - - * auth/bsdauth.c: remove useless cast - -2008-03-27 19:07 millert - - * ChangeLog: sync - -2008-03-27 19:04 millert - - * TODO: sync - -2008-03-27 19:01 millert - - * sudo.h: Split MODE_* defines into primary and flags. - -2008-03-26 13:11 millert - - * aix.c: It turns out the logic for getting AIX limits is more - convoluted than I realized and differs depending on whether the - soft and/or hard limits are defined. - -2008-03-23 10:18 millert - - * Makefile.in, configure, configure.in: Back out AIX-specific - change to set the sudo_noexec path to the .a file, we do really - want to use the .so file. Since libtool doesn't do that - correctly, just install the .so file ourselves in the Makefile. - -2008-03-23 10:12 millert - - * install-sh: If the file given to install is a path, only use the - basename of the file when building the destination path. - -2008-03-18 16:08 millert - - * sudo.c: parse_args() cleanup: Sort command line options in the - getopt() switch The -U option requires a parameter Normalize a - few ISSET calls Split mode into mode and flags and retire the - now-obsolete excl variable - -2008-03-18 16:04 millert - - * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, - sudo.pod, sudo_usage.h.in: Add -n (non-interactive) flag. - -2008-03-18 15:59 millert - - * sudo.c: Move version printing, etc. into a separate function. - -2008-03-18 15:57 millert - - * sudo.c: Don't try to cleanup nsswitch if it has not been - initialized. - -2008-03-17 11:09 millert - - * logging.c: Block SIGPIPE in send_mail() so sudo is not killed by - a problem executing the mailer. - -2008-03-14 08:11 millert - - * configure.in, configure: AIX shared libs end in .a, not .so. - -2008-03-13 07:34 millert - - * env.c: Preserve HOME by default too. Matches documentation and - previous behavior. - -2008-03-12 19:42 millert - - * sudo.c: Use getopt() to parse the command line. We need to be - able to intersperse env variables and options yet still honor - "--"" which complicates things slightly. - -2008-03-06 14:46 millert - - * ChangeLog: sync - -2008-03-06 14:43 millert - - * acsite.m4, configure, ltmain.sh: update to libtool-1.5.26 - -2008-03-06 14:32 millert - - * config.guess, config.sub: update from libtool-1.5.26 distribution - -2008-03-06 13:18 millert - - * aix.c, sudo.h: attempt to fix compilation errors on AIX - -2008-03-06 13:08 millert - - * Makefile.in: fix typo in last commit - -2008-03-06 13:07 millert - - * Makefile.in: Add WHATSNEW file to the distribution - -2008-03-06 12:43 millert - - * visudo.c: use warningx instead of fprintf(stderr, ...) - -2008-03-06 12:31 millert - - * list.c: add DEBUG to list2tq - -2008-03-06 12:28 millert - - * ChangeLog, TODO: sync - -2008-03-06 12:21 millert - - * WHATSNEW: mention mailfrom - -2008-03-06 12:19 millert - - * Makefile.in, config.h.in, configure, configure.in, set_perms.c, - sudo.h, aix.c: Add aix_setlimits() to set resource limits on AIX - using a combination of getuserattr() and setrlimit(). Currently - untested. - -2008-03-05 16:52 millert - - * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat, - sudoers.pod, sudoers.man.in: Add mailfrom Defaults option that - sets the value of the From: field in the warning/error mail. If - unset the login name of the invoking user is used. - -2008-03-05 16:18 millert - - * defaults.c: store a copy of _PATH_SUDO_ASKPASS in def_askpass - that is freeable - -2008-03-05 15:19 millert - - * gram.c, gram.y: When adding a default, only call list2tq() once - to do the list to tq conversion. It is not legal to call list2tq - multiple times on the same list since list2tq consumes and - modifies the list argument. - -2008-03-05 09:38 millert - - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: comment - out XXXs for now - -2008-03-05 09:36 millert - - * WHATSNEW: mention askpass - -2008-03-04 17:20 millert - - * sudo.c: Error out if both -A and -S are specified Error out if -A - is specified but no askpass is configured - -2008-03-04 17:16 millert - - * configure, configure.in: we are not going to ship a sudo-specific - askpass - -2008-03-03 14:30 millert - - * sudo.h: fix definition of TGP_ASKPASS - -2008-03-03 13:54 millert - - * def_data.c, def_data.in: make askpass boolean-capable - -2008-03-03 13:53 millert - - * INSTALL: document --with-askpass - -2008-03-02 19:27 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, - sudoers.ldap.cat, visudo.cat: regen - -2008-03-02 17:31 millert - - * sudo.pod, sudo_usage.h.in, sudoers.pod: document -A and askpass - -2008-03-02 09:31 millert - - * check.c, configure, configure.in, def_data.c, def_data.h, - def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h, - sudo_usage.h.in, tgetpass.c, auth/sudo_auth.c: Add support for - running a helper program to read the password when no tty is - present (or when specified with the -A flag). TODO: docs. - -2008-03-02 08:38 millert - - * def_data.c, def_data.in: add missing printf format to SELinux - role and type strings - -2008-02-27 09:26 millert - - * INSTALL, configure, configure.in: Disable use of - gss_krb5_ccache_name() by default and add - --enable-gss-krb5-ccache-name configure option to enable it. It - seems that gss_krb5_ccache_name() doesn't work properly with some - combinations of Heimdal and OpenLDAP. - -2008-02-22 15:33 millert - - * selinux.c: Ignore setexeccon() failing in permissive mode. Also - add a call to setkeycreatecon() (though this is probably - insufficient). From Dan Walsh. - -2008-02-22 15:19 millert - - * auth/pam.c: Only set std_prompt for the PAM_PROMPT_* cases. The - conversation function may be called for non-password reading - purposes so we must be careful not to use def_prompt in cases - where it may not be set. - -2008-02-20 12:00 millert - - * selinux.c: Don't free the new tty context, we need to keep it - around when we restore the tty context after the command - completes - -2008-02-19 16:04 millert - - * selinux.c: s/newrole/sudo/ - -2008-02-19 13:21 millert - - * sudo.man.pl, sudo.pod: Only put login_cap(3) in SEE ALSO section - if we have login.conf support - -2008-02-18 11:05 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen - -2008-02-18 10:53 millert - - * Makefile.in, configure, configure.in, sudo.man.pl, sudo.pod, - sudoers.man.pl, sudoers.pod: Substitute in comment characters for - lines partaining to login.conf, BSD auth and SELinux and only - enable them if pertinent. - -2008-02-18 10:42 millert - - * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: - Remove the =cut on the first line (above the copyright notice) to - quiet pod2man. Also remove the hackery in the FILES section and - just deal with the fact that there will a newline between each - pathname. - -2008-02-17 08:19 millert - - * Makefile.in: run sudo.man.pl when generating sudo.man.in - -2008-02-17 08:11 millert - - * configure, configure.in, sudo.man.pl: comment out SELinux manual - bits unless --with-selinux was specified - -2008-02-17 08:04 millert - - * sudoers.pod: document role and type defaults for SELinux - -2008-02-16 20:26 millert - - * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in: - Document "sudo -ll" and make "sudo -l -l" be equivalent. - -2008-02-15 15:23 millert - - * configure.in, configure: Treat k*bsd*-gnu like Linux, not BSD. - Fixes compilation problems on Debian GNU/kFreeBSD. - -2008-02-13 17:17 millert - - * auth/kerb5.c: Avoid Heimdal'isms introduced in the rev 1.32 - rewrite of verify_krb_v5_tgt() - -2008-02-13 07:28 millert - - * logging.c, logging.h, sudo.c: Remove dependence on - VALIDATE_NOT_OK in logging functions. Split log_auth() into - log_allowed() and log_denial() Replace mail_auth() with - should_mail() and a call to send_mail() - -2008-02-10 18:06 millert - - * ldap.c: Add debugging so we can tell if the krb5 ccache is - accessible - -2008-02-10 17:34 millert - - * INSTALL: mention --with-selinux - -2008-02-09 09:48 millert - - * configure: regen - -2008-02-09 09:43 millert - - * selinux.c: add Sudo tag - -2008-02-09 09:30 millert - - * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, - def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, - pathnames.h.in, selinux.c, sesh.c, sudo.c, sudo.cat, sudo.h, - sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.ldap.pod, testsudoers.c, toke.c, - toke.l: Add support for SELinux RBAC. Sudoers entries may - specify a role and type. There are also role and type defaults - that may be used. To make sure a transition occurs, when using - RBAC commands are executed via the new sesh binary. Based on - initial changes from Dan Walsh. - -2008-02-08 08:18 millert - - * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: Add long - list (sudo -ll) support for printing verbose LDAP and sudoers - file entries. Still need to update manual. - -2008-02-03 10:43 millert - - * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: Unify the -l - output for file and ldap based sudoers and use lbufs for both. - The ldap output does not currently include options that cannot be - represented as tags. This will be remedied in a long list output - mode to come. - -2008-01-27 16:37 millert - - * set_perms.c: Use a specific error message for errno == EAGAIN - when setuid() et al fails. On Linux systems setuid() will fail - with errno set to EAGAIN if changing to the new uid would result - in a resource limit violation. - -2008-01-27 16:34 millert - - * sudo.c: Unlimit nproc on Linux systems where calling the setuid() - family of syscalls causes the nroc resource limit to be checked. - The limits will be reset by pam_limits.so when PAM is used. In - the non-PAM case the nproc limit will remain unlimited but there - doesn't seem to be a way around that other than having sudo parse - /etc/security/limits.conf directly. - -2008-01-27 16:31 millert - - * env.c, sudo.c, sudo.pod: Only read /etc/environment on Linux and - AIX - -2008-01-23 06:33 millert - - * configure, configure.in: Use SUDO_DEFINE_UNQUOTED instead of - AC_DEFINE_UNQUOTED to prevent ldap.conf and ldap.secret paths - from going into config.h. Avoid single quotes in variable - expansion when using SUDO_DEFINE_UNQUOTED since in some versions - of bash they will end up literally in the resulting define. - -2008-01-21 13:22 millert - - * README.LDAP: mention --with-nsswitch=no - -2008-01-21 11:43 millert - - * configure, configure.in: ldap_ssl.h depends on ldap.h being - included first - -2008-01-21 11:07 millert - - * configure, configure.in, ldap.c, config.h.in: Include ldap_ssl.h - if we can find it. Needed for the ldapssl_set_strength defines - on HP-UX at least. - -2008-01-21 10:02 millert - - * TODO, sudoers.ldap.pod: sync - -2008-01-21 10:01 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, - sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: - regen - -2008-01-21 10:00 millert - - * Makefile.in: Use 78n line length when formatting cat pages. - -2008-01-21 09:50 millert - - * README.LDAP: Remove redundant info that is now in - sudoers.ldap.pod - -2008-01-20 16:18 millert - - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: - Reorganize the first section a bit. Substitute the proper path - for /etc/sudoers. - -2008-01-20 10:17 millert - - * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: - Substitute values for ldap.conf, ldap.secret and nsswitch.conf - Move schema into EXAMPLES - -2008-01-20 10:15 millert - - * configure.in, configure: Substitute values for ldap.conf, - ldap.secret and nsswitch.conf into sudoers.ldap.man. - -2008-01-19 20:35 millert - - * configure, configure.in: substitute for sudoers.ldap.man - -2008-01-19 20:34 millert - - * Makefile.in: Fix cut & pasto introduced when adding sudoers.ldap - man page. - -2008-01-19 20:25 millert - - * sudoers.ldap.pod, sudoers.ldap.cat, sudoers.ldap.man.in: Fill in - some of the missing pieces. Still needs some reorganization and - editing. - -2008-01-19 15:06 millert - - * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in, - sudoers.ldap.pod: Beginnings of a sudoers.ldap man page. - Currently, much of the information is adapted from README.LDAP. - -2008-01-18 17:32 millert - - * pwutil.c: When copying gr_mem we must guarantee that the storage - space for gr_mem is properly aligned. The simplest way to do - this is to simply store gr_mem directly after struct group. This - is not a problem for gr_passwd or gr_name as they are simple - strings. - -2008-01-18 16:47 millert - - * ldap.c: Fix a typo/thinko in one of the calls to - sudo_ldap_check_user_netgroup(). From Marco van Wieringen. - -2008-01-17 15:44 millert - - * config.h.in, configure, configure.in, ldap.c: include - in ldap.c if available - -2008-01-16 18:20 millert - - * gram.c, gram.y: Make sure we define SIZE_MAX for yacc's - skeleton.c - -2008-01-16 13:03 millert - - * tgetpass.c: Use TCSAFLUSH when restoring terminal settings (and - echo) to guarantee that any pending output is discarded - -2008-01-15 17:18 millert - - * sudoers: no longer need to specify SETENV when user has sudo ALL - -2008-01-15 09:40 millert - - * testsudoers.c: sync user_args size calculation with sudo.c Add -g - group option, renaming old -g to -G Add set_runasgr() and - set_runaspw() and use them - -2008-01-15 09:23 millert - - * sudo.h, sudo.c: Make set_runaspw static void - -2008-01-15 09:17 millert - - * testsudoers.c, visudo.c: g/c set_runaspw stub - -2008-01-15 07:28 millert - - * configure, configure.in: Don't add -llber twice. - -2008-01-14 06:40 millert - - * ldap.c: fix typo - -2008-01-13 15:39 millert - - * gram.c: regen - -2008-01-13 14:57 millert - - * configure, configure.in: Fix check that determines whether -llber - is required. - -2008-01-13 14:22 millert - - * config.h.in, configure, configure.in, README.LDAP, ldap.c: For - netscape-based LDAP, use ldapssl_set_strength() to implement the - checkpeer ldap.conf option. - -2008-01-13 09:49 millert - - * auth/kerb5.c: Delay krb5_cc_initialize() until we actually need - to use the cred cache, which is what krb5_verify_user() does. - Better cleanup on failure. - -2008-01-12 12:40 millert - - * auth/kerb5.c: Rewrite verify_krb_v5_tgt() based on what heimdal's - krb5_verify_user() does. - -2008-01-09 14:58 millert - - * gram.c: The U suffix on constants is an ANSI feature - -2008-01-09 12:08 millert - - * configure.in, configure: Add check for ber_set_option() in -llber - -2008-01-06 19:02 millert - - * README.LDAP: default if no nsswitch.conf is files only - -2008-01-06 17:28 millert - - * README.LDAP: don't tell people to mail aaron about LDAP stuff - -2008-01-06 12:32 millert - - * README.LDAP: timelimit and bind_timelimit - -2008-01-06 08:54 millert - - * ChangeLog: sync - -2008-01-06 07:56 millert - - * ldap.c: Move ldap.secret reading into a separate function. - -2008-01-05 19:09 millert - - * check.c: user_runas -> runas_pw - -2008-01-05 18:59 millert - - * TODO: sync - -2008-01-05 18:59 millert - - * check.c, sudo.pod, sudoers.pod: Add and document the %p escape in - the password prompt. Based on a patch from Patrick Schoenfeld. - -2008-01-05 18:25 millert - - * ldap.c: Check strlcpy() return values. - -2008-01-05 18:12 millert - - * ldap.c: refactor ldap binding code into sudo_ldap_bind_s() - -2008-01-05 16:35 millert - - * README.LDAP: Make it clear that host and uri can take multiple - parameters. URI is now supported for more than just openldap - nsswitch.conf does't accept "compat" - -2008-01-05 16:27 millert - - * sudo.c: comment cleanup and update (c) year - -2008-01-05 16:25 millert - - * parse.c, sudo_nss.c: Move display_privs() and display_cmnd() from - parse.c to sudo_nss.c. This should make it possible to build an - LDAP-only sudo binary. - -2008-01-05 13:27 millert - - * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: Improve chaining of - multiple sudoers sources by passing in the previous return value - to the next in the chain - -2008-01-05 13:26 millert - - * gram.y: Free up parser data structures in sudo_file_close(). - -2008-01-05 08:13 millert - - * gram.c, parse.c: Free up parser data structures in - sudo_file_close(). - -2008-01-05 07:59 millert - - * ldap.c: Parse uri ourself if no ldap_initialize() is present Use - ldap_create() instead of deprecated ldap_init() Use - ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s() - -2008-01-05 07:56 millert - - * config.h.in, configure, configure.in: Add check for - ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from CFLAGS - -2008-01-04 09:56 millert - - * configure.in, configure, config.h.in: add check for ldap_create - -2008-01-03 16:11 millert - - * config.h.in, configure, configure.in, ldap.c: Add - sudo_ldap_get_first_rdn() to return the first rdn of an entry's - dn using the mechanism appropriate for the LDAP SDK in use. Use - ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). - Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's - without them. - -2008-01-03 16:02 millert - - * lbuf.c: include unistd.h - -2008-01-03 11:05 millert - - * config.h.in, configure.in: fix typo in mtim_getnsec - -2008-01-02 15:29 millert - - * config.h.in, configure.in, configure: add check for st__tim in - struct stat as used by SCO - -2008-01-02 11:05 millert - - * ldap.c: use ldap_search_ext_s instead of deprecated ldap_search_s - -2008-01-02 10:09 millert - - * Makefile.in, TODO, sudo.cat, sudo.man.in: add sudo_nss.h to HDRS - -2008-01-01 19:04 millert - - * ldap.c: Replace deprecated ldap_explode_dn() with calls to - ldap_str2dn() and ldap_rdn2str(). - -2008-01-01 18:37 millert - - * ldap.c: Use ldap_get_values_len()/ldap_value_free_len() instead - of the deprecated ldap_get_values()/ldap_value_free(). - -2008-01-01 17:07 millert - - * TODO, ChangeLog: sync - -2008-01-01 17:06 millert - - * gettime.c, sudo.c: Remove some already fixed XXXs - -2008-01-01 17:03 millert - - * ldap.c: Same return value as non-existent sudoers if LDAP was - unable to connect. - -2008-01-01 16:52 millert - - * sudo.pod: mention /etc/environment - -2008-01-01 16:42 millert - - * UPGRADE, WHATSNEW, README.LDAP: Update to reflect recent - developments. - -2008-01-01 16:42 millert - - * sudo.c: Print nsswitch.conf, ldap.conf and ldap.secret paths in - -V output. - -2008-01-01 16:25 millert - - * ldap.c: When building up a query don't list groups in the aux - group vector that are the same as the passwd file group. On most - systems the first gid in the group vector is the same as the - passwd entry gid. - -2008-01-01 14:01 millert - - * env.c, ldap.c: Define LDAPNOINIT before calling ldap_init(), etc. - to disable user ldaprc and system defaults that could affect how - LDAP works. - -2008-01-01 13:21 millert - - * INSTALL, configure, configure.in, pathnames.h.in, sudo.c, - sudo_nss.c, sudo_nss.h: Rename read_nss -> sudo_read_nss Add - --with-nsswitch to allow users to specify nsswitch.conf path or - disable it. If --with-nsswitch=no but --with-ldap, order is - LDAP, then sudoers. Fix --with-ldap-conf-file and - --with-ldap-secret-file - -2008-01-01 13:12 millert - - * parse.c: Honor def_ignore_local_sudoers - -2007-12-31 16:44 millert - - * ldap.c: no longer need to check def_ignore_local_sudoers here - -2007-12-31 16:36 millert - - * parse.c: Refactor group vector resetting into a function and also - call it from display_cmnd. Stop after the first sucessful match - in display_cmnd. Print a newline between each display_privs - method. - -2007-12-31 16:23 millert - - * parse.c: fix double free introduced in rev 1.218 - -2007-12-31 16:10 millert - - * ldap.c: belt and suspenders; zero out result after freeing it - -2007-12-31 15:04 millert - - * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: Refactor line - reading into a separate function, sudo_parseln(), which removes - comments, leading/trailing whitespace and newlines. May want to - rethink the use of sudo_parseln() for /etc/ldap.secret - -2007-12-31 14:26 millert - - * parse.c, sudo.c: Make the inability to read the sudoers file a - non-fatal error if there are other sudoers sources available. - sudoers_file_lookup now returns "not OK" if sudoers was not - present - -2007-12-31 14:24 millert - - * ldap.c: make it clear that the global options are from LDAP - -2007-12-31 14:13 millert - - * logging.c: allocate proper amount of space for error string - -2007-12-31 10:24 millert - - * sudo_nss.c, sudo_nss.h: actual sudo nss code - -2007-12-31 10:08 millert - - * ldap.c, parse.c, sudo.c, sudo.h: nss-ify display_privs and - display_cmnd. - -2007-12-31 07:54 millert - - * defaults.c, parse.c, testsudoers.c, visudo.c: move - update_defaults() to parse.c - -2007-12-31 07:39 millert - - * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h: - Use nsswitch to hide some sudoers vs. ldap implementation details - and reduce the number of #ifdef LDAP TODO: fix display routines - and error handling - -2007-12-28 11:20 millert - - * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h: - First cut at nsswitch.conf support. Further reorganizaton and - related changes are forthcoming. - -2007-12-21 16:53 millert - - * env.c, pathnames.h.in, sudo.c, sudo.h: Add support for reading - and /etc/environment file. Still needs to be documented and - should probably only applies to OSes that have it (AIX and Linux, - maybe others). - -2007-12-21 16:20 millert - - * ldap.c: include limits.h - -2007-12-20 10:02 millert - - * WHATSNEW: reword LDAP SASL - -2007-12-19 16:40 millert - - * TODO: sync - -2007-12-19 16:39 millert - - * README.LDAP: Add an example sudoRole, clarify netscape vs. - openldap a bit more - -2007-12-19 14:42 millert - - * README.LDAP: Be clear on what is OpenLDAP vs. Netscape-derived - -2007-12-19 14:28 millert - - * config.h.in, configure, configure.in, ldap.c: Use ldapssl_init() - for ldaps support instead of trying to do it manually with - ldap_init() + ldapssl_install_routines(). Use tls_cert and - tls_key for cert7.db and key3.db respectively. Don't print - debugging info for options that are not set. Add warning if - start_tls specified when not supported. - -2007-12-19 14:25 millert - - * ldap.c: fix compilation on solaris - -2007-12-19 14:23 millert - - * Makefile.in: add missing .h and .c files for missing lib objs - -2007-12-18 09:54 millert - - * ldap.c: fix LDAP_OPT_NETWORK_TIMEOUT setting - -2007-12-17 20:10 millert - - * ldap.c: fix compilation on Solaris - -2007-12-17 10:14 millert - - * configure, configure.in: fix typo - -2007-12-17 08:08 millert - - * README.LDAP: try to clear up which variables are for OpenLDAP and - which are for netscape-derived SDKs - -2007-12-17 07:31 millert - - * config.h.in, configure, configure.in, ldap.c: Add support for - "ssl on" in both netscape and openldap flavors. Only the - OpenLDAP flavor has been tested. - -2007-12-17 07:28 millert - - * logging.c, sudo.c, sudo.h: Call cleanup() before exit in - log_error() instead of calling sudo_ldap_close() directly. - ldap_conn can now be static to sudo.c - -2007-12-16 20:02 millert - - * sudo.c: ld -> ldap_conn - -2007-12-16 14:42 millert - - * logging.c, sudo.c, sudo.h: Better ldap cleanup. - -2007-12-16 14:08 millert - - * ldap.c: Distinguish between LDAP conf settings that are - connection-specific (which take an ld pointer) and those that are - default settings (which do not). - -2007-12-14 16:46 millert - - * ldap.c: Improved warnings on error. - -2007-12-14 15:59 millert - - * ldap.c: Make ldap config table driven and set the config *after* - we open the connection. - -2007-12-13 16:41 millert - - * ldap.c: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define - -2007-12-13 09:13 millert - - * configure, configure.in: some operating systems need to link with - -lkrb5support when using krb5 - -2007-12-10 17:12 millert - - * WHATSNEW: minor update - -2007-12-10 10:56 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen - -2007-12-07 19:17 millert - - * TODO, ChangeLog: sync - -2007-12-07 19:09 millert - - * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: add -g - support for LDAP - -2007-12-03 11:36 millert - - * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: The -i and -s flags - can now take an optional command. - -2007-12-02 12:13 millert - - * def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod, - sudoers.pod, auth/pam.c: Add passprompt_override flag to sudoers - that will cause the prompt to be overridden in all cases. This - flag is also set when the user specifies the -p flag. - -2007-12-01 19:51 millert - - * sudo.c: Move setting of login class until after sudoers has been - parsed. Set NewArgv[0] for -i after runas_pw has been set. - -2007-12-01 19:34 millert - - * configure, configure.in: Move the dgettext check. - -2007-12-01 11:22 millert - - * config.h.in, configure, configure.in, auth/pam.c: Add basic - support for looking up the string "Password: " in the PAM - localized text db. This allows us to determine whether the PAM - prompt is the default "Password: " one even if it has been - localized. - - TODO: concatenate non-std PAM prompts and user-specified sudo - prompts. - -2007-11-27 18:40 millert - - * Makefile.in, config.h.in, configure.in, parse.c, set_perms.c, - sudo.c, configure, sudo.h: Use AC_FUNC_GETGROUPS instead of a - home-grown attempt that was insufficient. - -2007-11-27 12:13 millert - - * configure, acsite.m4, interfaces.c, memrchr.c: Fix typos; - Martynas Venckus - -2007-11-25 19:26 millert - - * set_perms.c: Don't assume runas_pw is set; it may not be in the - -g case. - -2007-11-25 08:07 millert - - * logging.c, set_perms.c: Set aux group vector for PERM_RUNAS and - restore group vector for PERM_ROOT if we previously changed it. - Stash the runas group vector so we don't have to call initgroups - more than once. Also add no-op check to check_perms. - -2007-11-21 15:11 millert - - * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, - gram.y, ldap.c, logging.c, match.c, mon_systrace.c, parse.c, - parse.h, pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, - sudo.man.in, sudo.pod, sudo_usage.h.in, sudoers.cat, - sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, visudo.c, - visudo.cat, visudo.man.in: Add support for runas groups. This - allows the user to run a command with a different effective - group. If the -g option is specified without -u the command will - be run as the current user (only the group will change). the -g - and -u options may be used together. TODO: implement runas group - for ldap improve runas group documentation add - testsudoers support - -2007-11-21 15:02 millert - - * configure, configure.in: fix setting of mandir - -2007-11-21 14:26 millert - - * sudo.pod, sudoers.pod: document that ALL implies SETENV - -2007-11-21 13:50 millert - - * ldap.c: s/setenv_ok/setenv_implied/g - -2007-11-21 13:44 millert - - * ldap.c: hostname_matches() returns TRUE on match in sudo 1.7. - -2007-11-21 13:26 millert - - * ldap.c: use strcmp, not strcasecmp when comparing ALL - -2007-11-21 11:41 millert - - * ldap.c: Make sudo ALL imply setenv. Note that unlike with - file-based sudoers this does affect all the commands in the - sudoRole. - -2007-11-21 11:05 millert - - * gram.c, gram.y, parse.c, parse.h: sudo "ALL" now implies the - SETENV tag but, unlike an explicit tag, it is not passed on to - other commands in the list. - -2007-11-21 11:02 millert - - * visudo.c: Add missing sudo_setpwent() and sudo_setgrent() calls. - Also use sudo_getpwuid() instead of getpwuid(). - -2007-11-15 11:16 millert - - * sudoers: Expand on the dangers of not using visudo to edit - sudoers. - -2007-11-08 07:24 millert - - * parse.c: Don't quote *?[]! on output since the lexer does not - strip off the backslash when reading those in. - -2007-11-07 13:16 millert - - * glob.c: expand "u_foo" types to "unsigned foo" to avoid - compatibility issues. - -2007-11-04 08:33 millert - - * logging.c: Refactor log line generation in to new_logline(). - -2007-10-25 09:23 millert - - * TROUBLESHOOTING: fix typo - -2007-10-24 12:41 millert - - * config.h.in, configure, configure.in, interfaces.c, interfaces.h, - match.c: Add configure check for struct in6_addr instead of - relying on AF_INET6 since some systems define AF_INET6 but do not - include IPv6 support. - -2007-10-21 09:29 millert - - * configure, configure.in: Fix block to add -lutil for FreeBSD and - NetBSD when logincap is in use. - -2007-10-19 22:28 millert - - * configure, configure.in: POSIX states that struct timespec be - declared in time.h so check there regardless of the value of - TIME_WITH_SYS_TIME. - -2007-10-17 11:37 millert - - * tgetpass.c: Instead of defining a macro to call the appropriate - method for turning on/off echo, just define tc[gs]etattr() and - the related defines that use the correct terminal ioctls if - needed. Also go back to using TCSAFLUSH instead of TCSADRAIN on - all but QNX. - -2007-10-08 20:18 millert - - * Makefile.in: g/c @ALLOCA@ - -2007-10-08 20:07 millert - - * configure: regen - -2007-10-08 20:04 millert - - * INSTALL, config.h.in, configure.in, auth/pam.c: Add - --disable-pam-session configure option to disable calling - pam_{open,close}_session. May work around bugs in some PAM - implementations. - -2007-10-08 12:00 millert - - * tgetpass.c: quiet gcc warnings - -2007-10-08 08:41 millert - - * tgetpass.c: Avoid printing the prompt if we are already - backgrounded. E.g. if the user runs "sudo foo &" from the shell. - In this case, the call to tcsetattr() will cause SIGTTOU to be - delivered. - -2007-09-15 16:07 millert - - * def_data.c, def_data.h, def_data.in: Reorder things such that the - definition of env_reset come right before the env variable lists. - -2007-09-15 07:50 millert - - * parse.h: Shrink type and seqno in struct alias from int to - u_short - -2007-09-15 07:24 millert - - * alias.c, match.c, parse.c, parse.h: Add a sequence number in the - aliases for loop detection. If we find an alias with the seqno - already set to the current (global) value we know we've visited - it before so ignore it. - -2007-09-13 19:05 millert - - * TODO, sudo.c, sudo.h, auth/pam.c: PAM wants the full tty path so - add user_ttypath which holds the full path to the tty or is NULL - if no tty was present. - -2007-09-13 18:42 millert - - * auth/pam.c: Set PAM_RHOST to work around a bug in Solaris 7 and - lower that results in a segv. - -2007-09-11 15:43 millert - - * gram.c: regen - -2007-09-11 15:42 millert - - * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, - parse.h, testsudoers.c, visudo.c: rename lh_ -> tq_ - -2007-09-10 17:33 millert - - * alloc.c: remove some useless casts - -2007-09-10 17:32 millert - - * alloc.c: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since - inttypes.h predates the final C99 spec and the standard specifies - that it shall include stdint.h anyway - -2007-09-06 12:39 millert - - * Makefile.in, alloca.c, configure.in: Since we ship with a - pre-generated parser there is no need to ship a bogus alloca - implementation. - -2007-09-06 12:22 millert - - * configure: regen - -2007-09-06 12:19 millert - - * configure.in: remove initial setting of CHECKSIA, we require that - it be unset if not used - -2007-09-06 11:55 millert - - * Makefile.in: add list.c to SRCS - -2007-09-06 07:18 millert - - * configure: regen - -2007-09-06 07:17 millert - - * configure.in: only do SIA checks on Digital Unix - -2007-09-05 18:50 millert - - * sudoers.cat, sudoers.man.in: regen - -2007-09-05 18:48 millert - - * ChangeLog, TODO: sync - -2007-09-05 18:39 millert - - * auth/kerb5.c: Remove call to krb5_cc_register() as it is not - needed for modern kerb5. - -2007-09-05 18:16 millert - - * configure: regen - -2007-09-05 18:16 millert - - * configure.in, aclocal.m4: New method for setting the default - authentication type and avoiding conflicts in auth types. - -2007-09-05 14:45 millert - - * match.c, parse.c, testsudoers.c: Each entry in a cmndlist now has - an associated runaslist so no need to keep track of the most - recent non-NULL one. - -2007-09-04 18:51 millert - - * ldap.c: back out partial ldaps support mistakenly committed - -2007-09-04 10:57 millert - - * ldap.c: Add support for unix groups and netgroups in sudoRunas - -2007-09-03 16:28 millert - - * sudo_edit.c: Fix sudoedit of a non-existent file. From Tilo - Stritzky. - -2007-09-02 17:05 millert - - * configure: regen - -2007-09-02 17:05 millert - - * INSTALL: update --passprompt escape info - -2007-09-02 17:03 millert - - * configure.in: remove now-bogus comment and update copyright date - -2007-09-02 16:35 millert - - * configure.in: Fix up use of with_passwd - -2007-09-02 16:25 millert - - * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh: - Update to autoconf-2.61 andf libtool-1.5.24 - -2007-09-02 16:17 millert - - * Makefile.in: "cmp -s" not just cmp Add @datarootdir@ to quiet - autoconf-2.61 - -2007-09-01 17:39 millert - - * gram.c: regen - -2007-09-01 17:39 millert - - * gram.y: move tags and runaslist propagation to be earlier - -2007-09-01 09:34 millert - - * visudo.c: If -f flag given use the permissions of the original - file as a template - -2007-09-01 08:45 millert - - * gram.y: prevent a double free() when re-initing the parser - -2007-08-31 19:30 millert - - * configure: regen - -2007-08-31 19:30 millert - - * aclocal.m4, alias.c, alloc.c, config.h.in, configure.in, env.c, - ldap.c, list.c, list.h, memrchr.c, parse.c, parse.h, pwutil.c, - redblack.c, redblack.h, snprintf.c, sudo.c, sudo.h, - testsudoers.c, visudo.c, zero_bytes.c, auth/API, auth/afs.c, - auth/bsdauth.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h: - Remove support for compilers that don't support void * - -2007-08-31 19:14 millert - - * gram.c: regen - -2007-08-31 19:13 millert - - * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, - match.c, parse.c, parse.h, testsudoers.c, visudo.c: Move list - manipulation macros to list.h and create C versions of the more - complex ones in list.c. The names have been down-cased so they - appear more like normal functions. - -2007-08-31 17:21 millert - - * Makefile.in: Fix cmp command when regenerating parser. Make - gram.o the first dependency for all programs so gram.h will be - generated before anything that needs it. - -2007-08-31 13:56 millert - - * parse.h, gram.y: Convert NEW_DEFAULT anf NEW_MEMBER into static - functions. - -2007-08-30 21:21 millert - - * match.c, parse.c, testsudoers.c: Use LH_FOREACH_REV when checking - permission and short-circuit on the first non-UNSPEC hit we get - for the command. This means that instead of cycling through the - all the parsed sudoers entries we start at the end and work - backwards and quit after the first positive or negative match. - -2007-08-30 21:13 millert - - * gram.c: regen - -2007-08-30 21:12 millert - - * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c: - Change list head macros to take a pointer, not a struct. - -2007-08-30 20:46 millert - - * gram.c: regen - -2007-08-30 20:46 millert - - * gram.y: Propagate the runasspec from one command to the next in a - cmndspec. - -2007-08-30 16:15 millert - - * match.c: Replace has_meta() with a macro that calls strpbrk(). - -2007-08-30 16:04 millert - - * gram.c: regen - -2007-08-30 13:26 millert - - * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, - testsudoers.c, visudo.c: Use a list head struct when storing the - semi-circular lists and convert to tail queues in the process. - This will allow us to reverse foreach loops more easily and it - makes it clearer which functions expect a list as opposed to a - single member. - - Add macros for manipulating lists. Some of these should become - functions. - - When freeing up a list, just pop off the last item in the queue - instead of going from head to tail. This is simpler since we - don't have to stash a pointer to the next member, we always just - use the last one in the queue until the queue is empty. - - Rename match functions that take a list to have list in the name. - Break cmnd_matches() into cmnd_matches() and cmndlist_matches. - -2007-08-30 13:12 millert - - * parse.c: Fix pasto, append "!" not negated (which is an int) for - sudo -l output. - -2007-08-30 12:45 millert - - * Makefile.in: Remove the dependency of gram .h on gram.y, the .c - dependency is enough. Only move y.tab.h to gram.h if it is - different; avoids needless rebuilding. - -2007-08-27 15:51 millert - - * sudoers.pod: Defaults lines may be associated with lists of - users, hosts, commands and runas users, not just single entries. - -2007-08-26 17:42 millert - - * Makefile.in: Revert the "cmp" portion of the last diff, it - doesn't make sense. - -2007-08-26 17:10 millert - - * Makefile.in: Remove *.lo for clean: When generating the parser, - only move the generated files into place if they differ from the - existing ones. - -2007-08-24 22:47 millert - - * toke.c, toke.l: Replace IPV6 regexp with a much simpler - (readable) one and add an extra check when it matches to make - sure we have a valid address. - -2007-08-24 22:36 millert - - * match.c: Fix thinko introduced when merging IPV6 support. - -2007-08-24 14:23 millert - - * HISTORY, LICENSE: regen - -2007-08-24 14:23 millert - - * license.pod: add 2007 - -2007-08-24 14:19 millert - - * UPGRADE: mention #uid vs. comment pitfall - -2007-08-24 09:50 millert - - * acsite.m4: Merge in a patch from the libtool cvs that fixes a - problem with the latest autoconf. From Stepan Kasal. - -2007-08-23 20:28 millert - - * parse.h: Back out he XOR swap trick, it is slower than a temp - variable on modern CPUs. - -2007-08-23 20:14 millert - - * gram.c: regen - -2007-08-23 20:14 millert - - * gram.y, parse.h: Convert the tail queue to a semi-circle queue - and use the XOR swap trick to swap the prev pointers during - append. - -2007-08-23 15:31 millert - - * parse.h: remove useless statement - -2007-08-23 07:47 millert - - * toke.c, toke.l: Refactor #include parsing into a separate - function and return unparsed chars (such as newline or comment) - back to the lexer. - -2007-08-22 18:56 millert - - * WHATSNEW: mention better uid support - -2007-08-22 18:55 millert - - * sudoers.pod: Users may now consist of a uid. - -2007-08-22 18:39 millert - - * gram.c, gram.h, toke.c: regen - -2007-08-22 18:32 millert - - * parse.c: Use lbuf_append_quoted() for sudo -l output to quote - characters that would require quoting in sudoers. - -2007-08-22 18:31 millert - - * lbuf.c, lbuf.h: Add lbuf_append_quoted() which takes a set of - characters which should be quoted with a backslash when - displayed. - -2007-08-22 18:28 millert - - * toke.l: Require that the first character after a comment not be a - digit or a dash. This allows us to remove the GOTRUNAS state and - treat uid/gids similar to other words. It also means that we can - now specify uids in User_Lists and a User_Spec may now contain a - uid. - -2007-08-22 18:23 millert - - * gram.y, toke.l: Replace RUNAS token with '(' and ')' tokens to - make the runas portion of the grammar more natural. - -2007-08-22 06:35 millert - - * Makefile.in, README, BUGS: The BUGS file is history - -2007-08-21 09:19 millert - - * toke.c, toke.l: Allow comments after a RunasAlias as long as the - character after the pound sign isn't a digit or a dash. - -2007-08-20 20:43 millert - - * WHATSNEW: Glob support was back-ported to 1.6.9 - -2007-08-20 19:59 millert - - * Makefile.in: remove sudo_usage.h in distclean - -2007-08-20 19:24 millert - - * parse.c: If a Defaults value contains a blank, double-quote the - string. - -2007-08-20 19:19 millert - - * toke.c, toke.l: Properly deal with Defaults double-quoted strings - that span multiple lines using the line continuation char. - Previously, the entire thing, including the continuation char, - newline, and spaces was stored as-is. - -2007-08-20 10:46 millert - - * sudo.c: Be consistent when using single quotes and backticks. - -2007-08-19 16:48 millert - - * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c, - sudo.c, sudo_usage.h.in: Add new linebuf code to do appends of - dynamically allocated strings and word-wrapped output. Currently - used for sudo's usage() and sudo -l output. Sudo usage strings - are now in sudo_usage.h which is generated at configure time. - -2007-08-18 08:22 millert - - * sudo.h, parse.c, sudo.c: Fix line wrapping in usage() and use the - actual tty width instead of assuming 80. - -2007-08-17 18:32 millert - - * history.pod: some more info - -2007-08-17 17:28 millert - - * history.pod: Mentioned Chris Jepeway's parser and also the new - one that is in sudo 1.7. - -2007-08-16 09:38 millert - - * sudo.pod, visudo.pod: For the options list, add flag args where - appropriate and increase the indent level so there is room for - them. - -2007-08-15 13:49 millert - - * parse.c: Fix some spacing in "sudo -l" and add a comment about - some bogosity in the line wrapping. - -2007-08-15 11:21 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, - visudo.man.in, visudo.cat: regen - -2007-08-15 11:20 millert - - * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in, - def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, - parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod, - testsudoers.c, toke.c, toke.l: Remove monitor support until there - is a versino of systrace that uses a lookaside buffer (or we have - a better mechanism to use). - -2007-08-15 09:22 millert - - * configure.in, configure, config.h.in, sudo.c: use getaddrinfo() - instead of gethostbyname() if it is available - -2007-08-14 15:27 millert - - * parse.c, sudo.c: Deal with OSes where sizeof(gid_t) < - sizeof(int). - -2007-08-14 11:19 millert - - * interfaces.c: repair non-getifaddrs() code after ipv6 integration - -2007-08-14 10:04 millert - - * sudo.c: If we can open sudoers but fail to read the first byte, - close the file stream before trying again. - -2007-08-13 12:34 millert - - * gram.c, toke.c: regen - -2007-08-13 12:29 millert - - * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l: - Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki - -2007-08-13 12:23 millert - - * sudo.pod, sudoers.pod, visudo.pod: Add some missing markup Update - copyright - -2007-08-12 18:55 millert - - * configure, configure.in: fix sudo_noexec extension which got - broken in the libtool update - -2007-08-10 10:41 millert - - * Makefile.in: explicitly specify -Tascii to nroff - -2007-08-08 16:07 millert - - * logging.c: remove an ANSI-ism that crept in - -2007-08-06 20:37 millert - - * sudo.pod: Adjust list indents Prevent -- from being turned into - an em dash Use a list for the environment instead of a literal - paragraph - -2007-08-06 20:36 millert - - * visudo.pod: Use a list for the environment instead of an indented - literal paragraph. - -2007-08-06 20:33 millert - - * sudoers.pod: Adjust list indentation - -2007-08-06 20:31 millert - - * license.pod: add =head3 - -2007-08-06 10:24 millert - - * sudo.pod: mention that when specifying a uid for the -u option - the shell may require that the # be escaped - -2007-08-01 22:08 millert - - * match.c: Fix off by one in group matching. - -2007-07-31 14:04 millert - - * env.c: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From - David Krause. - -2007-07-30 10:45 millert - - * configure, configure.in: Add missing define of - HAVE_GSS_KRB5_CCACHE_NAME for the -lgssapi_krb5 case. - -2007-07-30 09:29 millert - - * aclocal.m4, configure.in, configure: Fix link tests such that new - gcc doesn't optimize away the test. - -2007-07-29 19:21 millert - - * sudo.pod, sudoers.pod, visudo.pod: add missing over/back - -2007-07-29 19:09 millert - - * sudo.pod, sudoers.pod, visudo.pod: Change FILES section to use - =item - -2007-07-29 18:32 millert - - * env.c: Add back allocation of the env struct in rebuild_env but - save a copy of the old pointer and free it before returning. - -2007-07-29 16:09 millert - - * env.c: Don't init the private environment in rebuild_env() since - it may have already been done implicitly - sudo_setenv/sudo_unsetenv. - - Multiply length by sizeof(char *) in memcpy/memmove when copying - the environment so we copy the full thing. - - Add missing set of parens so we deref the right pointer in - sudo_unsetenv when searching for a matching variable. - -2007-07-26 16:35 millert - - * sudo.pod, sudoers.pod, visudo.pod: Use file markup for paths in - the FILES section - -2007-07-26 10:04 millert - - * sudo.pod, sudoers.pod, visudo.pod: Don't capitalize sudo/visudo - -2007-07-26 07:28 millert - - * sudoers.pod: Sort sudoers options; based on a diff from Igor - Sobrado. - -2007-07-25 16:19 millert - - * sudo.pod, sudoers.pod, visudo.pod: Use 8 and 5 instead of - @mansectsu@ and @mansectform@ since the latter confuses pod2man. - The Makefile rules for the .man.in file will add @mansectsu@ and - @mansectform@ back in after pod2man is done anyway. - -2007-07-22 19:09 millert - - * LICENSE, Makefile.in, license.pod: Move license info to pod - format - -2007-07-22 18:43 millert - - * configure, configure.in, sudoers.pod: Substitute value of - path_info into sudoers man page. - -2007-07-22 16:40 millert - - * WHATSNEW: remove features that were back-ported to 1.6.9 - -2007-07-22 15:20 millert - - * sudo.c, sudo.pod, visudo.c, visudo.pod: Sort SYNOPSIS and sync - usage. From Igor Sobrado. - -2007-07-22 15:19 millert - - * env.c: Only need sudo_setenv/sudo_unsetenv if we are going to use - ldap_sasl_interactive_bind_s() but don't have - gss_krb5_ccache_name(). - -2007-07-22 08:23 millert - - * ChangeLog: rebuild without branch info - -2007-07-22 08:23 millert - - * Makefile.in: Add ChangeLog target - -2007-07-22 08:14 millert - - * auth/pam.c: Run cleanup code if the user hits ^C at the password - prompt. - -2007-07-22 08:13 millert - - * auth/pam.c: Some versions of pam_lastlog have a bug that will - cause a crash if PAM_TTY is not set so if there is no tty, set - PAM_TTY to the empty string. - -2007-07-20 09:32 millert - - * Makefile.in: ChageLog not Changelog - -2007-07-20 09:31 millert - - * ChangeLog: sync - -2007-07-20 09:29 millert - - * Makefile.in: CHANGE -> Changelog - -2007-07-19 20:23 millert - - * TODO: sync - -2007-07-19 19:53 millert - - * config.h.in, configure.in, configure, ldap.c: Add configure hooks - for gss_krb5_ccache_name() and the gssapi headers. - -2007-07-18 12:57 millert - - * env.c, sudo.c: rebuild_env() and insert_env_vars() no longer - return environment pointer, they set environ directly. - - No longer need to pass around an envp pointer since we just - operate on environ now. - - Add dosync argument to insert_env() that indicates whether it - should reset environ when realloc()ing env.envp. - - Use an initial size of 128 for the environment. - -2007-07-18 12:41 millert - - * env.c: Split sudo_setenv() into an external version and a version - only for use by rebuild_env(). - -2007-07-16 19:40 millert - - * ldap.c: Add support for using gss_krb5_ccache_name() instead of - setting KRB5CCNAME. Also use sudo_unsetenv() in the - non-gss_krb5_ccache_name() case if there was no KRB5CCNAME in the - original environment. TODO: configure setup for - gss_krb5_ccache_name() - -2007-07-16 18:44 millert - - * README.LDAP: add krb5_ccname - -2007-07-16 18:44 millert - - * README.LDAP, ldap.c: Add support for sasl_secprops in ldap.conf - -2007-07-16 18:39 millert - - * env.c, sudo.h: Add sudo_unsetenv() and refactor private env - syncing code into sync_env(). - -2007-07-16 07:27 millert - - * README.LDAP, ldap.c: The ldap.conf variable is sasl_auth_id not - sasl_authid. - -2007-07-15 15:44 millert - - * ldap.c, sudo.c, sudo.h: Add support for krb5_ccname in ldap.conf. - If specified, it will override the default value of KRB5CCNAME - in the environment for the duration of the call to - ldap_sasl_interactive_bind_s(). - -2007-07-15 15:41 millert - - * env.c, sudo.h: Remove format_env() Add sudo_setenv() to replace - most format_env() + insert_env() combinations. insert_env() no - longer takes a struct environment * - -2007-07-15 12:47 millert - - * ldap.c: Fix use_sasl vs. rootuse_sasl logic. - -2007-07-15 09:23 millert - - * README.LDAP, config.h.in, configure, configure.in, ldap.c: Add - support for SASL auth when connecting to an LDAP server. Adapted - from a diff by Tom McLaughlin. - -2007-07-14 16:32 millert - - * configure, configure.in: Only enable AIX or BSD auth if no other - exclusive auth method has been chosen. Allows people to e.g., - use PAM on AIX without adding --without-aixauth. A better - solution is needed to deal with default authentication since if a - non-exclusive method is chosen we will still get an error. - -2007-07-11 11:23 millert - - * HISTORY, Makefile.in, history.pod: Generate HISTORY from - history.pod (which is also used for web pages) - -2007-07-09 19:40 millert - - * sudo.man.in, sudoers.man.in: regen - -2007-07-09 19:25 millert - - * sudo.pod: Better explanation of environment handling in the sudo - man page. - -2007-07-09 15:13 millert - - * env.c, sudo.c: Defer setting user-specified env vars until after - authentication. - -2007-07-09 13:25 millert - - * env.c: honor def_default_path for PATH set on the command line - -2007-07-09 13:22 millert - - * sudo.c, env.c, sudo.pod, sudoers.pod: Allow user to set - environment variables on the command line as long as they are - allowed by env_keep and env_check. Ie: apply the same - restrictions as normal environment variables. TODO: deal with - secure_path - -2007-07-08 14:44 millert - - * sudo.c, sudo_edit.c: Call rebuild_env() in call cases. Pass - original envp to sudo_edit(). Don't allow -E or env var setting - in sudoedit mode. More accurate usage() when called as sudoedit. - -2007-07-08 14:41 millert - - * ldap.c: warn -> warning - -2007-07-08 14:11 millert - - * sudo.pod: add -c option to sudoedit synopsis - -2007-07-08 10:27 millert - - * TODO: udpate to reality - -2007-07-08 09:43 millert - - * parse.c: Use ALLOW/DENY instead of TRUE/FALSE when dealing with - the return value from {user,host,runas,cmnd}_matches(). Rename - *matches variables -> *match. Purely cosmetic. - -2007-07-08 09:30 millert - - * parse.c: Move setting of FLAG_NO_CHECK into the if(pwflag) block. - No change in behavior. - -2007-07-08 09:17 millert - - * sudoers: add SETENV tag - -2007-07-06 15:51 millert - - * parse.c: Make pwcheck local to the pwflag block. Use pwcheck - even if user didn't match since Defaults options may still apply. - -2007-07-06 14:51 millert - - * check.c, sudo.c: Do not update timestamp if user not validated by - sudoers. - -2007-07-06 10:14 millert - - * set_perms.c: for PERM_RUNAS, set the egid to the runas user's gid - and restore to the user's original in PERM_ROOT - -2007-07-06 10:04 millert - - * logging.c, mon_systrace.c, set_perms.c, sudo.h: PERM_FULL_ROOT is - now no different than PERM_ROOT so remove PERM_FULL_ROOT - -2007-07-06 09:49 millert - - * check.c: don't check timestamp mtime if we are just going to - remove it - -2007-07-06 09:33 millert - - * sudoers.pod: Move sudoers defaults parameters into their own - section. - -2007-07-05 20:21 millert - - * testsudoers.c: Reduce a level of indent by a few placed continue - statements. - -2007-07-05 20:20 millert - - * parse.c: Make matching but negated commands/hosts/runas entries - override a previous match as expected. Also reduce some levels - of indent by a few placed continue statements. - -2007-07-05 16:34 millert - - * parse.c: Print default runas in "sudo -l" if sudoers don't - specify one. - -2007-07-05 15:46 millert - - * match.c: Less hacky way of testing whether the domain was set. - -2007-07-04 15:50 millert - - * INSTALL: Mention pam-devel and openldap-devel for Linux - -2007-07-03 19:38 millert - - * README.LDAP: or vs. are - -2007-07-01 16:55 millert - - * sudo.c: fix typo in Solaris project support - -2007-07-01 09:40 millert - - * HISTORY: update - -2007-07-01 09:07 millert - - * sudo.c: Make -- on the command line match the manual page. The - implied shell case has been simplified as a result. - -2007-06-28 10:44 millert - - * sudoers2ldif: add simplistic support for sudoRunas; note that if - a sudoers entry contains multiple Runas users, all will apply to - the sudoRole - -2007-06-28 10:42 millert - - * sudoers2ldif: honor SETENV and NOSETENV tags - -2007-06-24 09:25 millert - - * mon_systrace.c: Redo setting of user_args. We now build up a - private copy of argv first and then replace the NULs with spaces. - -2007-06-24 09:19 millert - - * mon_systrace.c: getcwd() returns NULL on failure, not 0 on - success - -2007-06-24 07:39 millert - - * mon_systrace.c: allow chunksiz to reach 1 before erroring out - -2007-06-23 20:00 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2007-06-23 19:58 millert - - * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, - gram.y, logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, - sudoers.pod, toke.c, toke.l: Add support for setting environment - variables on the command line. This is only allowed if the - setenv sudoers options is enabled or if the command is prefixed - with the SETENV tag. - -2007-06-23 19:57 millert - - * README.LDAP: replace Aaron's email address with the sudo-workers - list - -2007-06-23 19:55 millert - - * configure: regen - -2007-06-21 20:35 millert - - * Makefile.in, README.LDAP, schema.OpenLDAP, schema.iPlanet: Break - schema out into separate files. - -2007-06-21 18:28 millert - - * auth/aix_auth.c: free message if set by authenticate() - -2007-06-21 13:03 millert - - * match.c: deal with NULL gr_mem - -2007-06-20 15:04 millert - - * config.h.in: regen - -2007-06-20 15:04 millert - - * configure.in: add template for HAVE_PROJECT_H - -2007-06-20 07:06 millert - - * closefrom.c: include fcntl.h - -2007-06-19 19:37 millert - - * INSTALL: mention --with-project - -2007-06-19 18:24 millert - - * config.h.in, configure.in, sudo.c: Add Solaris 10 "project" - support. From Michael Brantley. - -2007-06-19 17:27 millert - - * sudoers.pod: fix typo - -2007-06-19 17:22 millert - - * configure: regen - -2007-06-19 17:21 millert - - * configure.in: Fix preservation of LDFLAGS in the LDAP case. - -2007-06-19 17:00 millert - - * memrchr.c: Remove dependecy on NULL - -2007-06-19 15:37 millert - - * configure: regen - -2007-06-19 15:37 millert - - * aclocal.m4, configure.in: Can't use the regular autoconf - fnmatch() check since we need FNM_CASEFOLD so go back to our - custom one. - -2007-06-19 12:52 millert - - * env.c: Fix preserving of variables in env_keep. - -2007-06-19 07:10 millert - - * env.c: add XAUTHORIZATION - -2007-06-18 20:41 millert - - * UPGRADE: expand upon env resetting and mention that it began in - 1.6.9 not 1.7. - -2007-06-18 20:33 millert - - * sudoers.pod: Update descriptions of env_keep and env_check to - match current reality. - -2007-06-18 17:33 millert - - * env.c: Add LINGUAS to initial_checkenv_table. Add COLORS, - HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to - intial_keepenv_table. - -2007-06-18 17:23 millert - - * env.c, logging.c: Treat USERNAME environemnt variable like - LOGNAME/USER - -2007-06-18 17:21 millert - - * env.c: Don't need to populate keepenv table with the contents of - the checkenv table. - -2007-06-18 08:57 millert - - * sudo.c: Don't force sudo into the C locale. - -2007-06-18 08:56 millert - - * env.c: Make env_check apply when env_reset it true. Environment - variables are passed through unless they contain '/' or '%'. - There is no need to have a variable in both env_check and - env_keep. - -2007-06-16 07:31 millert - - * visudo.c: Remove an duplicate lock_file() call and add a comment. - -2007-06-15 21:16 millert - - * UPGRADE: Add sudo 1.6.9 upgrade note. - -2007-06-14 12:23 millert - - * interfaces.c: Solaris will return EINVAL if the buffer used in - SIOCGIFCONF is too small. From Klaus Wagner. - -2007-06-14 12:03 millert - - * Makefile.in, config.h.in, configure, configure.in, memrchr.c, - logging.c, sudo.h: Redo the long syslog line splitting based on a - patch from Eygene Ryabinkin. Include memrchr() for systems - without it. - -2007-06-14 07:09 millert - - * configure.in: Since we need to be able to convert timespec to - timeval for utimes() the last 3 digits in the tv_nsec are not - significant. This makes the sudoedit file date comparison work - again. - -2007-06-13 13:41 millert - - * aclocal.m4, configure, configure.in: Add SUDO_ADD_AUTH macro to - deal with adding things to AUTH_OBJS. This deals with exclusive - authentication methods in a simple way. - -2007-06-12 13:08 millert - - * LICENSE: mkstemp.c is BSD code too. - -2007-06-12 09:21 millert - - * sudo.pod, sudoers.pod, visudo.pod: No commercial support for now. - -2007-06-11 18:27 millert - - * sudo.c: cleanenv() is no more. - -2007-06-10 18:37 millert - - * ChangeLog: Display branch info in Changelog - -2007-06-10 18:18 millert - - * utimes.c: Include config.h early so we have it for - TIME_WITH_SYS_TIME - -2007-06-10 18:00 millert - - * ChangeLog: Fix Changelog generation and update. - -2007-06-09 07:26 millert - - * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd - - Move old-style fd closing into closefrom_fallback() and call that - if /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails - -2007-06-09 07:24 millert - - * config.h.in, configure.in, auth/kerb5.c: o use - krb5_verify_user() if available instead of doing it by hand - o use krb5_init_secure_context() if we have it - o pass an encryption type of 0 to krb5_kt_read_service_key() - instead of - ENCTYPE_DES_CBC_MD5 to let kerberos choose. - -2007-06-09 07:20 millert - - * env.c: Check TERM and COLORTERM for '%' and '/' characters. From - Debian. - -2007-06-09 07:17 millert - - * configure.in: Fix closefrom() substitution in the Makefile - -2007-06-09 07:15 millert - - * TROUBLESHOOTING: Mention alternate sudo pronunciation. - -2007-06-07 07:52 millert - - * env.c: Remove KRB5_KTNAME from environment. Allow COLORTERM. - -2007-06-07 07:22 millert - - * auth/kerb5.c: If we cannot get a valid service key using the - default keytab it is a fatal error. Fixes a bug where sudo could - be tricked into allowing access when it should not by a fake KDC. - From Thor Lancelot Simon. - -2007-05-12 08:56 millert - - * aclocal.m4, configure, configure.in: Update long long checks to - use AC_CHECK_TYPES and to cache values. - -2007-05-12 08:07 millert - - * aclocal.m4, configure.in: Use AC_FUNC_FNMATCH instead of a - homebrew fnmatch checker. We can't use AC_REPLACE_FNMATCH since - that assumes replacing with GNU fnmatch. - -2007-05-11 17:05 millert - - * configure, configure.in: Add closefrom() to LIB_OBJS not - SUDO_OBJS if it is missing since we need it for visudo now too. - -2007-04-24 14:44 millert - - * sudoers.pod: Attempt to clarify the bit talking about network - numbers w/o netmasks. - -2007-04-24 14:25 millert - - * sudo.pod: Clarify timestamp dir ownership sentence. - -2007-04-20 12:40 millert - - * auth/pam.c: Linux PAM now defines __LINUX_PAM__, not - __LIBPAM_VERSION. From Dmitry V. Levin. - -2007-04-16 12:13 millert - - * sudo.c: -i is also one of the mutually exclusive options to list - it in the warning message. Noted by Chris Pepper. - -2007-04-12 11:18 millert - - * visudo.pod: The sudoers variable is env_editor, not enveditor. - From Jean-Francois Saucier. - -2007-03-29 13:30 millert - - * redblack.c: I tracked down the original author so credit him and - include his license info. - -2007-02-06 13:25 millert - - * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, - sudoers.pod: Fix typos; from Jason McIntyre. - -2007-02-06 13:23 millert - - * logging.c: Restore signal mask before calling reapchild(). Fixes - a possible race condition that could prevent sudo from properly - waiting for the child. - -2007-01-31 10:02 millert - - * pwutil.c: Don't declare pw_free() if we are not going to use it. - -2007-01-31 10:00 millert - - * env.c: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD - and LDR_PRELOAD64. The 64-bit version is not currently - supported. Remove zero_env() prototype as it no longer exists. - -2006-12-11 13:21 millert - - * logging.c: Add "Auto-Submitted: auto-generated" line to sudo mail - for rfc 3834. - -2006-09-29 10:53 millert - - * auth/pam.c: If the user enters ^C at the password prompt, abort - instead of trying to authenticate with an empty password (which - causes an annoying delay). - -2006-08-17 11:26 millert - - * closefrom.c, config.h.in, configure, configure.in: Add fcntl - F_CLOSEM support to closefrom(); adapted from a diff by Darren - Tucker. - -2006-08-17 11:25 millert - - * pwutil.c: pw_free() is only used by sudo_freepwcache() so ifdef - it out too. - -2006-08-04 11:34 millert - - * config.sub, config.guess: Update to latest versions from - cvs.savannah.gnu.org - -2006-07-31 13:51 millert - - * pwutil.c, sudo_edit.c: Move password/group cache cleaning out of - sudo_end{pw,grp}ent() so we can close the passwd/group files - early. - -2006-07-31 13:50 millert - - * config.h.in, configure, configure.in, set_perms.c: Add seteuid() - flavor of set_perms() for systems without setreuid() or - setresuid() that have a working seteuid(). Tested on Darwin. - -2006-07-30 15:56 millert - - * mon_systrace.c: systrace_read() returns ssize_t - -2006-07-30 15:53 millert - - * configure, configure.in: Fix typo, -lldap vs. -ldap; from Tim - Knox. - -2006-07-28 13:12 millert - - * HISTORY: Fix typo; Matt Ackeret - -2006-07-17 08:25 millert - - * sudo.c: Print sudoers path in -V mode for root. - -2006-06-15 14:44 millert - - * ldap.c: Do a sub tree search instead of a base search (one level - in the tree only) for sudo right objects. This allows system - administrators to categorize the rights in a tree to make them - easier to manage. - -2005-12-28 13:52 millert - - * sudo.pod: fix typo - -2005-12-04 12:16 millert - - * ldap.c: Convert GET_OPT and GET_OPTI to use just 2 args. Add - timelimit and bind_timelimit support; adapted from gentoo. - -2005-11-23 18:57 millert - - * ldap.c: Support comments that start in the middle of a line - -2005-11-23 18:56 millert - - * configure.in, configure: Define LDAP_DEPRECATED until we start - using ldap_get_values_len() - -2005-11-18 09:55 millert - - * closefrom.c: Silence gcc -Wsign-compare; djm@openbsd.org - -2005-11-17 20:39 millert - - * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: cleanup() now - takes an int as an arg so it can be used as a signal handler too. - -2005-11-17 20:38 millert - - * sudo.c: Make a copy of the shell field in the passwd struct for - NewArgv to avoid a use after free situation after sudo_endpwent() - is called. - -2005-11-16 20:36 millert - - * Makefile.in, mkstemp.c, config.h.in, configure, configure.in: Add - mkstemp() for those poor souls without it. - -2005-11-15 09:25 millert - - * env.c: Add PERL5DB to list of environment variables to remove. - -2005-11-13 15:49 millert - - * mon_systrace.c, mon_systrace.h: Instead of calling the check - function twice with a state cookie use separate check/log - functions. - - Check more ioctl() calls for failure. - - systrace_{read,write} now return the number of bytes read/written - or -1 on error. - -2005-11-13 14:51 millert - - * env.c: Add more environment variables to remove; from gentoo - linux Add some comments about what bad env variables go to what - (more to do) - -2005-11-11 17:23 millert - - * sudo.c, sudo_edit.c: Move sudo_end{gr,pw}ent() until just before - the exec since they free up our cached copy of the passwd - structs, including sudo_user and sudo_runas. Fixes a - use-after-free bug. - -2005-11-11 17:19 millert - - * visudo.c: Close all fd's before executing editor. - -2005-11-11 17:17 millert - - * sudo.c: Enable malloc debugging on OpenBSD when SUDO_DEVEL is - set. - -2005-11-11 11:22 millert - - * check.c: Fix fd leak when lecture file option is enabled. From - Jerry Brown - -2005-11-07 11:02 millert - - * env.c: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of - environment variables to remove. From Charles Morris - -2005-11-01 13:24 millert - - * env.c: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 - -2005-10-27 20:35 millert - - * env.c: add PS4 and SHELLOPTS to initial_badenv_table for bash - -2005-08-14 20:32 millert - - * sudoers.pod: Fix typo; Toby Peterson - -2005-08-02 09:57 millert - - * tsgetgrpw.c: Make return buffers static so they don't get - clobbered - -2005-07-27 21:14 millert - - * auth/securid5.c: Fix securid5 authentication, was not checking - for ACM_OK. Also add default cases for the two switch()es. - Problem noted by ccon at worldbank - -2005-06-26 20:10 millert - - * ldap.c: Remove ncat() in favor of just counting bytes and - pre-allocating what is needed. - -2005-06-26 19:44 millert - - * ldap.c: Fix up some comments Add missing fclose() for the - rootbinddn case - -2005-06-26 19:38 millert - - * ldap.c: align struct ldap_config - -2005-06-26 19:37 millert - - * ldap.c: use LINE_MAX for max conf file line size - -2005-06-26 18:36 millert - - * pathnames.h.in: add _PATH_LDAP_SECRET - -2005-06-26 18:36 millert - - * README.LDAP: Mention rootbinddn Give example ou=SUDOers container - -2005-06-25 18:03 millert - - * configure, INSTALL, configure.in, ldap.c: Support rootbinddn in - ldap.conf - -2005-06-25 17:46 millert - - * env.c, sudo.pod, sudoers.pod: Preserve DISPLAY environment - variable by default. - -2005-06-25 16:39 millert - - * acsite.m4, configure: set need_lib_prefix=no for all cases; this - is safe for LD_PRELOAD - -2005-06-25 16:15 millert - - * acsite.m4, configure: set need_version=no for all cases; this is - safe for LD_PRELOAD - -2005-06-25 14:45 millert - - * aclocal.m4: typo - -2005-06-25 14:33 millert - - * configure, configure.in: Add dragonfly - -2005-06-25 14:29 millert - - * auth/pam.c: Fix call to pam_end() when pam_open_session() fails. - -2005-06-25 14:21 millert - - * configure: regen - -2005-06-25 14:20 millert - - * acsite.m4: rebuild acsite.m4 from libtool 1.9f libtool.m4 - ltoptions.m4 ltsugar.m4 ltversion.m4 - -2005-06-25 14:08 millert - - * config.guess, config.sub, ltmain.sh: merge in local changes: - config.guess: o better openbsd support config.sub: o hiuxmpp - support ltmain.sh o remove requirement that libs must begin with - "lib" o don't print a bunch of crap about library installs o - don't run ldconfig - -2005-06-25 14:05 millert - - * config.guess, config.sub, ltmain.sh: libtool 1.9f - -2005-06-25 14:04 millert - - * configure.in: Update with autoupdate and make minor changes for - libtool 1.9f - -2005-06-22 23:19 millert - - * parse.c: don't call sudo_ldap_display_cmnd if ldap not setup - -2005-06-22 23:04 millert - - * check.c, compat.h, fileops.c, gettime.c, sudo_edit.c, visudo.c, - emul/timespec.h: Move declatation of struct timespec to its own - include files for systems without it since it needs time_t - defined. - -2005-06-22 22:57 millert - - * ldap.c: Don't set safe_cmnd for the "sudo ALL" case. - -2005-05-27 01:59 millert - - * auth/pam.c: Call pam_open_session() and pam_close_session() to - give pam_limits a chance to run. Idea from Karel Zak. - -2005-04-24 19:24 millert - - * check.c, sudo.c: Add explicit cast from mode_t -> u_int in printf - to silence warnings on Solaris - -2005-04-24 19:22 millert - - * parse.c: include grp.h to silence a warning on Solaris - -2005-04-23 15:10 millert - - * parse.c: Fix printing of += and -= defaults. - -2005-04-17 01:21 millert - - * mon_systrace.c: Sanity check number of syscall args with argsize. - Not really needed but a little paranoia never hurts. - -2005-04-17 01:18 millert - - * mon_systrace.c, mon_systrace.h: Don't do pointer arithmetic on - void * Use int, not size_t/ssize_t for systrace lengths (since it - uses int) - -2005-04-16 03:14 millert - - * mon_systrace.c: Add some memsets for paranoia Fix namespace - collsion w/ error Check rval of decode_args() and update_env() - Remove improper setting of validated variable - -2005-04-11 21:37 millert - - * parse.c, sudo.c, sudo.h: In -l mode, only check local sudoers - file if def_ignore_sudoers is not set and call LDAP versions from - display_privs() and display_cmnd() instead of directly from - main(). Because of this we need to defer closing the ldap - connection until after -l processing has ocurred and we must pass - in the ldap pointer to display_privs() and display_cmnd(). - -2005-04-11 21:33 millert - - * ldap.c: Reorganize LDAP code to better match normal sudoers - parsing. Instead of storing strings for later printing in -l - mode we do another query since the authenticating user and the - user being listed may not be the same (the new -U flag). Also - add support for "sudo -l command". - - There is still a fair bit if duplicated code that can probably be - refactored. - -2005-04-11 00:37 millert - - * ldap.c: Replace pass variable with do_netgr for better - readability. - -2005-04-10 23:49 millert - - * ldap.c: use DPRINTF macro - -2005-04-10 23:18 millert - - * ldap.c: estrdup, not strdup - -2005-04-10 17:44 millert - - * parse.c: Add macro to test if the tag changed to improve - readability. - -2005-04-10 17:40 millert - - * parse.c: Avoid printing defaults header if there are no defaults - to print... - -2005-04-10 15:29 millert - - * glob.c: Fix a warning on systems without strlcpy(). - -2005-04-10 13:32 millert - - * pwutil.c: Use macros where possible for sudo_grdup() like - sudo_pwdup(). - -2005-04-08 17:04 millert - - * utimes.c: It is possible for tv_usec to hold >= 1000000 usecs so - add in tv_usec / 1000000. - -2005-03-29 23:38 millert - - * auth/kerb5.c: The component in krb5_principal_get_comp_string() - should be 1, not 0 for Heimdal. From Alex Plotnick. - -2005-03-29 09:29 millert - - * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, - gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, - pwutil.c, redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c: - Add efree() for consistency with emalloc() et al. Allows us to - rely on C89 behavior (free(NULL) is valid) even on K&R. - -2005-03-28 22:33 millert - - * parse.c, sudo.c: Move initgroups() for -U option into - display_privs() so group matching in sudoers works correctly. - -2005-03-26 21:34 millert - - * ldap.c: Removed duplicate call to ldap_unbind_s introduced along - with sudo_ldap_close. - -2005-03-26 20:01 millert - - * parse.c: Add missing space in Defaults printing - -2005-03-25 12:36 millert - - * pwutil.c: Sync sudo_pwdup with OpenBSD changes: use macros for - size computaton and string copies. - -2005-03-18 22:08 millert - - * pwutil.c: Zero old pw_passwd before replacing with version from - shadow file. - -2005-03-18 22:07 millert - - * configure, configure.in: Only attempt shadow password detection - if PAM is not being used Add shadow_* variables to make shadow - password detection more generic. - -2005-03-18 21:46 millert - - * configure.in: Use OSDEFS for os-specific -D_FOO_BAR stuff rather - than CPPFLAGS - -2005-03-12 19:27 millert - - * sudoers.pod: use a non-breaking space to avoid a double space - after e.g. - -2005-03-12 19:26 millert - - * sudo.pod: commna, not colon after e.g. - -2005-03-12 18:43 millert - - * sudo_noexec.c: Add __ variants of the exec functions. GNU libc - at least uses __execve() internally. - -2005-03-12 12:29 millert - - * indent.pro: Match reality a bit more. - -2005-03-12 12:27 millert - - * pwutil.c: Missed piece from rev. 1.6, fix sudo_getpwnam() too. - -2005-03-11 23:42 millert - - * pwutil.c: Store shadow password after making a local copy of - struct passwd in case normal and shadow routines use the same - internal buffer in libc. - -2005-03-10 20:57 millert - - * alloc.c, logging.c: Make varargs usage consistent with the rest - of the code. - -2005-03-10 10:09 millert - - * sudo_noexec.c: Wrap more of the exec family since on Linux the - others do not appear to go through the normal execve() path. - -2005-03-10 09:57 millert - - * visudo.c: make print_unused static like proto says - -2005-03-10 09:55 millert - - * glob.c: silence a warning on K&R systems - -2005-03-10 09:51 millert - - * parse.c, alias.c, error.c: make this build in K&R land - -2005-03-07 22:21 millert - - * toke.c: regen - -2005-03-05 22:46 millert - - * ldap.c: return(foo) not return foo optimize _atobool() slightly - -2005-03-05 22:40 millert - - * ldap.c: Use TRUE/FALSE - -2005-03-05 22:31 millert - - * ldap.c: Reformat to match the rest of sudo's code. - -2005-03-05 19:33 millert - - * sudo.pod: I am the primary author - -2005-02-22 22:28 millert - - * README, RUNSON, Makefile.in: The RUNSON file is toast--it - confused too many people and really isn't needed in a - configure-oriented world. - -2005-02-22 22:28 millert - - * INSTALL: alternate -> alternative - -2005-02-22 22:26 millert - - * tgetpass.c: Use TCSADRAIN instead of TCSAFLUSH since some OSes - have issues with TCSAFLUSH. - -2005-02-22 22:16 millert - - * toke.l: Allow leading blanks before Defaults and Foo_Alias - definitions - -2005-02-22 22:14 millert - - * Makefile.in: fix rules to build toke.o and gram.o in devel mode - -2005-02-20 13:00 millert - - * sudoers.pod: env_keep overrides set_logname - -2005-02-20 12:57 millert - - * env.c: Fix disabling set_logname and make env_keep override - set_logname. - -2005-02-20 12:28 millert - - * compat.h, config.h.in, configure, configure.in: No longer need - memmove() - -2005-02-20 11:48 millert - - * env.c, sudo.c: Just clean the environment once. This assumes - that any further setenv/putenv will be able to handle the fact - that we replaced environ with our own malloc'd copy but all the - implementations I've checked do. - -2005-02-15 23:16 millert - - * env.c, sudo.c: In -i mode, base the value of insert_env()'s - dupcheck flag on DID_FOO flags. Move checks for $HOME resetting - into rebuild_env() - -2005-02-13 00:33 millert - - * env.c, sudo.c: Move setting of user_path, user_shell, user_prompt - and prev_user into init_vars() since user_shell at least is - needed there. - -2005-02-12 18:51 millert - - * Makefile.in: fix devel builds - -2005-02-12 18:46 millert - - * check.c, sudo.c: Fix some printf format mismatches on error. - -2005-02-12 18:33 millert - - * configure, gram.c, toke.c: regen - -2005-02-12 17:56 millert - - * LICENSE, Makefile.binary.in, Makefile.in, aclocal.m4, alias.c, - alloc.c, check.c, closefrom.c, compat.h, configure.in, - defaults.c, defaults.h, env.c, error.c, fileops.c, find_path.c, - getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.y, - interfaces.c, interfaces.h, ldap.c, logging.c, logging.h, - match.c, mon_systrace.c, parse.c, redblack.c, redblack.h, - set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, - strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.pod, sudo_edit.c, - sudo_noexec.c, sudoers.pod, testsudoers.c, tgetpass.c, toke.l, - utimes.c, version.h, visudo.c, visudo.pod, zero_bytes.c, - auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, - auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, - emul/utime.h: Update copyright years. - -2005-02-12 16:46 millert - - * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: - version 1.7 - -2005-02-12 16:16 millert - - * WHATSNEW: What's new in sudo 1.7, based on the 1.7 CHANGES - entries. - -2005-02-11 18:06 millert - - * compat.h, logging.h, sudo.h: Add __printflike and use it with gcc - to warn about printf-like format mismatches - -2005-02-10 00:16 millert - - * CHANGES, ChangeLog: Replaced CHANGES file with ChangeLog - generated from cvs logs - -2005-02-10 00:03 millert - - * set_perms.c: Use warning/error instead of perror/fatal. - -2005-02-09 23:13 millert - - * config.guess: Update OpenBSD section - -2005-02-09 23:10 millert - - * UPGRADE: Add upgrading noted for 1.7 - -2005-02-09 23:00 millert - - * env.c, sudo.c, sudoers.pod: Instead of zeroing out the - environment, just prune out entries based on the env_delete and - env_check lists. Base building up the new environment on the - current environment and the variables we removed initially. - -2005-02-09 22:23 millert - - * configure, configure.in, sudo.c, config.h.in: Set locale to "C" - if locales are supported, just to be safe. - -2005-02-09 22:19 millert - - * toke.c, toke.l: Cast argument to ctype functions to unsigned - char. - -2005-02-07 22:56 millert - - * env.c: correct value for DID_USER - -2005-02-07 22:55 millert - - * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: #include - not "compat.h" - -2005-02-07 22:51 millert - - * defaults.c: Reset the environment by default. - -2005-02-07 22:50 millert - - * sudo.c: Alloc an extra slot in NewArgv. Removes the need to - malloc an new vector if execve() fails. - -2005-02-06 23:16 millert - - * INSTALL, config.h.in, configure, configure.in, sudo.c: Use - execve(2) and wrap the command in sh if we get ENOEXEC. - -2005-02-05 23:01 millert - - * sudo_noexec.c: Only include time.h on systems that lack struct - timespec which gets defind in compat.h (using time_t). - -2005-02-05 22:59 millert - - * sudo_noexec.c: Include time.h for time_t in compat.h for systems - w/o struct timespec. - -2005-02-05 22:56 millert - - * configure, compat.h, config.h.in, configure.in: use bcopy on - systems w/o memmove - -2005-02-05 22:31 millert - - * compat.h: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 - so limit its use to gcc >= 2.8. - -2005-02-05 21:21 millert - - * Makefile.in: Add explicit rule to build sudo_noexec.lo - -2005-02-05 17:56 millert - - * INSTALL.configure, Makefile.in: No longer depend on VPATH; - pointed out a bunch of missed dependencies. - -2005-02-05 13:18 millert - - * TROUBLESHOOTING: Help for PAM when account section is missing - -2005-02-05 13:01 millert - - * auth/pam.c: Give user a clue when there is a missing "account" - section in the PAM config. - -2005-02-05 10:22 millert - - * auth/pam.c: Better error handling. - -2005-02-05 09:57 millert - - * configure, config.h.in, configure.in: Move _FOO_SOURCE to - CPPFLAGS so it takes effect as early as possible. Silences a - warning about isblank() on linux. - -2005-02-04 21:49 millert - - * auth/pam.c: Fix typo (missing comma) that caused an incorrect - number of args to be passed to log_error(). - -2005-01-31 23:03 millert - - * pwutil.c: Don't try to destroy a tree we didn't create. - -2005-01-27 10:42 millert - - * alias.c, alloc.c, check.c, closefrom.c, compat.h, defaults.c, - env.c, error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, - getprogname.c, getspwuid.c, gettime.c, goodpath.c, gram.c, - gram.y, interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, - parse.c, pwutil.c, set_perms.c, sigaction.c, snprintf.c, - strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, - sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, - toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Add __unused to - rcsids - -2005-01-21 10:34 millert - - * configure, configure.in: Fix error message when mixing invalid - auth types - -2005-01-21 10:32 millert - - * INSTALL: PAM, AIX auth, BSD auth and login_cap are now on by - default if the OS supports them. - -2005-01-21 10:29 millert - - * config.h.in, auth/sudo_auth.h: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g - -2005-01-21 10:29 millert - - * configure.in: Better checking for conflicting authentication - methods Display the authentication methods used at the end of - configure Rename --with-authenticate -> --with-aixauth Use - --with-aixauth, --with-bsdauth, --with-pam, --with-logincap by - default on systems that support them unless disabled. Add - OSMAJOR variable that replaces old OSREV; now OSREV has full - version number - -2005-01-17 19:40 millert - - * def_data.c, def_data.in, sudo.c, sudoers.pod: s/-O/-C/ - -2005-01-14 13:35 millert - - * configure.in: Replace: test -n "$FOO" || FOO="bar" - - With: : ${FOO='bar'} - -2005-01-09 18:58 millert - - * pwutil.c, testsudoers.c, tsgetgrpw.c: Use function pointers to - only call private passwd/group routines when using a nonstandard - passwd/group file. - -2005-01-06 10:34 millert - - * CHANGES: sync - -2005-01-05 22:16 millert - - * tsgetgrpw.c: Can't use strtok() since it doesn't handle empty - fields so add getpwent()/getgrent() functions and call those. - -2005-01-05 17:29 millert - - * Makefile.in: Fix dummied out toke.c and gram.c dependencies. - -2005-01-05 17:18 millert - - * Makefile.in: Rename PARSESRCS -> GENERATED since it is only used - in the clean target Add devdir variable and use it to specify the - path to parser sources - -2005-01-05 17:17 millert - - * configure: regen - -2005-01-05 17:17 millert - - * configure.in: Add a devdir variables that defaults to $(srcdir) - and is set to . if --devel was specified. Allows for proper - dependecies building the parser. - -2005-01-05 14:50 millert - - * testsudoers.c: Add support for custom passwd/group files. - -2005-01-05 14:47 millert - - * Makefile.in: Build private copy of pwutil.o for testsudoers with - MYPW defined so it uses our own passwd/group routines. - -2005-01-05 14:46 millert - - * visudo.c: Remove sudo_*{pw,gr}* stubs and add - sudo_setspent/sudo_endspent stubs instead. We can now just use - the caching sudo_*{pw,gr}* functions in pwutil.c Add comment - about wanting to call sudo_endpwent/sudo_endgrent in cleanup() - -2005-01-05 14:44 millert - - * tsgetgrpw.c: Remove caching; we will just use what is in pwutil.c - Use global buffers for passwd/group structs Rename functions from - sudo_* to my_* - -2005-01-05 14:43 millert - - * logging.c, sudo.c: g/c pwcache_init/pwcache_destroy - -2005-01-05 14:42 millert - - * sudo.h: Undo last commit and add sudo_setspent and sudo_endspent - instead. - -2005-01-05 14:41 millert - - * getspwuid.c, pwutil.c: Move all but the shadow stuff from - getspwuid.c to pwutil.c and pwcache_get and pwcache_put as they - are no longer needed. Also add preprocessor magic to use private - versions of the passwd and group routines if MYPW is defined (for - use by testsudoers). - -2005-01-04 22:40 millert - - * tsgetgrpw.c: zero out struct passwd/group before filling it in so - if there are fields we don't handle they end up as 0. - -2005-01-04 20:10 millert - - * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: Adapt to - pwutil.c - -2005-01-04 20:09 millert - - * Makefile.in: Add tsgetgrpw.c and pwutil.c Rename the *OBJ - variables for better readability. - -2005-01-04 20:08 millert - - * tsgetgrpw.c: Passwd and group lookup routines for testsudoers - that support alternate passwd and group files. - -2005-01-04 20:07 millert - - * getspwuid.c, pwutil.c: Split off pw/gr cache and dup code into - its own file. This allows visudo and testsudoers to use the - pw/gr cache too. - -2005-01-01 19:31 millert - - * parse.c: Print Defaults info in "sudo -l" output and wrap lines - based on the terminal width. - -2005-01-01 12:41 millert - - * match.c, visudo.c, testsudoers.c: Only check group vector in - usergr_matches() if we are matching the invoking or list user. - Always check the group members, even if there was a group vector. - -2004-12-17 17:24 millert - - * LICENSE, Makefile.in, fnmatch.3: No longer bundle fnmatch.3 - -2004-12-17 13:12 millert - - * CHANGES, TODO: checkpoint - -2004-12-16 14:20 millert - - * sudo.c: sort usage - -2004-12-16 14:20 millert - - * sudo.pod: Sort command line options - -2004-12-16 13:33 millert - - * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, - sudo.c, sudo.pod, sudoers.pod: Add closefrom sudoers option to - start closing at a point other than 3. Add closefrom_override - sudoers option and -C sudo flag to allow the user to specify a - different closefrom starting point. - -2004-12-16 13:25 millert - - * pathnames.h.in: Add _PATH_DEVNULL for those without it. - -2004-12-15 22:55 millert - - * LICENSE: no more UCB strcasecmp - -2004-12-15 22:54 millert - - * strcasecmp.c: replace BSD licensed one with version derived from - pdksh - -2004-12-09 21:07 millert - - * sudo.c: Fix last commit. - -2004-12-09 19:26 millert - - * sudo.c: Make sure stdin, stdout and stderr are open and dup them - to /dev/null if not. - -2004-12-03 13:57 millert - - * ldap.c, mon_systrace.c, sudo.c, sudo.h: add sudo_ldap_close - -2004-12-03 13:52 millert - - * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c: - Use TIME_WITH_SYS_TIME - -2004-12-03 13:48 millert - - * configure, configure.in, config.h.in: Add TIME_WITH_SYS_TIME_H - -2004-12-02 11:18 millert - - * env.c: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE - being set unconditionally on darwin. From Toby Peterson. - -2004-12-02 10:40 millert - - * getspwuid.c: Check rbinsert() return value. In the case of faked - up entries there is usually a negative response cached that we - need to overwrite. - - In pwfree() don't try to zero out a NULL pw_passwd pointer. - -2004-12-02 09:53 millert - - * mon_systrace.c: Use the double fork trick to avoid the monitor - process being waited for by the main program run through sudo. - -2004-11-29 12:52 millert - - * sudo.c: Call initgroups() in -U mode so group matches work - normally. - -2004-11-29 12:34 millert - - * def_data.h, mkdefaults: Don't print a trailing comma for the last - entry in enum def_tupple - -2004-11-28 16:08 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Mention values when - lecture, listpw and verifypw are used in boolean context. - -2004-11-28 16:05 millert - - * def_data.c, def_data.in: verifypw when used in a boolean TRUE - context should be "all", not "any". - -2004-11-26 14:21 millert - - * def_data.in, defaults.c: Allow tuples that can be used as - booleans to be used as boolean TRUE. In this case the 2nd - possible value of the tuple is used for TRUE. - -2004-11-25 12:23 millert - - * configure, configure.in: Correct the test for 2-parameter - timespecsub - -2004-11-25 12:20 millert - - * sudo.h: Add strub struct definitions for passwd, timeval and - timespec - -2004-11-25 12:09 millert - - * configure, configure.in, config.h.in, sudo_edit.c, visudo.c: Add - check for 2-argument form of timespecsub (FreeBSD and BSD/OS) and - fix a typo in the gettimeofday check. - -2004-11-24 16:44 millert - - * match.c, testsudoers.c: Deal with user_stat being NULL as it is - for visudo and testsudoers. - -2004-11-24 16:31 millert - - * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: Add -U - option to use in conjunction with -l instead of -u. Add support - for "sudo -l command" to test a specific command. - -2004-11-24 16:28 millert - - * gram.c, gram.y, sudo.c: Set safe_cmnd after sudoers_lookup() if - it has not been set. Previously it was set by sudo "ALL" in the - parser but at that point the fully-qualified pathname has not yet - been found. - -2004-11-23 18:18 millert - - * parse.c, testsudoers.c: Correctly handle multiple privileges per - userspec and runas inheritence. - -2004-11-21 14:09 millert - - * defaults.c: Zero out sd_un for each entry in sudo_defs_table in - init_defaults. - -2004-11-19 18:04 millert - - * toke.c, toke.l: make per-command defaults work with sudoedit - -2004-11-19 18:00 millert - - * ldap.c, parse.c, sudo.c, sudo.h: Remove the FLAG_NOPASS, - FLAG_NOEXEC and FLAG_MONITOR flags. Instead, we just set the - approriate defaults variable. - -2004-11-19 17:09 millert - - * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: - Document per-command Defaults. - -2004-11-19 16:35 millert - - * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c, - sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: Add support for - command-specific Defaults entries. E.g. - Defaults!/usr/bin/vi noexec - -2004-11-19 15:03 millert - - * defaults.c, match.c, parse.c, parse.h, testsudoers.c: Change an - occurence of user_matches() -> runas_matches() missed previously - runas_matches(), host_matches() and cmnd_matches() only really - need to pass in a list of members. user_matches() still needs to - pass in a passwd struct because of "sudo -l" - -2004-11-19 14:46 millert - - * parse.c: Check def_authenticate, def_noexec and def_monitor when - setting return flags. XXX May be better to just set the defaults - directly and get rid of those flags. - -2004-11-19 13:39 millert - - * alias.c, alloc.c, check.c, closefrom.c, defaults.c, env.c, - error.c, fileops.c, find_path.c, fnmatch.c, getcwd.c, - getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, - gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, - mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c, - strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, - sudo_edit.c, sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, - toke.l, utimes.c, visudo.c, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c: Use: #include - Not: #include "config.h" That way we get the correct - config.h when build dir != src dir - -2004-11-19 13:30 millert - - * Makefile.in: Back out part of rev 1.263; fix -I order - -2004-11-19 13:12 millert - - * toke.c, toke.l: More robust parsing if #include; could be much - better still. - -2004-11-19 12:55 millert - - * sudo_edit.c, visudo.c: Make arg splitting in visudo and sudoedit - consistent. - -2004-11-19 12:35 millert - - * Makefile.in, alias.c, gram.c, gram.y, parse.h: Split alias - routines out into their own file. - -2004-11-19 12:32 millert - - * error.h: __attribute__ is already defined in compat.h - -2004-11-19 12:30 millert - - * visudo.c: quit() should not be __noreturn__ as it is non-void on - some platforms. - -2004-11-19 12:24 millert - - * auth/: fwtk.c, rfc1938.c, securid.c, securid5.c: Add local - error/warning functions like err/warn but that call an additional - cleanup routine in the error case. This means we no longer need - to compile a special version of alloc.o for visudo. - -2004-11-19 11:54 millert - - * parse.h: Clarify comments about the data structures - -2004-11-18 15:28 millert - - * visudo.c: Add support for VISUAL and EDITOR containing command - line args. If env_editor is not set any args in VISUAL and - EDITOR are ignored. Arguments are also now supported in - def_editor. - -2004-11-17 14:25 millert - - * parse.h: alias_matches() is no more - -2004-11-17 14:09 millert - - * CHANGES, TODO: sync - -2004-11-17 13:19 millert - - * Makefile.in: When regenerating the parser, don't replace gram.h - unless it has changed. - -2004-11-17 11:56 millert - - * Makefile.in: remove Makefile.binary for distclean - -2004-11-17 11:18 millert - - * env.c: Preserve KRB5CCNAME in zero_env() and add a paranoia check - to make sure we can't overflow new_env. - -2004-11-17 10:33 millert - - * sudo_edit.c: paranoia when stripping trailing slashes from - tempdir. - -2004-11-16 19:00 millert - - * sudo.c: Set user_ngroups to 0 if getgroups() returns an error. - -2004-11-16 18:59 millert - - * configure, configure.in, config.h.in, sudo.c: Add configure check - for getgroups() - -2004-11-16 18:55 millert - - * ldap.c: Use supplementary group vector in struct sudo_user. - -2004-11-16 18:40 millert - - * match.c: Only do string comparisons on the group members if there - is no supplemental group list. - -2004-11-16 16:10 millert - - * CHANGES, TODO: sync - -2004-11-16 15:54 millert - - * sudo_edit.c: On Digital UNIX _PATH_VAR_TMP doesn't end with a - trailing slash so chop off any trailing slashes we see and add an - explicit one. - -2004-11-16 12:02 millert - - * match.c: remove bogus XXX comment - -2004-11-16 11:10 millert - - * match.c: Get rid of alias_matches and correctly fall through to - the non-alias cases when there is no alias with the specified - name. - -2004-11-16 10:47 millert - - * getspwuid.c: Cache non-existent passwd/group entries too. - -2004-11-16 10:45 millert - - * gram.c: regen - -2004-11-15 23:32 millert - - * getspwuid.c: fix typo - -2004-11-15 23:24 millert - - * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c, - mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c: - Implement group caching and use the passwd and group caches - throughout. - -2004-11-15 14:43 millert - - * match.c: Properly negate the return value of alias_matches() when - appropriate. - -2004-11-15 14:38 millert - - * match.c: Make hostname_matches() return TRUE for a match, else - FALSE like the caller expects. - -2004-11-15 13:24 millert - - * Makefile.in: Add missing dependencies on gram.h - -2004-11-15 13:06 millert - - * match.c: Use runas_matches in alias_matches() now that we have - it. - -2004-11-15 13:00 millert - - * parse.c, parse.h: Expand aliases in "sudo -l" mode - -2004-11-15 12:33 millert - - * gram.y, match.c: Use ALIAS for the member type when storing an - alias instead of HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since - match.c relies on the more generic type. Expand runas_matches - instead of calling user_matches() inside of it since - user_matches() looks up USERALIASes, not RUNASALIASes. - -2004-11-15 12:05 millert - - * CHANGES, getspwuid.c: Paranoia; zero out pw_passwd before freeing - passwd entry. - -2004-11-15 10:53 millert - - * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure, - configure.in, err.c, error.c, error.h, defaults.c, env.c, - find_path.c, interfaces.c, logging.c, mon_systrace.c, sudo.c, - sudo.h, sudo_edit.c, testsudoers.c, visudo.c, emul/err.h: Add - local error/warning functions like err/warn but that call an - additional cleanup routine in the error case. This means we no - longer need to compile a special version of alloc.o for visudo. - -2004-11-15 09:59 millert - - * match.c: Use userpw_matches() to compare usernames, not strcmp(), - since the latter checks for "#uid". - -2004-11-15 09:53 millert - - * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: Cache passwd - db entries in 2 reb-black trees; one indexed by uid, the other by - user name. The data returned from the cache should be considered - read-only and is destroyed by sudo_endpwent(). - -2004-11-15 09:50 millert - - * match.c: add cast to uid_t - -2004-11-15 09:49 millert - - * gram.y: missing free in alias_destroy - -2004-11-15 09:49 millert - - * redblack.c: Can't use rbapply() for rbdestroy since the - destructor is passed a data pointer, not a node pointer. - -2004-11-14 23:06 millert - - * getspwuid.c, logging.c, sudo.c, sudo.h: Create and use private - versions of setpwent() and endpwent() that set/end the shadow - password file too. - -2004-11-14 22:55 millert - - * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, - visudo.c: Store aliases in a red-black tree. - -2004-11-14 22:52 millert - - * Makefile.in, redblack.c, redblack.h: red-black tree - implementation - -2004-11-14 22:37 millert - - * visudo.c: Edit all sudoers file if there were unused or undefined - aliases and we are in strict mode. - -2004-11-12 11:19 millert - - * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c, - find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: - Bring back the "secure_path" Defaults option now that Defaults - take effect before the path is searched. - -2004-11-11 12:22 millert - - * logging.c, parse.c: A user can always list their own entries, - even with -u. Better error message when failing to list another - user's entries. - -2004-11-11 12:12 millert - - * parse.c, sudo.c, sudo.h: The syntax to list another user's - entries is now "-u otheruser -l". Only root or users with sudo - "ALL" may list other user's entries. - -2004-11-11 11:30 millert - - * sudo.cat, sudo.man.in, sudo.pod: Update env variable info in - SECURITY NOTES - -2004-11-11 11:25 millert - - * env.c: strip CDPATH too - -2004-11-11 11:20 millert - - * env.c: strip exported bash functions from the environment. - -2004-10-27 12:16 millert - - * sudo.c: Only reset sudo_user.pw based on SUDO_USER environment - variables for real commands and sudoedit. This avoids a - confusing message when a user tries "sudo -l" or "sudo -v" and is - denied. - -2004-10-27 12:06 millert - - * gram.c, gram.y, parse.h: Extend LIST_APPEND to deal with - appending lists too - -2004-10-26 18:39 millert - - * logging.c: Convert some bitwise AND to ISSET - -2004-10-26 18:29 millert - - * lex.yy.c, toke.c: toke.c replaces lex.yy.c - -2004-10-26 18:29 millert - - * CHANGES, TODO: sync - -2004-10-26 18:28 millert - - * BUGS: new parser fixes most of the outstanding bugs - -2004-10-26 18:27 millert - - * configure: regen - -2004-10-26 18:26 millert - - * visudo.c: Rework for the new parser. Now checks for unused - aliases in sudoers. - -2004-10-26 18:25 millert - - * testsudoers.c: Rewrite for the new parser. Now supports a -d - flag (dump) and adds a -h flag (host). It now defaults to the - local hostname unless otherwise specified. - -2004-10-26 18:23 millert - - * sudo.h: Add new prototypes. Remove NOMATCH/UNSPEC (now in - parse.h) - -2004-10-26 18:22 millert - - * sudo.c: Update for new parse. We now call find_path() *after* we - have updated the global defaults based on sudoers. Also adds - support for listing other user's privs if you are root. - -2004-10-26 18:21 millert - - * mon_systrace.c: Working LDAP support; also remove a now-unneeded - rewind(). - -2004-10-26 18:20 millert - - * logging.c, logging.h: Add NO_STDERR flag. - -2004-10-26 18:19 millert - - * ldap.c: Split sudo_ldap_check() into three pieces: - sudo_ldap_open(), udo_ldap_update_defaults() and - sudo_ldap_check(). This allows us to connecto to LDAP, apply the - default options, find the command in the user's path, and then - check whether the user is allowed to run it. The important thing - here is that the default runas user may be specified as a default - option and that needs to be set before we search for the command. - -2004-10-26 18:17 millert - - * ldap.c: Add casts to unsigned char for isspace() to quiet a gcc - warning. - -2004-10-26 18:16 millert - - * defaults.h: Add prototype for update_defaults() - -2004-10-26 18:16 millert - - * defaults.c: Don't warn about line numbers now that we operate on - a set of data structures (or LDAP) and not a file. - -2004-10-26 18:15 millert - - * config.h.in: No long use lsearch() - -2004-10-26 18:14 millert - - * Makefile.in: Update for new and changed file names. - -2004-10-26 18:14 millert - - * LICENSE: no more BSD lsearch.c - -2004-10-26 18:14 millert - - * match.c: foo_matches() routines now live in match.c Added - user_matches(), runas_matches(), host_matches(), cmnd_matches() - and alias_matches() that operate on the parsed sudoers file. - -2004-10-26 18:12 millert - - * parse.lex, toke.l: Move parse.lex -> toke.l Rename buffer_frob() - -> switch_buffer() WORD no longer needs to exclude '@' kill - yywrap() - -2004-10-26 18:10 millert - - * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.h: - Rewritten parser that converts sudoers into a set of data - structures. This eliminates ordering issues and makes it - possible to apply sudoers Defaults entries before searching for - the command. - -2004-10-26 18:09 millert - - * configure.in, lsearch.c, emul/search.h: We won't be using - lsearch() any longer. - -2004-10-26 18:07 millert - - * ldap.c: sudo should not send mail if someone who runs 'sudo -l' - has no entry. - -2004-10-26 16:09 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2004-10-26 16:09 millert - - * visudo.pod: Update warnings to match new visudo - -2004-10-26 16:08 millert - - * sudoers.pod: The new parser doesn't have the old ordering - constraints. - -2004-10-26 16:08 millert - - * sudo.pod: Document that -l now takes an optional username - argument - -2004-10-25 13:44 millert - - * RUNSON: AIX 5.2.0.0 works - -2004-10-25 13:38 millert - - * ldap.c: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS - instead. Fixes a compilation problem with Solaris 9's native - LDAP. - - Set FLAG_MONITOR when needed. - -2004-10-23 13:32 millert - - * mon_systrace.c: Call sudo_goodpath() *after* changing the cwd to - match the traced process. Fixes relative paths. - -2004-10-21 12:31 millert - - * testsudoers.c: Kill set_perms() stub--it is no longer needed. - -2004-10-13 12:52 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: stay_setuid now - requires set_reuid() or setresuid() - -2004-10-13 12:46 millert - - * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure, - configure.in, set_perms.c, sudo.c, sudo.h: Kill use of POSIX - saved uids; they aren't worth bothering with. - -2004-10-07 16:23 millert - - * glob.c: remove call to issetugid() - -2004-10-07 14:57 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Remove warning about - wildcards. Now that we use glob() the bug is fixed. - -2004-10-07 14:52 millert - - * parse.c: Use glob(3) instead of fnmatch(3) for matching pathnames - and stat each result that matches the basename of the user's - command. This makes "cd /usr/bin ; sudo ./blah" work when - sudoers allows /usr/bin/blah. Fixes bug #143. - -2004-10-07 14:27 millert - - * configure, configure.in, config.h.in: Define HAVE_EXTENDED_GLOB - for extended glob (GLOB_TILDE and GLOB_BRACE) - -2004-10-07 12:59 millert - - * config.h.in, configure, configure.in: Check for a glob() that - supports GLOB_BRACE and GLOB_TILDE - -2004-10-07 12:51 millert - - * LICENSE: reference glob - -2004-10-07 12:50 millert - - * glob.c, emul/glob.h: 4.4BSD glob(3) with fixes from OpenBSD and - some unneeded extensions removed. - -2004-10-05 17:26 millert - - * mon_systrace.c: Just return if STRIOCINJECT or STRIOCREPLACE - fail. It probably means we are out of space in the stack gap... - -2004-10-05 17:20 millert - - * CHANGES: sync - -2004-10-05 16:53 millert - - * mon_systrace.c: Take a stab at ldap sudoers support here. - -2004-10-05 15:13 millert - - * mon_systrace.c, mon_systrace.h: Detach from tracee on SIGHUP, - SIGINT and SIGTERM. Now "sudo reboot" doesn't cause reboot to - inadvertanly kill itself. - -2004-10-05 14:21 millert - - * mon_systrace.c: put "monitor" in the proctitle, not "systrace" - -2004-10-05 14:15 millert - - * mon_systrace.c: When modifying the environment, don't replace - envp when we can get away with just rewriting pointers in the - traced process. - -2004-10-05 13:46 millert - - * mon_systrace.c, mon_systrace.h: Add environment updating via - STRIOCINJECT (if available). - -2004-10-05 10:22 millert - - * sudoers.cat, sudoers.man.in: regen - -2004-10-04 16:15 millert - - * lex.yy.c: regen - -2004-10-04 16:15 millert - - * parse.lex: Fix bug introduced in unput() removal; want yyless(0) - not yyless(1) - -2004-10-04 12:09 millert - - * mon_systrace.c: Include file is now mon_systrace.h - -2004-10-04 12:07 millert - - * Makefile.in, configure, configure.in, def_data.c, def_data.h, - def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, - sudo.c, sudo.h, sudo.tab.h, sudoers.pod: No longer call it - tracing, it is now "monitoring" which should be more a obvious - name to non-hackers. - -2004-10-01 15:06 millert - - * mon_systrace.c, mon_systrace.h: Fix some XXX - -2004-10-01 14:30 millert - - * mon_systrace.c, mon_systrace.h: No need to include syscall.h, use - 1024 as the max # of entries (the max that systrace(4) allows). - - Only need to use SYSTR_POLICY_ASSIGN once - - Change check_syscall() -> find_handler() and have it return the - handler instead of just running it. We need this since handler - now have two parts: one part that generates and answer and - another that gets called after the answer is accepted (to do - logging). - - Add some missing check_exec for emul execv - -2004-10-01 10:58 millert - - * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: Add - $Sudo$ tags. - -2004-10-01 10:47 millert - - * config.h.in: Add missing HAVE_LINUX_SYSTRACE_H - -2004-09-30 20:46 millert - - * Makefile.in: add trace_systrace.o dependency - -2004-09-30 19:00 millert - - * configure, configure.in: Also look for systrace.h in - /usr/include/linux - -2004-09-30 18:27 millert - - * mon_systrace.c, mon_systrace.h: Move all struct defs and - prototypes into trace_systrace.h and mark all but - systace_attach() static. - -2004-09-30 18:14 millert - - * mon_systrace.c, mon_systrace.h: Add support for tracing - emulations. At the moment, all emulations are compiled in. It - might make sense to #ifdef them in the future, though this - impeeds readability. - -2004-09-30 17:07 millert - - * Makefile.in, configure.in, configure: rename systrace.c -> - trace_systrace.c - -2004-09-30 15:58 millert - - * parse.yacc: Allow this to build with a K&R compiler again - -2004-09-30 13:58 millert - - * TODO: sync - -2004-09-30 13:55 millert - - * sudo.c, compat.h, visudo.c: Use __attribute__((__noreturn__)) - -2004-09-30 13:44 millert - - * visudo.c: Exit() takes a negative value to indicate it was not - called via signal. - -2004-09-30 13:25 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2004-09-30 13:22 millert - - * Makefile.in, visudo.c: Define Err() and Errx() that are like - err() and errx() but call Exit() instead of exit(). Build - private copy of alloc.o for visudo that calls Err() and Errx(). - -2004-09-29 15:22 millert - - * lex.yy.c: regen - -2004-09-29 15:22 millert - - * CHANGES: sync - -2004-09-29 14:41 millert - - * visudo.c: Overhaul visudo for editing multiple files: o visudo - has been broken out into functions (more work needed here) o - each file is now edited before sudoers is re-parsed o if a - #include line is added that file will be edited too - - TODO: o cleanup temp files when exiting via err() or errx() o - continue breaking things out into separate functions - -2004-09-29 14:36 millert - - * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: Add keepopen - arg to open_sudoers that open_sudoers can use to indicate to the - caller that the fd should not be closed when it is done with it. - To be used by visudo to keep locked fds from being closed - prematurely (and thus losing the lock). - -2004-09-29 14:33 millert - - * parse.yacc, sudo.c: Add errorfile global that contains the name - of the file that caused the error. - -2004-09-29 14:30 millert - - * parse.lex: return COMMENT to yacc grammar for a #include line - -2004-09-29 14:29 millert - - * parse.lex: Remove us of unput() in favor of yyless() which is - cheaper. - -2004-09-29 14:28 millert - - * parse.yacc: Allow an empty sudoers file. - -2004-09-28 16:50 millert - - * mon_systrace.c: Rewind sudoers_fp now that sudoers_lookup() - doesn't do it for us. - -2004-09-28 14:37 millert - - * lex.yy.c: regen - -2004-09-28 14:36 millert - - * visudo.c: Do signal setup before calling edit_sudoers(). Don't - shadow the "quiet" global. - -2004-09-28 14:33 millert - - * visudo.c: If a sudoers file includes other files, edit those too. - Does not yes deal with creating the new includes files itself. - -2004-09-28 14:31 millert - - * testsudoers.c: init_parser now takes a path - -2004-09-28 14:31 millert - - * parse.c, parse.h, parse.lex, parse.yacc: More scaffolding for - dealing with multiple sudoers files: o init_parser() now takes a - path used to populate the sudoers global o the sudoers global is - used to print the correct file in yyerror() o when switching to - a new sudoers file, perserve old file name and line number - -2004-09-28 14:29 millert - - * Makefile.in, pathnames.h.in: Kill _PATH_SUDOERS_TMP; it is not - meaningful now that we can have multiple sudoers files. - -2004-09-28 13:52 millert - - * parse.c, sudo.c: Rewind sudoers_fp in open_sudoers() instead of - sudoers_lookup() so we start at the right file position when - reading include files. - -2004-09-27 21:04 millert - - * sudoers.pod: document #include - -2004-09-27 20:47 millert - - * lex.yy.c: regen - -2004-09-27 20:47 millert - - * parse.lex: Add max depth of 128 for the include stack to avoid - loops. - - Since yyerror() doesn't stop parsing, pass return values back to - yylex and call yyterminate() on error. - -2004-09-27 14:06 millert - - * sudoers.pod: document tracing - -2004-09-27 14:05 millert - - * sudo.pod: Mention PREVENTING SHELL ESCAPES section of sudoers man - page - -2004-09-27 12:08 millert - - * lex.yy.c: regen - -2004-09-27 12:03 millert - - * parse.lex: Add support for #include in sudoers (visudo support - TBD) - -2004-09-27 12:02 millert - - * parse.yacc: make yyerror()'s argument const - -2004-09-27 12:02 millert - - * testsudoers.c, visudo.c: Add open_sudoers() stubs. - -2004-09-27 12:01 millert - - * sudo.c, sudo.h: Rename check_sudoers() open_sudoers() and make it - return a FILE * - -2004-09-26 12:35 millert - - * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, - version.h: Crank version - -2004-09-26 12:33 millert - - * Makefile.in, sudo.psf: Better HP-UX depot construction - -2004-09-25 17:08 millert - - * mon_systrace.c: o Made children global so check_exec() can lookup - a child. o Replaced uid in struct childinfo with struct passwd * - (for runas) o new_child() now takes a parent pid so the runas - info can be inherited o Added find_child() to lookup a child by - its pid o update_child() now fills in a struct passwd o Converted - the big if/else mess in set_policy to a switch o Syscalls that - change uid are now "ask" so we get SYSTR_MSG_UGID events - -2004-09-25 17:01 millert - - * getspwuid.c: Add flag to sudo_pwdup that indicates whether or not - to lookup the shadow password. Will be used to a struct passwd - that has the shadow password already filled in. - -2004-09-25 16:58 millert - - * mon_systrace.c: add missing increment of addr in read_string() - -2004-09-25 16:15 millert - - * mon_systrace.c: Remove bogus call to update_child() and some - cosmetic fixes - -2004-09-25 16:11 millert - - * mon_systrace.c: Don't leak /dev/systrace fd to tracee Make - initialized global for simplicity If STRIOCATTACH returns EBUSY - we are already being traced Check for user_args == NULL in - setproctitle() call Add missing calls to STRIOCANSWER - -2004-09-25 13:15 millert - - * sudo.c: g/c sudo_pwdup proto - -2004-09-24 20:21 millert - - * Makefile.in, sudo.psf: Add target for building a depot file - -2004-09-24 20:07 millert - - * mon_systrace.c: trim includes - -2004-09-24 14:11 millert - - * lex.yy.c, sudo.tab.h: regen - -2004-09-24 14:10 millert - - * INSTALL: document --with-systrace - -2004-09-24 14:10 millert - - * config.h.in, configure, configure.in: Add check for setproctitle - -2004-09-24 14:09 millert - - * mon_systrace.c: pass struct str_msg_ask in to syscall checker so - it can set the error code - -2004-09-24 13:30 millert - - * mon_systrace.c: systrace(4) support for sudo. On systems with - the systrace(4) kernel facility (OpenBSD, NetBSD, Linux w/ - patches) sudo can intercept exec calls and check the exec args - against the sudoers file. In other words, sudo can now control - subcommands and shell escapes. - -2004-09-24 13:17 millert - - * sudo.c, sudo.h: Call systrace_attach() if FLAG_TRACE is set. - -2004-09-24 13:15 millert - - * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: Add trace - Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE - -2004-09-24 13:13 millert - - * parse.c, sudo.c: Don't close sudoers_fp, keep it open and set - close on exec flag instead. - -2004-09-24 13:11 millert - - * def_data.c, def_data.h, def_data.in: Add trace option - -2004-09-23 20:24 millert - - * Makefile.in: Add systrace - -2004-09-23 20:23 millert - - * INSTALL: SunOS /bin/sh blows up with configure - -2004-09-23 20:23 millert - - * configure, configure.in: Include sys/param.h before systrace.h - -2004-09-23 20:15 millert - - * configure: regen - -2004-09-23 20:15 millert - - * pathnames.h.in: _PATH_DEV_SYSTRACE - -2004-09-23 20:14 millert - - * configure.in: line up options in --help - -2004-09-23 20:11 millert - - * config.h.in, configure.in: Add --with-systrace - -2004-09-23 13:35 millert - - * configure: regen - -2004-09-23 13:35 millert - - * aclocal.m4, configure.in: make this work with autoconf-2.59 - -2004-09-16 12:58 millert - - * sudo_edit.c: Simplify logic around open & stat of files and do - sanity on edited file even if we lack fstat (still racable but - worth doing). - -2004-09-15 18:47 millert - - * HISTORY: Add support url - -2004-09-15 16:11 millert - - * Makefile.in: versino 1.6.8p1 - -2004-09-15 15:20 millert - - * CHANGES: more changes for 1.6.8p1 - -2004-09-15 15:18 millert - - * version.h: 1.6.8p1 - -2004-09-15 12:16 millert - - * CHANGES, sudo_edit.c: Add sanity check so we don't try to edit - something other than a regular file. - -2004-09-14 20:55 aaron - - * CHANGES: sync - -2004-09-14 20:21 aaron - - * INSTALL: document --with-ldap-conf-file - -2004-09-14 17:43 millert - - * CHANGES, ins_csops.h: political correctness strikes again - -2004-09-14 15:09 millert - - * RUNSON: sync - -2004-09-12 19:50 millert - - * Makefile.binary.in, Makefile.in: Install sudoedit man link - -2004-09-12 14:25 millert - - * INSTALL: Update PAM note and mention where HP-UX users can - download gcc binaries. - -2004-09-12 12:08 millert - - * Makefile.in: libtool wants to install stuff from .libs so fake - one up for binary installations. - -2004-09-12 11:53 millert - - * Makefile.binary.in: rm -f old sudoedit link instead of using ln - -f set LIBTOOL correctly - -2004-09-12 11:53 millert - - * Makefile.in: Deal with "uname -m" having slashes in it rm -f old - sudoedit link instead of using ln -f - -2004-09-12 10:22 millert - - * Makefile.binary, Makefile.binary.in: Makefile.binary -> - Makefile.binary.in for config.status substitution Add support for - installing noexec bits - -2004-09-12 10:21 millert - - * Makefile.in: Copy noexec bits into binary dists too No longer use - my old arch script for making binary dists - -2004-09-12 09:36 millert - - * Makefile.binary: Install sudoedit link. - -2004-09-11 12:25 millert - - * emul/utime.h: avoid __P so there is no need for compat.h to be - included - -2004-09-11 12:24 millert - - * utimes.c: Don't use HAVE_UTIME_H before including config.h. - -2004-09-10 12:31 millert - - * compat.h: Fix Solatis futimes macro - -2004-09-09 11:02 millert - - * sudo_edit.c: Rename ots -> omtim for improved readability. - -2004-09-08 14:38 millert - - * sudo_edit.c: Redo changes in revision 1.7. Don't really need to - keep the temp file open; re-opening it with the invoking user's - euid is sufficient. - -2004-09-08 14:36 millert - - * CHANGES: sync - -2004-09-08 14:35 millert - - * sudo.cat, sudo.man.in: regen - -2004-09-08 14:34 millert - - * sudo.pod: back out revision 1.70; it is no long applicable - -2004-09-08 11:57 millert - - * env.c: Let the loader initialize nep - -2004-09-08 11:49 millert - - * configure, configure.in, config.h.in: Removed unneed check for - fchown Add check for gettimeofday Move autoheader template stuff - into separate AH_TEMPLATE lines - -2004-09-08 11:48 millert - - * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: Use - timespec throughout. - -2004-09-08 11:47 millert - - * Makefile.in: gettime.[co] - -2004-09-08 11:47 millert - - * gettime.c: function to return the current time in a struct - timespec - -2004-09-08 10:51 millert - - * utimes.c: Not a darpa-sponsored file. - -2004-09-07 16:36 millert - - * compat.h, config.h.in, configure, configure.in: Add a check for - struct timespec and provide it for those without. - -2004-09-07 15:56 millert - - * config.h.in, configure, configure.in, sudo_edit.c: Add checks for - st_mtim and st_mtimespec and add macros for pulling the mtime sec - and nsec out of struct stat. These are used in sudo_edit() to - better tell whether or not the file has changed. - -2004-09-07 15:55 millert - - * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: Add an extra - param to touch() for nsec - -2004-09-07 14:06 millert - - * sudo_edit.c: Call mkstemp() as the in invoking user so we don't - have to chown the file later. Only touch() the temp file if we - can do it via the file descriptor. Don't check for modification - of the temp file if we lack fstat(). Catch errors read()ing the - temp file. - -2004-09-07 14:04 millert - - * fileops.c: If path is NULL and fd == -1 return -1. - -2004-09-07 13:31 millert - - * sudo_edit.c: closefrom() is overkill, the only extra fds are the - ones we opened so just close those in the child. - -2004-09-07 13:14 millert - - * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, - configure, configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, - utimes.c, visudo.c: Use utimes() and futimes() instead of utime() - in touch(), emulating as needed. Not all systems are able to - support setting the times of an fd so touch() takes both an fd - and a file name as arguments. - -2004-09-06 21:12 aaron - - * env.c: Rare SEGV - -2004-09-06 16:46 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: regen - -2004-09-06 16:45 millert - - * sudo.pod, sudoers.pod, visudo.pod: Add SUPPORT section and - re-order some of the sections to match the order we use in - OpenBSD. - -2004-09-06 15:05 aaron - - * env.c: Openldap ~/.ldaprc fix - -2004-09-06 12:18 millert - - * sudo.pod: Talk about how the editor must write its changes to the - original file and not just use rename(2). - -2004-09-06 12:12 millert - - * CHANGES: sync - -2004-09-06 12:11 millert - - * sudo_edit.c: Keep the temp file open instead of re-opening after - the editor has exited. - -2004-09-06 12:10 millert - - * sample.pam: Update for current redhat/fedora core. - -2004-09-02 21:56 aaron - - * README.LDAP: tls_ examples - -2004-09-02 00:03 aaron - - * ldap.c: config tls_* options - -2004-08-29 11:39 millert - - * configure, configure.in: No need for -lcrypt when using pam. - -2004-08-26 23:57 millert - - * configure: regen - -2004-08-26 23:44 aaron - - * configure.in, ldap.c, pathnames.h.in: Allow --with-ldap-conf-file - option to override LDAP_CONF - -2004-08-26 22:08 aaron - - * ldap.c: cleanup debug message - -2004-08-26 19:29 aaron - - * README.LDAP: more config info - -2004-08-24 14:01 millert - - * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c: - Add cmnd_base to struct sudo_user and set it in init_vars(). Add - cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No - longer use gross statics in command_matches(). Also rename some - variables for improved clarity. - -2004-08-21 14:33 millert - - * INSTALL: document HP's crippled compiler deficiency. - -2004-08-21 14:25 millert - - * INSTALL: Fix some thinkos in --with-editor and --with-env-editor - descriptions. Noticed by Norihiko Murase. - -2004-08-21 14:20 millert - - * configure, configure.in: --with-noexec takes an optional PATH - argument. - -2004-08-21 14:20 millert - - * INSTALL: document --with-noexec - -2004-08-17 16:21 millert - - * RUNSON, TODO: sync - -2004-08-17 15:11 millert - - * sudo_edit.c: Better warning message when sudoedit is unable to - write to the destination file. - -2004-08-17 14:53 millert - - * sudo.cat, sudo.man.in: regen - -2004-08-17 14:53 millert - - * sudo.pod: Don't italicize the string "sudoedit" - -2004-08-16 18:45 millert - - * HISTORY: Mention GratiSoft. - -2004-08-11 14:29 millert - - * parse.yacc: Reset used_runas to FALSE when re-intializing the - parser. - -2004-08-09 19:04 millert - - * config.guess: Correct OpenBSD mips support - -2004-08-09 17:28 millert - - * config.guess: Add OpenBSD/mips - -2004-08-06 23:43 aaron - - * README.LDAP: More behavior notes - -2004-08-06 23:36 aaron - - * README.LDAP: Updates on current behavior - -2004-08-06 19:56 millert - - * sudo.pod, sudoers.pod: =back does not take an indentlevel (makes - no difference to formatted files). - -2004-08-06 19:48 millert - - * CHANGES: new - -2004-08-06 19:42 millert - - * sudo.c: Consistency. Use same error for bad -u #uid when - targetpw is set as we do when a bad -u username is specified. - -2004-08-06 19:33 millert - - * TODO: Add checksum idea from Steve Mancini - -2004-08-06 19:32 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen - -2004-08-06 19:31 millert - - * sudo.pod, sudoers.pod: Document the restriction on uids specified - via -u when targetpw is set. - -2004-08-06 19:24 millert - - * sudo.c: Error out when targetpw is enabled and sudo is run with - -u #uid but #uid does not exist in the passwd database. We can't - do target authentication when the target is not in passwd! - -2004-08-05 21:16 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: regen - -2004-08-05 21:14 millert - - * TODO: Some more todo for the next release. - -2004-08-05 21:13 millert - - * INSTALL: Make it clear that PAM should be used for DCE support - when possible. - -2004-08-05 21:13 millert - - * sudoers.pod: o Document problems with wildcards and relative - paths. o Make the order requirements more prominent. o Change a - "set" to "reset" for clarity. - -2004-08-05 14:29 millert - - * sudo.pod: Mention --with-secure-path, not SECURE_PATH. - -2004-08-02 22:34 aaron - - * ldap.c: reflect changes to parse.c - -2004-08-02 14:44 millert - - * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: Don't pass - user_cmnd and user_args to command_matches(), just use the - globals there. Since we keep state with statics anyway it is - misleading to pretend that passing in different cmnd and - cmnd_args will work. - -2004-08-02 14:40 millert - - * parse.c: Fix a bug introduced in rev. 1.149. When checking for - pseudo-commands check for a '/' anywhere in cmnd, not just the - first character. - -2004-07-30 23:07 aaron - - * sudo.man.in, sudo.pod: Clarification thanks to Olivier Blin - - -2004-07-30 22:41 aaron - - * sudoers.man.in, sudoers.pod: Add ignore_local_sudoers - -2004-07-30 22:06 aaron - - * README.LDAP: Sun One schema definition by - Andreas.Bussjaeger@t-systems.com and janth@moldung.no - -2004-07-29 11:57 millert - - * CHANGES: typo - -2004-07-23 16:44 millert - - * CHANGES: sync - -2004-07-23 16:43 millert - - * parse.c: Parse sudoers file as PERM_RUNAS not PERM_ROOT and - remove a useless PERM_SUDOERS. Restore to PERM_ROOT upon exit of - the parse. - -2004-07-08 10:20 millert - - * CHANGES: PAM change - -2004-07-07 21:04 aaron - - * ldap.c: Better debugging of ALL command - -2004-07-07 20:15 millert - - * parse.c: When matching for "sudoedit" in sudoers check both the - command the user typed *and* the command that is listed in the - sudoers entry. - -2004-07-04 19:59 aaron - - * ldap.c: Added !command feature - -2004-06-28 10:51 millert - - * auth/pam.c: Use pam_acct_mgmt() to check for disabled accounts; - Brian Farrell - -2004-06-10 23:11 millert - - * LICENSE: License is ISC-style, not BSD-style - -2004-06-10 20:58 millert - - * CHANGES: sync - -2004-06-10 16:54 millert - - * sudo.man.in, sudo.cat: regen - -2004-06-10 16:53 millert - - * sudo.pod: o Update some out of date bits to reality o Change the - shell promt in examples to bourne-shell style o Clarify some - details o Add a CAVEAT about "sudo cd /foo" - -2004-06-10 16:19 millert - - * check.c: Don't ask for a password if invoking user == target - user. - -2004-06-10 12:32 millert - - * sudo.c: typo in comment - -2004-06-08 19:20 millert - - * sudoers.man.in, sudoers.cat: regen - -2004-06-08 19:19 millert - - * sudoers.pod: Expand on NOEXEC a little. - -2004-06-08 16:20 millert - - * TODO: sync - -2004-06-08 15:58 millert - - * visudo.man.in, visudo.cat: regen - -2004-06-08 15:55 millert - - * CHANGES, parse.yacc, visudo.c, visudo.pod: Add a check in visudo - for runas_default being set after it has already been used. - -2004-06-08 13:53 millert - - * parse.yacc: Add a MATCHED macro for testing whether foo_matches - has been set to TRUE or FALSE. This is more readable than - checking for >=0 or < 0. Doesn't change the actual code - generated. - -2004-06-06 20:11 millert - - * sudoers.man.in, sudoers.cat: regen - -2004-06-06 20:07 millert - - * sudoers, sudoers.pod: Correct description of where Defaults specs - should go. - -2004-06-06 20:02 millert - - * find_path.c, ldap.c, logging.h, testsudoers.c, visudo.c, - auth/bsdauth.c, auth/kerb5.c, auth/pam.c: update (c) year - -2004-06-06 19:58 millert - - * check.c, compat.h, defaults.c, env.c, find_path.c, getcwd.c, - ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c, - tgetpass.c, visudo.c, auth/bsdauth.c, auth/kerb5.c, auth/pam.c: - Remove trailing spaces, no actual code changes. - -2004-06-06 16:22 millert - - * parse.yacc: Fix a >=0 that should be <0 that was improperly - converted when UNSPEC was added. - -2004-06-06 15:54 millert - - * parse.yacc: Add do {} while(0) around pop macro Set cmnd_matches - to UNSPEC, not NOMATCH when resetting it. - -2004-06-06 15:39 millert - - * parse.yacc: Fix pastos introduced in SETNMATCH addition. - -2004-06-05 13:55 millert - - * README.LDAP: Update for configure changes - -2004-06-05 13:42 millert - - * parse.yacc, sudo.h: Add NOMATCH and UNSPEC defines (-1 and -2 - respectively) and use these in parse.yacc. Also in parse.yacc - initialize the *_matches vars to UNSPEC and add two macros, - SETMATCH and SETNMATCH for use when setting *_matches to a value - that may be NOMATCH/UNSPEC/TRUE/FALSE. - -2004-06-05 11:17 millert - - * parse.yacc: Initialize runas to -2, not -1 since we need to be - able to distinguish between the initialized value and the value - of a non-match when passing along the runas value to multiple - commands. - - The result of this is that an unmatched runas is now set to -1, - not 0. This is required now that parse.c treats a FALSE value - for runas as being explicitly denied. - -2004-06-03 16:21 millert - - * getprogname.c, sudo.c, visudo.c: Error out if argc < 1. - -2004-06-03 12:37 millert - - * configure, configure.in: Add tests for what libs we need to link - with for ldap and for whether or not lber.h needs to be - explicitly included. - -2004-06-02 20:30 aaron - - * ldap.c: Solaris native LDAP build fix - -2004-06-01 16:56 millert - - * ldap.c: Set edn to NULL is ldap_get_dn() fails to avoid potential - use of an unset variable. - -2004-06-01 16:56 millert - - * sudo.h: Add prototype for sudo_ldap_list_matches - -2004-06-01 16:53 millert - - * compat.h, config.h.in, configure, configure.in: Better check for - dirfd macro--we now set HAVE_DIRFD for the macro version too. - Added check for dd_fd in `DIR' if no dirfd is found; this is now - used to confitionally define the dirfd macro in compat.h. - -2004-06-01 16:51 millert - - * closefrom.c: Only check /proc/$$/fd if we have the dirfd - function/macro. - -2004-06-01 15:13 millert - - * compat.h, config.h.in, configure, configure.in: Add a check for a - dirfd() function (like Linux) and add a dirfd macro in compat.h - if there is no dirfd() function or macro. - -2004-06-01 14:59 millert - - * closefrom.c, getcwd.c: dirfd() is now defined in compat.h as - needed. - -2004-06-01 14:30 millert - - * CHANGES: Clarify closefrom() note. - -2004-06-01 12:51 millert - - * parse.c: When checking for a command in the directory, only copy - the base dir once. - -2004-06-01 12:44 millert - - * closefrom.c: If there is a /proc/$$/fd directory, behave like the - Solaris closefrom() and only close the descriptors listed - therein. - -2004-06-01 12:23 millert - - * alloc.c: compat.h guarantees INT_MAX is defined. - -2004-06-01 12:23 millert - - * compat.h: Add definitions of OPEN_MAX and INT_MAX for those - without it and remove definition of RLIM_INFINITY (now unused). - -2004-05-31 21:22 millert - - * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, - parse.c, sudo.c, sudo.h, visudo.c: Use PATH_MAX, not MAXPATHLEN - since the former is standardized. - -2004-05-31 19:18 millert - - * CHANGES: sync - -2004-05-31 19:10 millert - - * RUNSON: Add some entries that were mailed in a while ago - -2004-05-31 14:16 millert - - * closefrom.c: o sysconf returns a long, not an int. o check for - negative return value from sysconf/getdtablesize and use - OPEN_MAX in this case. o define OPEN_MAX to 256 for those - without it (a fair guess...) - -2004-05-30 12:25 millert - - * UPGRADE: Mention change in parse order for RunAs entries. - -2004-05-30 12:15 millert - - * configure: regen - -2004-05-29 18:29 millert - - * config.h.in, configure.in, INSTALL, README.LDAP: o --with-ldap - now takes an optional dir as a parameter - o added check for ldap_initialize() and start_tls_s() - -2004-05-29 14:54 millert - - * README.LDAP: Fix some typos, word choice and formatting issues. - -2004-05-28 18:06 millert - - * tgetpass.c: Use SA_INTERRUPT so SunOS works correctly, avoid - stdio and just use read/write as it is simpler. - -2004-05-28 16:27 millert - - * configure, configure.in: Remove hack overriding cross-compiler - check. It should no longer be needed. - -2004-05-28 16:26 millert - - * compat.h: Remove select() compat bits since we no longer use - select(). - -2004-05-28 16:24 millert - - * CHANGES, tgetpass.c: Use alarm() instead of select() for the - timeout for systems that don't fully/properly implement select(). - -2004-05-27 19:14 millert - - * CHANGES: synbc - -2004-05-27 19:12 millert - - * RUNSON: update - -2004-05-27 19:12 millert - - * set_perms.c: Deal with systems that have no way of setting the - effective uid such as nsr-tandem-nsk. - -2004-05-27 19:01 millert - - * configure, configure.in: Define NO_SAVED_IDS if we don't find - seteuid() - -2004-05-27 18:21 millert - - * config.h.in, configure, configure.in: Add back check for - setreuid() since NSK doesn't have it. - -2004-05-27 15:57 millert - - * sudoers.cat, sudoers.man.in: regen - -2004-05-27 15:56 millert - - * BUGS, CHANGES: sync - -2004-05-27 15:55 millert - - * parse.c: In sudoers_lookup() return VALIDATE_NOT_OK if the runas - user was explicitly denied and the command matched. This fixes a - long-standing bug and makes: foo machine = (ALL) - /usr/bin/blah foo machine = (!bar) /usr/bin/blah - - equivalent to: foo machine = (ALL, !bar) /usr/bin/blah - -2004-05-27 15:52 millert - - * sudoers.pod: Clarify mail_noperm - -2004-05-19 21:25 aaron - - * Makefile.in: Missing DESTDIR in make install for sudo_noexec.la - -2004-05-17 18:32 millert - - * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, - sudoers.cat, visudo.cat: regen - -2004-05-17 18:31 millert - - * TODO: sync - -2004-05-17 18:31 millert - - * sample.sudoers, sudoers.pod: Remove fastboot/fasthalt (who still - remembers these?) and add a minimal sudoedit example. - -2004-05-17 18:21 millert - - * CHANGES, INSTALL, TROUBLESHOOTING, UPGRADE, sudo.c, visudo.c: - filesystem -> file system - -2004-05-17 18:19 millert - - * sudo.pod, sudoers.pod: Fix some minor typos and formatting goofs - -2004-05-17 18:10 millert - - * lex.yy.c: regen - -2004-05-17 17:57 millert - - * visudo.pod: remove my email addr - -2004-05-17 17:55 millert - - * sudo.pod, sudoers.pod, visudo.pod: Use @mansectform@ and - @mansectsu@ everywhere Make man page references links with L<> - -2004-05-17 16:51 millert - - * parse.lex: Accept quoted globbing characters and pass them - verbatim for fnmatch() - -2004-05-17 16:50 millert - - * UPGRADE: Document that /tmp/.odus is gone. - -2004-05-17 16:28 millert - - * CHANGES, aclocal.m4, configure, pathnames.h.in: No longer use - /tmp/.odus as a possible timestamp dir unless specifically - configured to do so. Instead, if no /var/run exists, use - /var/adm/sudo or /usr/adm/sudo. - -2004-05-17 16:08 millert - - * check.c, compat.h, logging.c, set_perms.c, sudo.c, tgetpass.c, - visudo.c: Preliminary changes to support nsr-tandem-nsk. Based - on patches from Tom Bates. - -2004-05-16 18:47 millert - - * CHANGES: There was no 1.6.7p6. - -2004-05-16 16:38 millert - - * BUGS, CHANGES: sync - -2004-05-16 16:36 millert - - * Makefile.in: add missing files to DISTFILES - -2004-05-16 16:23 millert - - * sudoers.man.in, sudo.cat, sudoers.cat, visudo.cat: regen - -2004-05-16 16:20 millert - - * Makefile.in: Fix some line wrap and update (c) year - -2004-04-28 15:05 aaron - - * README.LDAP: Build Note - -2004-04-06 22:03 aaron - - * Makefile.in: Fix install-dirs - -2004-04-04 20:27 millert - - * visudo.c: In Exit() when used as a signal handler, emsg is a - pointer so sizeof() is wrong so make it a #define instead. Also - avoid using a negative exit value. Found by Aaron Campbell - -2004-03-24 18:23 millert - - * sudoers.pod: Remove bogus sentence about uids in a User_List. - Document usernames vs. uid parsing in a Runas_List. - -2004-03-24 18:06 millert - - * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: If - the user specified a uid with the -u flag and the uid exists in - the passwd file, set runas_user to the name, not the uid. - - When comparing usernames in sudoers, if a name is really a uid - (starts with '#') compare it numerically to pw_uid. - -2004-03-22 13:35 millert - - * auth/kerb5.c: krb5_mcc_ops should be const; Johnny C. Lam - -2004-02-28 18:54 aaron - - * CHANGES, config.h.in, ldap.c: Added start_tls support - -2004-02-14 18:04 millert - - * Makefile.in: Clean up libtool stuff for 'make distclean' and add - def_data.c, def_data.h to PARSESRCS. - -2004-02-14 10:13 aaron - - * strlcat.c, strlcpy.c: Un-Fix last license munge - -2004-02-13 16:37 millert - - * CHANGES, RUNSON, TODO: checkpoint - -2004-02-13 16:37 millert - - * lex.yy.c, configure: regen - -2004-02-13 16:36 millert - - * LICENSE, Makefile.binary, Makefile.in, alloc.c, check.c, - closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, - find_path.c, getprogname.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - interfaces.h, ldap.c, logging.c, logging.h, parse.c, parse.h, - parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, - strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, - sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.man.in, - sudoers.pod, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, visudo.man.in, visudo.pod, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, - emul/search.h, emul/utime.h: More to a less restrictive, - ISC-style license. - -2004-02-12 21:08 aaron - - * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in, - def_data.c, def_data.h, def_data.in, ldap.c, sudo.c, sudo.h, - sudoers2ldif: Merged in LDAP Support - -2004-02-08 15:53 millert - - * sudo.h, sudo_noexec.c: Only do "extern int errno" if errno is not - a macro. - -2004-02-06 18:08 millert - - * set_perms.c: setreuid(0, 0) fails on QNX if the euid is not - already 0 so set the euid first, then just call setuid(0) to set - the real uid too. - -2004-02-06 14:52 millert - - * set_perms.c: Use setresuid() and setreuid() for PERM_RUNAS when - appropriate instead of seteuid() which may not exist. - -2004-02-04 14:58 millert - - * LICENSE: 2004 - -2004-02-03 23:38 millert - - * INSTALL, config.h.in, configure, configure.in, ins_classic.h: Add - --with-pc-insults configure option - -2004-02-03 23:32 millert - - * visudo.man.in: Prefer VISUAL over EDITOR like old vipw did. - -2004-02-01 15:45 millert - - * sudo.man.in, sudoers.man.in: regen - -2004-02-01 15:44 millert - - * sudoers.pod: Add a note that noexec is not a cure-all. - -2004-02-01 15:20 millert - - * sudoers.pod: Mention that disabling "root_sudo" is pretty - pointless. - -2004-02-01 15:20 millert - - * configure, configure.in: Substitute for root_sudo in sudoers.pod - -2004-02-01 15:03 millert - - * sudo.pod: Add sudoedit to the NAME section - -2004-02-01 15:00 millert - - * sudoers.pod: Document that fact that setting ignore_dot in - sudoers has no effect due to the fact that find_path() is called - *before* sudoers is read. - -2004-01-29 19:50 millert - - * sudo_edit.c: Do not require _PATH_USRTMP to be set. - -2004-01-29 19:42 millert - - * BUGS, CHANGES, TODO: sync - -2004-01-29 19:42 millert - - * sudo.man.in: regen - -2004-01-29 19:41 millert - - * sudo.pod: Clarify that when sudo is run by root with the - SUDO_USER variable set, the sudoers lookup happens for root and - not the SUDO_USER user. - -2004-01-29 17:33 millert - - * defaults.c, env.c, fnmatch.c, interfaces.c, logging.c, parse.c, - set_perms.c, sigaction.c, sudo.c, tgetpass.c, auth/pam.c, - auth/sudo_auth.c: Use the SET, CLR and ISSET macros. - -2004-01-29 16:22 millert - - * interfaces.h: MAIN was replaced with _SUDO_MAIN some time ago. - -2004-01-29 16:15 millert - - * sudo.c: Don't look at prev_user until after we've parsed sudoers - and done the password check. That way, if sudo/sudoedit is run - from a root process that was invoked by sudo, we check sudoers - for root, not the previous user. This makes sudoedit much more - useful and means that for the sudo case, we get correct logging - on who actually ran the command. - -2004-01-22 19:22 millert - - * sudo_edit.c: Add a comment describing why we need to be notified - about our child stopping. - -2004-01-22 16:06 millert - - * def_data.c, def_data.in: Update the noexec variable descriptions - -2004-01-22 14:18 millert - - * sudoers.man.in, sudoers.pod: noexec now replaces more than just - execve() - -2004-01-22 12:14 millert - - * sudo_noexec.c: Alas, all the world does not go through execve(2). - Many systems still have an execv(2) system call, Linux 2.6 - provides fexecve(2) and it is not uncommon for libc to have - underscore ('_') versions of the functions to be used internally - by the library. Instead of stubbing all these out by hand, - define a macro and let it do the work. Extra exec functions - pointed out by Reznic Valery. - -2004-01-21 21:57 millert - - * sudo.c, sudo_edit.c: Fix suspending the editor in -e mode. - Because we do a fork() first we need to be notified when the - child has been stopped and then send that same signal to ourself - so the shell can do its job control thing. - -2004-01-21 21:44 millert - - * visudo.c: Use WIFEXITED and WEXITSTATUS macros. If there are - systems out there that want to run sudo that still don't support - these we can try to deal with that later. - -2004-01-21 20:03 millert - - * lex.yy.c: regen - -2004-01-21 20:00 millert - - * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: Document sudo - -e / sudoedit - -2004-01-21 19:08 millert - - * configure, configure.in: fix typo - -2004-01-21 19:02 millert - - * config.h.in, configure.in: Add SET/CLR/ISSET - -2004-01-21 18:55 millert - - * sudo.c: Allow non-exclusive flags when invoked as sudoedit. - Pretty print the long usage() line to not wrap (assumes 80 char - display) - -2004-01-21 18:01 millert - - * Makefile.in, sudo.c: If sudo is invoked as "sudoedit" the -e flag - is implied and no other flags are permitted. - -2004-01-21 18:00 millert - - * sudo.h: Add a new flag, -e, that makes it possible to give users - the ability to edit files with the editor of their choice as the - invoking user, not the runas user. Temporary files are used for - the actual edit and the temp file is copied over the original - after the editor is done. - -2004-01-21 17:25 millert - - * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: Add a new - flag, -e, that makes it possible to give users the ability to - edit files with the editor of their choice as the invoking user, - not the runas user. Temporary files are used for the actual edit - and the temp file is copied over the original after the editor is - done. - -2004-01-21 17:06 millert - - * sudo.c, env.c: If real uid == 0 and the SUDO_USER environment - variables is set, use that to determine the invoking user's true - identity. That way the proper info gets logged by someone who - has done "sudo su" but still uses sudo to as root. We can't do - this for non-root users since that would open up a security hole, - though perhaps it would be acceptable to use getlogin(2) on OSes - where this a system call (and doesn't just look in the utmp - file). - -2004-01-21 16:58 millert - - * pathnames.h.in: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP - -2004-01-21 16:57 millert - - * configure, config.h.in, configure.in: Add check for fchown(2) - -2004-01-20 14:22 millert - - * sudo.c: Back out portions of the -i commit that set NewArgv[0] in - set_runaspw. It is far to late to set NewArgv[0] there and will - have no effect anyway as cmnd and safe_cmnd have already been - set. - -2004-01-20 14:18 millert - - * visudo.c, visudo.pod: Prefer VISUAL over EDITOR like old vipw - did. - -2004-01-18 20:17 millert - - * env.c, sudo.c: In -i mode always set new environment based on the - runas user's passwd entry. - -2004-01-18 17:56 millert - - * sudo.man.in, sudo.pod: Document the new -i flag and sync SYNOPSIS - section with usage() in sudo.c. Also sort the flags in the - OPTIONS section. - -2004-01-18 17:55 millert - - * sudo.c, sudo.h: o Add -i that acts similar to "su -", based on - patches from David J. MacKenzie o Sort the flags in the usage - message - -2004-01-18 17:22 millert - - * sudoers.man.in, sudoers.pod: Add a missing @runas_default@ - substitution. - -2004-01-17 16:34 millert - - * sudo.c: Change euid to runas user before calling find_path(). - Unfortunately, though runas_user can be modified in sudoers we - haven't parsed sudoers yet. - -2004-01-17 16:25 millert - - * sudoers.man.in, sudoers.pod: Add missing defintion of - Parameter_List and use single pipes in the Defaults EBNF - definition. - -2004-01-17 13:49 millert - - * sudo.c: Fix a bug when set_runaspw() is used as a callback. We - don't want to reset the contents of runas_pw if the user - specified a user via the -u flag. - - Avoid unnecessary passwd lookups in set_authpw(). In most cases - we already have the info in runas_pw. - -2004-01-16 18:16 millert - - * check.c: Add Stan Lee / Uncle Ben quote to the lecture from - RedHat - -2004-01-16 18:12 millert - - * sudo.h: Update sudo_getepw() proto and add one for set_runaspw() - -2004-01-16 18:10 millert - - * parse.c: If we can't stat the command as root, try as the runas - user instead. - -2004-01-16 18:09 millert - - * testsudoers.c, visudo.c: Add stub set_runaspw() function - -2004-01-16 18:09 millert - - * sudo.c: Add set_runaspw() function to fill in runas_pw. This - will be used as a callback to update runas_pw when the runas user - changes. - -2004-01-16 18:07 millert - - * env.c, sudo.c: PERM_RUNAS -> PERM_FULL_RUNAS - -2004-01-16 18:05 millert - - * set_perms.c, sudo.h: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add - a PERM_RUNAS that just changes the euid. - -2004-01-16 18:04 millert - - * getspwuid.c: Make sudo_pwdup() act like OpenBSD pw_dup() and - allocate memory in one chunk for easy free()ing. Also change it - from static to extern. - -2004-01-16 18:03 millert - - * defaults.c, defaults.h: Add callback support - -2004-01-16 18:02 millert - - * def_data.c, def_data.in, mkdefaults: Add a callback field and use - it for runas_default - -2004-01-15 15:13 millert - - * auth/fwtk.c: Add support for chalnecho and display server - responses used by fwtk >= 2.0 - -2004-01-12 18:39 millert - - * sudoers.man.in, sudoers.pod: ld.so is ld.so.1 on solaris - -2004-01-12 14:03 millert - - * Makefile.in, config.h.in, configure, configure.in, sudo.c, - sudo.h: Use closefrom() instead of doing the equivalent inline. - -2004-01-12 13:55 millert - - * closefrom.c: closefrom(3) for systems w/o it - -2004-01-09 16:29 millert - - * sudoers.man.in: Update from .pod file. - -2004-01-09 16:26 millert - - * configure, configure.in: Substitute noexec_file for the sudoers - man page - -2004-01-09 16:24 millert - - * sudo.man.in, sudo.pod: Mention noexec - -2004-01-09 16:16 millert - - * sudoers.man.in, sudoers.pod: Document noexec - -2004-01-09 14:38 millert - - * config.h.in, configure.in, auth/pam.c: Move PAM_CONST macro - definition from config.h to pam.c where it belongs. We can't - have this in config.h since that gets included too early. - -2004-01-09 14:35 millert - - * config.h.in, configure, configure.in, auth/pam.c: Some PAM - implementations put their headers in /usr/include/pam instead of - /usr/include/security. - -2004-01-09 14:32 millert - - * configure.in: I missed changing the EXEC macro -> EXECV here when - I changed this in config.h.in and sudo.c a while ago. - -2004-01-09 13:15 millert - - * acsite.m4: OpenBSD vax/m88k/hppa don't do shared libs - -2004-01-09 03:29 millert - - * configure, configure.in: o merge the hpux case entries into a - single entry w/ its own sub-case statement. o HP-UX >= 11 - support getspnam(), use it in preference to getprpwuid() - -2004-01-09 02:58 millert - - * configure, configure.in: eval $shrext so that it expands nicely - on MacOS X - -2004-01-09 02:50 millert - - * Makefile.in: Don't lie about making a module, it does the wrong - thing on mach - -2004-01-09 02:49 millert - - * ltmain.sh: Remove requirement that libs must begin with "lib". - They don't when we point directly at the lib using LD_PRELOAD or - its equivalent. - -2004-01-09 02:01 millert - - * acsite.m4: Disable support for c++, f77 and java. We don't need - it, it takes a lot of time, and it hosed our check for shared lib - support. - -2004-01-09 02:00 millert - - * configure: regen - -2004-01-09 02:00 millert - - * configure.in: Call AC_ENABLE_SHARED and check the status of - enable_shared to know when shared libs are available. - -2004-01-09 01:37 millert - - * acsite.m4: Duh, OpenBSD suports shared libs too - -2004-01-09 01:18 millert - - * configure.in, config.h.in: Only OpenPAM and Linux PAM use const - qualifiers. - -2004-01-09 01:15 millert - - * configure, configure.in: o No need to check for sed, libtool - config does that for us o move check for --with-noexec until - after libtool magic is run so we can use $can_build_shared and - $shrext - -2004-01-09 01:14 millert - - * ltmain.sh: Don't print a bunch of crap about library installs - since we are not really installing a library. - -2004-01-09 00:38 millert - - * env.c: Make format_env() varargs Add noexec support for Darwin, - MacOS X, Irix, and Tru64 - -2004-01-09 00:32 millert - - * acsite.m4, ltconfig, ltmain.sh: Update to libtool 1.5 with local - changes: o no ldconfig in the finish step o assume no libprefix - or version is needed - -2004-01-09 00:15 millert - - * sudo_noexec.c: Fix compilation under K&R - -2004-01-06 09:31 millert - - * CHANGES: checkpoint - -2004-01-06 09:28 millert - - * sudo_noexec.c: stub execve() that just returns EACCES; used for - noexec functionality - -2004-01-06 01:42 millert - - * sudo.tab.h: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 - issue with generated code. - -2004-01-05 16:10 millert - - * def_data.c, def_data.h, def_data.in: Move the environment - defaults to the end and shorten a few of the descriptions. - -2004-01-05 15:05 millert - - * configure.in, configure: no shared libs on ultris or convexos - -2004-01-05 15:03 millert - - * Makefile.in, configure, configure.in: Build sudo_noexec shared - object using libtool; could use some cleanup. - -2004-01-05 14:59 millert - - * acsite.m4, ltconfig, ltmain.sh: libtool scaffolding - -2004-01-05 14:56 millert - - * parse.yacc: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so - that order is not important. - -2004-01-05 12:15 millert - - * defaults.c, env.c, parse.c, parse.h, parse.lex, parse.yacc, - pathnames.h.in, sudo.c, sudo.h, lex.yy.c: update copyright year - -2004-01-04 22:58 millert - - * configure, configure.in, defaults.c, env.c, pathnames.h.in: Add - _PATH_SUDO_NOEXEC and corresponding --with-noexec configure - option. The default value of noexec_file is set to this. - -2004-01-04 21:48 millert - - * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c, - parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.h: Add - support for preloading a shared object containing a dummy - execve() function that just sets error and returns -1. This adds - a "noexec_file" option to load the filename as well as a "noexec" - flag to enable it unconditionally. There is also a NOEXEC tag - that can be attached to specific commands and an EXEC tag to - disable it. - -2004-01-04 21:40 millert - - * mkdefaults: add missing newline to usage statement - -2004-01-04 20:39 millert - - * config.h.in, sudo.c: Rename EXEC macro -> EXECV - -2004-01-04 20:16 millert - - * logging.c: Don't truncate usernames to 8 characters in the log - message. - -2004-01-04 20:13 millert - - * check.c, sudoers.man.in, sudoers.pod: Update copyright year - -2004-01-04 20:12 millert - - * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in, - sudoers.pod: Add a new option, lecture_file, that can be used to - point to a custom sudo lecture. - -2003-12-31 17:46 millert - - * Makefile.in, sudo.h, zero_bytes.c, auth/aix_auth.c, - auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Add a - zero_bytes() function to do the equivalent of bzero in such a way - that will heopfully not be optimized away by sneaky compilers. - -2003-12-31 13:35 millert - - * err.c: Use #ifdef __STDC__, not #if __STDC__. - -2003-12-30 17:41 millert - - * mkdefaults: Always put at least one space between the def_* macro - name and its definition. - -2003-12-30 17:34 millert - - * configure, configure.in: Adjust code for --without-lecture to - match new values. - -2003-12-30 17:33 millert - - * visudo.man.in: regen after pasto fix - -2003-12-30 17:31 millert - - * sudoers.man.in, sudoers.pod: Document that "lecture" has changed - from a flag to a tuple. - -2003-12-30 17:31 millert - - * check.c, def_data.c, def_data.h, def_data.in, defaults.c, - defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: Add - support for tuples in def_data.in; these are implemented as an - enum type. Currently there is only a single tuple enum but in - the future we may have one tuple enum per T_TUPLE entry in - def_data.in. Currently listpw, verifypw and lecture are tuples. - This avoids the need to have two entries (one ival, one str) for - pwflags and syslog values. - - lecture is now a tuple with the following values: never, once, - always - - We no longer use both an int and string entry for syslog - facilities and priorities. Instead, there are logfac2str() and - logpri2str() functions that get used when we need to print the - string values. - -2003-12-30 17:20 millert - - * check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c, - logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c, - visudo.c, auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, - auth/pam.c, auth/rfc1938.c, auth/securid5.c, auth/sia.c, - auth/sudo_auth.c: Create def_* macros for each defaults value so - we no longer need the def_{flag,ival,str,list,mode} macros (which - have been removed). This is a step toward more flexible data - types in def_data.in. - -2003-12-30 15:55 millert - - * TODO: checkpoint - -2003-12-22 21:18 millert - - * sudo.c: If we are in -k/-K mode, just spew to stderr. It is not - unusual for users to place "sudo -k" in a .logout file which can - cause sudo to be run during reboot after the YP/NIS/NIS+/LDAP/etc - daemon has died. Previously, this would result in useless mail - and logging. - -2003-12-16 13:51 millert - - * visudo.pod: fix pasto in VISUAL description - -2003-12-09 22:09 millert - - * configure: regen - -2003-12-09 22:08 millert - - * CHANGES: checkpoint - -2003-12-09 22:02 millert - - * TROUBLESHOOTING: Some OSes (like Solaris) allow export w/ nosuid - too - -2003-08-12 16:45 millert - - * compat.h: We don't use FD_ZERO anymore so just define FD_SET (if - not already there). - -2003-06-28 21:31 millert - - * auth/pam.c: Fix a core dump on Solaris by preserving the - pam_handle_t we used during authentication for pam_prep_user(). - If we didn't authenticate (ie: ticket still valid), we call - pam_init() from pam_prep_user(). This is something of a hack; it - may be better to change the auth API and add an auth_final() - function that acts like pam_prep_user(). - -2003-06-21 12:50 millert - - * set_perms.c: Add explicit declaration of printerr variable in - function header (was defaulting to int which is OK but oh so K&R - :-). From Theo. - -2003-06-09 19:00 millert - - * config.h.in, configure.in: s/HAVE_STOW/USE_STOW/ - -2003-06-09 16:07 millert - - * logging.c: Also exit waitpid() loop when pid == 0. Fixes a - problem where the sudo process would spin eating up CPU until - sendmail finished when it has to send mail. - -2003-05-30 16:22 millert - - * fnmatch.3, fnmatch.c: Remove advertising clause, UCB has - disavowed it - -2003-05-21 21:53 millert - - * parse.c: Don't assume that getgrnam() calls don't modify contents - of struct passwd returned by getpwnam(). On FreeBSD w/ NIS this - can happen. Based on a patch from Kirk Webb. - -2003-05-06 11:25 millert - - * configure.in: missing ;; - -2003-05-06 00:53 millert - - * configure.in: darwin has a broken setreuid() in at least some - versions - -2003-05-06 00:31 millert - - * env.c: Fix an off by one error when reallocating the environment; - Kevin Pye - -2003-04-30 14:04 millert - - * sudoers.pod: Fix User_Spec definition; SEKINE Tatsuo - -2003-04-28 19:30 millert - - * HISTORY: More info on the early days from Coggs. - -2003-04-21 14:47 millert - - * auth/kerb5.c: remove errant semicolon that prevented compilation - under heimdal - -2003-04-15 20:42 millert - - * Makefile.in, alloc.c, check.c, compat.h, defaults.c, defaults.h, - env.c, fileops.c, find_path.c, getprogname.c, getspwuid.c, - goodpath.c, interfaces.c, interfaces.h, logging.c, parse.c, - parse.lex, parse.yacc, pathnames.h.in, set_perms.c, sigaction.c, - strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, - sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, utime.c, - version.h, visudo.c, visudo.man.in, visudo.pod, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c: add DARPA credit - on affected files - -2003-04-15 20:25 millert - - * LICENSE: slightly different wording for the darpa credit - -2003-04-15 14:37 millert - - * LICENSE: Add DARPA credit - -2003-04-14 16:49 millert - - * auth/kerb5.c: Use krb5_princ_component() instead of - krb5_princ_realm() for MIT Kerberos like we did before I messed - things up ;-) - - Use krb5_principal_get_comp_string() to do the same thing w/ - Heimdal. I'm not sure if the component should be 0 or 1 in this - case. - - #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since - older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there - should be a configure check for this I guess. - -2003-04-13 15:48 millert - - * TROUBLESHOOTING, config.h.in, configure, configure.in, - sample.sudoers: builtin -> built-in; Jason McIntyre - -2003-04-13 15:45 millert - - * sudoers.pod: built in -> built-in; Jason McIntyre - -2003-04-09 16:14 millert - - * CHANGES: checkpoint for 1.6.7p3 - -2003-04-09 16:14 millert - - * HISTORY: Update info on the early years @ SUNY-Buffalo from Cliff - Spencer. Amazingly, sudo source from 1985 is available via - groups.google.com - -2003-04-09 16:13 millert - - * sudo.c: Don't change rl.rlim_max for RLIMIT_CORE. We need only - set rl.rlim_cur to 0 to turn off core dumps. This may be needed - for the RLIMIT_CORE restoration on some OSes. - -2003-04-04 12:46 millert - - * auth/kerb5.c: Make this compile on Heimdal and MIT Kerberos 5 - -2003-04-04 12:45 millert - - * config.h.in, configure, configure.in: Check for heimdal even if - we found krb5-config and define HAVE_HEIMDAL. - -2003-04-03 22:04 millert - - * auth/kerb5.c: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. - The former is no longer defined by MIT kerb5 (though it used to - be and indeed remains so in Heimdal). - -2003-04-03 10:16 millert - - * mkinstalldirs: Remove newer stuff that passes multiple (possibly - duplicate) directories to "mkdir -p" since that seems to break on - Tru64 Unix at least. This basically brings back what shipped - with sudo 1.6.6. - -2003-04-02 13:57 millert - - * auth/kerb5.c: Correct number of args to - krb5_principal_get_realm() and fix an unclosed comment that hid - the bug. - -2003-04-02 13:45 millert - - * configure: regen - -2003-04-02 13:45 millert - - * BUGS, CHANGES, INSTALL, INSTALL.binary, Makefile.in, README, - configure.in, version.h: ++version - -2003-04-02 13:44 millert - - * configure.in: use krb5-config to determine Kerberos V details if - it exists - -2003-04-02 13:25 millert - - * alloc.c, check.c, compat.h, defaults.c, env.c, find_path.c, - interfaces.c, logging.c, parse.c, sudo.c, sudo.h, testsudoers.c, - visudo.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c, - auth/securid5.c, auth/sia.c: Use warn/err and getprogname() - throughout. The main exception is openlog(). Since the admin - may be filtering logs based on the program name in the log files, - hard code this to "sudo". - -2003-04-02 13:16 millert - - * Makefile.in: Add getprogname.c and err.c - -2003-04-02 13:15 millert - - * configure: regen - -2003-04-02 13:15 millert - - * configure.in, config.h.in: Add checks for getprognam(), - __progname and err.h - -2003-04-02 13:14 millert - - * err.c, emul/err.h: For systems withour err/warn functions. - -2003-04-02 13:14 millert - - * getprogname.c: For systems neither getprogname() nor __progname; - uses Argv[0]. - -2003-04-01 10:09 millert - - * CHANGES: checkpoint for 1.6.7p1 - -2003-04-01 10:02 millert - - * sudo.c, testsudoers.c: fix strlcpy() rval check (innocuous) - -2003-04-01 09:58 millert - - * check.c: oflow detection in expand_prompt() was faulty (false - positives). The count was based on strlcat() return value which - includes the length of the entire string. - -2003-03-30 19:02 millert - - * CHANGES, RUNSON, TODO: checkpoint for the sudo 1.6.7 release - -2003-03-24 16:09 millert - - * logging.c: g/c unused variable - -2003-03-24 11:06 millert - - * configure: regen - -2003-03-24 11:05 millert - - * configure.in: use man sections 8 and 5 for csops - -2003-03-21 18:11 millert - - * configure: regen - -2003-03-21 15:10 millert - - * configure.in: Add -lskey or -lopie directly to SUDO_LIBS instead - of having AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. - -2003-03-21 14:02 millert - - * configure: regen - -2003-03-21 14:01 millert - - * INSTALL, aclocal.m4, configure.in: Add --with-blibpath for AIX. - An alternate libpath may be specified or -blibpath support can be - disabled. Also change conifgure such that -blibpath is not - specified if no -L libpaths were added to SUDO_LDFLAGS. - -2003-03-20 22:05 millert - - * configure.in: add AIX blibpath support - -2003-03-20 20:28 millert - - * INSTALL, configure.in: --with-skey and --with-opie now take an - option directory argument This obsoletes a --with-csops hack - (/tools/cs/skey) - - Also remove the remaining direct uses of "echo" - -2003-03-20 17:44 millert - - * configure.in: Detect KTH Kerberos IV and deal with it. Also make - -lroken optional for KTH Kerberos IV and V. - -2003-03-20 14:42 millert - - * aclocal.m4: Add SUDO_APPEND_LIBPATH function that add - -L/path/to/dir (and -R/path/to/dir if $with_rpath) to the - specified variable. - -2003-03-20 14:40 millert - - * INSTALL, configure.in: Add -R/path/to/libs for Solaris and SVR4. - There is a new configure option, --with-rpath to control this - behavior. - -2003-03-19 23:50 millert - - * configure.in: for kerb4 put libdes after libkrb on the link line - -2003-03-19 23:49 millert - - * auth/kerb4.c: typo - -2003-03-19 23:33 millert - - * configure.in: fix kerberos lib check when a path is specified - -2003-03-19 21:04 millert - - * logging.c: Fix boolean thinko in SIGCHLD reaper and call - reapchild after sending mail instead of doing a conditional - sudo_waitpid. - -2003-03-19 16:20 millert - - * configure: regen - -2003-03-19 16:19 millert - - * configure.in: replace =DIR with [=DIR] where sensible - -2003-03-19 16:16 millert - - * configure.in: o Use AC_MSG_* instead of "echo" o New Kerberos - include/lib detection based on openssh's configure.in - -2003-03-19 15:58 millert - - * INSTALL: --with-kerb4 and --with-kerb5 now take an optional - argument. - -2003-03-15 22:03 millert - - * auth/securid.c: Kill remaining strcpy(), the programmer's guide - says username is 32 bytes. - -2003-03-15 21:18 millert - - * auth/kerb4.c: trat uid_t as unsigned long for printf and use - snprintf, not sprintf - -2003-03-15 21:18 millert - - * auth/rfc1938.c: use snprintf - -2003-03-15 15:37 millert - - * auth/: afs.c, aix_auth.c, bsdauth.c, dce.c, fwtk.c, kerb4.c, - kerb5.c, pam.c, passwd.c, rfc1938.c, sudo_auth.c: update - copyright year - -2003-03-15 15:31 millert - - * LICENSE, alloc.c, check.c, configure.in, env.c, sudo.c, - Makefile.in, aclocal.m4, compat.h, find_path.c, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, set_perms.c, sudo.h, - sudo.pod, sudoers.pod, testsudoers.c, version.h, visudo.c, - visudo.pod, sudo.man.in, sudoers.man.in, visudo.man.in: update - copyright year - -2003-03-15 15:19 millert - - * check.c, env.c, sudo.c: Cast [ug]ids to unsigned long and printf - with %lu - -2003-03-15 15:17 millert - - * configure: regen - -2003-03-15 15:16 millert - - * configure.in: correct error messages for - --with-sudoers-{mode,uid,gid} - -2003-03-15 15:10 millert - - * alloc.c: make the malloc(0) error specific to each function to - aid tracking down bugs. - -2003-03-15 14:49 millert - - * alloc.c: deal with platforms where size_t is signed and there is - no SIZE_MAX or SIZE_T_MAX - -2003-03-15 14:10 millert - - * auth/kerb5.c: Make this compile w/ Heimdal and fix some gcc - warnings. - -2003-03-15 13:02 millert - - * sudo.c: Use stat_sudoers macro so --with-stow can work - -2003-03-15 13:01 millert - - * INSTALL, config.h.in, configure, configure.in: Add support for - --with-stow based on patches from Robert Uhl - -2003-03-15 12:51 millert - - * env.c: fix indentation - -2003-03-15 00:21 millert - - * configure.in: back out rev 1.352 - -2003-03-14 20:11 millert - - * lex.yy.c: regen - -2003-03-14 20:11 millert - - * parse.lex: use strlcpy, not strncpy - -2003-03-14 19:48 millert - - * set_perms.c: Fix typo; check pw_uid, not pw_gid after - setusercontext() failure. - -2003-03-14 19:43 millert - - * logging.c: use pid_t - -2003-03-14 10:43 millert - - * strlcat.c, strlcpy.c: Make gcc shutup about unused rcsid - -2003-03-14 10:35 millert - - * interfaces.c: Move the n == 0 check for the non-getifaddrs cas - -2003-03-13 21:47 millert - - * auth/rfc1938.c: skeychallenge() on NetBSD take a size parameter - -2003-03-13 21:38 millert - - * configure: regen - -2003-03-13 21:38 millert - - * configure.in: put -ldl after -lpam, not before; fixes static - linking on Linux - -2003-03-13 21:17 millert - - * interfaces.c: Avoid malloc(0) and fix the loop invariant for the - getifaddrs() case. - -2003-03-13 20:24 millert - - * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, - sudoers.cat, visudo.cat: regen - -2003-03-13 20:23 millert - - * Makefile.in: Preserve copyright notice from .pod file in .man.in - file - -2003-03-13 20:01 millert - - * visudo.pod: Add sudoers(5) to SEE ALSO - -2003-03-13 15:27 millert - - * lex.yy.c: regen - -2003-03-13 15:27 millert - - * parse.lex: Don't assume libc can realloc() a NULL string. If - malloc/realloc fails, make sure we just return; yyerror() is not - terminal. - -2003-03-13 15:17 millert - - * lex.yy.c: regen - -2003-03-13 15:17 millert - - * parse.lex: simplify fill_args a little and use strlcpy for - paranoia - -2003-03-13 15:00 millert - - * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c, - testsudoers.c: Use strlc{at,py} for paranoia's sake and exit on - overflow. In all cases the strings were either pre-allocated to - the correct size of length checks were done before the copy but a - little paranoia can go a long way. - -2003-03-13 12:54 millert - - * sudo.h: Add strlc{at,py} protos - -2003-03-13 12:03 millert - - * env.c, interfaces.c: Use erealloc3() - -2003-03-13 12:00 millert - - * configure: regen - -2003-03-13 12:00 millert - - * alloc.c: Oflow test of nmemb > SIZE_MAX / size is fine (don't - need >=). Use memcpy() instead of strcpy() in estrdup() so this - is strcpy()-free. - -2003-03-13 11:58 millert - - * sudo.c: snprintf() a uid as %lu, not %ld to match the - MAX_UID_T_LEN test in configure. - -2003-03-13 11:56 millert - - * aclocal.m4: In MAX_UID_T_LEN test cast uid_t to unsigned long, - just unsigned. - -2003-03-12 18:46 millert - - * sudo.c: Use snprintf() for paranoia - -2003-03-12 17:16 millert - - * parse.yacc: Use emalloc2 and erealloc3 - -2003-03-12 17:08 millert - - * Makefile.in: strlc{at,py} for those w/o it - -2003-03-12 17:07 millert - - * strlcat.c, strlcpy.c: stlc{at,py} for those w/o it. - -2003-03-12 17:07 millert - - * config.h.in, configure, configure.in: Add stlc{at,py} for those - w/o it. - -2003-03-12 16:51 millert - - * alloc.c, sudo.h: Add erealloc3(), a realloc() version of - emalloc2(). - -2003-03-12 16:45 millert - - * interfaces.c, sudo.c: Use emalloc2() to allocate N things of a - certain size. - -2003-03-12 16:41 millert - - * alloc.c, sudo.h: Add emalloc2() -- like calloc() but w/o the - bzero and with error/oflow checking. - -2003-03-12 16:23 millert - - * alloc.c: Error out on malloc(0); suggested by theo - -2003-03-09 19:34 millert - - * configure, configure.in: fix a typo; David Krause - -2003-03-07 10:46 millert - - * sudo.pod: fix typo - -2003-03-03 21:47 millert - - * env.c: Remove DYLD_ from the environment for MacOS X; from bbraun - -2003-03-01 13:20 millert - - * configure.in, config.h.in: not not; Anil Madhavapeddy - -2003-01-23 03:03 millert - - * sudo.pod, sudoers.pod, visudo.pod: typos; jmc@openbsd.org - -2003-01-20 16:13 millert - - * parse.yacc: Add some missing ';' rule terminators that bison - warns about. - -2003-01-20 16:07 millert - - * config.sub: fix typo I introduced in last merge - -2003-01-20 15:59 millert - - * configure: regenerate with autoconf 2.57 - -2003-01-20 15:58 millert - - * config.h.in: Add missing "$HOME" - -2003-01-20 15:57 millert - - * configure.in: Add some more square backets to make autoconf 2.57 - happy - -2003-01-20 14:39 millert - - * config.guess, config.sub, mkinstalldirs: Updates from - autoconf-2.57 - -2003-01-17 18:10 millert - - * lex.yy.c, sudo.tab.h: regen - -2003-01-17 18:09 millert - - * parse.lex, parse.yacc, sudoers.pod: Add support for - Defaults>RunasUser - -2003-01-06 19:10 millert - - * visudo.c: fclose() yyin after each yyparse() is done and use - fopen() instead of using freopen(). - -2003-01-06 19:02 millert - - * parse.lex: Better fix for sudoers files w/o a newline before EOF. - It looks like the issue is that yyrestart() does not reset the - start condition to INITIAL which is an issue since we parse - sudoers multiple times. - -2003-01-06 18:47 millert - - * parse.lex: Work around what appears to be a flex bug when dealing - with files that lack a final newline before EOF. This adds a - rule to match EOF in the non-initial states which resets the - state to INITIAL and throws an error. - -2003-01-06 15:06 millert - - * visudo.c: o The parser needs sudoers to end with a newline but - some editors (emacs) may not add one. Check for a missing - newline at EOF and add one if needed. o Set quiet flag during - initial sudoers parse (to get options) o Move yyrestart() call - and always use freopen() to open yyin after initial sudoers - parse. - -2002-12-15 11:24 millert - - * set_perms.c: Fix pasto/thinko in setresgid()/setregid() usage. - Want to set effective gid, not real gid, when reading sudoers. - -2002-12-15 11:08 millert - - * set_perms.c: don't compile set_perms_posix if we have setreuid or - setresuid - -2002-12-14 14:21 millert - - * sudo.pod, sudoers.pod: document new prompt escapes - -2002-12-14 14:15 millert - - * check.c: Add %U and %H escapes and redo prompt rewriting. "%%" - now gets collapsed to "%" as was originally intended. This also - gets rid of lastchar (does lookahead instead of lookback) which - should simplify the logic slightly. - -2002-12-13 13:20 millert - - * tgetpass.c: Write the prompt *after* turning off echo to avoid - some password characters being echoed on heavily-loaded machines - with fast typists. - -2002-12-13 13:09 millert - - * config.sub: Add support for mipseb; wiz@danbala.tuwien.ac.at - -2002-12-13 12:48 millert - - * configure.in: Fix IRIX fallout from name changes in man dir/sect - Makefile variables. Patch from erici AT motown DOT cc DOT utexas - DOT edu - -2002-12-13 11:33 millert - - * auth/pam.c: Keep a local copy of tgetpass_flags so we don't add - in TGP_ECHO to the global copy. Problem noted by Peter Pentchev. - -2002-11-28 18:43 millert - - * parse.yacc: Add missing yyerror() calls; YYERROR does not seem to - call this for us. - -2002-11-26 12:09 millert - - * sudo.c: fix typo in comment; Pedro Bastos - -2002-11-22 14:41 millert - - * INSTALL: document --disable-setresuid - -2002-11-22 14:41 millert - - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: - Sprinkle some volatile qualifiers to prevent over-enthusiastic - optimizers from removing memset() calls. - -2002-11-22 14:11 millert - - * logging.c, parse.yacc: minor sign fixes pointed out by gcc - -Wsign-compare - -2002-11-22 14:09 millert - - * set_perms.c, sudo.c, sudo.h: Revamp set_perms. We now use a - version based on setresuid() or setreuid() when possible since - that allows us to support the stay_setuid option and we always - know exactly what the semantics will be (various Linux kernels - have broken POSIX saved uid support). - -2002-11-22 14:08 millert - - * config.h.in, configure: regen from configure.in - -2002-11-22 14:07 millert - - * configure.in: Add checks for setresuid() and a way to disable - using it - -2002-11-22 14:05 millert - - * compat.h: No long need to emulate set*[ug]id() via setres[ug]id() - or setre[ug]id(). The new set_perms stuff only uses things it - knows are there. - -2002-11-22 13:33 millert - - * sudo.c: Before exec, restore state of signal handlers to be the - same as when we were initialy invoked instead of just reseting to - SIG_DFL. Fixes a problem when using sudo with nohup. Based on a - patch from Paul Markham. - -2002-11-22 13:23 millert - - * sudo.c: o timestamp_uid should be uid_t, not int o clarify error - message when sudo is run by root and no_root_sudo is set - -2002-09-19 17:27 millert - - * README: update ftp link for bison - -2002-07-20 08:30 millert - - * set_perms.c: Error out if setusercontext() fails and the runas - user is not root. - -2002-05-20 16:51 millert - - * auth/securid5.c: Fix rcsid - -2002-05-20 16:50 millert - - * configure.in: Fix SecurID API test - -2002-05-17 13:20 millert - - * env.c: typo in comment - -2002-05-17 13:20 millert - - * configure.in: securid5 stuff needs pthreads. Just adding - -lpthread is suboptimal but I don't see a better way at the - moment. - -2002-05-17 13:04 millert - - * Makefile.in, auth/securid5.c: SecurID API version 5 support from - Michael Stroucken - -2002-05-17 13:02 millert - - * configure.in: Add check for SecurID 5.0 API - -2002-05-08 16:46 millert - - * strerror.c: We actually do still need config.h to get the 'const' - definition for K&R C. - -2002-05-05 16:43 millert - - * configure: regen with autoconf 2.5.3 - -2002-05-05 16:25 millert - - * configure.in: Don't set sysconfdir to '/etc' if the user has - specified a --prefix. - -2002-05-05 16:14 millert - - * configure.in: Some fixes for autoconf 2.53 from Robert Uhl o - don't AC_SUBST LIBOBJS o force a 4th arg for AC_CHECK_HEADER() - to workaround a bug - -2002-05-05 15:58 millert - - * env.c, sudo.c, sudo.h: No need for dump_badenv() now that - dump_defaults() knows how to dump lists. - -2002-05-04 21:31 millert - - * BUGS, INSTALL, Makefile.in, configure.in, version.h, - INSTALL.binary, README: ++version - -2002-05-04 20:57 millert - - * sudoers.pod: document timestampowner - -2002-05-04 20:45 millert - - * check.c: Don't call set_perms() when doing timestamp stuff unless - timestamp_uid != 0. - -2002-05-04 20:43 millert - - * check.c, logging.c, parse.c, set_perms.c, sudo.c, sudo.h, - testsudoers.c, auth/sudo_auth.c: g/c second arg to set_perms--it - is no longer used - -2002-05-03 18:48 millert - - * check.c, set_perms.c, sudo.c, sudo.h: Add support for non-root - timestamp dirs. This allows the timestamp dir to be shared via - NFS (though this is not recommended). - -2002-05-03 18:47 millert - - * def_data.c, def_data.h, def_data.in: Add timestampowner, "Owner - of the authentication timestamp dir" - -2002-05-02 15:40 millert - - * env.c: Don't try to pre-compute the size of the new envp, just - allocate space up front and realloc as needed. Changes to the - new env pointer must all be made through insert_env() which now - keeps track of spaced used and allocates as needed. - -2002-04-26 15:12 millert - - * configure: regen - -2002-04-26 15:12 millert - - * configure.in: Fix two typo/pastos; from jrj@purdue.edu - -2002-04-25 11:36 millert - - * INSTALL.binary, README: ++version - -2002-04-25 11:35 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in, configure: regen - -2002-04-25 11:31 millert - - * CHANGES, RUNSON, TODO: Sync with 1.6.6 - -2002-04-25 11:30 millert - - * check.c: The the loop used to expand %h and %u, the lastchar - variable was not being initialized. This means that if the last - char in the prompt is '%' and the first char is 'h' or 'u' a - extra copy of the host or user name would be copied, for which - space had not been allocated. - -2002-04-18 11:41 millert - - * BUGS, INSTALL, Makefile.in, configure.in, version.h: crank - version to 1.6.6 - -2002-04-18 11:39 millert - - * auth/afs.c: #undef VOID to get rid of an AFS warning - -2002-04-18 11:38 millert - - * env.c: Use easprintf instead of emalloc + sprintf for some - things. - -2002-03-15 19:45 millert - - * lex.yy.c: regen - -2002-03-15 19:44 millert - - * parse.c, parse.lex, parse.yacc, testsudoers.c: Remove Chris - Jepeway's email address so people don't bug him ;-) - -2002-03-11 22:19 millert - - * sudo.c: Move endpwent() to be after set_perms(PERM_RUNAS, ...) - and also call endgrent() at the same time. - -2002-02-21 22:23 millert - - * INSTALL: Make it clear which configure options take arguments. - -2002-01-25 13:38 millert - - * compat.h: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there - is no RLIM_INFINITY, just pretend it is -1. This works because - we only check for RLIM_INFINITY and do not set anything to that - value. - -2002-01-22 11:43 millert - - * auth/pam.c: Zero and free allocated memory when there is a - conversation error. - -2002-01-21 22:37 millert - - * auth/bsdauth.c: Use sigaction() not signal() - -2002-01-21 22:26 millert - - * INSTALL: Mention that some linux kernels have broken POSIX saved - ID support - -2002-01-21 21:03 millert - - * CHANGES: checkpoint for 1.6.5p2 - -2002-01-21 21:01 millert - - * configure: regen - -2002-01-21 21:01 millert - - * configure.in: Add --disable-setreuid flag - -2002-01-21 21:00 millert - - * INSTALL: Document new --disable-setreuid option and change - description for --disable-saved-ids to match new error message. - -2002-01-21 21:00 millert - - * set_perms.c: fatal() now takes an argument that determines - whether or not to call perror(). - -2002-01-21 20:58 millert - - * PORTING, TROUBLESHOOTING: Update for new error messages from - set_perms() - -2002-01-21 17:46 millert - - * auth/pam.c: Make this compile w/o warnings - -2002-01-21 17:36 millert - - * auth/pam.c: Mention that we can't use pam_acct_mgmt() - -2002-01-21 17:25 millert - - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c: The user's password - was not zeroed after use when AIX authentication, BSD - authentication, FWTK or PAM was in use. - -2002-01-20 14:21 millert - - * auth/pam.c: Avoid giving PAM a NULL password response, use the - empty string instead. This avoids a log warning when the user - hits ^C at the password prompt when PAM is in use. - -2002-01-19 19:46 millert - - * auth/pam.c: Don't check the return value of pam_setcred(). In - Linux-PAM 0.75 pam_setcred() returns the last saved return code, - not the return code for the setcred module. Because we haven't - called pam_authenticate(), this is not set and so pam_setcred() - returns PAM_PERM_DENIED. - -2002-01-19 19:43 millert - - * Makefile.binary, Makefile.in: Don't need a '/' between $(DESTDIR) - and a directory. - -2002-01-18 14:18 millert - - * configure: regen - -2002-01-18 14:18 millert - - * configure.in: o BSDi also has a bogus setreuid() o Old FreeBSD - has a bogus setreuid() o new NetBSD has a real setreuid() o add - check for freeifaddrs() if getifaddrs() exists. - -2002-01-18 14:17 millert - - * config.h.in, interfaces.c: Older BSDi releases lack freeifaddrs() - so add a test for that and if it is not present just use free(). - -2002-01-17 11:30 millert - - * CHANGES, RUNSON: Checkpoint for 1.6.5p1 - -2002-01-17 10:56 millert - - * auth/passwd.c: Return AUTH_FAILURE in passwd_init() if - skeyaccess() denies access to normal passwords, not AUTH_FATAL - (which just causes an exit). - -2002-01-17 10:35 millert - - * visudo.c: Don't use memory after it has been freed. - -2002-01-17 00:24 millert - - * auth/passwd.c: skeyaccess() wants a struct passwd * not a char *; - Patch from Phillip E. Lobbes - -2002-01-16 20:00 millert - - * BUGS: ++version - -2002-01-16 19:53 millert - - * CHANGES, RUNSON, TODO: checkpoint for sudo 1.6.5 - -2002-01-16 18:37 millert - - * configure: regen - -2002-01-16 18:37 millert - - * INSTALL, INSTALL.binary, Makefile.in, README, configure.in: - version 1.6.5 - -2002-01-16 18:37 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: sudo version 1.6.5 - -2002-01-16 16:28 millert - - * logging.c: o when invoking the mailer as root use a hard-coded - environment that doesn't include any info from the user's - environment. Basically paranoia. - - o Add support for the NO_ROOT_MAILER compile-time option and run - the mailer as the user and not root if NO_ROOT_MAILER is - defined. - -2002-01-16 16:27 millert - - * set_perms.c, sudo.h: Bring back PERM_FULL_USER - -2002-01-16 16:26 millert - - * configure: regen - -2002-01-16 16:26 millert - - * version.h: version 1.6.5 - -2002-01-16 16:26 millert - - * INSTALL, config.h.in, configure.in: Add --disable-root-mailer - option to run the mailer as the user and not root. - -2002-01-16 12:44 millert - - * CHANGES: checkpoint for 1.6.4p2 - -2002-01-15 19:22 millert - - * PORTING: Mention the "seteuid(0): Operation not permitted" - problem here too just for good measure. - -2002-01-15 18:43 millert - - * env.c, getspwuid.c, sudo.c: The SHELL environment variable was - preserved from the user's environment instead of being reset - based on the passwd database when the "env_reset" option was - used. Now it is reset as it should be. - -2002-01-15 17:47 millert - - * configure: regen - -2002-01-15 17:47 millert - - * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c, - sudo.c: Add a configure option to turn off use of POSIX saved IDs - -2002-01-15 15:48 millert - - * configure: regen - -2002-01-15 15:48 millert - - * configure.in: add --with-efence option - -2002-01-15 15:39 millert - - * sudo.c: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a - problem where "sudo -l" would not work if always_set_home was - set. - -2002-01-15 13:16 millert - - * lex.yy.c: regen - -2002-01-15 13:16 millert - - * parse.lex: Quoted commas were not being treated correctly in - command line arguments. - -2002-01-14 20:53 millert - - * sudo.c: o Move the call to rebuild_env() until after - MODE_RESET_HOME is set. Otherwise, the set_home option has no - effect. - - o Fix use of freed memory when the "fqdn" flag is set. This was - introduced by the fix for the "segv when gethostbynam() fails" - bug. Also, we no longer call set_fqdn() if the "fqdn" flag is - not set so there is no need to check the "fqdn" flag in - set_fqdn() itself. - -2002-01-14 20:45 millert - - * env.c: Add 'continue' statements to optimize the switch - statement. From Solar. - -2002-01-13 13:42 millert - - * sudoers.cat, sudoers.man.in: Regen from new sudoers.pod - -2002-01-13 13:36 millert - - * sudoers.pod: Add caveat about stay_setuid flag - -2002-01-13 13:29 millert - - * sudo.c: If set_perms == set_perms_posix and the stay_setuid flag - is not set, set all uids to 0 and use set_perms_fallback(). - -2002-01-13 13:28 millert - - * set_perms.c, sudo.h: Remove PERM_FULL_USER (which is no longer - used) and add PERM_FULL_ROOT (used when exec'ing the mailer). - -2002-01-13 13:27 millert - - * logging.c: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the - mailer since we never want to run the mailer setuid. - -2002-01-12 17:55 millert - - * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in, - visudo.pod: Use sudo.ws instead of courtesan.com in URLs - -2002-01-12 14:00 millert - - * Makefile.in, Makefile.binary: Fix mansect substitution - -2002-01-12 13:15 millert - - * Makefile.in: Substitute man sections in Makefile.binary - -2002-01-12 13:15 millert - - * Makefile.binary: Sync install targets with Makefile.in and - substitute in man sections. - -2002-01-12 13:09 millert - - * INSTALL, INSTALL.binary: version is 1.6.4 - -2002-01-12 12:59 millert - - * Makefile.in: Repair bindist target - -2002-01-12 11:43 millert - - * CHANGES: sync for 1.6.4 - -2002-01-10 13:00 millert - - * install-sh: Fix case where neither whoami nor id are found - -2002-01-09 12:35 millert - - * install-sh: If neither whoami nor id exists, just assume we are - root. - -2002-01-09 11:56 millert - - * alloc.c: Add explicit cast to (VOID *) on malloc/realloc. Seems - to be needed on AIX which for some reason isn't pulling in the - malloc prototype. - -2002-01-08 10:00 millert - - * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: (c) 2002 - -2002-01-08 09:21 millert - - * CHANGES: checkpoint - -2002-01-08 09:20 millert - - * sudo.c: Defer assigning new environment until right before the - exec. - -2002-01-08 09:08 millert - - * parse.c: kill extra blank line - -2002-01-07 13:59 millert - - * configure: regen - -2002-01-07 13:59 millert - - * configure.in: Use -O not -O2 for m88k-motorola-sysv* since - motorola gcc-derived compiler doesn't recognise -O2. - -2002-01-06 23:02 millert - - * HISTORY: Clarify origins of Root Group sudo a bit based on info - from billp@rootgroup.com - -2002-01-02 22:41 millert - - * LICENSE: 2002 - -2002-01-02 22:26 millert - - * CHANGES: checkpoint for 1.6.4rc1 - -2002-01-02 17:40 millert - - * config.h.in: now generated via autoheader - -2002-01-02 17:40 millert - - * configure: regen - -2002-01-02 17:37 millert - - * compat.h: Move in some stuff that was previously in config.h. - -2002-01-02 17:36 millert - - * configure.in, aclocal.m4: Add info for autoheader. - -2002-01-01 16:53 millert - - * Makefile.in: o Add DESTDIR support - o Use -M, -O, and -G instead of -m, -o, and -g to facilitate - non-root installs - -2002-01-01 16:48 millert - - * install-sh: Add -M option (like -m but only for root) If we can't - find "whoami", use "id" w/ some sed. - -2002-01-01 14:01 millert - - * configure: regen - -2002-01-01 14:00 millert - - * configure.in: allow user to always override mansectsu and - mansectform - -2001-12-31 17:05 millert - - * mkinstalldirs: update from autoconf 2.52 - -2001-12-31 17:03 millert - - * config.guess, config.sub: Update from autoconf 2.52 - -2001-12-31 16:57 millert - - * configure: regen with autoconf 2.52 - -2001-12-31 16:57 millert - - * configure.in: o Call AC_PROG_CC_STDC to find out how to run the - compiler in ANSI mode - o Remove compiler-specific checks for HP-UX now that we use - AC_PROG_CC_STDC - -2001-12-31 12:19 millert - - * RUNSON: Checkpoint - -2001-12-31 12:18 millert - - * auth/pam.c: o Add pam_prep_user function to call pam_setcred() - for the target user; on Linux this often sets resource limits. - o When calling pam_end(), try to convert the auth->result to a - PAM_FOO value. This is a hack--we really need to stash the - last PAM_FOO value received and use that instead. - -2001-12-31 12:18 millert - - * set_perms.c, sudo.h: o Add pam_prep_user function to call - pam_setcred() for the target user; on Linux this often sets - resource limits. - -2001-12-31 00:53 millert - - * env.c: Fix off by one error in number of bytes allocated via - malloc (does not affected any released version of sudo). - -2001-12-30 17:12 millert - - * lex.yy.c: regen - -2001-12-30 17:12 millert - - * parse.lex: Allow '@', '(', ')', ':' in arguments to a defaults - variable w/o requiring that they be quoted. - -2001-12-30 14:26 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Mention that no double - quotes are needed when adding/deleting/assigning a single value - to a list. - -2001-12-30 13:58 millert - - * Makefile.in: Don't rely on mkdefaults being executable, call perl - explicitly. - -2001-12-30 13:41 millert - - * parse.yacc: Remove some XXX that are no longer relevant. - -2001-12-30 13:40 millert - - * defaults.c: o Roll our own loop instead of using strpbrk() for - better grokability o When adding to a list we must malloc() and - use memcpy(), not strdup() since we must only copy len bytes - from str. - -2001-12-21 16:49 millert - - * parse.yacc: typo in comment - -2001-12-19 11:50 millert - - * CHANGES: checkpoint - -2001-12-19 10:56 millert - - * configure: regen - -2001-12-19 10:56 millert - - * configure.in: avoid the -g flag unless --with-devel was specified - -2001-12-19 10:04 millert - - * Makefile.in: mkdefaults, def_data.in and sigaction.c were missing - from the tarball - -2001-12-19 09:46 millert - - * Makefile.in: def_data.c was missing - -2001-12-18 12:42 millert - - * env.c: Fix setting of $USER and $LOGNAME in the non-reset_env - case. Also allow HOME, SHELL, LOGNAME, and USER to be specified - in keep_env - -2001-12-17 20:48 millert - - * TODO: Another TODO item - -2001-12-17 19:50 millert - - * sudoers: Add comment for Default section so folks know where it - should go. - -2001-12-17 18:56 millert - - * tgetpass.c: Use TCSETAF, not TCSETA to set terminal in termio - case - -2001-12-17 18:35 millert - - * sudoers.man.in, sudoers.cat: regen from sudoers.pod - -2001-12-17 18:33 millert - - * sudoers.pod: o Typo, Runas_User_List should be Runas_List - o a User_List can not contain a uid - o mention that the Defaults section should come after Alias - definitions but before the user specifications - -2001-12-15 11:51 millert - - * sudoers.cat, sudoers.man.in: regen - -2001-12-15 11:51 millert - - * sudoers.pod: Fix listpw and verifypw sections, they were not - being formatted properly. - -2001-12-15 11:39 millert - - * sudoers.cat, sudoers.man.in: regen - -2001-12-15 11:38 millert - - * sudoers.pod: fix typos - -2001-12-15 10:57 millert - - * configure: regen - -2001-12-15 10:57 millert - - * configure.in, config.h.in: use AC_SYS_POSIX_TERMIOS instead of - rolling our own - -2001-12-15 10:33 millert - - * README: Reference sudo.ws not courtesan.com - -2001-12-15 10:29 millert - - * PORTING: Add notes on shadow passwords - -2001-12-15 00:48 millert - - * BUGS: In list mode (sudo -l), characters escaped with a backslash - are shown verbatim with the backslash. - -2001-12-15 00:44 millert - - * sudoers: Add simple examples from OpenBSD (Marc Espie) - -2001-12-15 00:40 millert - - * tgetpass.c: Catch SIGTTIN and SIGTTOU too and treat them like - SIGTSTP. - -2001-12-14 21:53 millert - - * CHANGES: minor prettyification - -2001-12-14 21:43 millert - - * CHANGES: Updated change log - -2001-12-14 21:27 millert - - * testsudoers.c: Fix CIDR handling here too. - -2001-12-14 21:21 millert - - * auth/pam.c: Apparently a NULL response is OK - -2001-12-14 21:19 millert - - * TODO: Checkpoint for upcoming beta release - -2001-12-14 21:17 millert - - * TROUBLESHOOTING: Many people believe that adding a runas spec - should obviate the need for the -u flag. It does not. - -2001-12-14 21:11 millert - - * RUNSON: checkpoint update for upcoming 1.6.4 beta - -2001-12-14 20:44 millert - - * config.h.in: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define - HAVE_STRINGS_H even if HAVE_STRING_H is defined -- this is safe - now - -2001-12-14 20:07 millert - - * PORTING: Add signals section - -2001-12-14 20:00 millert - - * configure: regen - -2001-12-14 20:00 millert - - * configure.in: Fix check for sigaction_t - -2001-12-14 19:45 millert - - * sudo.c: XXX - should call find_path() as runas user, not root. - Can't do that until the parser changes though. - -2001-12-14 19:38 millert - - * sudo.c: If find_path() fails as root, try again as the invoking - user (useful for NFS). Idea from Chip Capelik. - -2001-12-14 19:28 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: Regenerate - after pod file changes - -2001-12-14 19:24 millert - - * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h, - sudo.pod, sudoers.pod: Add new sudoers option "preserve_groups". - Previously sudo would not call initgroups() if the target user - was root. Now it always calls initgroups() unless the -P command - line option or the "preserve_groups" sudoers option is set. Idea - from TJ Saunders. - -2001-12-14 18:38 millert - - * compat.h, config.h.in: Use new HAVE_SIGACTION_T define - -2001-12-14 18:33 millert - - * logging.c: Fix compilation on K&C - -2001-12-14 18:14 millert - - * configure: regen - -2001-12-14 18:14 millert - - * configure.in: Add check for sigaction_t -- IRIX already defines - this so don't redefine it. - -2001-12-14 17:15 millert - - * snprintf.c: fix typo - -2001-12-14 17:12 millert - - * interfaces.c: need stdlib.h here too - -2001-12-14 15:31 millert - - * configure: regen - -2001-12-14 15:31 millert - - * configure.in: Remove redundant checks for string.h, strings.h and - unistd.h - -2001-12-14 15:29 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in: Regen from pod files - -2001-12-14 15:03 millert - - * BUGS: Update for 1.6.4 - -2001-12-14 14:59 millert - - * configure, lex.yy.c: regen - -2001-12-14 14:56 millert - - * strerror.c: Return EINVAL if errnum > sys_nerr - -2001-12-14 14:54 millert - - * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h, - config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, - sudo.pod, auth/sudo_auth.h: o Update copyright year - -2001-12-14 14:54 millert - - * configure.in: o Don't define STDC_HEADERS unconditionally for - IRIX o Update copyright year - -2001-12-14 14:53 millert - - * README: update version - -2001-12-14 14:52 millert - - * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c, - fnmatch.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, - logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, - set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, - utime.c, visudo.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, - auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/sia.c, auth/sudo_auth.c: o Reorder some headers and use - STDC_HEADERS define properly o Update copyright year - -2001-12-14 01:53 millert - - * configure: regen - -2001-12-14 01:53 millert - - * tgetpass.c: flags set in signal handlers should be volatile - sig_atomic_t - -2001-12-14 01:52 millert - - * config.h.in, configure.in: Add checks for volatile and - sig_atomic_t - -2001-12-14 01:42 millert - - * lex.yy.c, configure: regen - -2001-12-14 01:40 millert - - * def_data.c, def_data.h, def_data.in, defaults.c, env.c, - find_path.c, sudo.c, sudoers.pod: Remove "secure_path" Defaults - option since it cannot work with the existing parser. - -2001-12-14 01:26 millert - - * find_path.c, sudo.c: Unset "secure_path" if user_is_exempt() - -2001-12-14 01:24 millert - - * env.c, pathnames.h.in: o Remove assumption that PATH and TERM are - not listed in env_keep o If no PATH is in the environment use a - default value o If TERM is not set in the non-reset case also - give it a default value. - -2001-12-14 01:17 millert - - * aclocal.m4, configure.in, defaults.c, pathnames.h.in: - _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works - on systems that define in paths.h - -2001-12-14 01:15 millert - - * auth/: passwd.c, sudo_auth.c, sudo_auth.h: Add support for - skeyaccess(3) if it is present in libskey. - -2001-12-12 21:42 millert - - * sudo.c: Only need to do 'lc = login_getclass(NULL)' if lc == NULL - -2001-12-12 21:24 millert - - * parse.lex: '\\' is a perfectly legal character to have in a - command line argument. - -2001-12-12 20:24 millert - - * sudo.c: o Defer call to set_fqdn() until it is safe to use - log_error() o Don't print errno string value if gethostbyname - fails, it is not relevant - -2001-12-12 20:07 millert - - * parse.c: Fix CIDR -> in_addr_t conversion. - -2001-12-12 16:21 millert - - * sudoers.pod: Remove an extra "User_List" in the User_Spec - definition From ybertrand AT snoopymail.com - -2001-12-12 16:00 millert - - * parse.c: Make 'listpw=never' work for users who are not - explicitly mentioned in sudoers. - -2001-12-12 15:40 millert - - * sudoers.pod: Remove gratuitous '=' in EBNF grammar; era AT iki.fi - -2001-12-12 15:34 millert - - * sudoers.pod: Document new list Defaults type and convert env_keep - and env_delete to lists. Document new env_check option. - -2001-12-12 15:11 millert - - * lex.yy.c, sudo.tab.h: regen parser - -2001-12-12 14:56 millert - - * parse.lex: Don't let '#' appear in a {WORD} and restrict #foo in - a Runas spec to #[0-9-]+. - -2001-12-12 14:55 millert - - * configure: regen - -2001-12-12 14:55 millert - - * aclocal.m4: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK - -2001-12-12 14:43 millert - - * config.h.in, configure.in: Add check for skeyaccess(3) - -2001-12-11 19:47 millert - - * visudo.pod: Document new -c, -f, and -q options - -2001-12-11 19:41 millert - - * visudo.c: o Add -f option (alternate sudoers file) o Convert to - use getopt(3) - -2001-12-11 19:31 millert - - * configure: regen - -2001-12-11 19:31 millert - - * aclocal.m4, config.h.in, configure.in: Add check for isblank and - a replacement macro if it doesn't exist. - -2001-12-11 18:22 millert - - * visudo.c: In check-only mode, don't create sudoers if it does not - already exist. - -2001-12-11 18:06 millert - - * parse.yacc: o Add a new token, DEFVAR, to indicate a Defaults - variable name - o Add support for "+=" and "-=" list operators - o replace some 1 and 0 with TRUE and FALSE for greater - legibility. - -2001-12-11 18:05 millert - - * parse.lex: o Use exclusive start conditions to remove some - ambiguity in the - lexer. Also reorder some things for clarity. - o Add support for "+=" and "-=" list operators. - o Use the new DEFVAR token to denote a Defaults variable name. - -2001-12-11 18:03 millert - - * sudo.h: Prototype init_envtables() - -2001-12-11 18:02 millert - - * env.c: o Convert environment handling to use lists instead of - strings. - This greatly simplifies routines that need to do "foreach" - type - operations. - o Add new init_envtables() function to set env_check and - env_delete - defaults based on initial_badenv_table and - initial_checkenv_table - (formerly sudo_badenv_table). - -2001-12-11 18:00 millert - - * defaults.c, defaults.h: o Add a new LIST type and functions to - manipulate it. - o This is for use with environment handling variables. - o Call new init_envtables() routine inside init_defaults() to - initialize the environment lists. - -2001-12-11 17:57 millert - - * def_data.c, def_data.h, def_data.in: Convert environment options - to use the new LIST type and add a new one, env_check that only - deletes if the sanity check fails. - -2001-12-11 17:55 millert - - * testsudoers.c: Add dummy version of init_envtables() - -2001-12-11 17:53 millert - - * parse.yacc: honor quiet mode - -2001-12-11 17:51 millert - - * visudo.c: Add check-only mode - -2001-12-10 20:27 millert - - * mkdefaults: Fix generation of entries with NULL descriptions. - -2001-12-09 00:27 millert - - * tgetpass.c: Use sigaction_t and quiet a gcc warning. - -2001-12-09 00:20 millert - - * sudo.c: Must reset signal handlers before we exec - -2001-12-09 00:16 millert - - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sudo_auth.c: Be - carefule now that tgetpass() can return NULL (user hit ^C). PAM - version needs testing. Set SIGTSTP to SIG_DFL during password - entry so user can suspend us. - -2001-12-09 00:14 millert - - * tgetpass.c: Add support for interrupting/suspending tgetpass via - keyboard input. If you suspend sudo from the password prompt and - resume it will re-prompt you. - -2001-12-09 00:09 millert - - * sudo.c: Don't block keyboard interrupt signals, just set them to - SIG_IGN. - -2001-12-08 14:48 millert - - * config.h.in: add back HAVE_SIGACTION - -2001-12-08 14:44 millert - - * configure: regen - -2001-12-08 14:44 millert - - * config.h.in, configure.in, logging.c, sudo.c, visudo.c: Kill - POSIX_SIGNALS define and old signal support now that we emulate - POSIX ones Also be sure to correctly initialize struct sigaction. - -2001-12-08 14:42 millert - - * strerror.c: Don't need config.h or "#ifndef HAVE_STRERROR" - wrapper. - -2001-12-08 14:39 millert - - * compat.h: Add scaffolding for POSIX signal emulation - -2001-12-08 14:36 millert - - * sigaction.c: o Add missing ';' so this compiles o Can't use NULL - since we don't include stdio.h - -2001-12-08 14:23 millert - - * sigaction.c: Emulate sigaction() using sigvec() - -2001-11-12 19:32 millert - - * sudoers.pod: Document new behavior of negative values of - timestamp_timeout Fix a typo - -2001-11-12 19:31 millert - - * sudo.pod: Add security note about command not being logged after - 'sudo su' and friends. - -2001-11-12 19:19 millert - - * sudo.pod: Mention that -V prints default values when run as root, - including the list of environment variables to clear. - -2001-11-12 19:14 millert - - * Makefile.in: Run pod2man with --quotes=none to avoid stupid - quoting of C<> entries. - -2001-11-12 13:12 millert - - * def_data.c, def_data.h, def_data.in, sudoers.pod, - auth/sudo_auth.c: Add mail_badpass option Also modify mail_always - behavior to also send mail when the password is wrong - -2001-11-12 13:08 millert - - * env.c, sudo.c, sudo.h: Dump default bad env table when 'sudo -V' - is run by root. - -2001-11-11 23:52 millert - - * sudoers.pod: document env_delete - -2001-11-11 23:51 millert - - * env.c: Add support for '*' in env_keep when not resetting the - environment (ie: the normal case). - -2001-11-11 23:47 millert - - * env.c: Add env_delete variable that lets the user replace/add to - the bad_env_table. Allow '*' wildcard in env_keep entries. - -2001-11-06 13:59 millert - - * mkinstalldirs: Force umask to 022 to guarantee sane directory - permissions. - -2001-11-02 18:09 millert - - * Makefile.in: add sudo.tab.h and sudo.tab.c to sudo.tab.o - dependency - -2001-11-02 17:25 millert - - * mkdefaults: fix breakage in last commit - -2001-11-02 17:18 millert - - * Makefile.in: acsite.m4 -> aclocal.m4 - -2001-11-02 15:59 millert - - * check.c: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in - previous commit - -2001-11-02 15:57 millert - - * def_data.c: regenerated from def_data.in - -2001-11-02 15:56 millert - - * check.c, defaults.c, defaults.h: Add new T_UINT type that most - things use instead of T_INT If timestamp_timeout is < 0 then - treat the ticket as never expiring (to be expired manually by the - user). - -2001-11-02 15:51 millert - - * def_data.in: change most T_INT -> T_UINT - -2001-11-02 15:51 millert - - * mkdefaults: fix warning when no args - -2001-11-02 12:52 millert - - * visudo.c: Change 2 Exit() -> exit() Avoid stdio in Exit() and - call _exit() if we are a signal handler. We no longer print the - signal number but the user can just check the exit value for - that. - -2001-10-16 01:35 millert - - * logging.c: when setting up pipes in child process check for case - where stdin == pipe fd 0 - -2001-10-11 13:20 millert - - * visudo.c: Ignore editor exit value since XPG4 says vi's exit - value is the count of editing errors made (failed searches, etc). - -2001-10-05 16:39 millert - - * configure: regen - -2001-10-05 16:39 millert - - * configure.in: sco now is identified by config.guess as *-sco-* - -2001-10-05 16:24 millert - - * configure.in: Check for getspnam() in -lgen if not in -lc for - UnixWare. - -2001-09-17 21:48 millert - - * sudoers.pod, visudo.pod: "upper case" -> "uppercase" - -2001-09-17 21:32 millert - - * sudoers.pod: fix typos and grammar; pjanzen@foatdi.harvard.edu - -2001-08-28 10:26 millert - - * sudoers.pod: Missing word (specify); krapht@secureops.com - -2001-08-23 17:43 millert - - * sudo.c: If we fail to lookup a login class, apply the default - one. - -2001-08-23 17:42 millert - - * logging.c: In log_error() free message, not logline - unconditionally, then free logline if it is not the same as - message. No function change but this mirrors how they are - allocated. - -2001-07-16 23:33 millert - - * configure: regenerate - -2001-07-16 23:33 millert - - * configure.in: remove some backslash quotes that are unneeded - -2001-07-16 23:30 millert - - * configure.in: o Tweaks to make this work with autoconf-2.50 o Use - AC_LIBOBJ instead of changing LIBOBJS directly o Use - AC_REPLACE_FUNCS where we can o Use AC_CHECK_FUNCS instead of - AC_CHECK_FUNC so we don't have to AC_DEFINE things manually. - -2001-07-16 23:28 millert - - * config.guess, config.sub: Updated from autoconf-2.50 - -2001-05-22 19:11 millert - - * README: Update mailing list section. We use mailman now, not - majordomo. - -2001-05-10 14:55 millert - - * getspwuid.c, logging.c, sudo.c: Use setpwent()/endpwent() + all - the shadow variants to make sure we don't inadvertantly leak an - fd to the child. Apparently Linux's shadow routines leave the fd - open even if you don't call setspent(). Reported by - mike@gistnet.com; different patch used. - -2001-04-12 21:43 millert - - * sudoers.pod: s/eg./e.g./ - -2001-04-12 21:42 millert - - * tgetpass.c: select() may return EAGAIN. If so, continue like we - do for EINTR. - -2001-04-12 21:41 millert - - * logging.c: Fix a non-exploitable buffer overflow in the word - splitting code. This should really be rewritten. - -2001-04-12 21:41 millert - - * Makefile.in: FAQ link goes away - -2001-04-12 21:40 millert - - * INSTALL: Tell people to look in sample.syslog.conf for examples, - not FAQ - -2001-04-12 21:40 millert - - * TROUBLESHOOTING: Update list of env vars that are cleared - -2001-04-12 21:36 millert - - * sudo.c: remove struct env_table decl since that stuff has all - moved to env.c - -2001-04-04 13:17 millert - - * fileops.c: Fix a pasto in flock-style unlocking and include - for flock on older systems; twetzel@gwdg.de - -2001-04-04 13:14 millert - - * configure: regen to get NeXT lockf/flock fix - -2001-04-04 13:14 millert - - * configure.in: force NeXT to use flock since lockf is broken - -2001-03-30 08:54 millert - - * check.c: Use stashed user_gid when checking against exempt gid - since sudo sets its gid to a a value that makes sudoers readable. - Previously if you used gid 0 as the exempt group everyone would - be exempt. From Paul Kranenburg - -2001-03-29 13:14 millert - - * configure: regen - -2001-03-29 13:08 millert - - * aclocal.m4: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 - aparently defines some types (such as ssize_t) therein. - -2001-03-02 09:09 millert - - * defaults.c: Fix negation of paths in a boolean context. Problem - found by apt@UH.EDU - -2001-02-23 13:03 millert - - * visudo.c: pasto - -2001-02-17 16:11 millert - - * visudo.c: SA_RESETHAND means the opposite of what I was - thinking--oops To block all signals in old-style signals use ~0, - not 0xffffffff - -2001-02-04 11:16 millert - - * defaults.c: coerce difference of pointers to int when used in a - string length printf format; deraadt@openbsd.org - -2001-01-17 11:34 millert - - * visudo.c: Block all signals in Exit() to avoid a signal race. - There is still a tiny window but I'm not going to worry about it. - -2001-01-07 13:57 millert - - * env.c: glibc uses the LANGUAGE env var so clear that too; Solar - Designer - -2001-01-07 13:55 millert - - * lex.yy.c: Regenerate with a fix to flex.skl that preserves errno - from clobbering by isatty(). - -2000-12-30 20:39 millert - - * auth/: aix_auth.c, bsdauth.c, fwtk.c, pam.c, sia.c, sudo_auth.c: - Some defaults I_ defines got renamed. - -2000-12-30 20:38 millert - - * Makefile.in, check.c, def_data.c, def_data.h, def_data.in, - defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, - set_perms.c, sudo.c: Move defaults info into its own files from - which we generate .h and .c files. This makes adding or - rearranging variables much simpler. - -2000-12-30 16:58 millert - - * configure, configure.in: fix typo in last commit - -2000-12-30 16:55 millert - - * compat.h, config.h.in, configure, configure.in: Add check + - emulation for setegid (like seteuid). - -2000-12-30 16:22 millert - - * env.c: Make env_keep override badenv_table as documented Fix - traversal of badenv_table (broken in last commit) - -2000-12-29 22:59 millert - - * set_perms.c, sudo.c, sudo.h: Don't try and build saved uid - version of set_perms on systems w/o them. Rename - set_perms_saved_uid() -> set_perms_posix() Make - set_perms_setreuid simply be set_perms_fallback() and simply - include the appropriate function at compile time (setreuid() - vs. setuid()). - -2000-12-29 22:45 millert - - * sudoers.pod, sudoers.cat, sudoers.man.in: PATH is also preserved - when env_reset is in effect - -2000-12-29 22:29 millert - - * CHANGES, env.c, Makefile.in, check.c, compat.h, config.h.in, - configure, configure.in, defaults.c, defaults.h, find_path.c, - getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, - sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, - testsudoers.c, visudo.c, visudo.cat, visudo.man.in: New Defaults - options: o stay_setuid - sudo will remain setuid if system has - saved uids or setreuid(2) o env_reset - reset the environment to - a sane default o env_keep - preserve environment variables that - would otherwise be cleared - - No longer use getenv/putenv/setenv functions--do environment - munging by hand. Potentially dangerous environment variables can - be cleared only if they contain '/' pr '%' characters to protect - buggy programs. Moved environment routines into env.c (new file) - -2000-12-29 22:17 millert - - * INSTALL: Clear up --without-passwd description - -2000-12-29 19:39 millert - - * sudo_setenv.c, putenv.c: We now build up a new environment from - scratch and assign it to "environ". - -2000-12-18 22:35 millert - - * sudo.pod, visudo.pod: Grammatical fixes from Paul Janzen - -2000-12-14 23:19 millert - - * visudo.c: If there was a syntax error and the user just wants to - quit, unlink sudoers if it is zero length. - -2000-12-14 23:10 millert - - * visudo.c: 'Q' means ignore parse error, not 'q' - -2000-12-14 22:57 millert - - * visudo.c: Open sudoers for writing with mode SUDOERS_MODE From - Dimitry Andric - -2000-12-13 12:23 millert - - * set_perms.c: Add missing #ifdef HAVE_LOGIN_CAP_H; - ayamura@ayamura.org - -2000-12-09 11:46 millert - - * config.guess, config.sub: Darwin / Mac OS X support from Wilfredo - Sanchez - -2000-11-03 09:36 millert - - * sudo.c, visudo.c: Use exit(127), not exit(-1) - -2000-11-03 00:37 millert - - * defaults.h, set_perms.c, sudo.c, Makefile.in, defaults.c: Move - set_perms() to its own file and use POSIX saved uid or setreuid() - if available. - - Added stay_setuid option for systems that have libraries that - perform extra paranoia checks in system libraries for setuid - programs (ie: anything with issetugid(2)). - -2000-11-02 20:28 millert - - * sudo.c: strip more bits from the environment and add a facility - for stripping things only if they contain '/' or '%' to address - printf format string vulnerabilities in other programs. - -2000-11-02 12:55 millert - - * configure: regen - -2000-11-02 12:55 millert - - * configure.in: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache - the existence of strcasecmp(). - -2000-11-02 12:46 millert - - * configure: regen - -2000-11-02 12:46 millert - - * configure.in: Check for strcasecmp(3) in -lc89 for NCR Unix - -2000-11-01 10:22 millert - - * config.h.in: Define HAVE_INNETGR #ifdef HAVE__INNETGR - -2000-11-01 10:17 millert - - * configure: regen - -2000-11-01 10:17 millert - - * compat.h, config.h.in, configure.in: Add check for _innetgr(3) - since NCR systems have that instead of innetgr(3). - -2000-10-31 14:16 millert - - * auth/securid.c: check return value of creadcfg() call sd_close() - after sd_auth() store username in sd->username so we don't rely - on the USER env variable - -2000-10-29 23:00 millert - - * INSTALL: document --with-bsdauth - -2000-10-29 22:57 millert - - * configure: regen - -2000-10-29 22:56 millert - - * configure.in: --with-bsdauth assumes --with-logincap - -2000-10-29 22:45 millert - - * auth/: bsdauth.c, fwtk.c: When prompting for a response to a - challenge, if the user just hits return then reprompt with echo - turned on. - -2000-10-29 17:31 millert - - * sudo.c: Remove debugging code that should not have been - committed, oops. - -2000-10-29 17:31 millert - - * auth/bsdauth.c: Use lower-level routines and get the password - ourselves. Checks for a challenge and if there is one echo is - not turned off. - -2000-10-29 17:30 millert - - * auth/: pam.c, sudo_auth.h: minor housekeeping, no real code - changes - -2000-10-27 18:41 millert - - * sudo.c: Fix a coredump in the logging functions if gethostname(2) - fails by deferring the call to log_error() until things are - better setup. - - Fix return value of set_loginclass() in non-BSD-auth case. - - Hard-code 'sudo' in the usage message so we can fit more options - on a line - -2000-10-27 18:35 millert - - * logging.c: Fix errant ';' (typo) that broken MSG_ONLY - -2000-10-26 13:03 millert - - * sudo.cat, sudo.man.in: regen - -2000-10-26 13:01 millert - - * sudo.pod: Document -a flag - -2000-10-26 12:42 millert - - * Makefile.in, config.h.in, configure, configure.in, getspwuid.c, - sudo.c, auth/sudo_auth.h, auth/bsdauth.c: Add support for BSD - authentication. - -2000-10-19 10:09 millert - - * sudoers.pod: Fix typo; from sato@complex.eng.hokudai.ac.jp - -2000-10-12 09:49 millert - - * sudoers.pod: Mention negating umask - -2000-10-12 01:30 millert - - * defaults.c: Allow user to specify umask of 0777 (same as !umask) - -2000-10-08 21:46 millert - - * sudo.pod, visudo.pod: Fix a typo and give a URL for the sudo - history. - -2000-10-08 12:25 millert - - * defaults.c, sudo.pod: fix typos; pepper@reppep.com - -2000-09-14 16:48 millert - - * sudo.c, sudo.h, sudo_setenv.c: sudo_setenv() now exits on memory - alloc failure instead of returning -1. - -2000-09-07 17:41 millert - - * sudo.c: Strip out NLSPATH and PATH_LOCALE from the environment - for FreeBSD and possibly others. - -2000-09-07 10:43 millert - - * logging.c: Don't use vsyslog(3) since HP-UX (and others?) lack - it. This means that "%m" won't be expanded but we don't use that - anyway since the logging routines may splat to stderr as well. - -2000-09-06 21:35 millert - - * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in, - sudoers.pod: Add always_set_home variable - -2000-09-06 21:24 millert - - * configure, configure.in: Have to hard code default values in help - since the defaults are set _after_ the help stuff. - -2000-08-31 13:08 millert - - * lex.yy.c, parse.lex: Allow special characters (including '#') to - be embedded in pathnames if quoted by a '\\'. The quoted chars - will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still - prints the '\\'. - -2000-08-13 17:10 millert - - * install-sh: Better path searching for programs we need. - -2000-08-13 17:10 millert - - * TROUBLESHOOTING: Add section on "C compiler cannot create - executables" errors. - -2000-08-13 17:10 millert - - * Makefile.binary, Makefile.in, version.h: Crank version - -2000-08-13 17:09 millert - - * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, - sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, - visudo.man.in, visudo.pod: Substitute values from configure into - man pages. - -2000-08-12 16:48 millert - - * parse.c, sudo.c: The listpw and verifypw sudoers options would - not take effect because the value of the default was checked - *before* sudoers was parsed. Instead of passing in the value of - PWCHECK_* to sudoers_lookup(), pass in the arg for def_ival() so - the check can be deferred until after sudoers is parsed. - -2000-08-11 15:41 millert - - * tgetpass.c: When writing prompt, no need to write the NUL as - well; hag@linnaean.org - -2000-06-09 12:25 millert - - * install-sh: When looking for chown, check in /sbin too - -2000-06-04 22:57 millert - - * visudo.c: Remove extraneous call to init_defaults() and set - runas_user to NULL betweem parses so init_defaults will reset it - each time, thus avoiding a reference to free()d data. - -2000-06-04 19:57 millert - - * config.h.in, interfaces.c, interfaces.h, sudo.c: Add support for - using getifaddrs() to get the list of ip addr / netmask pairs. - Currently IPv4-only. - -2000-06-04 19:51 millert - - * visudo.c: Add a missing check for UserEditor == NULL Add missing - '+' before line number when invoking editor to fix a syntax error - -2000-05-12 16:55 millert - - * sudo.c: Call clean_env very early in main() for paranoia's sake. - Idea from Marc Esipovich. - -2000-05-10 01:11 millert - - * sudo.h: Update proto for evasprintf and easprintf - -2000-05-10 01:10 millert - - * alloc.c: Make easprintf() and evasprintf() return an int. - -2000-05-10 00:56 millert - - * check.c: If the targetpw flag is set, use target username as part - of the timestamp path. If tty tickets are in effect cat the tty - and the target username with a ':' as the separator. - -2000-05-09 12:05 millert - - * auth/pam.c: Backout part of last change; setting PAM_USER to the - invoking user breaks things like targetpw. - -2000-05-09 11:52 millert - - * auth/pam.c: set tty and username via pam_set_item - -2000-05-09 11:42 millert - - * check.c, getspwuid.c, sudo.c, sudo.h, auth/sudo_auth.c: Fix root, - runas, and target authentication for non-passwd file auth - methods. - -2000-04-22 14:15 millert - - * sudo.pod, sudo.man.in, sudoers.man.in, sudoers.pod, visudo.pod, - sudo.cat, sudoers.cat, visudo.man.in, visudo.cat: Use B<-Z> not - C<-Z> for command line flags in all places. This is more - consistent and works around a bug in Pod::Man. - -2000-04-22 13:59 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Fix an occurence of - 'semicolon' that should be 'colon' - -2000-04-19 15:30 millert - - * configure, configure.in: Fix --with-badpri help line - -2000-04-17 14:01 millert - - * defaults.c, logging.c, sudo.c: Bracket calls to syslog with an - openlog() and closelog() since some authentication methods (like - PAM) may do their own logging via syslog. Since we don't use - syslog much (usually just once per session) this doesn't really - incur a performance penalty. It also Fixes a SEGV with pam_kafs. - -2000-04-15 16:32 millert - - * sudo.c: Fix -H flag. runas_homedir is only valid after - set_perms(PERM_RUNAS, mode) - -2000-04-12 18:56 millert - - * INSTALL: Clarify the fact that insults are not enabled just by - including them in the binary. - -2000-04-07 10:39 millert - - * sudo.man.in, sudoers.man.in, visudo.man.in, sudo.cat, - sudoers.cat, visudo.cat: Regenerated with perl 5.6.0 pod2man - -2000-04-07 10:38 millert - - * Makefile.in: Give date string to pod2man since its default is - ugly and it ain't got no alibi. - -2000-04-07 10:27 millert - - * Makefile.in: Do section substitution on the output of pod2man and - remove hack needed for old pod2man. - -2000-04-07 10:26 millert - - * sudo.pod, sudoers.pod, visudo.pod: Put back real man sections, we - will do the substitution later. - -2000-04-02 11:44 millert - - * configure, configure.in: Don't bother checking for the path to vi - if user specified --with-editor - -2000-04-01 17:25 millert - - * CHANGES, visudo.c: Visudo now does its own fork/exec instead of - calling system(3). - -2000-04-01 16:23 millert - - * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in, - sudoers.pod, visudo.c: Visudo now checks for the existence of an - editor and gives a sensible error if it does not exist. - - The path to the editor for visudo is now a colon-separated list - of allowable editors. If the user has $EDITOR set and it matches - one of the allowed editors that editor will be used. If not, the - first editor in the list that actually exists is used. - -2000-04-01 16:22 millert - - * sudo.pod, sudo.cat, sudo.man.in: Clear up confusion wrt sudo's - return value. - -2000-03-27 12:08 millert - - * Makefile.in: Strip sudo and visudo for bindist target - -2000-03-26 22:26 millert - - * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, - sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: Use - @mansectsu@ and @mansectform@ in the man page bodies as well. - -2000-03-26 22:07 millert - - * visudo.cat, visudo.man.in, visudo.pod: Typo: @sysconf@ -> - @sysconfdir@ - -2000-03-26 21:57 millert - - * Makefile.in: 'make dist' should not cause any files to be - modified so remove its dependencies. - -2000-03-26 21:43 millert - - * CHANGES: Whoops, forgot to add release marker - -2000-03-26 11:57 millert - - * CHANGES: Final change for 1.6.3 (or so I hope) - -2000-03-26 11:57 millert - - * sudo.cat, sudoers.cat, visudo.cat: Use SYSV man sections since - BSD systems will have nroff... - -2000-03-24 18:58 millert - - * parse.yacc: When checking to see if the host/user matches in a - defaults spec, check against TRUE, not just non-zero since it - might be -1. - -2000-03-24 15:14 millert - - * configure.in, configure: OSF/1 puts file formats in section 4, - not 5. - -2000-03-24 15:13 millert - - * CHANGES, INSTALL, sudo.c: Make login class support work on BSD/OS - -2000-03-23 20:24 millert - - * RUNSON: Update for 1.6.3 - -2000-03-23 20:23 millert - - * configure, configure.in: If there is no inet_addr but there *is* - an __inet_addr that's ok since inet_addr is probably just a macro - then. The better thing to do would be to look for the macro, but - this is fine for now. - -2000-03-23 19:50 millert - - * configure, configure.in: Don't use shlicc for BSD/OS 4.x - -2000-03-23 19:40 millert - - * Makefile.in, configure, configure.in: *.man lives in cwd, *.cat - lives in $(srcdir), add a @mansrcdir@ configure variable so we - can deal with this. Also, only remove *.man for 'distclean' not - 'clean'. - -2000-03-23 19:16 millert - - * sudo.c: set_loginclass() should be static like the proto says - -2000-03-23 14:14 millert - - * fnmatch.c: Add #ifdef __STDC__ around the rangematch function - header to avoid promotion of test to int, thus violating the - prototype. Gcc handles this gracefully but more std ANSI - compilers will complain. - -2000-03-23 10:11 millert - - * emul/fnmatch.h: Pull in newer fnmatch(3) that supports - FNM_CASEFOLD - -2000-03-23 10:11 millert - - * aclocal.m4, configure, fnmatch.3, fnmatch.c: Pull in newer - fnmatch(3) that supports FNM_CASEFOLD Check for FNM_CASEFOLD in - configure - -2000-03-22 23:41 millert - - * CHANGES, TODO: update for 1.6.3 - -2000-03-22 23:38 millert - - * lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.tab.h, - testsudoers.c, visudo.c: Fully qualified hosts w/ wildcards were - not matching the FQHOST token type. There's really no need for a - separate token for fully-qualified vs. unqualified anymore so - FQHOST is now history and hostname_matches now decides which - hostname (short or long) to check based on whether or not the - pattern contains a '.'. - -2000-03-22 23:09 millert - - * parse.c, parse.h, parse.yacc, sudoers.pod, testsudoers.c, - visudo.c, sudoers.cat, sudoers.man.in: Add support for wildcards - in the hostname. - -2000-03-22 22:50 millert - - * Makefile.in: Add targets for *.man.in, using config.status to - generate *.man from *.man.in - -2000-03-22 22:20 millert - - * sudoers.cat, sudoers.man.in, sudoers.pod: Document set_logname - option and enbolden refs to sudo and visudo. - -2000-03-22 19:35 millert - - * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, - sudo.cat, sudo.pod, sudo.man.in, sudoers.cat, sudoers.pod, - visudo.cat, visudo.pod, sudoers.man.in, visudo.man.in: Add - FreeBSD login.conf support (untested on BSD/OS) based on a patch - from Michael D. Marchionna. configure now does substitution on - the man pages, allowing us to fix up the paths and set the - section correctly. Based on an idea from Michael D. Marchionna. - -2000-03-22 19:27 millert - - * auth/passwd.c: Better fix for handling HP-UX aging info. - -2000-03-22 19:20 millert - - * sudo.c: Add support for set_logname run-time default - -2000-03-22 19:17 millert - - * sudo.man.in, sudoers.man.in, visudo.man.in: configure does - substitution on these to produce *.man - -2000-03-22 19:16 millert - - * sudo.man, sudoers.man, visudo.man: These files now get generated - from *.man.in at configure time. - -2000-03-22 18:40 millert - - * defaults.c, defaults.h: Add set_logname option so users can turn - off setting of LOGNAME/USER environment variables. - -2000-03-22 10:53 millert - - * testsudoers.c, lsearch.c, parse.c: kill register - -2000-03-13 15:52 millert - - * auth/passwd.c: HP-UX adds extra info at the end for password - aging so when comparing the result of crypt to pw_passwd we only - compare the first len(epass) bytes *unless* the user entered an - empty string for a password. - -2000-03-13 11:05 millert - - * logging.c: Get rid of grandchild hack, it was causing problems - and there is really no need for it. This fixes a bug where we - spin eating up CPU when the user runs a long-running process like - a shell. - -2000-03-07 14:26 millert - - * sudo.c: User can always specify a login class if he/she is - already root. - -2000-03-06 23:29 millert - - * config.h.in, configure, configure.in, defaults.c, defaults.h, - sudo.c, sudo.h: FreeBSD login class (login.conf) support. - -2000-03-06 14:42 millert - - * auth/sudo_auth.c: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes - secureware support - -2000-03-03 18:04 millert - - * auth/passwd.c: Truncate unencrypted password to 8 chars if - encrypted password is exactly 13 characters (indicateing standard - a DES password). Many versions of crypt() do this for you, but - not all (like HP-UX's). - -2000-03-01 21:01 millert - - * INSTALL, RUNSON: Mention that gcc on dynix may have problems - -2000-02-29 17:46 millert - - * Makefile.in: Link visudo with NET_LIBS since we now call syslog - via defaults.c - -2000-02-29 17:41 millert - - * defaults.c: Use Argv[0] as the first arg to openlog() since - visudo uses this too. - -2000-02-28 18:58 millert - - * sudo.c: Stash coredumpsize resource limit and retsore it before - the exec() Otherwise the child ends up with a coredumpsize of 0. - -2000-02-26 22:56 millert - - * sudo.cat, sudo.man, sudo.pod: document -S flag - -2000-02-26 22:54 millert - - * sudo.c: fix usage string - -2000-02-26 22:48 millert - - * CHANGES, RUNSON, TODO, sudo.c, sudo.h, tgetpass.c, - auth/aix_auth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c: Added - -S flag (read passwd from stdin) and tgetpass_flags global that - holds flags to be passed in to tgetpass(). Change echo_off param - to tgetpass() into a flags field. There are currently 2 possible - flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(), - abstract the echo set/clear via macros and if (flags & TGP_ECHO) - but echo is not set on the terminal, but sure to set it. - -2000-02-26 22:11 millert - - * tgetpass.c: Fixed a bug that caused an infinite loop when the - password timeout was disabled. - -2000-02-18 12:56 millert - - * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h, - sudoers.cat, sudoers.man, sudoers.pod, visudo.c: Add rootpw, - runaspw, and targetpw options. - -2000-02-18 12:11 millert - - * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod, - visudo.c: enveditor -> env_editor - -2000-02-15 19:07 millert - - * BUGS, INSTALL, Makefile.in, README, configure, configure.in, - sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, - visudo.cat, visudo.man: crank versino to 1.6.3 - -2000-02-15 19:03 millert - - * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man, - sudoers.pod, visudo.c: Add 'editor' and 'enveditor' sudoers - defaults and make visudo honor them. This means that visudo will - now parse the sudoers file *before* it is edited so a bogus - sudoers file will cause a warning to go to stderr. Also, visudo - checks the variables once--it does not check them after each - editor run since that could be confusing. - -2000-02-15 18:49 millert - - * RUNSON: 1.6.2 -> 1.6.2p1 - -2000-02-15 18:36 millert - - * check.c, sudo.c, sudo.h: Move user_is_exempt prototype into - sudo.h - -2000-02-13 13:38 millert - - * configure, configure.in: Fix thinko, some && should have been || - in the last commit - -2000-02-13 13:28 millert - - * configure, configure.in: Don't initialized Makefile variables to - be NULL since the user may want to import variables from their - environment. - -2000-02-03 21:09 millert - - * configure, configure.in: typo - -2000-01-27 15:01 millert - - * INSTALL, RUNSON, configure, configure.in: Make pam work on HP-UX - 11.0;jaearick@colby.edu - -2000-01-27 15:01 millert - - * CHANGES: recent changes; prepare for 1.6.2p1 - -2000-01-26 23:31 millert - - * find_path.c: Don't apply SECURE_PATH if user is example; - jmknoble@pobox.com - -2000-01-26 16:21 millert - - * sudoers.cat, sudoers.man, sudoers.pod: Expanded docs on sudoers - 'defaults' options based on INSTALL file info. - -2000-01-26 16:21 millert - - * INSTALL: Fix some while lies - -2000-01-24 10:48 millert - - * Makefile.in: When making a bindist, link FAQ to TROUBLESHOOTING - instead of copying. - -2000-01-23 22:57 millert - - * sudoers.cat, sudoers.man, sudoers.pod: Add netgroup caveat - -2000-01-23 22:42 millert - - * RUNSON: Last minute updates - -2000-01-23 22:26 millert - - * TROUBLESHOOTING: PAM entry - -2000-01-23 22:23 millert - - * auth/pam.c: correct a comment - -2000-01-23 22:03 millert - - * CHANGES, RUNSON: update for 1.6.2 - -2000-01-23 21:59 millert - - * auth/pam.c: Better detection of PAM errors and fix custom prompts - with PAM. Based on patches from "Cloyce D. Spradling" - - -2000-01-20 11:15 millert - - * snprintf.c: Cast ULONG_MAX to unsigned long long when comparing - to an unsigned long long value. - -2000-01-19 14:07 millert - - * CHANGES, config.h.in, configure, configure.in, visudo.c: Fix - sudoers locking in visudo. We now lock the sudoers file itself, - not the temp file (since locking the temp file can foul up - editors). The previous locking scheme didn't work because the fd - was closed too early. - -2000-01-19 13:37 millert - - * configure, config.h.in, configure.in: Don't need test for - ftruncate() any more. - -2000-01-18 21:23 millert - - * configure, configure.in: Add a test for the -Aa flag w/ HP-UX's - cc. Fixes compilation with the unbundled HP-UX cc. - -2000-01-18 17:00 millert - - * sudoers.cat, sudoers.man, sudoers.pod: "a a" -> "a"; Aaron - Campbell - -2000-01-17 18:46 millert - - * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h, - parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, - tgetpass.c, version.h, visudo.c: update copyright year on changed - files - -2000-01-17 18:45 millert - - * RUNSON: updates - -2000-01-17 18:45 millert - - * CHANGES: aix fix - -2000-01-17 18:42 millert - - * INSTALL: Crank version to 1.6.2 - -2000-01-17 18:11 millert - - * configure: Crank version to 1.6.2 - -2000-01-17 17:46 millert - - * sudo.c: When using rlimit check for RLIM_INFINITY When computing - the value of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) - -2000-01-17 12:32 millert - - * CHANGES: recent changes - -2000-01-17 12:28 millert - - * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man, - sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: - Crank version to 1.6.2 - -2000-01-17 12:25 millert - - * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: Add - 'shell_noargs' runtime option back in. We have to defer checking - until after the sudoers file has been parsed but since there are - now other options that operate that way this one can too. Based - on a patch from bguillory@email.com. - -2000-01-16 23:05 millert - - * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: Add "listpw" and - "verifypw" options. - -2000-01-16 22:57 millert - - * sudoers.cat, sudoers.man, sudoers.pod: o Fix some typos/omissions - o Add section on verifypw and listpw o Define how NOPASSWD - interacts with the -v and -l flags - -2000-01-14 12:39 millert - - * configure, configure.in: For HP-UX cc, add -Aa to CPPFLAGS. For - HP-UX always add -D_HPUX_SOURCE to CPPFLAGS. - -2000-01-14 12:29 millert - - * defaults.c, defaults.h: In struct sudo_defs_types, move the union - to the end and don't initialize the union member since that only - works with an ANSI compiler. We set the value of the union by - hand in init_defaults() anyway. This allows sudo to compile on a - K&R compiler again. - -2000-01-11 13:20 millert - - * parse.c, parse.h, parse.yacc, testsudoers.c, visudo.c: - netgr_matches needs to check shost as well as host since they may - be different. - -2000-01-11 13:17 millert - - * tgetpass.c: End on \r as well as \n - -2000-01-02 23:53 millert - - * sudo.c: Update statbuf.st_mode based on SUDOERS_MODE when we are - chaning from 0400 to whatever SUDOERS_MODE is (converting from - the old sudoers mode). Assumes that SUDOERS_MODE is less - restrictive than 0400 which should always be the case. - -2000-01-02 23:43 millert - - * parse.c, parse.yacc, sudo.c, sudo.h: Make treatment of -l and -v - sane wrt NOPASSWD flags. Now allow -l w/o a passwd if there is - *any* entry for the user on the host with a NOPASSWD flag. For - -v, only allow w/o a passwd if *all* entries for the user on the - host w/ the specified runas user have the NOPASSWD flag set. - -2000-01-02 23:26 millert - - * Makefile.in: add check target - -1999-12-16 13:02 millert - - * visudo.c: Treat EOF at whatnow prompt like 'x' instead of - looping. - -1999-12-10 00:09 millert - - * CHANGES: recent changes - -1999-12-08 23:04 millert - - * config.h.in, configure, configure.in, sudo.c: Add check for - initgroups() since old SYSV lacks this. - -1999-12-08 22:54 millert - - * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, - configure.in, parse.c, testsudoers.c: o Kill HAVE_FNMATCH_H o - Only define HAVE_FNMATCH if exists. - -1999-12-06 01:47 millert - - * CHANGES, RUNSON, insults.h, auth/sudo_auth.c: Don't allow insults - to be enabled if the insults[] array is empty. Otherwise there - would be division by zero. - -1999-12-06 01:25 millert - - * insults.h: Don't care about USE_INSULTS #define since the insult - stuff may be overridden at runtime. - -1999-12-06 01:23 millert - - * auth/sudo_auth.c: Honor insults flag. - -1999-12-05 19:14 millert - - * CHANGES, parse.c: Don't ask the user for a password if the user - is not allowed to run the command and the authenticate flag (in - sudoers) is false. - -1999-12-05 19:05 millert - - * CHANGES, RUNSON, lex.yy.c, parse.lex: o Whenever we get a bare - newline we change to the INITIAL state. o Enter GOTRUNAS when we - see Runas_Alias - - This allows #uid to work in a RunasAlias. - -1999-12-05 14:06 millert - - * CHANGES, parse.yacc: fix parsing of runas lists: o oprunasuser - and runaslist now return a value o in a runasspec, if a runaslist - does not return TRUE, set runas_matches to FALSE. Normally, a - runaslist only returns FALSE for explicitly denied users. o - since runaslist does not modify the stack there is no need for a - push/pop in runasalias. - -1999-12-04 21:54 millert - - * check.c, sudo.c: Don't kill the user's tickets until after - sudoers has been parsed since tty_tickets and ticket_dir could be - set in sudoers. - -1999-12-04 21:18 millert - - * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON, - configure, configure.in, sudo.cat, sudo.man, sudoers.cat, - sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: crank - version to 1.6 - -1999-12-04 21:18 millert - - * testsudoers.c: add set_fqdn() stub - -1999-12-02 15:31 millert - - * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat, - sudoers.man, sudoers.pod, visudo.c: o Kill shell_noargs option, - it cannot work since the command needs to be set before sudoers - is parsed. o Fix the "set_home" sudoers option (only worked at - compile time). o Fix "fqdn" sudoers option. We now set - host/shost via set_fqdn which gets called when the "fqdn" - option is set in sudoers. o Move the openlog() to - store_syslogfac() so this gets overridden correctly from the - sudoers file. - -1999-12-02 15:21 millert - - * auth/securid.c: SecurID support should compile now. - -1999-11-28 20:56 millert - - * sudo.pod, visudo.pod, sudo.cat, sudo.man, sudoers.man, - visudo.man, sudoers.cat, visudo.cat: fix some syntactic goofs - -1999-11-28 18:51 millert - - * sudo.html, sudoers.html, Makefile.in, visudo.html: No longer need - the .html files as they are generated automatically on the web - site. - -1999-11-28 18:49 millert - - * CHANGES, LICENSE: kill characters that made wml unhappy - -1999-11-28 18:34 millert - - * HISTORY: typo - -1999-11-25 12:05 millert - - * README: majordomo@cs.colorado.edu -> majordomo@courtesan.com - -1999-11-24 19:43 millert - - * Makefile.in, configure: Wrap script execution w/ /bin/sh for the - benefit of ctm - -1999-11-23 22:52 millert - - * sudo.c: Make the -s flag be exclusive too. Also reorder the - flags in the exclusive usage message so they are alphabetical. - -1999-11-23 13:27 millert - - * auth/pam.c: make pam errors other than PAM_PERM_DENIED fatal - -1999-11-23 13:07 millert - - * auth/API: fix typo - -1999-11-23 13:07 millert - - * INSTALL: make it clear that /etc/pam.d/sudo is required on linux - -1999-11-23 13:06 millert - - * auth/pam.c: fix a warning on redhat and spew an error if - pam_authenticate() returns an error other than AUTH_SUCCESS or - PAM_PERM_DENIED - -1999-11-23 00:43 millert - - * sudo.cat, sudo.html, sudo.man, sudo.pod: Be very clear that the - password required is the user's not root's - -1999-11-19 21:04 millert - - * Makefile.in: add sample.syslog.conf to DISTFILES and BINFILES - -1999-11-18 19:13 millert - - * RUNSON: updates from Brian Jackson + some formatting - -1999-11-17 21:39 millert - - * INSTALL.binary, Makefile.binary, README, RUNSON: o One RUNSon - update o Changes for automating real binary releases - -1999-11-17 21:38 millert - - * Makefile.in: Add bindist target - -1999-11-16 16:26 millert - - * TROUBLESHOOTING: talk about run-time options in addition to - compile-time options - -1999-11-16 01:16 millert - - * CHANGES: fix typos - -1999-11-16 01:09 millert - - * sudo.c: need sys/time.h if HAVE_SETRLIMIT - -1999-11-16 00:42 millert - - * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man, - sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: get - rid of references to sudo-bugs. Now mention the web site or the - sudo@ alias - -1999-11-16 00:35 millert - - * sudoers.html: repair pod2html damage - -1999-11-16 00:28 millert - - * RUNSON, TODO: Update for 1.6 release - -1999-11-16 00:23 millert - - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Add warning - about using ALL in a command context. - -1999-11-09 15:12 millert - - * visudo.c: Call yyrestart() on a parse error to reset the lexer - state. - -1999-11-09 15:06 millert - - * parse.lex, lex.yy.c: Don't need YY_FLUSH_BUFFER after all Move - yyrestart() into visudo.c since it might not get called in yywrap - if we get a parse error (and we only reread the file on error - anyway). - -1999-11-09 14:32 millert - - * parse.lex, lex.yy.c: Call YY_FLUSH_BUFFER macro in yywrap() to - clean up any buffers that might still exist. Call yyrestart() - instead of using the deprecated YY_NEW_FILE macro. - -1999-11-09 12:13 millert - - * lex.yy.c, parse.lex: flex doesn't need %N table size declarations - -1999-11-08 19:00 millert - - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: Mention what - characters need to be escaped in names. - -1999-11-08 18:59 millert - - * configure: regen - -1999-11-08 18:59 millert - - * INSTALL: clarify Mac OS X entry - -1999-11-08 18:59 millert - - * RUNSON: update - -1999-11-08 17:45 millert - - * configure.in: o Use AC_MSG_ERROR throughout o Check syslog - configure options for danity - -1999-11-05 17:11 millert - - * defaults.c: Fix printing of type T_MODE in dump_defaults() - -1999-11-05 12:00 millert - - * strcasecmp.c: missing sys/types.h - -1999-11-05 00:42 millert - - * INSTALL: Break out options that may be overridden at run time - into their own section. Add a not about Max OS X and correct - some lies. - -1999-11-04 14:01 millert - - * CHANGES, config.h.in, configure, configure.in, sudo.c: o Now use - getrlimit to find the highest fd when closing all non-std fd's o - Turn off core dumps via setrlimit for the sake of paranoia - -1999-11-04 13:57 millert - - * RUNSON: updates - -1999-11-01 10:59 millert - - * CHANGES: updates - -1999-11-01 10:58 millert - - * tgetpass.c: When read()'ing, do a single character at a time to - be sure we don't go oast the newline. - -1999-11-01 10:43 millert - - * sudo.c: For the sudo_root option, check against user_uid, not - getuid() since at this point, ruid == euid == 0. - -1999-10-31 23:14 millert - - * RUNSON: some updates - -1999-10-31 23:14 millert - - * logging.h: Fix compilation problem when --with-logging=file was - specified. This means that syslog is now required to build sudo - but that should not be a problem. If it is it can be fixed - trivially with a configure check for syslog() or syslog.h. - -1999-10-31 23:00 millert - - * tgetpass.c: Make this work again for things like "sudo echo hi | - more" where the tty gets put into character at a time mode. We - read until we read end of line or we run out of space (similar to - fgets(3)). - -1999-10-20 11:23 millert - - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: change ital - to bold - -1999-10-20 11:23 millert - - * RUNSON: update - -1999-10-16 13:56 millert - - * defaults.c: Error out if syslog parameters are given without a - value. For Ultrix or 4.2BSD "syslog" is allowed without a value - since there are no facilities in the 4.2BSD syslog. - -1999-10-15 16:37 millert - - * defaults.c: Ignore the syslog facility for systems w/ old syslog - like Ultrix. - -1999-10-15 12:51 millert - - * TROUBLESHOOTING: people with "." early in their path can have - problems running sudo from the build dir ;-) - -1999-10-13 00:18 millert - - * sudo.man, sudo.pod, sudo.cat, sudo.html: Remove -r realm option - -1999-10-12 22:34 millert - - * configure, configure.in, sudo.c, auth/kerb5.c, auth/sudo_auth.c, - auth/sudo_auth.h: New krb5 code from Frank Cusack - . - -1999-10-12 22:33 millert - - * CHANGES: update to reality - -1999-10-11 20:53 millert - - * auth/fwtk.c: include to get function prototypes. - -1999-10-11 20:05 millert - - * sudo.cat, sudo.html, sudo.man, sudo.pod: document -L flag - -1999-10-11 19:42 millert - - * sudo.c: in set_perms(), always call setuid(0) before changing the - ruid/euid so we always know it will succeed. - -1999-10-11 12:24 millert - - * defaults.h: #undef T_FOO to avoid conflicts with system defines - (like on ULTRIX). - -1999-10-11 11:55 millert - - * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man, - sudoers.pod: Docuement "Defaults" lines in /etc/sudoers. Still - needs some fleshing out but this is a start. - -1999-10-10 17:21 millert - - * defaults.c: use strtol, not strtoul since not everyone has not - strtoul - -1999-10-10 15:01 millert - - * lex.yy.c, parse.lex: last {WORD} rule should only apply in the - INITIAL state - -1999-10-10 14:38 millert - - * lex.yy.c, parse.lex: o Add support for escaped characters in the - WORD macro o Modify fill() to squash escape chars - -1999-10-10 13:56 millert - - * defaults.c, defaults.h: o Add T_PATH flag to allow simple sanity - checks for default values that are supposed to be pathnames. o - Fix a duplicate free when visudo finds an error. - -1999-10-09 01:01 millert - - * defaults.c, defaults.h, logging.c: mail_if_foo -> mail_foo - -1999-10-07 21:12 millert - - * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: o Add - requiretty option o Move O_NOCTTY to compat.h - -1999-10-07 21:12 millert - - * logging.c: The exit() in log_error() was mistakenly removed in a - previous version. Put it back... - -1999-10-07 17:20 millert - - * INSTALL, TODO, check.c, config.h.in, configure, configure.in, - defaults.c, defaults.h, find_path.c, getspwuid.c, lex.yy.c, - logging.c, parse.yacc, sudo.c, auth/aix_auth.c, auth/fwtk.c, - auth/pam.c, auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: o - Change defaults stuff to put the value right in the struct. o - Implement mailer_flags o Store syslog stuff both in int and - string form. Setting the string form magically updates the int - version. o Add boolean attribute to strings where it makes sense - to say !foo - -1999-10-07 17:13 millert - - * tgetpass.c: add O_NOCTTY when opening /dev/tty just in case - -1999-10-06 00:48 millert - - * auth/API: cleanup function no longer takes a status arg - -1999-10-06 00:48 millert - - * INSTALL: the the - -1999-09-15 05:15 millert - - * TODO, config.h.in, configure, configure.in, logging.c: Use - strftime() instead of ctime() if it is available. - -1999-09-14 12:58 millert - - * defaults.c: fix copyright date - -1999-09-14 12:57 millert - - * RUNSON: update ReliantUNIX entry - -1999-09-14 12:56 millert - - * defaults.c, defaults.h, logging.c: add log_year option - -1999-09-14 04:01 millert - - * configure, configure.in: add --without-sendmail to help output - -1999-09-14 03:42 millert - - * configure, configure.in: enforce an otctal arg for - --with-suoders-mode - -1999-09-08 04:06 millert - - * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, check.c, - config.h.in, configure, configure.in, defaults.c, defaults.h, - find_path.c, lex.yy.c, logging.c, parse.h, parse.lex, parse.yacc, - sudo.c, sudo.h, sudo.tab.h, testsudoers.c, version.c, visudo.c, - auth/aix_auth.c, auth/fwtk.c, auth/kerb5.c, auth/pam.c, - auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c: Add support for - "Defaults" line in sudoers to make configuration variables - changable at runtime (and on a global, per-host and per-user - basis). Both the names and the internal representation are still - subject to change. It was necessary to make sudo_user.runas but - a char ** instead of a char * since this value can be changed by - a Defaults line. There is a similar (but more complicated) issue - with sudo_user.prompt but it is handled differently at the - moment. - - Add a "-L" flag to list the name of options with their - descriptions. This may only be temporary. - - Move some prototypes to parse.h - - Be much less restrictive on what is allowed for a username. - -1999-09-08 04:01 millert - - * sample.syslog.conf: Add more info - -1999-09-04 03:09 millert - - * fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c, - strcasecmp.c, LICENSE: UCB has dropped the advertising clause - from their license. - -1999-08-31 05:39 millert - - * auth/sudo_auth.h: move dce_verofy proto to correct section - -1999-08-31 05:39 millert - - * auth/dce.c: remove XXX - -1999-08-28 06:00 millert - - * emul/fnmatch.h: Add fnmatch() prototype - -1999-08-28 06:00 millert - - * fnmatch.c, parse.c, testsudoers.c: Move inclusion of - emul/fnmatch.h to be after sudo.h for __P - -1999-08-28 05:59 millert - - * sudo.h: add strcasecmp proto - -1999-08-28 05:50 millert - - * auth/sudo_auth.c: add check for case where there are no auth - methods - -1999-08-28 05:36 millert - - * configure, configure.in: Define _XOPEN_EXTENDED_SOURCE on AIX and - __USE_FIXED_PROTOTYPES__ on SunOS4 w/ gcc - -1999-08-28 05:24 millert - - * getspwuid.c, lex.yy.c, parse.lex, parse.yacc: include strings.h - everywhere we include string.h - -1999-08-28 05:22 millert - - * version.c: nicer output when showing auth methods - -1999-08-28 05:00 millert - - * version.c: Add support for SEND_MAIL_WHEN_NO_HOST - -1999-08-28 04:49 millert - - * config.h.in, configure.in, configure: Add _GNU_SOURCE for Linux - -1999-08-28 04:22 millert - - * parse.lex, lex.yy.c: fix definition of OCTECT - -1999-08-28 04:10 millert - - * configure, configure.in: aix_auth.o not authenticate.o - -1999-08-27 17:02 millert - - * sudo.c: Only block SIGINT, SIGQUIT, SIGTSTP (which can be - generated from the keyboard). Since we run with ruid/euid == 0 - the user can't really signal us in nasty ways. - -1999-08-27 17:01 millert - - * visudo.c: Don't need to worry about catching too many signals - since we do locking on the tmp file. If a lockfile is really - stale, it will be detected and overwritten. - -1999-08-27 16:09 millert - - * INSTALL, Makefile.in: include auth/API in tarball - -1999-08-27 16:09 millert - - * auth/sudo_auth.c: move memset() of plaintext pw outside of verify - loop and only do the memset if we are *not* in standalone mode. - -1999-08-27 13:46 millert - - * auth/: sudo_auth.c, sudo_auth.h: DCE is not a standalone method - -1999-08-27 11:53 millert - - * sudo.c: fix --enable-noargs-shell - -1999-08-27 11:06 millert - - * snprintf.c: "#ifdef __STDC__" not "#if __STDC__" (I missed one) - -1999-08-27 10:54 millert - - * auth/: fwtk.c, sia.c: _cleanup() function returns an int. - -1999-08-27 10:50 millert - - * auth/dce.c: there were still some return(0)'s hanging around, - make them AUTH_FAILURE - -1999-08-27 10:39 millert - - * parse.c: typo in comment - -1999-08-27 10:03 millert - - * version.c: add missing semicolon - -1999-08-27 08:31 millert - - * auth/sudo_auth.h: missing backslash - -1999-08-26 17:24 millert - - * CHANGES, config.h.in, configure, configure.in: Kill - _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes - -1999-08-26 09:21 millert - - * Makefile.in: add parse.h to HDRS - -1999-08-26 09:16 millert - - * Makefile.in, configure, configure.in: Kill VISUDO_LIBS and - VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and LDFLAGS. Common libs go - in LIBS, commong ld flags go in LDFLAGS and network libs like - -lsocket, -lnsl go in NET_LIBS. This allows testsudoers to build - on Solaris and is a bit cleaner in general. - -1999-08-26 06:56 millert - - * UPGRADE: mention ptmp -> sudoers.tmp - -1999-08-26 06:12 millert - - * configure.in, configure, config.h.in: Define - _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE - -1999-08-26 05:37 millert - - * RUNSON: add 2 reports - -1999-08-26 05:20 millert - - * auth/kerb5.c: Minor changes, mostly cosmetic. - verify_krb_v5_tgt() changed to return a value more like a system - function - -1999-08-26 05:19 millert - - * auth/dce.c: Add an XXX - -1999-08-26 05:19 millert - - * TODO: more things todo! - -1999-08-26 05:18 millert - - * sample.sudoers: update based on what is in the man page - -1999-08-26 05:10 millert - - * parse.yacc: minor change to first line printed in -l mode - -1999-08-26 05:10 millert - - * sudo.cat, sudo.html, sudo.man, sudo.pod: rename "ENVIRONMENT - VARIABLES" section to "ENVIRONMENT" to be more standard and add - "EXAMPLES" section - -1999-08-26 05:08 millert - - * visudo.cat, visudo.html, visudo.man, visudo.pod: rename - "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more - standard - -1999-08-26 05:06 millert - - * logging.c, parse.c, sudo.h: add FLAG_NO_CHECK - -1999-08-26 05:05 millert - - * parse.lex, lex.yy.c: make an OCTET really be limited to 0-255 - -1999-08-26 05:04 millert - - * UPGRADE: mention timestamp changes - -1999-08-26 05:04 millert - - * PORTING: cosmetic cleanup - -1999-08-26 05:00 millert - - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: new - sudoers(8) man page - -1999-08-24 13:45 millert - - * version.c: Update comments about syslog name tables - -1999-08-24 13:37 millert - - * CHANGES, LICENSE, Makefile.in, configure, strcasecmp.c, - configure.in, parse.yacc: include strcasecmp() for those without - it - -1999-08-24 12:43 millert - - * sample.sudoers: Use the : operator some more and fix a typo - -1999-08-24 12:43 millert - - * HISTORY: update the history of sudo - -1999-08-24 12:42 millert - - * parse.c, parse.lex, testsudoers.c: CIDR-style netmask support - -1999-08-24 12:41 millert - - * CHANGES: recent changes - -1999-08-24 12:40 millert - - * sudo.tab.h: these should be generated with byacc, not bison - -1999-08-24 12:40 millert - - * lex.yy.c: regen - -1999-08-24 11:58 millert - - * parse.h, parse.yacc, sudo.tab.h: In "sudo -l" mode, the type of - the stored (expanded) alias was not stored with the contents. - This could lead to incorrect output if the sudoers file had - different alias types with the same name. Normal parsing (ie: - not in '-l' mode) is unaffected. - -1999-08-23 12:47 millert - - * configure, configure.in: define _XOPEN_SOURCE to get at crypt() - proto on some systems - -1999-08-22 13:10 millert - - * snprintf.c: fix comment - -1999-08-22 13:09 millert - - * tgetpass.c: don't need limits.h - -1999-08-22 07:36 millert - - * snprintf.c: kill bogus reference to vfprintf - -1999-08-22 07:26 millert - - * sample.sudoers, sudoers: better examples - -1999-08-22 07:23 millert - - * snprintf.c: Add some const in the K&R defs. This is safe since - we define const away if the compiler doesn't grok it. - -1999-08-22 07:22 millert - - * aclocal.m4, configure: Better test for working long long support. - Ultrix compiler supports basic long long but not all operations - on them. - -1999-08-22 05:59 millert - - * aclocal.m4, config.h.in, configure, getspwuid.c, snprintf.c, - sudo.c, auth/secureware.c: Add check for LONG_IS_QUAD #undef - MAXINT before including hpsecurity.h to silence an HP-UX warning - Check for U?LONG_LONG_MAX in snprintf.c and use LONG_IS_QUAD - -1999-08-21 15:00 millert - - * LICENSE, aclocal.m4, config.h.in, configure, configure.in, - snprintf.c: UCB-derived snprintf + asprintf support. Supports - quads if the compiler does. No floating point yet, perhaps - later... - -1999-08-20 16:37 millert - - * check.c, find_path.c, goodpath.c, logging.c, parse.c, sudo.c, - auth/API, auth/sudo_auth.c, auth/sudo_auth.h: Run most of the - code as root, not the invoking user. It doesn't really gain us - anything to run as the user since an attacker can just have an - setuid(0) in their egg. Running as root solves potential - problems wrt signalling. - -1999-08-19 13:45 millert - - * logging.c, sudo.c: Don't wait for child to finish in log_error(), - let the signal handler get it if we are still running, else let - init reap it for us. The extra time it takes to wait lets the - user know that mail is being sent. - - Install SIGCHLD handler in main() and for POSIX signals, block - everything *except* SIGCHLD. - -1999-08-19 12:30 millert - - * logging.c, parse.c, parse.yacc, sudo.c, configure, sudo.h, - INSTALL, config.h.in, configure.in: sudoers_lookup() now returns - a bitmap instead of an int. This makes it possible to express - things like "failed to validate because user not listed for this - host". Some thigns that were previously VALIDATE_FOO are now - FLAG_FOO. This may change later on. - - Reorganized code in log_auth() and sudo.c to deal with above - changes. - - Safer versions of push/pushcp with in the do { ... } while (0) - style - - parse.yacc now saves info on the stack to allow parse.c to - determine if a user was listed, but not for the host he/she tried - to run on. - - Added --with-mail-if-no-host option - -1999-08-17 11:29 millert - - * parse.yacc, sudo.h, visudo.c, visudo.cat, visudo.html, - visudo.man, visudo.pod: o NewArgv and NewArgc don't need to be - externally visible. o If pedantic > 1, it is a parse error. o - Add -s (strict) option to visudo which sets pedantic to 2. - -1999-08-17 11:26 millert - - * HISTORY, INSTALL: Just have sudo-bugs contact info in one place - -1999-08-17 11:20 millert - - * sudo.cat, sudo.html, sudo.man, sudo.pod: Add BUGS section - -1999-08-17 10:29 millert - - * configure, configure.in, Makefile.in: Add testsudoers to default - build target if --with-devel Don't clean generated parser files - unless "distclean". - -1999-08-17 08:47 millert - - * parse.yacc: In pedantic mode we need to save *all* the aliases, - not just those that match, or we get spurious warnings. - -1999-08-17 05:32 millert - - * TROUBLESHOOTING: reference samples.sylog.conf - -1999-08-14 11:50 millert - - * sample.syslog.conf: Sample entries for syslog.conf - -1999-08-14 11:40 millert - - * CHANGES: recent changes - -1999-08-14 11:36 millert - - * auth/: API, afs.c, aix_auth.c, dce.c, fwtk.c, kerb4.c, kerb5.c, - pam.c, passwd.c, rfc1938.c, secureware.c, securid.c, sia.c, - sudo_auth.c, sudo_auth.h: In struct sudo_auth, turn need_root and - configured into flags and add a flag to specify an auth method is - running alone (the only one). Pass auth methods their sudo_auth - pointer, not the data pointer. This allows us to get at the - flags and tell if we are the only auth method. That, in turn, - allows the method to be able to decide what should/should not be - a fatal error. Currently only rfc1938 uses it this way, which - allows us to kill the OTP_ONLY define and te hackery that went - with it. With access to the sudo_auth struct, methods can also - get at a string holding their cannonical name (useful in error - messages). - -1999-08-14 11:34 millert - - * Makefile.in, INSTALL, README, config.h.in, configure, - configure.in, getspwuid.c, lex.yy.c, parse.lex, parse.yacc, - sudo.tab.h: o --with-otp deprecated, use --without-passwd instead - o real dependencies in the Makefile o --with-devel option to - enable yacc, lex, and -Wall o style -- "foo -> bar" becomes - "foo->bar" o ALL goes back to being a token, not a string but - don't leak memory o rename hsotspec -> host in parse.yacc - -1999-08-12 12:26 millert - - * BUGS, CHANGES: recent changes - -1999-08-12 12:24 millert - - * configure, configure.in, interfaces.c, snprintf.c, sudo.c, - sudo.h, auth/sudo_auth.c: o Digital UNIX needs to check for - *snprintf() before -ldb is added to LIBS since -ldb includes a - bogus snprintf(). o Add forward refs for struct mbuf and struct - rtentry for Digital UNIX. o Reorder some functions in snprintf.c - to fix -Wall o Add missing includes to fix more -Wall - -1999-08-12 10:37 millert - - * INSTALL, check.c, config.h.in, configure, configure.in, - parse.yacc, testsudoers.c, version.c, visudo.c, auth/sudo_auth.c: - o Add a "pedentic" flag to the parser. This makes sudo warn in - cases where an alias may be used before it is defined. Only - turned on for visudo and testsudoers. o Add - --disable-authentication option that makes sudo not require - authentication by default. The PASSWD tag can be used to require - authentication for an entry. We no longer overload - --without-passwd. - -1999-08-12 10:29 millert - - * lex.yy.c, parse.lex: Break 'WORD' regexp def into HOSTNAME and - USERNAME. These days a username can contain just about anything - so be very permissive. Also drop the unused \. punctuation. - -1999-08-09 18:25 millert - - * parse.yacc: o add a 'val' element to aliasinfo struct and move -> - parse.h o find_alias() now returns an aliasinfo * instead of - boolean o add_alias() now takes a value parameter to store in the - aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now - return: 1) positive match 0) negative match (due to '!') -1) no - match This means setting $$ explicitly in all cases, which I - should have done in the first place. It also means that we - always store a value that is != -1 and when we see a '!' we can - set *_matches to !rv if rv != -1. The upshot of all of this is - that '!' now works the way it should in lists and some of the - rules are more uniform and sensible. - -1999-08-09 18:17 millert - - * Makefile.in: add parse.h dependency - -1999-08-09 18:17 millert - - * parse.h: kill unused *_matched macros - -1999-08-09 10:35 millert - - * parse.yacc: Allow a list of users as the first thing in a user - spec, not just a single entry. This makes things more uniform, - though it does allow you to write user specs that are hard to - read. - -1999-08-09 10:08 millert - - * configure: regen - -1999-08-09 10:08 millert - - * configure.in: fix check for crypt() in libufc - -1999-08-07 14:03 millert - - * README: sudo-users list now exists - -1999-08-07 07:46 millert - - * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: Update to - reality. - -1999-08-07 05:59 millert - - * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h, - config.h.in, configure.in, logging.c, sudo.h, version.c, - visudo.c, configure, fileops.c: o Move lock_file() and touch() - into fileops.c so visudo can use them o Visudo now locks the - sudoers temp file instead of bailing when the temp file already - exists. This fixes the problem of stale temp files but it does - *require* that you not try to put the temp file in a - world-writable directory. This shoud not be an issue as the temp - file should live in the same dir as sudoers. o Visudo now only - installs the temp file as sudoers if it changed. - -1999-08-06 09:49 millert - - * logging.c: add fcntl locking - -1999-08-06 09:33 millert - - * configure, config.h.in, configure.in, logging.c: Lock the log - file. - -1999-08-06 05:36 millert - - * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c, - visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: o - /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow - temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and - _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP - -1999-08-05 17:38 millert - - * INSTALL, check.c, config.h.in, configure, configure.in, - version.c: o Kill *_MESSAGE and replace with NO_LECTURE o Add - more things to root sudo -V config reporting - -1999-08-05 10:56 millert - - * configure, configure.in: aix_auth.o not authenticate.o - -1999-08-05 10:48 millert - - * config.h.in: Add --with-goodpri and --with-badpri configure - options to specify the syslog priority to use. - -1999-08-05 10:30 millert - - * INSTALL, configure.in, logging.h, configure: Add --with-goodpri - and --with-badpri configure options to specify the syslog - priority to use. - -1999-08-05 10:25 millert - - * compat.h: kill crufty AIX stuff - -1999-08-05 06:55 millert - - * Makefile.in: Sigh, some versions of make (like Solaris's) don't - deal with $< like I would expect. Both GNU and BSD makes get - this right but... So, we just expand $< inline at the cost of - some ugliness. - -1999-08-05 06:52 millert - - * version.c: If the invoking user is root, sudo will now print - configure info in -V mode. Currently just prints logging info, - to be expanded later. - -1999-08-05 06:51 millert - - * logging.c, logging.h, sudo.c, sudo.h: o new defines for syslog - facility and priority o use new print_version() functino for -V - mode - -1999-08-05 06:49 millert - - * check.c: Don't need version.c - -1999-08-05 06:21 millert - - * configure, configure.in, aclocal.m4, config.h.in: Add check for - syslog facilities and priorities tables in syslog.h - -1999-08-05 05:23 millert - - * Makefile.in: o authenticate -> aix_auth o add version.c - -1999-08-05 05:21 millert - - * auth/sudo_auth.c: Missed a prompt -> user_prompt conversion - -1999-08-04 13:32 millert - - * TODO: sudo should lock its logfile - -1999-08-04 13:28 millert - - * parse.yacc: o Add '!' correctly when expanding Aliases. o Add - shortcut macros for append() to make things more readable. o The - separator in append() is now a string instead of a char. o In - append(), only prepend the separator if the last char is not a - '!'. This is a hack but it greatly simplifies '!' handling. o - In -l mode, Runas lists and NOPASSWD/PASSWD tags are now - inherited across entries in a list (matches current behavior). - o Fix formatting in -l mode such that items in a list are - separated by a space. Greatlt improves readability. o Space - for name field in struct aliasinfo is now allocated dyanically - instead of using a (big) buffer. o In add_alias(), only search - the list once (lsearch instead of lfind + lsearch) - -1999-08-04 11:31 millert - - * lex.yy.c, sudo.tab.h: regen - -1999-08-04 10:54 millert - - * configure, configure.in: Solais pam doesn't require anye xtra - setup - -1999-08-04 05:35 millert - - * parse.yacc: o Simpler '!' support now that the lexer deals with - multiple !'s for us. o In the case of opFOO, have FOO give a - boolean return value and set foo_matches in opFOO, not FOO. o - Treat 'ALL' as a string since it gets fill()'d in - parse.lex--fixes a small memory leak. In the long run it may - be better to just fix parse.lex and make ALL back into a token. - However, having it be a string is useful since it can be - easily passed back to the parent rule if we so desire. - -1999-08-04 03:54 millert - - * parse.lex: o Remove some unnecessary backslashes o collapse - multiple !'s by using !+ and checking if yyleng is even or odd. - this allows us to simplify ! handling in parse.yacc - -1999-08-04 03:53 millert - - * sudo.c: -u flag was being ignored - -1999-08-01 13:04 millert - - * Makefile.in: correct fix - -1999-08-01 12:37 millert - - * Makefile.in: work around pod2man stupididy - -1999-08-01 12:35 millert - - * Makefile.in: correct dependencies for .cat - -1999-08-01 12:26 millert - - * sudo.cat, sudo.man, visudo.cat, visudo.man: regen - -1999-08-01 12:25 millert - - * sudo.pod, visudo.pod: Add copyright Update to reality - -1999-08-01 11:42 millert - - * parse.c, sudo.c, sudo.h: rename validate() to the more - descriptive sudoers_lookup() - -1999-08-01 06:49 millert - - * auth/aix_auth.c: use tgetpass - -1999-07-31 12:32 millert - - * CHANGES: updates - -1999-07-31 12:31 millert - - * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING, - configure, configure.in, sudo.c: Sudo, not CU Sudo - -1999-07-31 12:19 millert - - * Makefile.in, alloc.c, check.c, compat.h, config.h.in, - find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, - lex.yy.c, logging.c, logging.h, parse.c, parse.h, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, - auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, - auth/sudo_auth.c, auth/sudo_auth.h, emul/search.h, emul/utime.h, - LICENSE: add 4th term to license similar to term 5 in the apache - license - -1999-07-31 12:02 millert - - * LICENSE, aclocal.m4, check.c, configure.in, insults.h, logging.c, - sudo.c, sudo.h, auth/rfc1938.c: there was a 1995 release too - -1999-07-28 05:24 millert - - * CHANGES: updates - -1999-07-28 05:21 millert - - * check.c: Use dirs instead of files for timestamp. This allows - tty and non-tty schemes to coexist reasonably. Note, however, - that when you update a tty ticket, the mtime on the user dir gets - updated as well. - -1999-07-28 05:17 millert - - * configure.in, configure: Fix getprpwnam() checking on SCO. Need - to link with "-lprot -lx" when linking test program, not just - -lprot. Also add check for getspnam(). The SCO docs indicate - that /etc/shadow can be used but this may be a lie. - -1999-07-24 03:35 millert - - * auth/API: first cut at auth API description - -1999-07-22 15:48 millert - - * auth/: fwtk.c, kerb4.c, kerb5.c, pam.c, rfc1938.c, secureware.c, - securid.c, sudo_auth.c, sudo_auth.h: auth API change. There is - now an init method that gets run before the main loop. This - allows auth routines to differentiate between initialization that - happens once vs. setup that needs to run each time through the - loop. - -1999-07-22 12:23 millert - - * logging.c, auth/kerb5.c: use easprintf() and evasprintf() - -1999-07-22 12:22 millert - - * alloc.c, sudo.h: add easprintf() and evasprintf(), error checking - versions of asprintf() and vasprintf() - -1999-07-22 09:14 millert - - * TODO: remove 2 items. One done, one won't do. - -1999-07-22 09:10 millert - - * sudo.man, visudo.man, sudo.cat, sudo.html, sudoers.html, - visudo.cat, visudo.html, configure, lex.yy.c: regen - -1999-07-22 09:06 millert - - * CHANGES: new changes - -1999-07-22 09:01 millert - - * sudo.pod: o Document -K flag and update meaning of -k flag. o - BSD-style copyright o Document clearing of BIND resolver - environment variables o Clarify bit about shared libs o suggest - rc files create /tmp/.odus if your OS gives away files - -1999-07-22 08:59 millert - - * visudo.pod: BSD license - -1999-07-22 08:58 millert - - * tgetpass.c: o BSD copyright o no need to block signals, we now do - that in main() o cosmetic changes - -1999-07-22 08:57 millert - - * testsudoers.c, visudo.c: o BSD-style copyright o Use "struct - sudo_user" instead of old globals. o some cometic cleanup - -1999-07-22 08:56 millert - - * sudo_setenv.c, version.h: BSD-style copyright - -1999-07-22 08:56 millert - - * sudo.h: o BSD copyright o logging and parser bits moved to their - own .h files o new "struct sudo_user" to encapsulate many of the - old globals. - -1999-07-22 08:55 millert - - * sudo.c: o no longer contains sudo 1.1/1.2 code o BSD copyright o - use new logging routines o simplified flow of control o BIND - resolver additions to badenv_table - -1999-07-22 08:53 millert - - * strerror.c: BSD-style copyright - -1999-07-22 08:53 millert - - * snprintf.c: Now compiles on more K&R compilers - -1999-07-22 08:52 millert - - * putenv.c: BSD-style copyright, cosmetic changes - -1999-07-22 08:51 millert - - * parse.c, parse.yacc, parse.h, parse.lex: BSD-style copyright. - Move parser-specific defines and structs into parse.h + other - cosmetic changes - -1999-07-22 08:51 millert - - * logging.h: defines for logging routines - -1999-07-22 08:49 millert - - * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.h, pathnames.h.in: BSD-style copyright - -1999-07-22 08:48 millert - - * find_path.c, getspwuid.c, goodpath.c, interfaces.c: BSD-style - copyright, cosmetic changes - -1999-07-22 08:46 millert - - * configure.in: o tgetpass.c is no longer optional o kill DCE_OBJS, - add AUTH_OBJS o kill --disable-tgetpass o add --without-passwd o - changes to fill in AUTH_OBJS for new auth api o check for - strerror(), v?snprintf() and v?asprintf() o replace - --with-AuthSRV with --with-fwtk - -1999-07-22 08:43 millert - - * config.h.in: BSD-style copyright. Remove USE_GETPASS and - HAVE_UTIME_NULL. Add HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, - HAVE_VSNPRINTF, HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and - NO_PASSWD - -1999-07-22 08:42 millert - - * compat.h: BSD-style copyright; Add S_IFLNK and MIN/MAX id they - are missing. - -1999-07-22 08:39 millert - - * alloc.c: BSD-style copyright - -1999-07-22 08:38 millert - - * TROUBLESHOOTING: no more --with-getpass - -1999-07-22 08:34 millert - - * TODO: Take out things I've done... - -1999-07-22 08:34 millert - - * README: Refer to LICENSE - -1999-07-22 08:34 millert - - * PORTING: --with-getpass no longer exists - -1999-07-22 08:33 millert - - * Makefile.in: BSD-style copyright. Update to reflect reality wrt - new files and new auth modules. - -1999-07-22 08:32 millert - - * INSTALL: Remove --with-AuthSRV and --disable-tgetpass. Add - --with-fwtk and --without-passwd. - -1999-07-22 08:31 millert - - * HISTORY: Update history a bit - -1999-07-22 08:29 millert - - * COPYING, LICENSE: Now distributed under a BSD-style license - -1999-07-22 08:28 millert - - * auth/sudo_auth.c: o BSD-style copyright o Add support for - NO_PASSWD/WITHOUT_PASSWD options. o skey/opie replaced by - rfc1938 code o new struct sudo_user global - -1999-07-22 08:25 millert - - * auth/: pam.c, sia.c: BSD-style copyright and use new log - functions - -1999-07-22 08:24 millert - - * auth/kerb5.c: o BSD-style copyright o Use new log functiongs o - Use asprintf() and snprintf() where sensible. - -1999-07-22 08:19 millert - - * check.c: Rewrote all the old sudo 1.1/1.2 code. Timestamp - handling is now done more reasonably--better sanity checks and - tty-based stamps are now done as files in a directory with the - same name as the invoking user, eg. /var/run/sudo/millert/ttyp1. - It is not currently possible to mix tty and non-tty based ticket - schemes but this may change in the future (it requires sudo to - use a directory instead of a file in the non-tty case). Also, - ``sudo -k'' now sets the ticket back to the epoch and ``sudo -K'' - really deletes the file. That way you don't get the lecture - again just because you killed your ticket in .logout. BSD-style - copyright now. - -1999-07-22 08:13 millert - - * logging.c: o rewritten logging routines. log_error() now takes - printf-style varargs and log_auth() for the return value of - validate(). o BSD-style copyright - -1999-07-22 07:04 millert - - * auth.c, check_sia.c, dce_pwent.c, secureware.c: superceded by new - auth API - -1999-07-22 07:02 millert - - * auth/fwtk.c: Use snprintf() where it makes sense and add a - BSD-style copyright - -1999-07-22 07:00 millert - - * auth/: afs.c, aix_auth.c, dce.c, passwd.c, rfc1938.c, - secureware.c, securid.c, sudo_auth.h, kerb4.c: BSD-style - copyright - -1999-07-22 06:57 millert - - * emul/utime.h, utime.c: BSD-style copyright - -1999-07-22 06:57 millert - - * emul/search.h: this has been rewritten so use my BSD-style - copyright - -1999-07-15 11:21 millert - - * snprintf.c: include malloc.h if no stdlib.h - -1999-07-15 10:21 millert - - * snprintf.c: KTH snprintf()/asprintf() for systems w/o them - -1999-07-15 10:20 millert - - * strerror.c: strerror() for systems w/o it - -1999-07-12 06:53 millert - - * visudo.c: stylistic changes - -1999-07-12 06:25 millert - - * parse.c, parse.lex, parse.yacc: Add contribution info in the main - comment - -1999-07-11 16:10 millert - - * auth/pam.c: remove missed ref to PAM_nullpw - -1999-07-11 16:10 millert - - * auth/sudo_auth.h: pasto - -1999-07-11 15:19 millert - - * auth/kerb5.c: more or less complete now--still untested - -1999-07-11 15:09 millert - - * auth/: afs.c, pam.c: don't use user_name macro, it will go away - -1999-07-11 14:42 millert - - * auth/: opie.c, rfc1938.c, sudo_auth.h, skey.c: combine skey/opie - code into rfc1938.c - -1999-07-11 07:22 millert - - * auth/: dce.c, sudo_auth.h: DCE authentication method; basically - unchanged from dce_pwent.c - -1999-07-11 06:44 millert - - * auth/: aix_auth.c, sudo_auth.h: AIX authenticate() support. - Could probably be much better - -1999-07-11 06:43 millert - - * auth/sia.c: Fix an uninitialized variable and some cleanup. Now - works (tested) - -1999-07-11 05:37 millert - - * auth/: sia.c, sudo_auth.h: SIA support for digital unix - -1999-07-11 05:33 millert - - * auth/pam.c: don't use prompt global, it will go away - -1999-07-11 05:32 millert - - * auth/secureware.c: correct copyright years - -1999-07-10 20:32 millert - - * auth/: afs.c, fwtk.c, kerb4.c, sudo_auth.h, kerb5.c, opie.c, - pam.c, passwd.c, secureware.c, securid.c, skey.c, sudo_auth.c: - New authentication API and methods - -1999-07-08 06:46 millert - - * parse.yacc: only save an entry if user_matches && host_matches, - even if the stack is empty (fix for previous commit) - -1999-07-08 06:35 millert - - * parse.yacc: 1) Always save an entry on the stack if it is empty. - This fixes the -l and -v flags that were broken by earlier parser - changes. - - 2) In a Runas list, don't negate FALSE -> TRUE since that would - make !foo match any time the user specified a runas user (via -u) - other than foo. - -1999-07-08 05:45 millert - - * testsudoers.c: interfaces and num_interfaces are now auto, not - extern - -1999-07-07 14:09 millert - - * auth.c: use a static global to keep stae about empty passwords - -1999-07-07 14:08 millert - - * check_sia.c: make PASSWORD_NOT_CORRECT logging consistent with - other modules - -1999-07-05 16:53 millert - - * auth.c: PAM prompt code was wrong, looks like we have to kludge - it after all. - -1999-07-05 16:35 millert - - * auth.c: In the PAM code, when a user hits return at the first - password prompt, exit without a warning just like the normal auth - code - -1999-07-05 16:15 millert - - * configure, configure.in: kludge around cross-compiler false - positives - -1999-07-05 16:14 millert - - * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: New - (correct) PAM code Tgetpass now takes an echo flag for use with - PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a - useless umask setting Change error from BAD_ALLOCATION -> - BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to - auth.c for consistency - -1999-07-05 16:11 millert - - * sudo.c: Some -Wall and kill some trailing spaces - -1999-07-05 16:10 millert - - * configure.in: define -D__EXTENSIONS__ for solaris so we get - crypt() proto - -1999-06-22 09:42 millert - - * RUNSON: add Dynix 4.4.4 - -1999-06-22 09:30 millert - - * INSTALL, config.h.in, configure.in, configure: for kerberos V < - version, fall back on old kerb4 auth code - -1999-06-22 06:41 millert - - * INSTALL: clarify some things - -1999-06-22 06:38 millert - - * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: typos - -1999-06-14 19:47 millert - - * sudo.c: mention why DONT_LEAK_PATH_INFO is not the default - -1999-06-03 12:34 millert - - * tgetpass.c: Fix open(2) return value checking, was NULL for - fopen, should be -1 for open - -1999-06-03 12:06 millert - - * configure: regen - -1999-06-03 12:06 millert - - * configure.in: better wording for solaris pam notice - -1999-06-03 11:52 millert - - * CHANGES: document recent changes - -1999-06-03 11:52 millert - - * TROUBLESHOOTING: Update shadow password section - -1999-06-03 11:51 millert - - * auth.c: move authentication code from check.c to auth.c - -1999-06-03 11:51 millert - - * Makefile.in, check.c, sudo.h: move authentication code to auth.c - -1999-05-16 21:36 millert - - * Makefile.in, check.c, check_sia.c, compat.h, find_path.c, - getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, - logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, - sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, visudo.c: Move - interface-related defines to interfaces.h so we don't have to - include everywhere. - -1999-05-14 12:30 millert - - * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, - logging.c, parse.yacc, sudo.c, tgetpass.c: o Replace _PASSWD_LEN - braindeath with our own SUDO_MAX_PASS. - It turns out the old DES crypt does the right thing with - passwords - longert than 8 characters. - o Fix common typo (necesary -> necessary) - o Update TODO list - -1999-05-03 12:00 millert - - * sudo.c: set $LOGNAME when we set $USER - -1999-04-27 00:00 millert - - * INSTALL: add comment about digital unix and interfaces.c warning - with gcc - -1999-04-15 01:12 millert - - * sample.sudoers: use modern paths and give examples for some of - the new parser features - -1999-04-10 13:03 millert - - * parse.c: fix comment - -1999-04-10 00:49 millert - - * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c, - getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, - parse.c, parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - Function names should be flush with the start of the line so they - can be found trivially in an editor and with grep - -1999-04-10 00:40 millert - - * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, - parse.yacc, sudo.c, testsudoers.c, tgetpass.c, visudo.c: free(3) - is already void, no need to cast it - -1999-04-10 00:37 millert - - * logging.c, sudo.c, sudo.h: catch case where cmnd_safe is not set - (this should not be possible) - -1999-04-10 00:10 millert - - * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, - testsudoers.c, visudo.c: Stash the "safe" path (ie: the one - listed in sudoers) to the command instead of stashing the struct - stat. Should be safer. - -1999-04-08 19:56 millert - - * INSTALL, Makefile.in, UPGRADE: notes on updating from an earlier - release - -1999-04-07 20:20 millert - - * CHANGES: updated - -1999-04-07 19:18 millert - - * parse.yacc, sudo.tab.h, sudoers.cat, sudoers.html, sudoers.man, - sudoers.pod: You can now specifiy a host list instead of just a - host or alias. Ie: user = host1,host2,ALIAS,!host3 my_command - now works. - -1999-04-07 02:59 millert - - * testsudoers.c: Quiet -Wall - -1999-04-07 02:50 millert - - * parse.yacc: Move the push from the beginning of cmndspec to the - end. This means we no longer have to do a push at the end of - privilege, just reset some values. - -1999-04-06 20:24 millert - - * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: runas-lists - and NOPASSWD/PASSWD modifiers are now sticky and you can use "!" - most everywhere - -1999-04-06 14:12 millert - - * sudoers.pod: modernize paths and update su example based on - sample.sudoers one - -1999-04-06 14:06 millert - - * sample.sudoers: New runas semantics - -1999-04-06 13:54 millert - - * CHANGES, Makefile.in, alloc.c, config.h.in, configure, - configure.in, strdup.c, sudo.h: In estrdup(), do the malloc - ourselves so we don't need to rely on the system strdup(3) which - may or may not exist. There is now no need to provide strdup() - for those w/o it. Also, the prototype for estrdup() was wrong, - it returns char * and its param is const. - -1999-04-06 13:40 millert - - * getcwd.c: $Sudo tag - -1999-04-06 13:20 millert - - * check.c: buf should be prompt; Michael Robokoff - - -1999-04-06 01:40 millert - - * CHANGES, TODO, parse.yacc: It is now possible to use the '!' - operator in a runas list as well as in a Cmnd_Alias, Host_Alias - and User_Alias. - -1999-04-06 01:38 millert - - * logging.c, sudo.h: Kill GLOBAL_NO_SPW_ENT (not used) and crank - GLOBAL_PROBLEM - -1999-04-06 01:08 millert - - * sudo.h: Definitions of *_matched were wrong--user top, not top-2 - as subscript. - -1999-04-06 01:00 millert - - * logging.c, parse.c, parse.yacc, sudo.c, sudo.h: Add - VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a - command but the NOPASSWD flag was set. Make runasspec, - runaslist, runasuser, and nopasswd typeless in parse.yacc Add - support for '!' in the runas list Fix double printing of '%' and - '+' for groups and netgroups respectively Add *_matched macros - (no need for local stack variable). Should only be used directly - after a pop (since top must be >= 2). - -1999-04-05 23:25 millert - - * aclocal.m4, configure.in: Add copyright, somewhat silly - -1999-04-05 16:57 millert - - * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, - check_sia.c, compat.h, config.h.in, configure, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, - sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, - sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, visudo.cat, visudo.man, emul/utime.h: Crank version to - 1.6 and combine copyright statements - -1999-04-05 16:30 millert - - * sample.sudoers: Use ! not ^ to do negation - -1999-04-05 16:29 millert - - * lex.yy.c: regen - -1999-04-05 16:28 millert - - * parse.yacc, parse.lex: Make runas and NOPASSWD tags persistent - across entris in a command list. Add a PASSWD tag to reverse - NOPASSWD. When you override a runas or *PASSWD tag the value - given becomes the new default for the rest of the command list. - -1999-04-02 16:03 millert - - * CHANGES, RUNSON: update for 1.5.9 - -1999-04-02 16:02 millert - - * visudo.c: Shift return value of system(3) by 8 to get real exit - value and if it is not 1 or 0 print the retval along with the - error message. - -1999-03-30 16:45 millert - - * Makefile.in: testsudoers needs LIBOBJS too - -1999-03-30 12:17 millert - - * parse.c, parse.yacc: Fix another parser bug. For a sudoers entry - like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo - would not allow millert to run ls as root. - -1999-03-30 01:08 millert - - * CHANGES: new change - -1999-03-30 01:03 millert - - * parse.yacc: Save entries that match a ! command on the matching - stack too - -1999-03-30 01:01 millert - - * sudo.c: Make sudo's usage info better when mutually exclusive - args are given and don't rely on argument order to detect this; - nick@zeta.org.au - -1999-03-29 15:03 millert - - * CHANGES, Makefile.in, RUNSON: updates from CU - -1999-03-28 23:38 millert - - * Makefile.in: use gzip - -1999-03-28 23:31 millert - - * parse.yacc: Fix off by one error introduced in *alloc changes - -1999-03-28 23:05 millert - - * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c, - check_sia.c, compat.h, config.h.in, configure, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, - sudo.cat, sudo.h, sudo.man, sudo_setenv.c, sudoers.cat, - sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod, - emul/utime.h: ++version - -1999-03-28 21:59 millert - - * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c, - interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, - parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, utime.c, visudo.c: Use - emalloc/erealloc/estrdup - -1999-03-28 20:29 millert - - * alloc.c: error checking memory allocation routines - -1999-03-28 19:23 millert - - * parse.yacc: Still not right, this fixes it for real - -1999-03-28 19:08 millert - - * parse.yacc: Fix for previous commit - -1999-03-28 19:05 millert - - * CHANGES, INSTALL, parse.yacc: Fix a parser bug that was exposed - when mixing different runas specs and ! commands. For example: - millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would - allow millert to run whoami as root as well as daemon when it - should just allow daemon. The problem was that comma-separated - commands in a list shared the same entry on the matching stack. - Now they get their own entry iff there is a full match. It may - be better to just make the runas spec persistent across all - commands in a list like the user and host entries of the matching - stack. However, since that is a fairly major change it should - gets its own minor rev increase. - -1999-03-28 13:50 millert - - * check.c, config.h.in: Simplify PAM code and fix a PAM-related - warning on Linux - -1999-03-26 13:17 millert - - * CHANGES: updates - -1999-03-26 13:12 millert - - * sample.sudoers: better su entry - -1999-03-26 13:10 millert - - * configure: regen - -1999-03-26 13:09 millert - - * check.c, configure.in: new pam code that works on solaris, should - work on linux too; aelberg@home.com - -1999-03-19 14:44 millert - - * RUNSON: more entries - -1999-03-19 14:43 millert - - * config.h.in: only include strings.h if there is no string.h - -1999-03-17 15:25 millert - - * config.guess: Sinix is now being called ReliantUNIX; - bjjackso@us.oracle.com - -1999-03-13 13:37 millert - - * sudo.c: shost must be set before log functions are called #ifdef - HOST_IN_LOG - -1999-03-07 18:34 millert - - * CHANGES, lex.yy.c, parse.lex: Fix a bug wrt quoting characters in - command args. Stop processing an arg when you hit a backslash so - the quoted-character detection can catch it. - -1999-02-26 01:19 millert - - * interfaces.c: include sys/time.h; aparently AIX needs it. - ppz@cdu.elektra.ru - -1999-02-23 19:43 millert - - * configure, configure.in: add missing case statement so - --without-sendmail works - -1999-02-22 21:51 millert - - * CHANGES: more - -1999-02-22 15:10 millert - - * configure, configure.in: only search for -lsun in irix <= 4.x - -1999-02-22 15:01 millert - - * configure, configure.in: back out last configure.in change now - that I've hacked autoconf to fix the real problem and add a - missing newline - -1999-02-22 14:32 millert - - * CHANGES: updated - -1999-02-22 14:05 millert - - * getcwd.c: add def of dirfd() for those without it - -1999-02-22 10:58 millert - - * configure.in, configure: When falling back to checking for - socket() when linking with "-lsocket -lnsl" check for main() - instead since autoconf has already cached the results of checking - for socket() in -lsocket. This is really an autoconf bug as it - should use the extra libs as part of the cache variable name. - -1999-02-22 10:47 millert - - * configure.in: typo - -1999-02-21 15:18 millert - - * configure.in: fix occurrence of $with_timeout that should be - $with_password_timeout; - Michael.Neef@neuroinformatik.ruhr-uni-bochum.de - -1999-02-17 11:40 millert - - * sudo.cat, sudo.html, sudo.man, sudo.pod: fix grammar; - espie@openbsd.org - -1999-02-11 01:41 millert - - * parse.yacc, sudo.c, testsudoers.c: add cast for strdup in places - it does not have it - -1999-02-09 13:11 millert - - * configure, configure.in: define for_BSD_TYPES irix - -1999-02-06 19:47 millert - - * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: Make it - clear that it is the user's password, not root's, that we want. - -1999-02-06 19:43 millert - - * check.c, sudo.h: If the user enters an empty password and really - has no password, accept the empty password they entered. - Perviously, they could enter anything *but* an empty password. - Also, add GETPASS macro that calls either tgetpass() or getpass() - depending on how sudo was configured. Problem noted by - jdg@maths.qmw.ac.uk - -1999-02-02 23:32 millert - - * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, - testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, - emul/utime.h: add explicate copyright - -1999-02-02 23:16 millert - - * CHANGES: mention -lsocket, -lnsl configure changes - -1999-02-02 17:54 millert - - * sudo.c: Don't clobber errno after calling check_sudoers(). - -1999-01-31 19:46 millert - - * configure.in, configure: When linking with both -lsocket and - -lnsl be sure to do so in that order. Also, when we can't find - socket() or inet_addr() and have to try linking with both libs, - issue a warning. - -1999-01-31 19:45 millert - - * sudo.cat, sudo.man, sudo.pod: clarify bad timestamp and fmt - -1999-01-23 12:18 millert - - * INSTALL, RUNSON: be clear that pam is linux-only and add a RUNSON - entry - -1999-01-22 13:13 millert - - * configure, CHANGES, INSTALL, configure.in: fix and correctly - document --with-umask; problem noted by adap@adap.org - -1999-01-19 20:38 millert - - * configure.in, configure: only use /usr/{man,catman}/local to - store man pages if suer didn't override prefix or mandir - -1999-01-19 20:24 millert - - * configure, INSTALL, configure.in: fix typo, make --with-SecurID - take an arg - -1999-01-18 21:53 millert - - * RUNSON: updates from users - -1999-01-18 21:04 millert - - * CHANGES, INSTALL, check.c, configure, configure.in: FWTK - 'authsrv' support from Kevin Kadow - -1999-01-18 20:00 millert - - * configure, configure.in: better fix for the problem of unresolved - symbols in -lnsl or -lsocket - -1999-01-18 19:39 millert - - * configure, configure.in: when checking for functions in -lnsl and - -lsocket link with both of them to avoid unresolved symbols on - some weirdo systems - -1999-01-17 20:49 millert - - * BUGS, CHANGES, RUNSON, TODO: old changes that didn't make it into - RCS before the RCS->CVS switch - -1999-01-17 18:16 millert - - * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, - configure.in, dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, secureware.c, strdup.c, - sudo.c, sudo.pod, sudo_setenv.c, sudoers.pod, testsudoers.c, - tgetpass.c, utime.c, visudo.c, visudo.pod, emul/search.h, - emul/utime.h: add sudo tags - -1999-01-17 17:53 millert - - * version.h, sudo.h: testing Sudo tag - -1999-01-17 17:40 millert - - * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, - compat.h, config.h.in, configure, configure.in, dce_pwent.c, - find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, - logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, - sudo.man, sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, visudo.man, - emul/utime.h: crank version and regen files - -1999-01-17 17:27 millert - - * Makefile.in: kill rcs goop in update_version and fix now that - version is a const - -1999-01-17 17:08 millert - - * INSTALL, check.c, config.h.in, configure, configure.in, - logging.c, sudo.c, sudo.h, sudo.pod: kerb5 support from - fcusack@iconnet.net - -1999-01-17 16:45 millert - - * realpath.c, sudo_realpath.c: we no longer use realpath - -1999-01-17 16:44 millert - - * qualify.c: replaced by find_path.c - -1999-01-17 16:43 millert - - * options.h: all options are now configure flags - -1999-01-17 16:42 millert - - * lex.yy.c: regen - -1999-01-17 16:41 millert - - * getwd.c: superceded by getcwd.c - -1999-01-17 16:36 millert - - * getpass.c: superceded by tgetpass.c - -1999-01-17 16:36 millert - - * SUPPORTED: superceded by RUNSON - -1999-01-17 16:33 millert - - * OPTIONS: No longer used now that we have configure options for - everything. - -1999-01-17 16:32 millert - - * configure: regen based on configure.in - -1999-01-17 16:31 millert - - * sudo.man, sudoers.man, visudo.man, sudo.cat, sudo.html, - sudoers.cat, visudo.cat, sudoers.html, visudo.html: regen based - on sudo.pod, sudoers.pod, and visudo.pod - -1998-12-11 12:16 millert - - * check.c: fix tty tickets in remove_timestamp (didn't use ':') - -1998-12-07 16:16 millert - - * interfaces.c: close sock when we are done with it - -1998-11-27 19:37 millert - - * parse.yacc: never say "error on line -1" - -1998-11-23 23:38 millert - - * configure.in: check for -lnsl before -lsocket - -1998-11-23 23:29 millert - - * configure.in: quote '[', ']' used in ranges correctly - -1998-11-21 17:54 millert - - * config.h.in: add missing NO_ROOT_SUDO noted by drno@tsd.edu - -1998-11-20 18:33 millert - - * version.h: 1.5.7 - -1998-11-20 18:33 millert - - * INSTALL: more info for 1.5.7 - -1998-11-20 18:30 millert - - * README: update for 1.5.7 - -1998-11-20 14:26 millert - - * parse.yacc: make increases of cm_list_size and ga_list_size be - similar to increases of stacksize (ie: >= not > in initial - compare). - -1998-11-20 14:22 millert - - * parse.yacc: when we get a syntax error, report it for the - previous line since that's generally where the error occurred. - -1998-11-18 15:31 millert - - * config.h.in, configure.in, interfaces.c: add back check for - sys/sockio.h but only use it if SIOCGIFCONF is not defined - -1998-11-18 15:25 millert - - * config.h.in: define BSD_COMP for svr4 - -1998-11-17 23:16 millert - - * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, - goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, - parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: more - -Wall - -1998-11-17 23:10 millert - - * configure.in: kill check for sockio,h - -1998-11-17 23:10 millert - - * config.h.in: no more HAVE_SYS_SOCKIO_H - -1998-11-17 22:51 millert - - * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, - goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, - parse.lex, parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - -Wall - -1998-11-16 17:38 millert - - * sudo.c: add missing inform_user() - -1998-11-13 19:21 millert - - * find_path.c: return NOT_FOUND if given fully qualified path and - it does not exist previously it would perror(ENOENT) which - bypasses the option to not leak path info - -1998-11-13 19:20 millert - - * configure.in: for kerb5, check for -lkerb4, fall back on -lkrb - for kerb, check for -ldes - -1998-11-13 14:19 millert - - * INSTALL: tty tickets are user:tty now - -1998-11-13 14:10 millert - - * check.c: when using tty tickets make it user:tty not user.tty as - a username could have a '.' in it - -1998-11-09 19:15 millert - - * sudo.c: add "ignoring foo found in ." for auth successful case - -1998-11-09 17:57 millert - - * sudo.c: add missing printf param - -1998-11-08 15:56 millert - - * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h: - go back to printing "command not found" unless - --disable-path-info specified. Also, tell user when we ignore - '.' in their path and it would have been used but for - --with-ignore-dot. - -1998-11-08 13:51 millert - - * check.c, sudo.c: Only one space after a colon, not two, in - printf's - -1998-11-05 12:59 millert - - * sudo.pod: document setting $USER - -1998-11-04 22:24 millert - - * check.c: fix bugs with prompt expansion - -1998-11-04 21:21 millert - - * sudo.c: set $USER for root too - -1998-11-04 17:13 millert - - * getspwuid.c: typo - -1998-11-04 17:07 millert - - * configure.in: HP-UX's iscomsec is in -lsec, not libc - -1998-11-03 22:24 millert - - * configure.in: remove some entries in the OS case statement that - did nothing - -1998-11-03 22:19 millert - - * TROUBLESHOOTING: add "cd" section and flush out syslog section - -1998-11-03 20:51 millert - - * Makefile.in: no more sudo-lex.yy.c - -1998-11-03 20:50 millert - - * check_sia.c: add custom prompt support - -1998-11-03 20:40 millert - - * sudo.c: kill perror("malloc") since we already have a good error - messages pw_ent -> pw for brevity set $USER if -u specified - -1998-11-03 20:39 millert - - * parse.c: kill perror("malloc") since we already have a good error - messages pw_ent -> pw for brevity when checking if %group - matches, look up user in password file so that %groups works in a - RunAs spec. - -1998-11-03 20:39 millert - - * logging.c, parse.yacc: kill perror("malloc") since we already - have a good error messages - -1998-11-03 20:38 millert - - * check.c, getspwuid.c, interfaces.c, testsudoers.c: kill - perror("malloc") since we already have a good error messages - pw_ent -> pw for brevity - -1998-11-03 15:03 millert - - * tgetpass.c: the prompt is expanded before tgetpass is called - -1998-11-03 15:03 millert - - * sudo.h: tgetpass now has the same args as getpass again - -1998-11-03 15:02 millert - - * getspwuid.c: add iscomsec, issecure support - -1998-11-03 15:02 millert - - * check.c: we now expand any %h or %u in the prompt before passing - to tgetpass - -1998-11-03 14:58 millert - - * configure.in: add check for syslog(3) in -lsocket, -lnsl, -linet - -1998-11-03 14:56 millert - - * config.h.in: add HAVE_ISCOMSEC and HAVE_ISSECURE - -1998-11-03 14:55 millert - - * configure.in: add check for iscomsec in HP-UX - -1998-11-03 14:51 millert - - * configure.in: check for issecure if we have getpwanam on SunOS - some options are incompatible with DUNIX SIA check for dispcrypt - on DUNIX - -1998-10-25 15:21 millert - - * config.h.in: add HAVE_DISPCRYPT - -1998-10-25 15:21 millert - - * secureware.c: add back support for non-dispcrypt based checking - for older DUNIX - -1998-10-25 00:51 millert - - * INSTALL: sia changes - -1998-10-25 00:48 millert - - * configure.in: SIA becomes the default on Digital UNIX now havbe - --disable-sia to turn it off... - -1998-10-24 23:52 millert - - * check.c: move local includes after system ones - -1998-10-24 19:28 millert - - * check.c, check_sia.c, sudo.h: add pass_warn() which prints out - INCORRECT_PASSWORD or an insult to stderr - -1998-10-24 19:07 millert - - * check_sia.c: fix while loop in sia_attempt_auth() that checks the - password. Only the first iteration was working. - -1998-10-21 21:00 millert - - * aclocal.m4: don't trust UID_MAX or MAXUID - -1998-10-21 20:35 millert - - * configure.in: fix two pastos - -1998-10-21 20:30 millert - - * configure.in: fix typo - -1998-10-21 20:19 millert - - * getspwuid.c, secureware.c: init crypt_type to INT_MAX since it is - legal to be negative in DUNX 5.0 - -1998-10-21 20:15 millert - - * configure.in: for secureware on dunix, use -lsecurity -ldb -laud - -lm but check for -ldb since DUNX < 4.0 lacks it - -1998-10-21 19:50 millert - - * check.c, compat.h, config.h.in, configure.in, getspwuid.c, - secureware.c, sudo.c, tgetpass.c: getprpwuid is broken in HP-UX - 10.20 at least (it sleeps for 2 minutes if the shadow files don't - exist). - -1998-10-20 17:22 millert - - * INSTALL: updated --with-editor blurb - -1998-10-20 17:21 millert - - * TROUBLESHOOTING: tell how to put sudoers in a different dir - -1998-10-20 16:22 millert - - * configure.in: add missing quotes around $with_editor - -1998-10-20 14:00 millert - - * configure.in: typo in --with-editor bits - -1998-10-20 01:24 millert - - * INSTALL: I don't expect it to work on Solaris - -1998-10-20 01:24 millert - - * check.c: add back security/pam_misc.h - -1998-10-19 17:13 millert - - * INSTALL: remove dunix note since configure checks for this now - -1998-10-19 16:30 millert - - * configure.in: add check for broken dunix prot.h (4.0 < 4.0D is - bad) - -1998-10-19 14:32 millert - - * getspwuid.c, secureware.c, tgetpass.c: new dunix shadow code, use - dispcrypt(3) - -1998-10-19 14:32 millert - - * config.h.in: add HAVE_INITPRIVS - -1998-10-19 14:31 millert - - * sudo.c: call initprivs() if we have it for getprpwuid later on - -1998-10-19 14:30 millert - - * Makefile.in: clean pathnames.h too - -1998-10-19 14:28 millert - - * configure.in: quote "Sorry, try again." with [] since it has a - comma in it set LIBS when we add stuff to SUDO_LIBS set - SECUREWARE when we find getprpwuid() so we can check for - bigcrypt, set_auth_parameters, and initprivs later. - -1998-10-19 13:48 millert - - * INSTALL: update Digital UNIX note about acl.h - -1998-10-18 20:26 millert - - * INSTALL: add --with-sia --without-root-sudo -> - --disable-root-sudo some reordering - -1998-10-18 20:22 millert - - * secureware.c: add whitespace - -1998-10-18 20:22 millert - - * Makefile.in, check.c, config.h.in, configure.in, logging.c, - sudo.h: add SIA support - -1998-10-18 20:21 millert - - * check_sia.c: Initial revision - -1998-10-18 19:42 millert - - * configure.in: when checking for -lsocket, -lnsl, and -linet, - check for the specific functions we need from them. - -1998-10-18 19:10 millert - - * config.h.in, sudo.h: move Syslog_* defs into sudo.h - -1998-10-18 18:15 millert - - * sudo.h, Makefile.in: added check_secureware - -1998-10-18 18:12 millert - - * configure.in: finished adding AC_MSG_CHECKING and AC_MSG_RESULT - bits - -1998-10-18 18:00 millert - - * insults.h: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no - other sets defined. configure now does that for us - -1998-10-18 17:45 millert - - * configure.in: move some --with options around change a bunch of - echo's to AC_MSG_CHECKING, AC_MSG_RESULT pairs - -1998-10-18 01:09 millert - - * configure.in: change $with_foo-bar -> $with_foo_bar kill extra " - that caused a syntax error add some echo verbage - -1998-10-17 18:08 millert - - * check.c: moved SecureWare stuff into secureware.c - -1998-10-17 18:07 millert - - * secureware.c: Initial revision - -1998-10-17 17:02 millert - - * INSTALL: update url to solaris gcc bins - -1998-10-17 16:39 millert - - * INSTALL: change option formatter and flesh out someentries - -1998-10-17 16:18 millert - - * sudo.pod, visudo.pod, TROUBLESHOOTING: environmental variable -> - environment variable - -1998-10-17 16:01 millert - - * BUGS: everything is now done via configure - -1998-10-17 16:00 millert - - * README: prev rev was 1.5.6 - -1998-10-17 00:33 millert - - * Makefile.in: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID - correctly - -1998-10-17 00:32 millert - - * config.h.in: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from - the Makefile - -1998-10-17 00:31 millert - - * Makefile.in: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, - sudoers_gid, sudoers_mode from configure - -1998-10-17 00:30 millert - - * configure.in: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get - substituted into the Makefile, not config.h - -1998-10-17 00:30 millert - - * INSTALL: document all --with/--enable options - -1998-10-15 02:25 millert - - * insults.h: options.h is no more - -1998-10-15 02:25 millert - - * config.h.in: assimilated options.h - -1998-10-15 02:24 millert - - * configure.in: moved options from options.h to configure - -1998-10-15 01:41 millert - - * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, - logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod, - sudo_setenv.c, visudo.c: no more options.h - -1998-10-15 01:39 millert - - * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: remove references - to options.h - -1998-10-15 01:32 millert - - * interfaces.c, dce_pwent.c, sudo.c: kill sys/time.h - -1998-10-15 00:10 millert - - * tgetpass.c: if select return < -1 still prompt for pw - -1998-10-15 00:03 millert - - * options.h: convert LOGGING, LOGFAC, MAXLOGFILELEN, - IGNORE_DOT_PATH into configure options - -1998-10-14 23:57 millert - - * parse.c: FAST_MATCH is no longer an optino - -1998-10-14 23:52 millert - - * check.c: remove_timestamp() if timestamp is preposterous - -1998-10-14 23:36 millert - - * options.h: convert more options to --with/--enable - -1998-10-14 23:36 millert - - * INSTALL, aclocal.m4: logfile -> logpath - -1998-10-14 23:31 millert - - * configure.in: convert more options into --with and --enable - -1998-10-14 23:28 millert - - * tgetpass.c: catch EINTR in select and restart - -1998-10-14 23:15 millert - - * logging.c: sys/errno -> errno - -1998-09-24 11:40 millert - - * sudo.c: UMASK -> SUDO_UMASK. - -1998-09-24 11:36 millert - - * check.c, logging.c: time.h, not sys/time.h - -1998-09-21 19:52 millert - - * logging.c: MAILER -> _PATH_SENDMAIL - -1998-09-21 00:06 millert - - * INSTALL, configure.in: no more --with-C2, now it is - --disable-shadow - -1998-09-21 00:00 millert - - * aclocal.m4, check.c, compat.h, config.h.in, configure.in, - getspwuid.c, sudo.c, tgetpass.c: new shadow password scheme. - Always include shadow support if the platform supports it and the - user did not disable it via configure - -1998-09-20 19:48 millert - - * configure.in: --with-getpass -> --{enable,disable}-tgetpass - -1998-09-20 19:16 millert - - * Makefile.in: pathnames.h -> pathnames.h.in - -1998-09-20 19:14 millert - - * check.c: fix version string - -1998-09-20 19:12 millert - - * check.c: move pam_conv to be static to auth function remove - pam_misc.h (solaris doesn't have one) - -1998-09-20 19:10 millert - - * aclocal.m4: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill - SUDO_PROG_PWD - -1998-09-20 19:10 millert - - * configure.in: munge pathnames.h.in -> pathnames.h kill - SUDO_PROG_PWD - -1998-09-20 19:10 millert - - * pathnames.h.in: convert to pathnames.h.in - -1998-09-18 20:20 millert - - * configure.in: fix typo in sysv4 matching case /. - -1998-09-18 01:29 millert - - * check.c: pam stuff needs to run as root, not user, for shadow - passwords - -1998-09-17 12:26 millert - - * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c, - BUGS, INSTALL, README, configure.in: updated version - -1998-09-17 12:13 millert - - * check.c: user version.h for long message - -1998-09-17 11:53 millert - - * check.c: this is version 1.5.6 - -1998-09-16 13:42 millert - - * Makefile.in: remove errant backslash - -1998-09-14 22:25 millert - - * options.h, parse.yacc, pathnames.h.in: fix version string - -1998-09-14 22:02 millert - - * BUGS, CHANGES, TODO: updtaed for 1.5.6 - -1998-09-14 22:02 millert - - * RUNSON: updated for 1.5.6 - -1998-09-14 11:48 millert - - * interfaces.c: kill unused localhost_mask var copy if name to - ifr_tmp after we zero it - -1998-09-13 15:50 millert - - * INSTALL: Better description of new vs. old sudoers modes fix some - typos better description of /usr/ucb/cc gotchas on slowaris - -1998-09-13 15:49 millert - - * Makefile.in: add sample.pam - -1998-09-13 15:32 millert - - * sudo.c: set NewArgv[0] to user_shell, not basename(user_shell) - -1998-09-12 11:10 millert - - * README: mention TROUBLESHOOTING more fix some typos - -1998-09-11 20:30 millert - - * configure.in: move --enable/--disable to be after --with - -1998-09-11 20:30 millert - - * INSTALL: document --enable/--disable - -1998-09-11 20:26 millert - - * INSTALL: document --with-pam - -1998-09-11 19:47 millert - - * configure.in: Add message for pam users - -1998-09-11 19:27 millert - - * sample.pam: Initial revision - -1998-09-11 19:23 millert - - * config.h.in: fix HAVE_PAM - -1998-09-11 19:19 millert - - * check.c, config.h.in, configure.in: pam support, from Gary Calvin - - -1998-09-10 18:51 millert - - * config.h.in: add HOST_IN_LOG and WRAP_LOG - -1998-09-10 18:51 millert - - * logging.c: add WRAP_LOG and HOST_IN_LOG - -1998-09-10 18:37 millert - - * configure.in: add --enable-log-host and --enable-log-wrap - -1998-09-10 18:32 millert - - * aclocal.m4: use AC_DEFINE_UNQUOTED for --with-logfile and - --with-timedir - -1998-09-08 20:45 millert - - * compat.h: add howmany macro - -1998-09-08 20:43 millert - - * tgetpass.c: include sys/param.h to get howmany macro - -1998-09-07 20:42 millert - - * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: - add RUNAS_DEFAULT - -1998-09-07 12:51 millert - - * fnmatch.c: bring in stdio.h for NULL - -1998-09-07 12:50 millert - - * aclocal.m4: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh - -1998-09-07 12:43 millert - - * sudo.c: use HAVE_SET_AUTH_PARAMETERS - -1998-09-07 12:42 millert - - * config.h.in: add HAVE_SET_AUTH_PARAMETERS - -1998-09-07 12:41 millert - - * configure.in: add *-*-hiuxmpp* add test for set_auth_parameters() - if secureware - -1998-09-07 12:39 millert - - * config.sub: add support for HI-UX/MPP SR220001 02-03 0 SR2201 - -1998-09-07 12:06 millert - - * interfaces.c: initialize previfname - -1998-09-07 11:51 millert - - * interfaces.c: Don't use SIOCGIFADDR, we don't need it Use - SIOCGIFFLAGS if we have it check ifr_flags against IFF_UP and - IFF_LOOPBACK instead of kludging it - -1998-09-07 11:49 millert - - * configure.in: typo - -1998-09-07 00:01 millert - - * Makefile.in: don't need special build line for sudo.tab.o - -1998-09-06 23:58 millert - - * Makefile.in: don't clean sudo.tab.[ch] - -1998-09-06 23:48 millert - - * sudo.c: Sudo should prompt for a password before telling the user - that a command could not be found. - -1998-09-06 23:47 millert - - * BUGS: for 1.5.6 - -1998-09-06 23:25 millert - - * INSTALL, README: no longer require yacc - -1998-09-06 23:19 millert - - * Makefile.in: typo - -1998-09-06 23:18 millert - - * Makefile.in: y.tab -> sudo.tab include pre-yacc'd parse.yacc - -1998-09-06 23:09 millert - - * parse.lex: include sudo.tab.h, not y.tab.h don't break out of - command args if you get a '=' - -1998-09-06 22:59 millert - - * insults.h: fix version , - -1998-09-06 22:57 millert - - * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: - fix version - -1998-09-06 22:55 millert - - * getcwd.c: getcwd(3) from OpenBSD for those without it. - -1998-09-06 22:51 millert - - * sudo.h: HAVE_GETWD -> HAVE_GETCWD - -1998-09-06 22:49 millert - - * configure.in: pretend sunos doesn't have getcwd(3) since it opens - a pipe to getpwd! - -1998-09-06 22:41 millert - - * parse.c: use NAMLEN() macro - -1998-09-06 22:34 millert - - * fnmatch.c: remove duplicate include of string.h - -1998-09-06 22:28 millert - - * configure.in: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T - -1998-09-06 22:28 millert - - * aclocal.m4: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T - -1998-09-06 22:28 millert - - * config.h.in: add dev_t and ino_t - -1998-07-28 12:44 millert - - * check.c: fix OTP_ONLY for opie - -1998-06-24 12:22 millert - - * testsudoers.c, tgetpass.c: include stdlib.h for malloc proto - -1998-05-19 00:10 millert - - * Makefile.in: make update_version saner - -1998-05-18 23:32 millert - - * config.h.in: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid() - -1998-05-18 23:32 millert - - * configure.in: check for waitpid and wait3 or no waitpid - -1998-05-18 23:31 millert - - * logging.c: used waitpid or wait3 if we have 'em - -1998-05-02 14:16 millert - - * visudo.c: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel - Faigon) - -1998-04-27 20:09 millert - - * configure.in: don't need to explicately mention -lsocket -lnsl - for sequent - -1998-04-25 01:56 millert - - * configure.in: dynix should not link with -linet - -1998-04-10 15:32 millert - - * INSTALL: mention that HP-UX doesn't ship with yacc - -1998-04-06 22:35 millert - - * check.c: ignore kerberos if we can't get the local realm - -1998-04-05 23:37 millert - - * configure.in, BUGS, INSTALL, README: ++version - -1998-04-05 23:36 millert - - * version.h: ++ - -1998-04-05 23:35 millert - - * Makefile.in, emul/utime.h, check.c, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getcwd.c, goodpath.c, interfaces.c, - logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, - sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, - visudo.c: updated version - -1998-04-05 23:34 millert - - * check.c, sudo.h: fix version - -1998-04-05 23:33 millert - - * getcwd.c: don't use popen/pclose. Do it inline. - -1998-04-05 23:25 millert - - * lsearch.c: add rcsid - -1998-04-05 23:21 millert - - * sudo.c: typo - -1998-04-05 23:17 millert - - * sudo.h, pathnames.h.in, compat.h, options.h, ins_2001.h, - insults.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, - check.c: updated version - -1998-04-05 23:15 millert - - * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: MAX* + 1 -> - MAX* - -1998-04-05 23:14 millert - - * Makefile.in: getwd.c -> getcwd.c - -1998-04-05 22:49 millert - - * config.h.in: kill HAVE_GETWD - -1998-04-05 22:49 millert - - * configure.in: getcwd, not getwd - -1998-04-05 22:48 millert - - * getcwd.c: use MAX* not MAX* + 1 always run pwd as using getwd() - defeats the purpose - -1998-03-31 00:15 millert - - * OPTIONS, options.h: add STUB_LOAD_INTERFACES - -1998-03-31 00:05 millert - - * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version - -1998-03-30 23:54 millert - - * configure.in: support *-ccur-sysv4 and fix two typos - -1998-03-27 19:52 millert - - * configure.in: don't echo about with_logfile and with_timedir - -1998-03-27 19:49 millert - - * INSTALL: document --with-logfile and --with-timedir - -1998-03-27 19:46 millert - - * aclocal.m4: support --with-logfile and --with-timedir - -1998-03-27 19:46 millert - - * configure.in: Add --with-logfile and --with-timedir - -1998-03-27 19:27 millert - - * sudo.c: change size computation of NewArgv for UNICOS - -1998-02-18 20:10 millert - - * configure.in: treate -*-sysv4* like *-*-svr4 - -1998-02-18 18:19 millert - - * configure.in: fix spacing for --with-authenticate help - -1998-02-18 16:39 millert - - * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version - -1998-02-18 16:23 millert - - * parse.yacc: fix off by one error in push macro - -1998-02-17 01:15 millert - - * configure.in: removed bogus alloca hack - -1998-02-17 01:15 millert - - * check.c: added AIX 4.x authenticate() support - -1998-02-17 01:11 millert - - * parse.yacc: include alloca.h if using bison and not gcc and it - exists. fixes an alloca problem on hpux 10.x - -1998-02-17 00:39 millert - - * INSTALL: mention --with-authenticate - -1998-02-17 00:37 millert - - * configure.in: added AIX authenticate() support - -1998-02-17 00:22 millert - - * config.h.in: add HAVE_AUTHENTICATE - -1998-02-16 23:58 millert - - * interfaces.c: dynamically size ifconf buffer - -1998-02-16 23:56 millert - - * configure.in: quote '[' and ']' - -1998-02-16 21:42 millert - - * Makefile.in, emul/utime.h, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version - -1998-02-16 19:06 millert - - * visudo.pod: add ERRORS section - -1998-02-16 18:57 millert - - * TROUBLESHOOTING: add busy stmp file explanation - -1998-02-15 18:49 millert - - * configure.in: the name of the cached var that signals whether or - not you are cross compiling changed. It is now - ac_cv_prog_cc_cross - -1998-02-11 16:26 millert - - * INSTALL: mention glibc 2.07 is fixed wrt lsearch()\. - -1998-02-06 21:55 millert - - * sample.sudoers, sudoers.pod: better example of su but not root su - -1998-02-06 15:49 millert - - * Makefile.in, check.c, emul/utime.h, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: - updated version - -1998-02-06 15:48 millert - - * Makefile.in: correct regexp for updating version - -1998-02-06 14:05 millert - - * tgetpass.c: remove bogus flush of stderr spew prompt before - turning off echo. Seems to fix a weird problem where if sudo - complained about a bogus stamp file the user would sometimes not - have a chance to enter a password - -1998-02-06 14:05 millert - - * check.c: fix bogus flush of stderr - -1998-02-05 19:19 millert - - * sudo.c: close fd's <=2 not <=3 and move that chunk of code up - -1998-02-05 19:18 millert - - * configure.in: support hpux1[0-9] not just hpux10 - -1998-01-30 14:59 millert - - * parse.c: set sudoers_fp to nil after closing - -1998-01-24 01:05 millert - - * config.guess, config.sub: updated from autoconf 2.12 - -1998-01-24 00:50 millert - - * configure.in: add *-*-svr4 rule - -1998-01-22 22:53 millert - - * tgetpass.c: fix select usage for high fd's (dynamically allocate - readfds) - -1998-01-22 22:49 millert - - * check.c: kill extra whitespace - -1998-01-22 19:28 millert - - * sudo.c: do an initgroups() before running a command, unless the - target user is root. - -1998-01-22 12:22 millert - - * TROUBLESHOOTING: tell people to use tabs, not spaces, in - syslog.conf - -1998-01-21 01:56 millert - - * parse.lex, Makefile.in, config.h.in, getwd.c, strdup.c, putenv.c, - emul/utime.h, testsudoers.c, utime.c, dce_pwent.c: updated - version - -1998-01-21 01:32 millert - - * goodpath.c, sudo_setenv.c, interfaces.c, tgetpass.c, visudo.c: - updated version - -1998-01-21 01:29 millert - - * sudo.h, pathnames.h.in, options.h, compat.h, insults.h, - ins_2001.h, ins_classic.h, ins_goons.h, ins_csops.h, parse.yacc, - check.c, getspwuid.c, find_path.c, logging.c, parse.c, sudo.c: - updated version - -1998-01-21 01:20 millert - - * Makefile.in: more tweaks to update_version - -1998-01-21 01:19 millert - - * Makefile.in: fixed up update_version rule - -1998-01-21 00:55 millert - - * configure.in: ++version - -1998-01-21 00:53 millert - - * Makefile.in: removed supe of check.c - -1998-01-21 00:51 millert - - * INSTALL: ++version I missed - -1998-01-21 00:51 millert - - * RUNSON: updated - -1998-01-21 00:48 millert - - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, emul/utime.h, BUGS, INSTALL, README: updated version - -1998-01-21 00:47 millert - - * CHANGES: updated for 1.5.5 - -1998-01-21 00:35 millert - - * Makefile.in: add rules to update version stuff in files so I - don't need to do it by hand - -1998-01-21 00:04 millert - - * sudo.h: sudoers_fp is now extern - -1998-01-21 00:03 millert - - * sudo.c: in check_sudoers, cache the sudoers file handle in - sudoers_fp so we don't have to open it again in the parse. This - may help with weird solaris problems where EAGAIN sometime - occurrs. - -1998-01-21 00:02 millert - - * parse.c: sudoers file open is now done only in check_sudoers() so - we just do a rewind() instead of an open. May help people on - solaris who were getting EAGAIN. - -1998-01-16 11:43 millert - - * INSTALL: mention that newer glibc is fixed - -1998-01-13 12:58 millert - - * sudo.c: newer irix uses _RLDN32_* envariables for 32-bit binaries - so ignore _RLD* instead of _RLD_* - -1998-01-13 10:32 millert - - * parse.c: typo - -1998-01-13 10:19 millert - - * parse.c: fix that bug for real - -1998-01-13 02:39 millert - - * INSTALL: document Linux's libc6 brokenness. - -1998-01-13 02:00 millert - - * parse.yacc: -Wall - -1998-01-13 01:22 millert - - * RUNSON: updated - -1998-01-13 00:50 millert - - * TROUBLESHOOTING: remind people to HUP syslogd - -1998-01-13 00:05 millert - - * Makefile.in: add -O flag to tar - -1998-01-13 00:00 millert - - * TODO, RUNSON: updated - -1998-01-12 23:59 millert - - * sudo.pod: remove author's email addr. people should mail - sudo-bugs - -1998-01-12 23:49 millert - - * INSTALL: fix version - -1998-01-12 23:48 millert - - * README, check.c, compat.h, config.h.in, configure.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c: ++version - -1998-01-12 23:44 millert - - * RUNSON: updated - -1998-01-12 23:42 millert - - * INSTALL, Makefile.in: ++version - -1998-01-12 23:41 millert - - * CHANGES: updated fort 1.5.4 - -1998-01-12 23:41 millert - - * check.c: exit(1) if user enters no passwd - -1998-01-12 23:37 millert - - * BUGS: ++version - -1998-01-12 23:10 millert - - * parse.c: commands can start with ./* not just /* -- fixes a - serious security hole. - -1997-12-21 18:17 millert - - * sudo.c: Don't set the tty variable to NULL when we lack a tty, - leave it as "unknown". - -1997-11-23 13:29 millert - - * sample.sudoers: fix usage of (username) in conjunction with , and - ! - -1997-11-23 13:28 millert - - * visudo.c: catch the case where the user is not in the passwd file - -1997-11-23 13:24 millert - - * tgetpass.c: use fileno(input) + 1 instead of getdtablesize() as - the nfds arg to select(2) - -1997-11-23 01:53 millert - - * sudo.c: define tty global to an initial value to avoid dumping - core in logging functions when passwd file is unavailable. - -1997-11-23 01:51 millert - - * sudo.c: do the set_perms(PERM_USER, sudo_mode) after we have - gotten the passwd entry - -1997-11-23 00:21 millert - - * sudo.pod: talk about problem of ALL - -1997-10-10 00:54 millert - - * README: new web location - -1997-10-10 00:54 millert - - * INSTALL: fdesc bug is fixed in Open/Net BSD - -1997-10-10 00:52 millert - - * HISTORY: updates from Nieusma - -1997-10-09 18:37 millert - - * dce_pwent.c: move compat.h after the system includes - -1997-08-06 14:58 millert - - * logging.c: save errno from being clobbered by wait(). From Theo - -1997-05-21 11:57 millert - - * compat.h: fix an occurence of setresuid -> setreuid (typo) - -1997-03-19 17:45 millert - - * install-sh: check for path to strip - -1997-01-15 19:05 millert - - * logging.c: deal with maxfilelen < 0 case - -1997-01-15 19:05 millert - - * OPTIONS: fixed descriptin - -1996-12-11 23:10 millert - - * sudo.c: correct error message if mode/owner wrong and not - statable by owner but is statable by root. - -1996-11-23 02:18 millert - - * config.guess, config.sub: autoconf 2.11 - -1996-11-16 14:42 millert - - * CHANGES, RUNSON, TODO: sudo 1.5.3. - -1996-11-14 15:08 millert - - * sudo.h, parse.yacc: command_alias -> generic_alias - -1996-11-13 22:50 millert - - * sample.sudoers: added Runas_Alias example and fixed syntax errors - -1996-11-13 22:50 millert - - * OPTIONS, options.h: updated MAILSUBJECT - -1996-11-13 22:49 millert - - * logging.c: added %h expansion - -1996-11-13 21:37 millert - - * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, - find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, - ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, - logging.c, options.h, parse.c, parse.lex, parse.yacc, - pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c, INSTALL, README, configure.in: ++version - -1996-11-13 20:01 millert - - * emul/utime.h, BUGS: ++version - -1996-11-13 19:45 millert - - * sudoers.pod: document Runas_Alias - -1996-11-13 19:22 millert - - * visudo.pod: q (uid) -> Q - -1996-11-13 19:21 millert - - * visudo.c: buffer oflow checking q (uit) -> Q if yyparse() fails - drop into whatnow - -1996-11-13 19:05 millert - - * parse.yacc: add size params to sprintf - -1996-11-13 19:04 millert - - * parse.lex: allow trailing space after '\\' but before '\n' - -1996-11-13 19:04 millert - - * find_path.c: off by one error in path size check - -1996-11-13 19:03 millert - - * check.c: sprintf paranoia - -1996-11-12 11:59 millert - - * parse.yacc: fixed more_aliases - -1996-11-12 11:58 millert - - * visudo.c: now warns if killed by signal ./ - -1996-11-11 10:49 millert - - * parse.yacc: fix Runas_Alias stuff Alias's in runas list now get - expanded (but it is gross) - -1996-11-10 20:32 millert - - * sudo.c: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == - 0400 - -1996-11-10 20:08 millert - - * parse.yacc: add Runas_Alias support change FOO to FOO_ALIAS (ie: - USER_ALIAS) - -1996-11-10 20:02 millert - - * parse.lex: Add Runas_Alias and simplify a rule. - -1996-11-10 19:15 millert - - * parse.yacc: always store User_Alias's since they can be used - inside of a runas list. Sigh. Really need a Runas_Alias - instead. - -1996-10-30 18:04 millert - - * visudo.c: deal with case where there is no sudoers file - -1996-10-11 23:01 millert - - * TROUBLESHOOTING: added one - -1996-10-10 22:11 millert - - * HISTORY, testsudoers.c: developement -> development - -1996-10-10 22:08 millert - - * INSTALL: added a note - -1996-10-10 20:36 millert - - * RUNSON: for 1.5.2 - -1996-10-10 20:36 millert - - * CHANGES: updated - -1996-10-10 00:56 millert - - * PORTING: removed seteuid() notes - -1996-10-09 13:37 millert - - * compat.h: better seteuid() emulatino - -1996-10-09 13:36 millert - - * configure.in: added check for seteuid - -1996-10-09 13:36 millert - - * config.h.in: added HAVE_SETEUID - -1996-10-08 19:22 millert - - * configure.in: first stab at sequent support - -1996-10-08 19:21 millert - - * config.h.in: added HAVE_SYS_SELECT_H - -1996-10-08 19:21 millert - - * compat.h: sequent -> _SEQUENT_ - -1996-10-08 19:11 millert - - * compat.h: added seteuid() macro for DYNIX - -1996-10-08 18:54 millert - - * tgetpass.c: _AIX -> HAVE_SYS_SELECT_H - -1996-10-07 01:05 millert - - * emul/utime.h, check.c, compat.h, dce_pwent.c, find_path.c, - getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h, - pathnames.h.in, version.h, BUGS, INSTALL, Makefile.in, OPTIONS, - README, config.h.in, logging.c, parse.c, parse.lex, parse.yacc, - putenv.c, strdup.c, sudo_setenv.c, testsudoers.c, utime.c, - visudo.c, tgetpass.c: ++version - -1996-10-07 00:59 millert - - * sudo.pod: added -H and SUDO_PS1 - -1996-10-07 00:55 millert - - * configure.in: use SUDO_FUNC_FNMATCH - -1996-10-07 00:54 millert - - * aclocal.m4: added SUDO_FUNC_FNMATCH - -1996-10-07 00:53 millert - - * sudo.c: added -H flag - -1996-10-07 00:53 millert - - * sudo.h: added MODE_RESET_HOME / - -1996-10-05 00:00 millert - - * INSTALL: mention OPIE - -1996-10-04 23:59 millert - - * configure.in: added opie support - -1996-10-04 23:59 millert - - * check.c: added HAVE_OPIE and changed to *_OTP_* - -1996-10-04 23:58 millert - - * compat.h, config.h.in: added HAVE_OPIE - -1996-10-04 23:58 millert - - * OPTIONS, options.h: SKEY -> OTP - -1996-10-03 23:27 millert - - * check.c: moved fclose() in skey stuff. - -1996-10-03 19:53 millert - - * putenv.c: index -> strchr remove unnecesary stuff - -1996-10-03 19:43 millert - - * check.c: now call skeychallenge() to get challenge instead of - making one up ourselves. this way, we get extra goodies in the - prompt. - -1996-09-10 00:32 millert - - * CHANGES: added one - -1996-09-10 00:18 millert - - * parse.lex: allow logins to start with a number (YUCK!) - -1996-09-08 15:18 millert - - * TROUBLESHOOTING: added soalris 2.5 vs 2.4 note - -1996-09-08 15:15 millert - - * configure.in: DUNIX doesn't need -lnsl - -1996-09-07 20:22 millert - - * CHANGES: [no log message] - -1996-09-07 20:21 millert - - * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, - getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c: courtesan - -1996-09-07 20:13 millert - - * TROUBLESHOOTING, INSTALL, Makefile.in, PORTING, RUNSON, README: - courtesan - -1996-09-07 20:12 millert - - * visudo.pod: [no log message] - -1996-09-07 20:00 millert - - * sudo.pod, visudo.pod: courtesan - -1996-09-07 19:45 millert - - * HISTORY: added courtesan ./ - -1996-09-06 00:12 millert - - * sudo.c: added $SUDO_PROMPT support - -1996-09-04 17:19 millert - - * check.c: print long skey challemged to stderr, not stdout - -1996-08-31 23:10 millert - - * CHANGES: updated for 1.5.1 - -1996-08-31 23:07 millert - - * emul/utime.h: ++version - -1996-08-31 12:34 millert - - * RUNSON: updated for 1.5.1 - -1996-08-30 10:49 millert - - * check.c: use shost, not host for tgetpass - -1996-08-30 00:21 millert - - * OPTIONS, sudo.pod: documented %u and %h - -1996-08-29 20:40 millert - - * configure.in: fixed typo - -1996-08-29 20:37 millert - - * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, - dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c: ++version - -1996-08-29 20:30 millert - - * BUGS: ++version - -1996-08-29 18:32 millert - - * configure.in, Makefile.in, version.h: ++version - -1996-08-29 17:58 millert - - * sudo.h: new tgetpass() params - -1996-08-29 17:58 millert - - * check.c: pass use and host to tgetpass - -1996-08-29 17:57 millert - - * tgetpass.c: added %u and %h escapes - -1996-08-29 16:56 millert - - * OPTIONS, options.h, check.c: added NO_MESSAGE - -1996-08-29 16:23 millert - - * configure.in: added cray (unicos) support - -1996-08-27 11:36 millert - - * OPTIONS, options.h, sudo.c: added SHELL_SETS_HOME - -1996-08-25 17:56 millert - - * INSTALL: added note about "make install" - -1996-08-25 17:50 millert - - * parse.yacc: changed length/size params from int to size_t - -1996-08-25 13:35 millert - - * OPTIONS: now get CSOPS insults as well by default - -1996-08-25 13:33 millert - - * insults.h: use csops insults too by default - -1996-08-25 13:31 millert - - * INSTALL, Makefile.in, README, config.h.in, configure.in, - version.h: version = 1.5 - -1996-08-25 13:27 millert - - * sudo.c: added runas_homedir - -1996-08-25 13:27 millert - - * TODO: updated for 1.5 - -1996-08-25 13:23 millert - - * RUNSON: updated for 1.5 - -1996-08-25 13:19 millert - - * CHANGES: 1.5 release - -1996-08-25 13:17 millert - - * INSTALL: added "upgrading" notes - -1996-08-22 14:00 millert - - * visudo.c: now do chmod and chown after edit of temp file and - before rename - -1996-08-18 12:52 millert - - * Makefile.in: ++version added INSTALL.configure - -1996-08-18 12:52 millert - - * version.h, configure.in: ++version - -1996-08-18 12:51 millert - - * TROUBLESHOOTING: [no log message] - -1996-08-18 12:50 millert - - * parse.yacc: added missing cast - -1996-08-17 20:37 millert - - * sudo.c: sets $HOME to pw_dir of runas user - -1996-08-17 20:02 millert - - * sudo.pod: document $HOME change - -1996-08-17 19:43 millert - - * sudo.pod: fixed up some wording - -1996-08-17 19:25 millert - - * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, - goodpath.c, interfaces.c, logging.c, parse.c, parse.lex, - parse.yacc, putenv.c, strdup.c, sudo.c, sudo_setenv.c, - testsudoers.c, tgetpass.c, utime.c, visudo.c: ++version - -1996-08-17 19:19 millert - - * emul/utime.h, compat.h, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h: - ++version - -1996-08-17 19:18 millert - - * sudo.h: name nad type changes - -1996-08-17 19:17 millert - - * testsudoers.c: now works with new sudo - -1996-08-17 19:07 millert - - * parse.yacc: fixed some XXX - -1996-08-17 18:52 millert - - * parse.yacc: some variable name changes + comment headers for - functions. - -1996-08-17 18:41 millert - - * tgetpass.c: added extra paren's to make compilers happy - -1996-08-17 18:34 millert - - * sudo.c: [no log message] - -1996-08-17 18:30 millert - - * parse.c: now uses init_parser() if not in sudoers and tries - "list" or "validate" scold but don't be nasty. - -1996-08-17 18:29 millert - - * TROUBLESHOOTING: now can use upper case login names - -1996-08-17 18:29 millert - - * visudo.c: now uses init_parser() - -1996-08-17 18:28 millert - - * PORTING: added info about PASSWORD_TIMEOUT - -1996-08-17 18:28 millert - - * INSTALL, README: updated - -1996-08-17 18:28 millert - - * INSTALL.configure: Initial revision - -1996-08-17 18:27 millert - - * BUGS: fixed a bug , - -1996-08-17 18:27 millert - - * parse.yacc: now dynamically allocates memory for the stacks -- no - more overflows! - -1996-08-17 18:26 millert - - * sudo.pod: -l now explands command aliases - -1996-08-17 13:22 millert - - * parse.yacc: hacks to expand command aliases for `sudo -l' - -1996-08-17 13:22 millert - - * sudo.c: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, - and bash) - -1996-08-17 13:22 millert - - * sudo.h: added struct command_alias - -1996-08-17 13:20 millert - - * sudo.pod: fixed a bug - -1996-08-17 13:15 millert - - * lsearch.c: in compar() key should be first arg - -1996-08-15 15:48 millert - - * BUGS: fixed some bugs - -1996-08-15 15:47 millert - - * parse.yacc: can now deal with upcase HOST and USER names - -1996-08-15 15:47 millert - - * sudo.c: don't yell too loudly at non-sudoers if they do "sudo -l" - -1996-08-15 15:46 millert - - * sudo.pod: fixed thinko - -1996-08-15 15:46 millert - - * parse.c: fix comment - -1996-08-09 18:07 millert - - * parse.c, parse.yacc: added support for new `sudo -l' stuff - -1996-08-09 18:06 millert - - * sudo.c: now uses list_matches() - -1996-08-09 18:06 millert - - * sudo.h: added struct sudo_match - -1996-08-09 17:37 millert - - * configure.in: now more -lgnumalloc - -1996-08-01 13:12 millert - - * install-sh: added more paths for chown and whoami - -1996-07-31 10:41 millert - - * check.c: typo - -1996-07-30 13:45 millert - - * aclocal.m4: fixed DUNIX check for shadow pw - -1996-07-30 13:41 millert - - * tgetpass.c: now only turn off echo if it is already on. this - fixes a race when you use sudo in a pipelin - -1996-07-30 12:53 millert - - * INSTALL: updated - -1996-07-29 22:29 millert - - * configure.in: changed "test -z $foo && do_this" to if; then - construct - -1996-07-28 22:47 millert - - * configure.in: added missing defines of SHADOW_TYPE - -1996-07-26 14:10 millert - - * check.c: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since - they are only in dunix 4.x - -1996-07-26 14:09 millert - - * getspwuid.c: added AUTH_CRYPT_C1CRYPT support - -1996-07-26 13:23 millert - - * parse.c: no longer return VALIDATE_NOT_OK if there was a runas - that didn't match. Now we can have runas stuff on more than one - line. - -1996-07-25 23:45 millert - - * configure.in: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always - defined to something - -1996-07-25 23:45 millert - - * config.h.in: removed HAVE_C2_SECURITY added SPW_BSD - -1996-07-25 23:44 millert - - * compat.h, getspwuid.c, sudo.c, tgetpass.c: use SHADOW_TYPE - instead of HAVE_C2_SECURITY - -1996-07-25 23:44 millert - - * check.c: SHADOW_TYPE is always defined so just against its value - -1996-07-25 23:44 millert - - * aclocal.m4: added SUDO_CHECK_SHADOW_DUNIX - -1996-07-25 18:47 millert - - * sudoers.pod: * -> ?* in one example added another instance of - (runas) and one of NOPASSWD: - -1996-07-24 13:02 millert - - * configure.in: added back check for config.cache from other host - type - -1996-07-24 12:49 millert - - * parse.lex: removed an instance of \" - -1996-07-24 12:49 millert - - * sample.sudoers: added an example - -1996-07-24 12:44 millert - - * sudoers.pod: updated wrt new wildcard matching - -1996-07-24 10:28 millert - - * configure.in: new check for shadow passwords if we don't know - anything - -1996-07-24 10:28 millert - - * aclocal.m4: new SUDO_CHECK_SHADOW_GENERIC - -1996-07-24 02:19 millert - - * configure.in: added back check for -lsocket (oops) - -1996-07-24 02:16 millert - - * configure.in: better (working) check for shadow passwd type if we - know to use C2. - -1996-07-24 01:59 millert - - * configure.in: now uses AC_CANONICAL_HOST to figure out os type - -1996-07-24 01:59 millert - - * Makefile.in: added config.{guess,sub} - -1996-07-24 01:58 millert - - * aclocal.m4: removed unused stuff to figure out os type - -1996-07-23 22:58 millert - - * config.sub: added openbsd - -1996-07-23 22:54 millert - - * config.sub: Initial revision - -1996-07-23 22:40 millert - - * config.guess: Initial revision - -1996-07-23 21:18 millert - - * testsudoers.c: don't call fnmatch() with FNM_PATHNAME flag unless - it can only be a pathname. need to check against sudoers_args - even if user_args is nil - -1996-07-23 21:18 millert - - * parse.c: don't call fnmatch() with FNM_PATHNAME flag unless it - can only be a pathname need to check against sudoers_args even if - user_args is nil - -1996-07-23 18:52 millert - - * check.c: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2 - -1996-07-23 01:18 millert - - * testsudoers.c: now takes command line args and uses cmnd_args - -1996-07-23 01:10 millert - - * parse.lex: fill_args was adding an extra leading space - -1996-07-22 15:50 millert - - * visudo.c: fixed dummy command_matches() - -1996-07-22 15:50 millert - - * parse.yacc: fixed prototype - -1996-07-22 15:31 millert - - * sudo.h: added cmnd_args - -1996-07-22 15:31 millert - - * parse.yacc: now uses flat args string - -1996-07-22 15:30 millert - - * parse.c, parse.lex: now uses flat arg string - -1996-07-22 15:29 millert - - * visudo.c: added cmnd_args def - -1996-07-22 14:30 millert - - * sudo.c: now sets cmnd_args global - -1996-07-22 14:30 millert - - * logging.c: cmnd_args is now exported from sudo.[ch] - -1996-07-21 18:41 millert - - * parse.yacc: can't rely on cmnd_matches as much as I thought -- - added some $$ stuff back in to prevent namespace pollution - problems. - -1996-07-21 18:01 millert - - * parse.yacc: Simplified parse rules wrt runas and NOPASSWD (more - consistent). - -1996-07-20 00:45 millert - - * parse.lex: NOPASSWD may now have blanks before the ':' '(' only - starts a 'runas' if in the initial state to avoid collision with - command args - -1996-07-20 00:23 millert - - * configure.in: added checks for specific shadow passwd schemes - -1996-07-20 00:18 millert - - * aclocal.m4: added routines to check for specific shadow passwd - types - -1996-07-18 18:27 millert - - * configure.in: added support for ncr boxen - -1996-07-18 18:26 millert - - * aclocal.m4: added support for detecting ncr boxen - -1996-07-16 14:57 millert - - * configure.in: added sinix support - -1996-07-13 22:29 millert - - * TROUBLESHOOTING: added info about "config.cache from other other" - error. - -1996-07-13 22:22 millert - - * aclocal.m4: now makes sure you don't have a config.cache file - from another OS - -1996-07-13 21:36 millert - - * configure.in: now sets $LIBS when needed to configure links with - libs when doing tests hpux10 now uses SPW_SECUREWARE for C2 added - check for bigcrypt(3) if SPW_SECUREWARE - -1996-07-13 21:30 millert - - * getspwuid.c: fixed typo - -1996-07-13 21:05 millert - - * tgetpass.c: now include stuff for SPW_SECUREWARE to get - AUTH_MAX_PASSWD_LENGTH - -1996-07-13 21:05 millert - - * getspwuid.c: no more SPW_HPUX10 - -1996-07-13 21:04 millert - - * config.h.in: no more SPW_HPUX10 added HAVE_BIGCRYPT - -1996-07-13 21:04 millert - - * compat.h: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE - -1996-07-13 21:04 millert - - * check.c: SPW_SECUREWARE now uses bigcrypt - -1996-07-13 18:24 millert - - * sample.sudoers: fixed 2 syntax errors - -1996-07-13 18:24 millert - - * sudoers: root may now run ALL as ALL - -1996-07-11 20:59 millert - - * interfaces.c: fixed a typo/thinko that broke BSD's with sa_len - -1996-07-08 16:08 millert - - * check.c, configure.in: updated AFS support - -1996-07-08 16:07 millert - - * TROUBLESHOOTING: added entry about /usr/ucb/cc - -1996-07-08 16:06 millert - - * INSTALL: prep no longer holds gcc binaries - -1996-07-08 15:48 millert - - * INSTALL: updated AFS note - -1996-07-08 15:43 millert - - * Makefile.in: added @AFS_LIBS@ - -1996-07-08 15:33 millert - - * compat.h: AFS allows long passwords - -1996-07-08 14:16 millert - - * testsudoers.c: fixed -u user support - -1996-07-08 14:16 millert - - * parse.c: sudo -v now groks VALIDATE_OK_NOPASS - -1996-07-08 13:30 millert - - * parse.yacc: fixed no_passwd vs. runas_matched - -1996-07-08 10:30 millert - - * TROUBLESHOOTING: took out stuff about NFS-mounting since it is no - longer an issue - -1996-07-08 10:30 millert - - * INSTALL: added --with-libraries > --with-libpath --with-incpath - -1996-07-08 10:21 millert - - * parse.yacc: was setting runas_matches to -1 in wrong place - -1996-07-08 09:58 millert - - * check.c: removed usersec.h which is not present in new AFS - versions - -1996-07-08 09:55 millert - - * tgetpass.c: now deals with timeout <= 0 - -1996-07-08 09:51 millert - - * OPTIONS: updated - -1996-07-08 00:04 millert - - * configure.in: BSD/OS >= 2.0 now uses shlicc instead of just gcc - -1996-07-07 22:30 millert - - * sudo.c: fixed backwards compatibility with sudo 1.4 sudoers mode - for root readable/writable filesystems - -1996-07-07 20:49 millert - - * Makefile.in: now gives INSTALL -c flag - -1996-07-07 20:34 millert - - * parse.yacc: slightly simpler initialization of no_passwd and - runas_matches - -1996-07-07 20:33 millert - - * testsudoers.c: added -u username support - -1996-07-07 20:32 millert - - * configure.in: improved --with-libraries support - -1996-07-07 16:27 millert - - * configure.in: added --with-incpath, --with-libpath, - --with-libraries - -1996-07-07 16:01 millert - - * parse.yacc: now initializes some fields that weren't getting set - to -1 pretty gross -- need a rewrite. - -1996-06-25 23:19 millert - - * alloca.c: removed emacs'isms - -1996-06-25 22:29 millert - - * configure.in: no longer add -lPW to *_LIBS since we include - alloca.c - -1996-06-25 22:29 millert - - * config.h.in: added HAVE_ALLOCA_H - -1996-06-25 22:28 millert - - * Makefile.in: added alloca.c - -1996-06-25 22:18 millert - - * alloca.c: Initial revision - -1996-06-25 21:58 millert - - * configure.in: ++version - -1996-06-25 19:32 millert - - * sudo.c: now set uid to 1 instead of nobody for PERM_SUDOERS since - nobody is not always set to a valid uid. - -1996-06-25 19:31 millert - - * OPTIONS: fixed entry for SUDO_MODE - -1996-06-25 18:02 millert - - * sudo.c: Fixed NFS-mounted sudoers file under solaris both uid - *and* gid were being set to -2. Now beat NFS to the punch and - set uid to "nobody" ourselves, preserving group 0 to read - sudoers. - -1996-06-25 18:02 millert - - * parse.c: moved set_perms(PERM_ROOT) to be before yyparse() - -1996-06-25 18:00 millert - - * logging.c: fixed a typo - -1996-06-25 18:00 millert - - * configure.in: no longer need AC_PROG_INSTALL - -1996-06-25 17:59 millert - - * Makefile.in: always use install-sh to avoid install(1)'s that use - get{pw,gr}nam - -1996-06-25 16:07 millert - - * INSTALL: make clean -> make distclean - -1996-06-20 01:17 millert - - * parse.yacc: removed some unnecsary if's - -1996-06-20 01:16 millert - - * Makefile.in, version.h: ++version - -1996-06-20 01:16 millert - - * parse.c, testsudoers.c: now includes netgroup.h - -1996-06-20 00:45 millert - - * interfaces.c: removed cats of ioctl to int since they didn't shut - up -Wall - -1996-06-20 00:43 millert - - * interfaces.c: explicately cast ioctl() to int since it it not - always declared - -1996-06-20 00:41 millert - - * sudo.h: added declarations for yyparse() and yylex() - -1996-06-20 00:27 millert - - * parse.yacc: fixed an occurence of '==' -> '=' - -1996-06-20 00:22 millert - - * config.h.in, configure.in: added check for netgroup.h - -1996-06-20 00:20 millert - - * sudo.c: fixed 2 compiler warnings - -1996-06-20 00:08 millert - - * sudo.c: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] - weren't being initialized - -1996-06-19 13:53 millert - - * sudo.pod: fixed a typo - -1996-06-17 12:19 millert - - * parse.yacc: fixed a formatting thingie - -1996-06-17 12:16 millert - - * parse.c, parse.yacc: fixed -u support with multiple user lists on - a line - -1996-06-17 10:23 millert - - * configure.in: unixware needs -lgen - -1996-06-17 10:23 millert - - * README: updated ftp location - -1996-06-17 00:08 millert - - * sudoers.pod: add net_addr/netmask support - -1996-06-17 00:07 millert - - * sample.sudoers: added net_addr/mask example - -1996-06-17 00:02 millert - - * parse.lex, parse.c: added support for net_addr/netmask - -1996-06-15 20:13 millert - - * sudoers.pod: ^ -> ! - -1996-06-15 18:12 millert - - * RUNSON: updated for 1.4.3 - -1996-06-15 18:12 millert - - * CHANGES: udpated for 1.4.3 - -1996-06-15 18:11 millert - - * TROUBLESHOOTING, TODO, BUGS: updated - -1996-06-15 18:11 millert - - * sample.sudoers: updated with examples of new stuff - -1996-06-15 18:10 millert - - * INSTALL, README: ++version - -1996-06-15 18:01 millert - - * sudoers.pod: updated wrt -u and NOPASSWD - -1996-06-15 17:58 millert - - * sudo.pod: updated wrt -u and CAVEATS - -1996-06-08 23:15 millert - - * sudo.c: fixed usage() - -1996-06-08 22:57 millert - - * parse.lex: now use :foo: character classes (makes no diff for - generated lexer) - -1996-06-07 14:33 millert - - * check.c: fixed LONG_SKEY_PROMPT stuff - -1996-06-06 15:35 millert - - * visudo.c: fixed a comment - -1996-06-06 15:03 millert - - * lsearch.c: make more like NetBSD one -- now compiles w/o warnings - -1996-06-06 15:02 millert - - * emul/search.h: fixed decls of lsearch() - -1996-06-05 22:20 millert - - * config.h.in, configure.in, getspwuid.c: added SPW_HPUX10 - -1996-06-05 22:20 millert - - * check.c: hpux 10 uses bigcrypt() if C2 - -1996-06-04 19:57 millert - - * parse.c: now always uses fnmatch to match args - -1996-06-04 19:40 millert - - * tgetpass.c: back to using stdio instead of raw i/o since that - caused some problems - -1996-05-28 22:14 millert - - * sudo.c: now give usage warning if use -l,-v,-k with args - -1996-05-28 18:22 millert - - * sudo.c: NewArgc is now set to 1 for -l, -v, -k - -1996-05-28 12:50 millert - - * sudo.c: now sets sudoers to correct group if mode is 0400 - -1996-05-28 12:02 millert - - * install-sh: updated to version used by inn and bind - -1996-05-28 00:08 millert - - * configure.in: now uses -lgnumalloc if it exists - -1996-05-28 00:02 millert - - * Makefile.in: "make install" now sets uid/gid and mode on sudoers - if it exists - -1996-05-28 00:01 millert - - * sudo.c: rmeoved debugging statements - -1996-05-28 00:00 millert - - * parse.yacc: added a missing free() - -1996-05-27 23:58 millert - - * sudo.c: now uses user_gid instead of getegid (which was wrong - anyway) to set SUDO_GID Now sets command line args in - SUDO_COMMAND envariabled (logging.c depends on args being in the - environment) - -1996-05-27 23:57 millert - - * logging.c: now uses SUDO_COMMAND envariable to get command args - rather than building it up again. - -1996-05-27 22:42 millert - - * parse.c: now uses user_gid - -1996-05-27 20:02 millert - - * sudo.c: fixed off by one error in allocation NewArgv - -1996-05-27 20:01 millert - - * parse.c: in sudoers, 'command ""' now means command with no args - -1996-05-27 20:01 millert - - * configure.in: added check for fnmatch(3) and fnmatch.h - -1996-05-27 20:01 millert - - * config.h.in: added HAVE_FNMATCH - -1996-05-27 20:00 millert - - * Makefile.in: replaced wildcat.* with fnmatch.* - -1996-05-27 20:00 millert - - * testsudoers.c: now uses fnmatch() - -1996-05-27 19:38 millert - - * parse.c: now uses fnmatch() instead of wildmat a trailing star - (*) by itself now matches multiple args added support for - wildcards in the pathname in sudoers - -1996-05-25 19:23 millert - - * fnmatch.c: now includes compat.h and config.h - -1996-05-25 18:09 millert - - * config.h.in: added HAVE_FNMATCH_H - -1996-05-25 18:07 millert - - * configure.in: now checks for alloca() (if needed by bison or dce) - and links with -lPW if it contains alloca() and libv and compiler - do not. - -1996-05-25 18:03 millert - - * fnmatch.3, fnmatch.c, emul/fnmatch.h: Initial revision - -1996-04-28 22:38 millert - - * sudo.c: now fixes mode on sudoers if set to 0400 to aid in - upgrade - -1996-04-28 17:44 millert - - * Makefile.in: fixed pod2man usage - -1996-04-28 17:40 millert - - * configure.in, Makefile.in, version.h: ++version - -1996-04-28 17:20 millert - - * testsudoers.c, visudo.c: runas_user is now initialized to "root" - -1996-04-28 17:20 millert - - * sudo.h: removed PERM_FULL_ROOT - -1996-04-28 17:18 millert - - * sudo.c: runas_user defaults to "root" so no more need to - PERM_RUNAS - -1996-04-28 17:16 millert - - * parse.c: will now only running commands as root if there was no - runas list (or if root is in the runas list) - -1996-04-28 17:15 millert - - * logging.c: now logs "USER=%s" - -1996-04-28 17:12 millert - - * parse.yacc: runas_matches is now set to false if we get a - negative match - -1996-04-28 15:01 millert - - * parse.lex: make #uid work + some minor cleanup - -1996-04-27 21:04 millert - - * sample.sudoers: added support for NOPASSWD and "runas" from - garp@opustel.com / - -1996-04-27 21:03 millert - - * visudo.c: added support for "runas" from garp@opustel.com - replaced SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added - support for SUDOERS_MODE - -1996-04-27 21:03 millert - - * testsudoers.c: added support for "runas" from garp@opustel.com - -1996-04-27 21:02 millert - - * sudo.h: added support for NO_PASSWD and runas from - garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and - SUDOERS_GID and added support fro SUDOERS_MODE - -1996-04-27 21:00 millert - - * sudo.c: added support for NO_PASSWD and runas from - garp@opustel.com replaced SUDOERS_OWNER with SUDOERS_UID and - SUDOERS_GID and added support fro SUDOERS_MODE - -1996-04-27 21:00 millert - - * parse.yacc: added support for NO_PASSWD and runas from - garp@opustel.com - -1996-04-27 20:58 millert - - * parse.c, parse.lex: added support for NO_PASSWD and runas from - garp@opustel.com - -1996-04-27 20:56 millert - - * logging.c: added support for SUDOERS_WRONG_MODE and "runas" - -1996-04-27 20:40 millert - - * configure.in: added --with-CC only link with -lshadow on linux - (with shadow pw) if libc lacks getspnam() - -1996-04-27 20:39 millert - - * OPTIONS, options.h: removed NO_PASSWD since it is not possible to - do this in the sudoers file itself. Replaced SUDOERS_OWNER with - SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE. - -1996-04-27 20:26 millert - - * Makefile.in: now uses SUDOERS_UID and SUDOERS_GID - -1996-04-27 11:20 millert - - * INSTALL: added --with-CC - -1996-04-06 16:31 millert - - * parse.lex: added double quote support - -1996-04-06 16:29 millert - - * sudoers.pod: documented double quoting - -1996-04-05 16:53 millert - - * mkinstalldirs: Initial revision - -1996-04-05 16:53 millert - - * check.c: fixed some indentation - -1996-04-05 16:48 millert - - * Makefile.in: fixed a typo - -1996-04-04 19:39 millert - - * Makefile.in: added install-dirs . - -1996-04-04 14:16 millert - - * dce_pwent.c: new version from "Jeff A. Earickson" - - -1996-04-03 13:40 millert - - * configure.in: $CSOPS -> $with_csops (whoops, missed one) - -1996-04-03 13:40 millert - - * BUGS: updated - -1996-04-03 13:36 millert - - * parse.lex: FQHOST now has same constraints as non-FQHOST - -1996-04-02 19:00 millert - - * INSTALL: added note about OS's w/ shadow passwords turned on by - default - -1996-04-02 18:58 millert - - * configure.in: fixed a typo - -1996-04-02 18:48 millert - - * configure.in: added support for --without-THING sanitized shadow - pw situtation by adding support for --without-C2 - -1996-04-02 16:42 millert - - * tgetpass.c: fixed a typo wrt placement of an end paren - -1996-04-02 14:57 millert - - * check.c: was closing an fd that may not have been opened - -1996-03-21 19:55 millert - - * sudo.c, OPTIONS, options.h: added NO_PASSWD - -1996-03-19 19:40 millert - - * configure.in: now always use shadow pw on some arches - -1996-03-19 17:07 millert - - * configure.in: added pyramid support - -1996-03-19 17:04 millert - - * configure.in: no longer check for C2 if alternate passwd method - is used no longer check for some libs twice - -1996-03-19 17:00 millert - - * parse.yacc: moved fqdn stuff into parse.lex (FQHOST) - -1996-03-19 17:00 millert - - * parse.lex: added FQHOST rules - -1996-03-18 20:57 millert - - * tgetpass.c: now define TCSASOFT in necesary - -1996-03-18 20:31 millert - - * tgetpass.c: now uses read/write instead of stdio string goop to - avoid problems with select(2) - -1996-03-18 19:37 millert - - * OPTIONS, find_path.c, options.h: -DNO_DOT_PATH -> - -DIGNORE_DOT_PATH - -1996-03-17 16:18 millert - - * INSTALL: added note about no shadow auto-detect if using - alternate auth schemes - -1996-03-17 15:33 millert - - * configure.in: don't check for C2 if AFS or DCE (unless they said - --with-C2) - -1996-03-17 15:08 millert - - * testsudoers.c: now groks shost - -1996-03-17 15:01 millert - - * options.h, OPTIONS, find_path.c: added NO_DOT_PATH - -1996-03-16 14:43 millert - - * find_path.c: checkdot now works correctly - -1996-03-12 18:01 millert - - * configure.in: can't have DCE and C2 passwords both... - -1996-03-11 14:05 millert - - * parse.yacc, sudo.c, sudo.h, visudo.c: now uses shost even if not - FQDN - -1996-03-11 14:04 millert - - * configure.in: now looks for skey in /usr/lib and doesn't require - libskey to be in /usr/local/lib just because skey.h is (for my - netbsd box :-) - -1996-03-11 02:00 millert - - * aclocal.m4, config.h.in, pathnames.h.in: _SUDO_PATH_ -> - _CONFIG_PATH_ - -1996-03-10 21:01 millert - - * aclocal.m4, sudo.pod: /var/run/.odus -> /var/run/sudo - -1996-03-10 20:59 millert - - * pathnames.h.in: now uses _SUDO_PATH_TIMEDIR - -1996-03-10 20:59 millert - - * OPTIONS: udpated FQDN - -1996-03-10 20:58 millert - - * config.h.in: added _SUDO_PATH_TIMEDIR - -1996-03-10 20:58 millert - - * aclocal.m4, configure.in: added SUDO_TIMEDIR - -1996-03-10 20:58 millert - - * sudo.pod: updated wrt /var/run/sudo - -1996-03-10 20:16 millert - - * sudo.c, sudo.h: added support for shost if FQDN - -1996-03-10 20:14 millert - - * parse.yacc, visudo.c: now uses shost if FQDN - -1996-03-10 20:12 millert - - * check.c: Now use skeylookup() instead off skeychallenge() - -1996-02-27 20:41 millert - - * logging.c: mail_argv should not contain ALERTMAIL as it includes - "-t" - -1996-02-22 17:06 millert - - * INSTALL, Makefile.in, README, version.h, configure.in: ++version - -1996-02-22 16:27 millert - - * compat.h: added more _PASSWD_LEN stuff -- now uses PASS_MAX too - -1996-02-22 16:27 millert - - * tgetpass.c: now includes limits.h moved _PASSWD_LEN -> compat.h - -1996-02-05 19:20 millert - - * README, INSTALL: ++version - -1996-02-05 19:20 millert - - * Makefile.in: ++versoin - -1996-02-05 19:16 millert - - * Makefile.in: fixed a typo - -1996-02-05 19:16 millert - - * configure.in: ++version - -1996-02-05 18:53 millert - - * RUNSON: updated - -1996-02-05 18:47 millert - - * CHANGES: done for 1.4.1 (I hope) - -1996-02-05 18:45 millert - - * sudoers.pod: added info on wildcards - -1996-02-05 18:39 millert - - * sample.sudoers: added wildcard example - -1996-02-05 17:03 millert - - * Makefile.in: now uses *.pod to build *.man and *.cat & *.html - -1996-02-05 17:03 millert - - * configure.in: addedSUDO_PROG_BSHELL !ll - -1996-02-05 16:10 millert - - * visudo.pod: fixed up some formatting - -1996-02-05 16:10 millert - - * sudoers.pod: redid section describing sample sudoers stuff - -1996-02-05 16:10 millert - - * sudo.pod: fixed some formatting - -1996-02-04 22:50 millert - - * getspwuid.c: now treats "" as bourne shell - -1996-02-04 22:49 millert - - * Makefile.in: TESTOBJS nwo includes wildmat.o - -1996-02-04 22:48 millert - - * testsudoers.c: now works with NewArg[cv] - -1996-02-04 21:59 millert - - * sudo.c: removed an XXX (fixed it in getspwuid.c) - -1996-02-04 21:58 millert - - * aclocal.m4: added check for bourne shell - -1996-02-04 21:58 millert - - * pathnames.h.in: added _PATH_BSHELL - -1996-02-04 21:58 millert - - * config.h.in: added _SUDO_PATH_BSHELL - -1996-02-04 16:36 millert - - * visudo.c: unixware vi returns 256 instead of 0 - -1996-02-04 16:24 millert - - * INSTALL: added Linux note - -1996-02-04 16:13 millert - - * logging.c: fixed up some XXX's. file log format now looks a - little more like real syslog(3) format. - -1996-02-04 16:13 millert - - * README, TROUBLESHOOTING: updated wrt lex/flex - -1996-02-04 16:11 millert - - * Makefile.in: commented out rule to build lex.yy.c from parse.lex - since we ship with a pre-flex'd parser - -1996-02-04 16:09 millert - - * parse.c, parse.yacc, visudo.c: path_matches -> command_matches - -1996-02-04 02:28 millert - - * logging.c: eliminated some strcat()'s - -1996-02-04 02:10 millert - - * configure.in: no longer checks for lex/flex (now assumes flex) - -1996-02-04 02:08 millert - - * configure.in: now checks for $kerb_dir_candidate/krb.h instead of - just kerb_dir_candidate - -1996-02-02 20:48 millert - - * parse.yacc: now use a 'hook' expression instead of an iffy one - :-) - -1996-02-02 01:14 millert - - * visudo.c: now works with new sudo arg stuff - -1996-02-02 01:14 millert - - * parse.yacc: fixed dereferencing deadbeef - -1996-02-01 23:53 millert - - * sudo.c: changed an occurrence of Argv to NewArgv - -1996-02-01 23:53 millert - - * parse.lex: took out support for quoted commands since there is no - need... - -1996-02-01 23:52 millert - - * parse.c: fixed a typo in a for() loop - -1996-02-01 23:52 millert - - * logging.c: protected against dereferencing rogue pointers - -1996-02-01 22:34 millert - - * sudo.c: now uses NewArgv amd NewArgc so cmnd_aegs is no longer - needed this also allows us to eliminate some kludges in - parse_args() and eliminate superfluous code. - -1996-02-01 22:34 millert - - * logging.c: no longer uses cmnd_args, now uses NewArgv instead. - -1996-02-01 22:32 millert - - * sudo.h: added struct sudo_command, NewArgc, and NewArgv removed - cmnd_args (no longer used) - -1996-02-01 22:31 millert - - * Makefile.in: added wildmat.c to SRCS & SUDOBJS - -1996-02-01 22:30 millert - - * parse.yacc: COMMAND is now a struct containing the path and args - -1996-02-01 22:30 millert - - * parse.lex: replaced append() with fill_cmnd() and fill_args. - command args from a sudoers entry are now stored in an arrary for - easy matching. - -1996-02-01 22:28 millert - - * parse.c: command line args from sudoers file are now in an array - like ones passed in from the command line - -1996-01-31 20:59 millert - - * parse.c: wildwat stuff now works - -1996-01-29 00:44 millert - - * version.h: ++version - -1996-01-29 00:44 millert - - * Makefile.in: ++version added wildmat.* - -1996-01-28 17:55 millert - - * parse.lex: added support for quoted commands (w/ or w/o args) - -1996-01-22 01:55 millert - - * sudo.pod, visudo.pod: cleaned up formatting - -1996-01-21 20:53 millert - - * sudo.pod, visudo.pod: Initial revision - -1996-01-21 02:07 millert - - * sudoers.pod: looks reasonable, could be mroe readable - -1996-01-20 23:47 millert - - * sudoers.pod: Initial revision - -1996-01-16 14:38 millert - - * RUNSON: updated - -1996-01-16 14:37 millert - - * OPTIONS: updated NO_ROOT_SUDO entry - -1996-01-15 11:37 millert - - * RUNSON: [no log message] - -1996-01-15 11:34 millert - - * sudo.c: fixed SECURE_PATH - -1996-01-14 20:55 millert - - * RUNSON: udpa`ted for 1.4 - -1996-01-14 20:52 millert - - * configure.in: AIX aixcrypt.exp now uses $(srcdir) - -1996-01-14 20:32 millert - - * TROUBLESHOOTING: added entry for anal ansi compilers - -1996-01-14 16:13 millert - - * INSTALL: added info on libcrypt_i for SCO - -1996-01-14 16:05 millert - - * TODO: [no log message] - -1996-01-14 15:39 millert - - * sample.sudoers: added comments - -1996-01-14 15:25 millert - - * TODO: 1.4 release - -1996-01-14 15:22 millert - - * README, config.h.in, configure.in, CHANGES: ++version - -1996-01-14 15:21 millert - - * BUGS: ++version and fixed ISC - -1996-01-14 15:19 millert - - * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, - getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, options.h, pathnames.h.in, sudo.h, - logging.c, putenv.c, strdup.c, sudo.c, sudo_setenv.c, - testsudoers.c, tgetpass.c, utime.c, visudo.c, INSTALL, OPTIONS: - ++version - -1996-01-14 15:16 millert - - * interfaces.c: added STUB_LOAD_INTERFACES ++version - -1996-01-14 15:14 millert - - * Makefile.in, version.h, parse.c, parse.lex, parse.yacc, - emul/utime.h: ++version - -1996-01-14 15:13 millert - - * PORTING: added info about fd_set in tgetpass added info on - interfaces.c - -1996-01-11 13:22 millert - - * dce_pwent.c: added sudo header - -1996-01-11 13:04 millert - - * tgetpass.c: fixed a typo - -1996-01-11 13:01 millert - - * Makefile.in: tgetpass.o is now only linked in with sudo (not - visudo) - -1996-01-09 12:56 millert - - * BUGS, INSTALL, OPTIONS, README, Makefile.in, config.h.in, - configure.in: ++version - -1996-01-09 12:54 millert - - * emul/utime.h: added copyright notice - -1996-01-09 12:52 millert - - * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, - ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, - interfaces.c, logging.c, options.h, parse.c, parse.lex, - parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, - sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, - visudo.c: ++version - -1996-01-09 12:46 millert - - * tgetpass.c: minor cleanup and now includes sys/bsdtypes for - svr4'ish boxen - -1996-01-09 12:42 millert - - * configure.in: ISC now gets -lcrypt now check for sys/bsdtypes.h - -1996-01-09 12:41 millert - - * config.h.in: added check for sys/bsdtypes.h - -1996-01-07 16:00 millert - - * parse.yacc: removed debugging stuff (setting freed ptr to NULL) - -1996-01-07 15:55 millert - - * TROUBLESHOOTING: added 2 entries - -1996-01-07 15:55 millert - - * Makefile.in: added FAQ - -1996-01-07 14:26 millert - - * TROUBLESHOOTING: added section on syslog - -1996-01-07 14:25 millert - - * configure.in: added AC_ISC_POSIX for better ISC support - -1996-01-07 14:25 millert - - * config.h.in: fixed typo - -1996-01-07 14:25 millert - - * config.h.in: added define for _POSIX_SOURCE - -1996-01-04 00:41 millert - - * configure.in: fixed check for lsearch() - -1995-12-21 21:53 millert - - * interfaces.c: fixed for AIX now deal if num_interfaces == 0 - (should not happen) - -1995-12-20 17:02 millert - - * configure.in: now only define HAVE_LSEARCH if there is a - corresponding search.h - -1995-12-20 15:52 millert - - * interfaces.c: works on ISC again - -1995-12-18 17:36 millert - - * configure.in: now define HAVE_LSEARCH if we find lsearch() in - libcompat - -1995-12-18 17:32 millert - - * lsearch.c: char * -> const char * - -1995-12-18 17:29 millert - - * configure.in: now looks in -lcompat for lsearch() - -1995-12-18 17:23 millert - - * Makefile.in: remove sudo.core visudo.core for clan target - -1995-12-17 22:53 millert - - * aclocal.m4: added UID_MAX support in check for MAX_UID_T_LEN - -1995-12-17 22:36 millert - - * Makefile.in: fixed another occurence of sudo_getpwuid.* - -1995-12-17 22:30 millert - - * getspwuid.c, Makefile.in: sudo_getpwuid.c -> getspwuid.c - -1995-12-17 22:22 millert - - * configure.in: moved the "echo" - -1995-12-17 22:09 millert - - * CHANGES, BUGS, INSTALL, Makefile.in, OPTIONS, README, check.c, - compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, - getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, - ins_goons.h, insults.h, interfaces.c, logging.c, options.h, - parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, - strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c: ++version - -1995-12-17 22:04 millert - - * testsudoers.c: added group support - -1995-12-17 22:00 millert - - * sample.sudoers: added group entry - -1995-12-17 21:59 millert - - * sudoers.man: documented group support - -1995-12-17 21:50 millert - - * parse.c, parse.lex, visudo.c, parse.yacc: added group support - -1995-12-15 17:45 millert - - * check.c: tkfile was too short and overflowed the kerberos realm - -1995-12-11 17:09 millert - - * sudo.c: now copy command args directly from Argv - -1995-12-11 15:55 millert - - * sudo.c: replaced code to copy cmnd_args so that is does not use - realloc since most realloc()'s really stink - -1995-12-08 14:11 millert - - * configure.in: syslog() fixed in hpux 10.01 - -1995-12-06 17:45 millert - - * configure.in: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS - if appropriate) - -1995-12-06 17:30 millert - - * configure.in: better error if cannot find skey incs or libs - -1995-12-06 17:26 millert - - * aclocal.m4: now use a temp file for determining max len of uid_t - in string form. the old hacky way broke on netbsd - -1995-12-05 19:02 millert - - * sudo.c: added set of parens and a space - -1995-12-05 18:58 millert - - * dce_pwent.c: fixes from Jeff Earickson , - -1995-12-05 18:58 millert - - * check.c: modified a comment - -1995-12-05 18:57 millert - - * Makefile.in: fixed up testsudoers target - -1995-12-05 18:56 millert - - * configure.in: DCE changes from Jeff Earickson - LIBS -> SUDO_LIBS and VISUDO_LIBS LDFLAGS -> - SUDO_FDFLAGS and VISUDO_LDFLAGS - -1995-12-05 18:17 millert - - * Makefile.in: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> - SUDO_LDFLAGS, VISUDO_LDFLAGS - -1995-11-27 23:32 millert - - * configure.in: fix for C2 on hpux 10 now uses -linet if it exists - -1995-11-27 23:17 millert - - * check.c: LONG_SKEY_PROMPT is less of a klusge / - -1995-11-27 23:17 millert - - * configure.in: fixed typos w/ dce stuff - -1995-11-27 23:14 millert - - * Makefile.in: added dce_pwent.c - -1995-11-26 13:48 millert - - * INSTALL: amended section on combining authentication mechanisms - -1995-11-26 13:48 millert - - * PORTING: minor updates for 1.3.6 - -1995-11-26 13:47 millert - - * TROUBLESHOOTING: added 2 more entries - -1995-11-26 13:39 millert - - * BUGS: updated for 1.3.6 - -1995-11-26 13:39 millert - - * README: overhauled - -1995-11-25 21:23 millert - - * INSTALL: rewrote for sudo 1.3.6 - -1995-11-25 21:23 millert - - * TROUBLESHOOTING: added 3 entries - -1995-11-25 13:53 millert - - * find_path.c, getspwuid.c, sudo.c: added explict casts for strdup - since many includes don't prototype it. gag me. - -1995-11-25 13:23 millert - - * sudo.h: removed prototype for sudo_getpwuid() since convex C - compiler choked on it. - -1995-11-25 13:23 millert - - * sudo.c: added prototype for sudo_getpwuid() - -1995-11-25 13:23 millert - - * lsearch.c: now compiles on strict ANSI compilers - -1995-11-24 23:56 millert - - * check.c: added LONG_SKEY_PROMPT support - -1995-11-24 23:55 millert - - * Makefile.in: added extra $'s for make to eat up, yum. - -1995-11-24 23:38 millert - - * OPTIONS, options.h: added LONG_SKEY_PROMPT - -1995-11-24 18:48 millert - - * check.c: s/key support now works with normal s/key as well as - logdaemon - -1995-11-24 18:46 millert - - * options.h, OPTIONS: added SKEY_ONLY - -1995-11-24 18:46 millert - - * compat.h: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY - -1995-11-24 00:42 millert - - * INSTALL: added DCE note added more AIX notes - -1995-11-24 00:39 millert - - * sudo.c: now include pthread.h for DCE support - -1995-11-23 22:22 millert - - * check.c: dce_pwent() is ok after all ., - -1995-11-23 22:21 millert - - * logging.c: now uses SYSLOG() macro that equates to either - syslog() or syslog_wrapper - -1995-11-23 21:44 millert - - * dce_pwent.c: minor formatting changes. renamed check() to - somthing less generic - -1995-11-23 21:27 millert - - * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c, - visudo.c: now uses user_pw_ent and simple macros to get at the - contents - -1995-11-22 20:35 millert - - * check.c: simpler dec unix C2 support - -1995-11-22 20:35 millert - - * getspwuid.c: now sets crypt_type for DEC unix C2 - -1995-11-21 18:00 millert - - * configure.in: added csops paths for skey - -1995-11-21 16:27 millert - - * getspwuid.c: now includes string.h for strdup() prototype - -1995-11-21 01:47 millert - - * getspwuid.c: fixed a few typos - -1995-11-20 22:59 millert - - * check.c: now includes skey.h - -1995-11-20 22:10 millert - - * getspwuid.c: fixed up comments - -1995-11-20 22:04 millert - - * check.c: moved a lot of the shadow passwd crap to sudo_getpwuid() - -1995-11-20 22:01 millert - - * sudo.c: now uses sudo_pw_ent - -1995-11-20 21:50 millert - - * testsudoers.c: now uses sudo_pw_ent - -1995-11-20 21:40 millert - - * visudo.c: now sets sudo_pw_ent - -1995-11-20 21:28 millert - - * getspwuid.c: Initial revision - -1995-11-20 21:28 millert - - * tgetpass.c: moved dce stuff into compat.h - -1995-11-20 21:27 millert - - * sudo.h, logging.c: now uses sudo_pw_ent - -1995-11-20 21:27 millert - - * Makefile.in: added sudo_getpwuid.c - -1995-11-20 21:25 millert - - * compat.h: added dce support - -1995-11-20 21:13 millert - - * parse.yacc: now uses sudo_pw_ent - -1995-11-20 14:40 millert - - * check.c: fixed exempt_group stuff for OS's that don't put base - gid in group vector - -1995-11-20 01:39 millert - - * check.c: S/Key support now works with sunos4 shadow passwords - -1995-11-19 22:31 millert - - * Makefile.in: fixed clean rule - -1995-11-19 22:31 millert - - * config.h.in, configure.in: added DCE support - -1995-11-19 22:30 millert - - * tgetpass.c: DCE & KERB support - -1995-11-19 22:30 millert - - * check.c: first stab at dce support - -1995-11-19 22:24 millert - - * dce_pwent.c: now smells like sudo - -1995-11-19 22:11 millert - - * dce_pwent.c: Initial revision - -1995-11-19 21:36 millert - - * check.c: skey'd sudo now works w/ normal password as well - -1995-11-19 18:37 millert - - * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, - find_path.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, - ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, - options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, - putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, - tgetpass.c, utime.c, version.h, visudo.c: updated version number - -1995-11-19 18:32 millert - - * README: updated to reflect version change - -1995-11-19 18:27 millert - - * configure.in: --with options now line up ++version - -1995-11-19 18:26 millert - - * sudo.h: removed unecesary S/Key stuff - -1995-11-19 18:25 millert - - * configure.in: fixed S/Key support - -1995-11-19 18:24 millert - - * Makefile.in: -I stuff now goes in CPPFLAGS - -1995-11-19 18:23 millert - - * check.c: fixed SKey support - -1995-11-19 15:23 millert - - * README: updated version - -1995-11-19 13:59 millert - - * OPTIONS: fixed description of EXEMPTGROUP - -1995-11-19 10:47 millert - - * sudo.c: more people use _RLD_ than just alphas... - -1995-11-18 21:35 millert - - * Makefile.in: replaced $man_prefix with $mandir - -1995-11-18 21:30 millert - - * configure.in: fixed a typo - -1995-11-18 21:28 millert - - * Makefile.in: now use more GNU'ish dir names - -1995-11-18 21:27 millert - - * configure.in: now set *dir correctly (can override from command - line) - -1995-11-18 19:17 millert - - * sudo.c: now deal with situations where we getwd() fails - -1995-11-17 00:37 millert - - * Makefile.in: added etc_dir, bin_dir, sbin_dir - -1995-11-17 00:37 millert - - * configure.in: added sbin_dir - -1995-11-16 21:28 millert - - * Makefile.in: now ship a flex-generated lex.yy.c - -1995-11-16 21:09 millert - - * Makefile.in: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, - SUDOERS_OWNER - -1995-11-16 21:06 millert - - * pathnames.h.in: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now - overridden via Makefile - -1995-11-16 21:05 millert - - * options.h: no more error for redefining SUDOERS_OWNER - -1995-11-16 21:05 millert - - * OPTIONS: expanded SUDOERS_OWNER section - -1995-11-16 03:05 millert - - * visudo.c: now warn if chown(2) failed - -1995-11-16 02:55 millert - - * logging.c: better default warning for NO_SUDOERS_FILE - -1995-11-16 02:54 millert - - * sudo.c: added missing set_perms() no more cryptic message if the - sudoers file is zero length, now just give a parse error - -1995-11-16 02:42 millert - - * logging.c: better diagnostics if NO_SUDOERS_FILE - -1995-11-16 02:41 millert - - * sudo.c: check_sudoers() now catches sudoers files that are not - readable (but are stat'able). - -1995-11-13 01:12 millert - - * configure.in: now add -D__STDC__ for convex cc (not gcc) - -1995-11-13 00:52 millert - - * configure.in: MAN_PREFIX -> man_prefix now sets prefix and - exec_prefix - -1995-11-13 00:52 millert - - * Makefile.in: now uses exec_prefix & prefix from configure - -1995-11-13 00:16 millert - - * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, - parse.c, parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, - tgetpass.c, utime.c, visudo.c: options.h is now <> instead of "" - so shadow build trees can have a custom copy of options.h - -1995-11-13 00:15 millert - - * check.c: user_is_exempt() is no longer a hack, it now uses - getgrnam() - -1995-11-12 23:56 millert - - * options.h: EXEMPTGROUP is now "sudo" - -1995-11-12 22:25 millert - - * configure.in: MAN_POSTINSTALL now contains a leading space - -1995-11-12 22:25 millert - - * Makefile.in: removed leading tab if @MAN_POSTINSTALL@ not defined - now removes testsudoers in clean: - -1995-11-12 22:24 millert - - * tgetpass.c: includes pwd.h to get _PASSWD_LEN definition - -1995-10-30 15:51 millert - - * sudo.c: unset the KRB_CONF envariable if using kerberos so we - don't get spoofed into using a bogus server - -1995-09-29 17:50 millert - - * parse.yacc: now explicately initialize match[] tp be FALSE - -1995-09-23 16:48 millert - - * sudo.c: removed unused variable now passes -Wall - -1995-09-23 16:48 millert - - * parse.yacc: yyerror and dumpaliases are now void's now passes - -Wall - -1995-09-23 16:48 millert - - * parse.lex: added prototype for yyerror - -1995-09-23 16:47 millert - - * interfaces.c: rmeoved unused cruft now passes -Wall - -1995-09-23 16:47 millert - - * check.c, logging.c, parse.c: now passes -Wall - -1995-09-23 16:46 millert - - * Makefile.in: fixed headers that moved to emul dir - -1995-09-23 12:05 millert - - * logging.c: fixed deref of nil pointer if no args - -1995-09-15 19:18 millert - - * OPTIONS: added a caveat to FQDN section - -1995-09-13 19:48 millert - - * Makefile.in: more $srcdir support for install targets - -1995-09-13 17:17 millert - - * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, - putenv.c, strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, - visudo.c: don't include malloc.h if we include stdlib.h - -1995-09-12 21:44 millert - - * parse.yacc: local search.h now lives in emul - -1995-09-12 21:41 millert - - * lsearch.c: local search.h now lives in emul - -1995-09-12 21:41 millert - - * check.c, utime.c: local utime.h now lives in emul dir - -1995-09-12 21:38 millert - - * Makefile.in: added support for building in other than the - sourcedir - -1995-09-10 14:01 millert - - * OPTIONS: annotated CSOPS_INSULTS option - -1995-09-10 13:56 millert - - * TROUBLESHOOTING: updated shadow passwords blurb - -1995-09-09 21:00 millert - - * sudo.c: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a - shell and passes along foo as the arguments - -1995-09-09 18:52 millert - - * parse.lex: collapsed pathname and dir sections into one -- its - now less expensive - -1995-09-09 18:34 millert - - * parse.lex: fixed spacing quoting [,:\\=] now works correctly - append() and fill() now take args to make the above work - -1995-09-08 20:51 millert - - * sudo.c: fixed a typo that caused commands with no tty on fd 0 but - a tty on fd 1 to erroneously have "none" as their tty - -1995-09-04 15:35 millert - - * check.c: timestampfile is now a global static removed decl of - timestampfile in remove_timestamp since we can just use the - global one - -1995-09-04 15:28 millert - - * check.c: created touch() to update timestamps added - USE_TTY_TICKETS support (bit of a kludge) - -1995-09-04 15:28 millert - - * compat.h: added _S_IFDIR and S_ISDIR - -1995-09-04 15:22 millert - - * OPTIONS, options.h: added USE_TTY_TICKETS - -1995-09-04 00:38 millert - - * parse.yacc: removed const from casts for lsearch() & lfind() to - placate irix 4.x C compiler - -1995-09-03 14:12 millert - - * sudo.c: now only strip '/dev/' off of a tty if it starts with - '/dev/' - -1995-09-03 14:12 millert - - * pathnames.h.in: added _PATH_DEV - -1995-09-03 14:11 millert - - * configure.in: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for - tcgetattr only if have termios.h - -1995-09-03 14:09 millert - - * tgetpass.c: fixed incorrect #ifdef termio uses "unsigned short" - not int for c_?flag - -1995-09-03 13:19 millert - - * parse.lex, parse.yacc: fixed a spelling error - -1995-09-03 13:17 millert - - * Makefile.in: fixed typo - -1995-09-02 12:55 millert - - * Makefile.in: fixed a comment - -1995-09-02 12:54 millert - - * parse.yacc: added dotcat() to cat 2 strings w/ a dot effeciently - now that we dynamically allocate strings they need to be free()'d - -1995-09-02 12:46 millert - - * parse.lex: dynamically allocates space for strings - -1995-09-02 12:34 millert - - * sudo.h: no more MAXCOMMANDLENGTH - -1995-09-01 22:25 millert - - * sudo.h: added decl of tty - -1995-09-01 22:25 millert - - * logging.c, sudo.c: moved tty stuff into sudo.c - -1995-09-01 14:18 millert - - * parse.c: fixed a logic bug. Was denying a command if user gave - command line args but there were none in the sudoers file which - is wrong. - -1995-09-01 01:18 millert - - * sudo.h: MAXCOMMMANDLEN dropped down to 1K - -1995-09-01 01:13 millert - - * parse.lex: return foo; -> return(foo); - -1995-09-01 01:03 millert - - * parse.yacc: fixed netgr_matches() prototype - -1995-09-01 01:02 millert - - * parse.lex: added support for escaping "termination" characters - -1995-09-01 00:55 millert - - * parse.c: buf is now of size MAXPATHLEN+1 since it never holds - command args - -1995-09-01 00:50 millert - - * sudo.c: fixed comments - -1995-09-01 00:49 millert - - * goodpath.c: fixed negation problem (doh!) - -1995-09-01 00:25 millert - - * parse.yacc: fixed 2nd parameter to lfind() - -1995-09-01 00:24 millert - - * parse.lex: now do bounds checking in fill() and append() - -1995-09-01 00:23 millert - - * sudo.c: include netdb.h as we should added a missing void cast - added SHELL_IF_NO_ARGS support now use realloc() properly. would - fail if realloc actually moved the string instead of shrinking it - -1995-09-01 00:17 millert - - * sample.sudoers: updated with examples of new features - -1995-09-01 00:05 millert - - * goodpath.c: now set errno to EACCES if not a regular file or not - executable - -1995-09-01 00:04 millert - - * find_path.c: if given a fully-qualified or relative path we now - check it with sudo_goodpath() and error out with the appropriate - error message if the file does not exist or is not executable - -1995-09-01 00:03 millert - - * lsearch.c, emul/search.h: now use correct args for lfind - -1995-09-01 00:03 millert - - * logging.c: added a comment - -1995-08-31 23:52 millert - - * insults.h: added in CSOps insults - -1995-08-31 23:51 millert - - * ins_csops.h: Initial revision - -1995-08-31 23:35 millert - - * tgetpass.c: added RCS id - -1995-08-31 22:56 millert - - * sudo.h: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> - HAVE_GETWD - -1995-08-31 22:55 millert - - * OPTIONS: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS - -1995-08-31 22:54 millert - - * sudo.c: fixed -k load_interfaces() now gets called if FQDN is set - -p now works with -s - -1995-08-31 22:54 millert - - * parse.c: don't try to stat() "pseudo commands" like "validate" - -1995-08-31 22:53 millert - - * options.h: added CLASSIC_INSULTS added CSOPS_INSULTS added - SHELL_IF_NO_ARGS - -1995-08-31 22:53 millert - - * configure.in: added SecurID support added other insults to - --with-csops - -1995-08-31 22:52 millert - - * config.h.in: added HAVE_SECURID - -1995-08-31 22:52 millert - - * Makefile.in: added clobber target added ins_csops.h now gets - CFLAGS from configure - -1995-08-31 22:46 millert - - * aclocal.m4: relaxed SUDO_FULL_VOID - -1995-08-31 22:44 millert - - * visudo.c: function comment blocks are now in same style as rest - of code - -1995-08-31 22:44 millert - - * testsudoers.c: added support for command line args in - /etc/sudoers - -1995-08-31 22:43 millert - - * sudoers.man: updated to have command args in the sudoers file - -1995-08-31 22:42 millert - - * sudo.man: added -s and -- flags added SHELL to ENVIRONMENT - VARIABLES section - -1995-08-19 19:32 millert - - * parse.yacc: PATH renamed to COMMAND - -1995-08-19 19:31 millert - - * parse.lex: it is now a parse error for directories to have args - attached to them - -1995-08-19 19:30 millert - - * logging.c: now say command args if telling user to buzz off - -1995-08-19 19:30 millert - - * sudo.c: -s no longer indicates end of args sped up loading on - cmnd_args in load_cmnd() - -1995-08-19 19:29 millert - - * parse.c: removed an unreachable statement - -1995-08-19 17:53 millert - - * parse.lex: made more efficient by pulling out the terminators - when in GOTCMND state and making them their own rule - -1995-08-14 00:07 millert - - * sudo.h: removed MAXLOGLEN since it is no longer used - -1995-08-14 00:07 millert - - * parse.lex: now allows command args - -1995-08-14 00:06 millert - - * parse.c: now groks command arguments - -1995-08-13 23:39 millert - - * logging.c: now sets tty correctly when piped input - -1995-08-13 23:35 millert - - * sudo.c: fixed loading of cmnd_args (was including command name - too) - -1995-08-13 23:34 millert - - * logging.c: fixed a core dump due to incorrect if construct - -1995-08-13 00:33 millert - - * configure.in: only add -lsun is irix < 5 don't look for -lnsl or - -lsocket if irix - -1995-08-13 00:33 millert - - * aclocal.m4: fixed check for ISC - -1995-08-13 00:32 millert - - * sudo.c: now sets cmnd_args used by log_error() and that will be - used by the parse to check against command args - -1995-08-13 00:32 millert - - * sudo.h: added cmnd_args - -1995-08-13 00:31 millert - - * logging.c: now dynamically allocate logline since we can guess at - its size - -1995-08-05 13:52 millert - - * logging.c: cleaned up a bunch of unnecesary #ifdef's eliminated a - buffer remove "register" since the compiler knows more than I do - now do a "basename" of the tty - -1995-07-31 18:20 millert - - * configure.in: ++version - -1995-07-30 22:37 millert - - * sudo.h: added shell extern changed MODE_* to be bit masks to - allow for several options together - -1995-07-30 22:36 millert - - * sudo.c: added -s (shell) option made MODE_* masks so we can do - bitwise & and | to see if multiple flags are set. - -1995-07-30 22:01 millert - - * check.c: added securid support - -1995-07-30 14:38 millert - - * logging.c: removed a bunch of unnecesary strncpy()'s and replaced - with strcat() - -1995-07-29 17:17 millert - - * Makefile.in, version.h: ++version - -1995-07-27 06:52 millert - - * parse.yacc: fixed free() of an uninitialized pointer (yuck) - -1995-07-26 22:00 millert - - * testsudoers.c: added netgr_matches - -1995-07-26 21:29 millert - - * parse.c: cleaned up netgr_matches - -1995-07-26 00:26 millert - - * RUNSON: updated for 1.3.4 - -1995-07-24 21:51 millert - - * Makefile.in: now installs sudoers.man -- really should clean this - up though. - -1995-07-24 21:18 millert - - * Makefile.in: added sudoers.cat and sudoers.man - -1995-07-24 21:15 millert - - * sudo.man: pulled out stuff on the sudoers file format into a - separate man page - -1995-07-24 21:14 millert - - * sudoers.man: Initial revision - -1995-07-24 21:04 millert - - * HISTORY: fixed up my email address - -1995-07-24 20:03 millert - - * configure.in: added checks for innetgr and getdomainname - -1995-07-24 20:02 millert - - * visudo.c: added dummy netgr_matches function - -1995-07-24 20:01 millert - - * parse.c: added netgr_matches - -1995-07-24 20:01 millert - - * parse.lex, parse.yacc: added NETGROUP support - -1995-07-24 20:01 millert - - * config.h.in: added HAVE_INNETGR & HAVE_GETDOMAINNAME - -1995-07-24 18:07 millert - - * sudo.c: rewrote clean_env() that has rm_env() builtin - -1995-07-23 19:58 millert - - * check.c: now cast uid to long in sprintf - -1995-07-23 19:58 millert - - * OPTIONS: added _INSULTS suffix to HAL & GOONS end - -1995-07-23 19:57 millert - - * options.h: added _INSULTS suffix to HAL & GOONS - -1995-07-23 19:35 millert - - * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: converted to - new scheme of insult "unions" end - -1995-07-23 17:48 millert - - * sudo.c: now uses MAX_UID_T_LEN - -1995-07-23 17:48 millert - - * configure.in: added SUDO_UID_T_LEN !l - -1995-07-23 17:48 millert - - * config.h.in: added MAX_UID_T_LEN - -1995-07-23 17:47 millert - - * check.c: now use MAX_UID_T_LEN - -1995-07-23 17:47 millert - - * aclocal.m4: added check for max len of uid_t fixed sco vs. isc - check - -1995-07-19 19:05 millert - - * configure.in: corrected version - -1995-07-19 17:29 millert - - * configure.in: added sco support - -1995-07-19 17:29 millert - - * aclocal.m4: hack to check for sco - -1995-07-18 21:27 millert - - * interfaces.c: removed #include since it was hosing - some OS's - -1995-07-18 13:35 millert - - * find_path.c: fixed prreadlink() prototype - -1995-07-17 23:54 millert - - * check.c: added parens in #if's - -1995-07-17 23:53 millert - - * configure.in: added SPW_ prefix - -1995-07-17 23:20 millert - - * sudo.h: moved SPW_* to config.h.in - -1995-07-17 23:19 millert - - * sudo.c: added a set of parens - -1995-07-17 23:19 millert - - * config.h.in: added SPW_* - -1995-07-17 22:50 millert - - * sudo.h: added SPW_* reordered error codes - -1995-07-17 22:49 millert - - * check.c: moved SPW_* to sudo.h - -1995-07-17 14:29 millert - - * logging.c: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT - -1995-07-17 14:29 millert - - * configure.in: AUTH -> SECUREWARE - -1995-07-17 14:29 millert - - * check.c, sudo.c: SPW_AUTH -> SPW_SECUREWARE - -1995-07-17 00:22 millert - - * check.c: now uses SHADOW_TYPE to make shadow pw support more - readable and modular. It's a start... - -1995-07-17 00:21 millert - - * configure.in: added autodetection of shadow passwords - -1995-07-17 00:20 millert - - * sudo.c: now uses SHADOW_TYPE define - -1995-07-17 00:19 millert - - * config.h.in: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ - defines - -1995-07-17 00:19 millert - - * aclocal.m4: added SUDO_CHECK_SHADOW - -1995-07-12 17:09 millert - - * configure.in: define SVR4 for ISC define BROKEN_SYSLOG for hpux - took out test for memmove() since we dno longer use it... - -1995-07-12 17:08 millert - - * CHANGES: updated - -1995-07-12 17:05 millert - - * logging.c: added BROKEN_SYSLOG support - -1995-07-12 17:05 millert - - * config.h.in: added BROKEN_SYSLOG - -1995-07-12 17:04 millert - - * check.c: now only bitch it timestamp > time_now + 2 * timeout to - allow for a machine udpating its time from a server - -1995-07-12 17:04 millert - - * sudo.man: added 2 security notes updated Nieusma's email addr - -1995-07-12 14:18 millert - - * lsearch.c: changed a memmove() to memcpy() since we don't have to - worry about overlapping segments. - -1995-07-11 15:41 millert - - * interfaces.c: cleanup up the loop when interfaces are groped in - so that it is readable - -1995-07-11 14:52 millert - - * Makefile.in, version.h: ++version - -1995-07-09 18:17 millert - - * CHANGES: annotated 124-126 - -1995-07-07 16:06 millert - - * check.c: fixed permissions check on /tmp/.odus - -1995-07-06 19:35 millert - - * check.c: fixed some comments - -1995-07-06 14:49 millert - - * check.c: now checks owner & mode of timedir also checks for bogus - dates on timestamp file - -1995-07-06 14:49 millert - - * OPTIONS: updated TIMEOUT info - -1995-07-06 14:48 millert - - * logging.c, sudo.h: added BAD_STAMPDIR and BAD_STAMPFILE - -1995-07-06 14:47 millert - - * compat.h: added definition of S_IRWXU - -1995-07-06 14:47 millert - - * CHANGES: updated - -1995-07-03 14:16 millert - - * interfaces.c: added #ifdef to make it compile on strange arches - -1995-07-02 18:13 millert - - * aclocal.m4: fixed check for fulkl void impl. - -1995-07-02 09:56 millert - - * check.c: added mssing "static" - -1995-07-01 20:41 millert - - * insults.h: replaced #elif with #else #if constructs for ancient C - compilers - -1995-07-01 20:18 millert - - * INSTALL: updated irix c2 & kerb5 info - -1995-07-01 20:15 millert - - * configure.in: added shadow pw support for irix - -1995-07-01 16:07 millert - - * CHANGES: last changes for sudo 1.3.3 - -1995-07-01 16:07 millert - - * TODO, BUGS: updated - -1995-07-01 16:04 millert - - * configure.in: now calls SUDO_SOCK_SA_LEN - -1995-07-01 16:04 millert - - * config.h.in: added HAVE_SA_LEN - -1995-07-01 16:04 millert - - * aclocal.m4: added SUDO_SOCK_SA_LEN - -1995-07-01 15:49 millert - - * interfaces.c: now works with ip implementations that use sa_len - in sockaddr - -1995-07-01 14:26 millert - - * INSTALL: added note about buggy AIX compiler - -1995-07-01 14:24 millert - - * interfaces.c: now include sys/time.h for AIX - -1995-06-27 22:35 millert - - * Makefile.in: getcwd -> getwd - -1995-06-27 21:28 millert - - * interfaces.c: now works for ISC and others. yay. - -1995-06-26 14:24 millert - - * Makefile.in, version.h: version++ - -1995-06-22 20:26 millert - - * aclocal.m4: fixed test for full void impl - -1995-06-22 20:25 millert - - * sudo.c: now check to see that st_dev is non-zero before assuming - that we are being spoofed - -1995-06-20 16:56 millert - - * aclocal.m4, configure.in: SUDO_FUNC_UTIME_NULL -> - AC_FUNC_UTIME_NULL - -1995-06-19 16:32 millert - - * aclocal.m4: fixed include file order for SUDO_FUNC_UTIME_POSIX - -1995-06-19 16:10 millert - - * logging.c: added cast for ttyname() - -1995-06-19 15:23 millert - - * configure.in: fixed typo - -1995-06-19 15:19 millert - - * check.c: now deal correctly with all known variation of utime() - -- yippe - -1995-06-19 15:19 millert - - * configure.in: added SUDO_FUNC_UTIME_POSIX - -1995-06-19 15:19 millert - - * aclocal.m4: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX - -1995-06-19 15:14 millert - - * config.h.in: added HAVE_UTIME_POSIX - -1995-06-19 13:38 millert - - * check.c: fixed a typo - -1995-06-19 13:29 millert - - * check.c: no longer assume !HAVE_UTIME_NULL means old BSD utime() - -1995-06-19 13:20 millert - - * check.c: fixed fascist C compiler warning - -1995-06-18 23:14 millert - - * interfaces.c: now set strioctl.ic_timout in STRSET() now - initialize num_interfaces to 0 (just to be anal) - -1995-06-18 18:06 millert - - * sudo.h: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname - -1995-06-18 18:05 millert - - * logging.c: added tty logging - -1995-06-18 16:04 millert - - * interfaces.c: reworked the ISC code - -1995-06-18 15:27 millert - - * Makefile.in, version.h: updated version - -1995-06-18 15:24 millert - - * check.c: now expect old-style utime(3) if utime() can't take NULL - as an arg - -1995-06-18 15:08 millert - - * configure.in: added check for utime.h - -1995-06-18 15:08 millert - - * config.h.in: added HAVE_UTIME_H - -1995-06-18 14:48 millert - - * Makefile.in: added CPPFLAGS STATIC_FLAGS -> LDFLAGS - -1995-06-18 13:58 millert - - * configure.in: now search for kerb libs and includes - -1995-06-18 13:03 millert - - * check.c: added support for utime(2)'s that can't take a NULL - parameter - -1995-06-18 13:03 millert - - * utime.c: moved HAVE_UTIME_NULL stuff to update_timestamp() where - t belongs - -1995-06-17 20:46 millert - - * configure.in: added utime(s) stuff - -1995-06-17 20:46 millert - - * check.c: now use utime() - -1995-06-17 20:46 millert - - * config.h.in: added HAVE_UTIME and HAVE_UTIME_NULL - -1995-06-17 19:12 millert - - * utime.c: now use HAVE_UTIME_NULL - -1995-06-17 19:02 millert - - * utime.c, emul/utime.h: Initial revision - -1995-06-17 18:24 millert - - * check.c: need to setuid(0) to make kerb4 stuff work. - -1995-06-17 18:14 millert - - * tgetpass.c: no more special case for kerberos - -1995-06-17 18:13 millert - - * config.h.in: took out setreuid and setresuid stuff added kerb5 - stuff (use kerb4 emulation) - -1995-06-17 18:13 millert - - * compat.h: no longer need setreuid() emulation now set _PASSWD_LEN - to 128 if kerberos - -1995-06-17 18:12 millert - - * check.c: now use private ticket file for kerberos support to - avoid trouncing on system one - -1995-06-15 00:48 millert - - * sudo.h: added SPOOF_ATTEMPT & cmnd_st - -1995-06-15 00:47 millert - - * sudo.c: added anti-spoofing support - -1995-06-15 00:47 millert - - * parse.c: now use global cmnd_st - -1995-06-15 00:47 millert - - * logging.c: added SPOOF_ATTEMPT suypport - -1995-06-14 23:41 millert - - * testsudoers.c, visudo.c: added void casts where appropriate - -1995-06-14 23:40 millert - - * parse.yacc: fixed up spacing and added void casts where - appropriate - -1995-06-14 23:27 millert - - * sudo.c: fixed problem with "-p prompt" but no args - -1995-06-14 04:43 millert - - * sudo.man: added BUGS and annotated -l description - -1995-06-14 04:43 millert - - * sudo.h: validate() now takes a flag - -1995-06-14 04:43 millert - - * sudo.c: validate() now takes a flag added -l - -1995-06-14 04:42 millert - - * parse.yacc: added support for -l - -1995-06-14 04:41 millert - - * parse.c: validate() now takes a flag that says whether or not to - check the command - -1995-06-07 21:36 millert - - * logging.c: now deals with Argv == 1 - -1995-06-07 21:34 millert - - * sudo.man: added -p option - -1995-06-07 21:27 millert - - * sudo.c: added prompt support reworked parse_args() - -1995-06-07 20:49 millert - - * sudo.h: added prompt - -1995-06-07 20:49 millert - - * options.h: added PASSPROMPT - -1995-06-07 20:48 millert - - * check.c: now use BUFSIZ as length of kerb password added kpass so - pass is always a char * now use prompt global when asking for a - password - -1995-06-07 20:47 millert - - * tgetpass.c: now use BUFSIZ as _PASSWD_LEN if using kerberos - -1995-06-07 20:43 millert - - * OPTIONS: added PASSPROMPT - -1995-06-07 01:44 millert - - * configure.in: only look for -lufc or -lcrypt if crypt() not in - libc - -1995-06-07 01:43 millert - - * check.c: don't exit on kerb error, just warn if k_errno == - KDC_PR_UNKNOWN (unknown user) silently fail - -1995-06-06 22:44 millert - - * INSTALL: added kerb4 note - -1995-06-06 22:43 millert - - * tgetpass.c: HAVE_KERBEROS -> HAVE_KERB4 - -1995-06-06 22:41 millert - - * check.c: removed debugging printf - -1995-06-06 22:33 millert - - * configure.in: KERBEROS -> KERB4 added checks for setreuid & - setresuid - -1995-06-06 22:32 millert - - * config.h.in: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and - HAVE_SETRESUID - -1995-06-06 22:32 millert - - * compat.h: added deif of UID_NO_CHANGE & GID_NO_CHANGE added - setreuid emulation with setresuid if applic - -1995-06-06 22:31 millert - - * check.c: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid - chown() hack if no setreuid() or a broken one - -1995-06-05 23:44 millert - - * config.h.in: added HAVE_KERBEROS - -1995-06-05 23:43 millert - - * tgetpass.c: added KERBEROS support (long passwords) - -1995-06-05 23:42 millert - - * check.c, configure.in: added kerberos support - -1995-06-03 19:36 millert - - * sudo.h: added MODE_BACKGROUND - -1995-06-03 19:36 millert - - * sudo.man: escaped dashes added -b option - -1995-06-03 19:34 millert - - * sudo.c: added -b option - -1995-06-03 18:52 millert - - * check.c: added crypt() for osf/1 3.x enhanced secuiry - -1995-06-03 18:18 millert - - * configure.in: now check for -lcrypt - -1995-06-03 18:00 millert - - * interfaces.c: added ENXIO like EADDRNOTAVAIL - -1995-05-07 23:14 millert - - * configure.in: now emulate getwd(), not getcwd() - -1995-05-07 23:13 millert - - * sudo.c: getcwd() -> getwd() - -1995-05-07 23:12 millert - - * getwd.c: getcwd -> getwd - -1995-05-02 01:34 millert - - * ins_2001.h, ins_classic.h, ins_goons.h: Initial revision - -1995-05-02 01:34 millert - - * insults.h: broke out insults into separate include files - -1995-05-02 01:32 millert - - * options.h, OPTIONS: added GOONS - -1995-05-02 01:32 millert - - * Makefile.in: added ins_2001.h ins_classic.h ins_goons.h - -1995-05-01 23:34 millert - - * Makefile.in, version.h: ++version - -1995-05-01 23:34 millert - - * visudo.c: moved signal handler setup to setup_signals() - -1995-05-01 23:33 millert - - * sudo.h: added load_interfaces() - -1995-05-01 23:33 millert - - * sudo.c: moved load_interfaces to interfaces.c - -1995-05-01 23:33 millert - - * parse.yacc: added clearaliases - -1995-05-01 23:33 millert - - * OPTIONS, options.h: added FAST_MATCH - -1995-05-01 23:32 millert - - * parse.lex: now uses clearaliases variable - -1995-05-01 23:31 millert - - * interfaces.c: Initial revision - -1995-05-01 23:31 millert - - * Makefile.in: added interfaces.[co] - -1995-05-01 23:30 millert - - * testsudoers.c: now uses ip addrs and netmasks via - load_interfaces() - -1995-05-01 22:47 millert - - * sudo.c: now remove IFS instead of setting to "sane" value - -1995-05-01 16:30 millert - - * parse.c: added FAST_MATCH - -1995-04-29 20:19 millert - - * Makefile.in: sudo_goodpath.c-> goodpath.c - -1995-04-29 20:15 millert - - * sudo.c: added Andy's new ISC changes - -1995-04-14 14:06 millert - - * OPTIONS: added a sentence to SECURE_PATH info - -1995-04-14 13:57 millert - - * BUGS: added one - -1995-04-14 13:54 millert - - * RUNSON, CHANGES: updated - -1995-04-13 17:04 millert - - * RUNSON: updated for beta3 - -1995-04-13 14:32 millert - - * Makefile.in, version.h: ++version - -1995-04-13 13:56 millert - - * aclocal.m4: sendmail is now looked for in /usr/ucblib - -1995-04-13 13:54 millert - - * sudo.c: fixed indentation - -1995-04-13 13:35 millert - - * aclocal.m4: fixed a typo - -1995-04-13 13:19 millert - - * sudo.c: updated ISC mods - -1995-04-13 13:19 millert - - * configure.in: added unixware case - -1995-04-13 13:19 millert - - * check.c: user_is_exempt is no longer hidden - -1995-04-13 13:19 millert - - * RUNSON: updated - -1995-04-13 13:19 millert - - * aclocal.m4: isc and riscos changes - -1995-04-13 13:18 millert - - * OPTIONS: added NOTE about new interaction of EXEMPTGROUP and - SECURE_PATH - -1995-04-13 13:18 millert - - * Makefile.in: fixed a typo and added testsudoers stuff - -1995-04-13 12:34 millert - - * testsudoers.c: Initial revision - -1995-04-12 19:31 millert - - * parse.yacc: applied fixed patch from Chris - -1995-04-11 14:30 millert - - * Makefile.in: fixed a typo - -1995-04-11 14:14 millert - - * parse.yacc: added a set of braces for bison - -1995-04-11 14:01 millert - - * parse.yacc: merged in Chris' changes to dekludge the parser. - -1995-04-11 00:38 millert - - * logging.c: send_mail() was calling find_path() which is wrong - since find_path() stores cmnd in a static var. Anyhow, it - doesn't make much sense since MAILER should always be fully - qualified - -1995-04-10 19:51 millert - - * sample.sudoers: added User_Alias stuff - -1995-04-10 19:50 millert - - * aclocal.m4: SUDO_NEXT now looks for - /usr/lib/NextStep/software_version - -1995-04-10 19:50 millert - - * RUNSON: added DEC UNIX 3.0 w/ gcc - -1995-04-10 19:49 millert - - * visudo.c: Exit was being used in places where exit should be used - -1995-04-10 19:44 millert - - * sudoers: added "User alias specification" - -1995-04-10 18:04 millert - - * parse.yacc: fixed probs caused by making nslots and naliases a - size_t - -1995-04-10 15:09 millert - - * RUNSON: added KSR, upped rev to 1.3.1b2 - -1995-04-10 15:07 millert - - * logging.c, parse.yacc: 1024 -> BUFSIZ - -1995-04-10 15:05 millert - - * parse.yacc: void * -> VOID * naliases and nslots are now size_t - to appease lsearch on 64-bit machines - -1995-04-09 19:30 millert - - * TODO: did a bunch of things and added a bunch :-) - -1995-04-09 19:30 millert - - * PORTING: updated - -1995-04-09 19:24 millert - - * visudo.man: closer to BSD manpage style - -1995-04-09 19:15 millert - - * sudo.man: closer to standard BSD man format - -1995-04-09 18:58 millert - - * compat.h, config.h.in, insults.h, options.h, pathnames.h.in, - sudo.h, version.h, emul/search.h: added RCS id - -1995-04-09 17:35 millert - - * sudo.h: removed crufty #defines that are no longer used - -1995-04-09 17:13 millert - - * BUGS: fixed a bug - -1995-04-09 17:12 millert - - * sudo.man: updated based on sudo changes - -1995-04-09 17:11 millert - - * parse.yacc: now allow ALL keyword in User_Aliases now allow ALL - keyword as well as a NAME or ALIAS - -1995-04-09 17:11 millert - - * CHANGES: updated - -1995-04-09 17:04 millert - - * sudo.c: now sets SUDO_COMMAND and SUDO_GID envariables. - -1995-04-09 15:24 millert - - * aclocal.m4: fixed bug with full void impl check - -1995-04-08 23:11 millert - - * parse.yacc: fixed User_Alias supoprt - -1995-04-08 22:27 millert - - * parse.yacc: added stubs for User_Alias support - -1995-04-08 22:27 millert - - * sudo.c: now sets removes # bogus interfaces from num_interfaces - -1995-04-08 22:26 millert - - * parse.lex: added User_Alias support - -1995-04-07 21:10 millert - - * Makefile.in: removed extraneous TODO - -1995-04-07 19:48 millert - - * visudo.c: ntwk_matches -> addr_matches - -1995-04-07 15:38 millert - - * parse.yacc: ntwk_matches -> addr_matches - -1995-04-07 15:37 millert - - * parse.c: ntwk_matches -> addr_matches now use inet_addr() not - inet_network() (which expects octet boundaries) fixes for OSF - (sizeof(int) != sizeof(long)) - -1995-04-07 15:08 millert - - * sudo.c: took out debugging info - -1995-04-06 23:45 millert - - * aclocal.m4: OS was being set to unknown before non-uname based - host checks. This caused no checks to happen since $OS was not - zero-length. - -1995-04-06 23:30 millert - - * sudo.c: fixed loading of interfaces struct still has debugging - info in though - -1995-04-06 22:23 millert - - * parse.c: fixed typo - -1995-04-06 16:17 millert - - * Makefile.in: ++version - -1995-04-06 16:16 millert - - * version.h: ++ - -1995-04-06 16:16 millert - - * visudo.c: removed extraneous extern decl of "top - -1995-04-06 16:14 millert - - * visudo.c: now zeros "top" - -1995-04-06 16:13 millert - - * parse.yacc: removed parser_cleanup (no need for it now) - -1995-04-06 16:13 millert - - * parse.lex: now calls reset_aliases() directly - -1995-04-04 18:21 millert - - * OPTIONS: added a sentence to SECURE_PATH description - -1995-04-04 18:17 millert - - * parse.c: fixed my stupid bug where I used NAMLEN on something I - wanted to just get the name from. argh. - -1995-04-03 16:58 millert - - * lsearch.c: fixed argument order of memmove() that i hosed when - converting from bcopy(). arghh. - -1995-04-03 15:33 millert - - * Makefile.in: finally fixed DISTFILES line - -1995-04-03 15:21 millert - - * Makefile.in: tabs -> spaces - -1995-04-03 15:15 millert - - * Makefile.in: added missing files to DISTFILES - -1995-04-03 14:50 millert - - * Makefile.in: SUPPORTED -> RUNSON - -1995-04-01 03:12 millert - - * TODO: updated - -1995-04-01 01:54 millert - - * RUNSON: updated for pl5b1 release - -1995-04-01 01:53 millert - - * BUGS, TODO: updated - -1995-04-01 01:52 millert - - * check.c: fixed bug where if you hit return at first sudo prompt - it would still log as a failure - -1995-04-01 01:29 millert - - * CHANGES: updated - -1995-04-01 01:25 millert - - * aclocal.m4: better test for bogus void * implementation - -1995-03-31 20:33 millert - - * logging.c: added PASSWORDS_NOT_CORRECT - -1995-03-31 20:32 millert - - * check.c: added PASSWORDS_NOT_CORRECT stuff] - -1995-03-31 20:30 millert - - * sudo.h: added PASSWORDS_NOT_CORRECT - -1995-03-31 19:16 millert - - * tgetpass.c: moved pathnames.h - -1995-03-31 19:16 millert - - * sudo.c: removed some unused vars and fixed up uid2str - -1995-03-31 19:15 millert - - * putenv.c: moved compat.h - -1995-03-31 19:14 millert - - * getcwd.c, getwd.c: added pathnames.h - -1995-03-31 18:18 millert - - * parse.yacc: fixed a typo I introduced in the last checkin :-( - -1995-03-31 18:11 millert - - * parse.lex: can't have #ifdef's where N is defined so just do this - the broken way for AIX - -1995-03-31 18:08 millert - - * parse.yacc: better hack from Chris (but still a hack) - -1995-03-31 18:05 millert - - * parse.lex: stupid hack for broken aix lex - -1995-03-31 17:47 millert - - * tgetpass.c: now includes compat.h  - -1995-03-31 17:27 millert - - * visudo.c: now includes fcntl.h - -1995-03-31 17:27 millert - - * compat.h: added FD_SET and FD_ZERO for 4.2BSD - -1995-03-31 16:12 millert - - * parse.yacc: dirty hack to fix parser bug. i don't really like - this but it works for now... - -1995-03-31 16:12 millert - - * sudo.c: uid2str is now static like the prototype says - -1995-03-29 23:48 millert - - * RUNSON: Initial revision - -1995-03-29 23:47 millert - - * TODO, CHANGES, SUPPORTED, TROUBLESHOOTING: updated - -1995-03-29 23:46 millert - - * sudo.c: check_sudoers now returns an error code and sudo calls - inform_user and log_error based on the return value. - -1995-03-29 23:45 millert - - * logging.c, sudo.h: added entries for new errors - -1995-03-29 23:03 millert - - * parse.c: now set uid to that of SUDOERS_OWNER while parsing - sudoers file - -1995-03-29 22:52 millert - - * Makefile.in: took out testsudoers  - -1995-03-29 22:36 millert - - * sudo.c: now explicately checks that it is setuid root - -1995-03-29 22:28 millert - - * sudo.c: If a user has no passwd entry sudo would segv (writing to - a garbage pointer). Now allocate space before writing :-) - -1995-03-29 22:06 millert - - * configure.in: reordered AC_CHECK_FUNCS - -1995-03-29 22:06 millert - - * config.h.in: fixed memset macro - -1995-03-29 21:47 millert - - * logging.c: bzero -> memset when a parse error is logged the line - number of the error is now logged too - -1995-03-29 21:46 millert - - * tgetpass.c, visudo.c: bzero -> memset - -1995-03-29 21:46 millert - - * INSTALL: added Sunos to blurb about c2 security - -1995-03-29 21:45 millert - - * configure.in: added a SUN4 define for C2 security - -1995-03-29 21:44 millert - - * config.h.in: bcopy -> memmove bzero -> memset - -1995-03-29 21:43 millert - - * lsearch.c: bcopy -> memmove char * -> VOID * - -1995-03-29 21:30 millert - - * check.c: added support for sunos with C2 security - -1995-03-29 21:12 millert - - * OPTIONS, options.h: reordered - -1995-03-29 21:12 millert - - * pathnames.h.in: _PATH_SUDO_LOGFILE now set based on configure - -1995-03-29 21:12 millert - - * configure.in: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T - -1995-03-29 21:12 millert - - * config.h.in: added _SUDO_PATH_LOGFILE - -1995-03-29 21:11 millert - - * aclocal.m4: added SUDO_LOGFILE to find where to put sudo.log - added SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h - too) added SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) - -1995-03-29 18:17 millert - - * TROUBLESHOOTING: Initial revision - -1995-03-29 17:59 millert - - * sudo.c: now do set_perms(PERM_ROOT) before the getpwuid() in - load_global() to work around a problem is trusted hpux shadow - passwords. yuck. - -1995-03-29 17:41 millert - - * parse.yacc: backed out a change in malloc/realloc - -1995-03-29 17:38 millert - - * parse.yacc: now include stdlib.h - -1995-03-29 17:22 millert - - * visudo.c: now do an freopen() of the stmp file so that yyin will - always point to the same thing. This is important for flex since - we are doing a YY_NEWFILE - -1995-03-29 17:20 millert - - * parse.yacc: replaced yywrap() with parser_cleanup() since - yywrap() needs to be in parse.lex to be able to use YY_NEW_FILE. - sigh. - -1995-03-29 17:18 millert - - * parse.lex: now have a rule that matches anything that doesn't - match an explicite rule. well, you know what i mean (. matches - anything not yet matched). However, this means that there is - input still queued up so we need to do a YY_NEW_FILE; in yywrap. - So, yywrap has moved into parse.lex and it calls parser_cleanup() - which is most of the old yywrap() sigh. - -1995-03-29 17:17 millert - - * SUPPORTED: no longer used - -1995-03-29 16:13 millert - - * getcwd.c, getwd.c: moved compat.h to be the last include file - -1995-03-29 16:11 millert - - * parse.yacc: fixed type of aliascmp() args - -1995-03-29 15:58 millert - - * find_path.c: NULL -> '\0' - -1995-03-29 15:42 millert - - * parse.yacc: added casts to lfind and lsearch args for irix - -1995-03-29 08:20 millert - - * Makefile.in: bsdinstall -> install-sh - -1995-03-29 08:20 millert - - * INSTALL: added info about make realclean - -1995-03-29 08:17 millert - - * Makefile.in: updated VERSION added dependencies for visudo.cat - -1995-03-29 08:17 millert - - * version.h: -> pl5b1 - -1995-03-29 08:16 millert - - * sudo.c: took out -l - -1995-03-29 00:03 millert - - * Makefile.in: now there is a real visudo.man and visudo.cat - -1995-03-28 23:54 millert - - * sudo.man: took out visudo stuff - -1995-03-28 23:54 millert - - * visudo.man: Initial revision - -1995-03-28 23:12 millert - - * parse.c, parse.lex, parse.yacc: updated copyright - -1995-03-28 23:05 millert - - * README: updated for pl5 - -1995-03-28 20:02 millert - - * sudo.man: updated Nieusma & Hieb email addresses - -1995-03-28 19:57 millert - - * INSTALL: updated to include options.h and OPTIONS - -1995-03-28 19:35 millert - - * CHANGES, TODO: updated - -1995-03-28 19:35 millert - - * BUGS: eliminated bug #1 (yay) - -1995-03-28 19:31 millert - - * configure.in: sunos no longer gets linked statically - -1995-03-28 18:58 millert - - * parse.lex: prototype now uses __P() - -1995-03-28 18:49 millert - - * parse.lex: make fill() non-ansi - -1995-03-28 15:26 millert - - * parse.c: made -v (validate) work - -1995-03-28 15:26 millert - - * logging.c: now gives host - -1995-03-28 10:34 millert - - * find_path.c: don't check for execute/statable if fq or relative - path given - -1995-03-28 01:07 millert - - * parse.c: added a cast - -1995-03-28 00:49 millert - - * visudo.c: now include ctype.h for islower and tolower macros - -1995-03-28 00:48 millert - - * goodpath.c: moved _S_IFMT & _S_ISREG to compat.h - -1995-03-28 00:48 millert - - * sudo.c: moved a set of parens - -1995-03-28 00:48 millert - - * strdup.c: now include compat.h - -1995-03-28 00:47 millert - - * parse.yacc: now cast malloc & realloc return vals added search - for HAVE_LSEARCH now use strcmp if no strcasecmp available - -1995-03-28 00:46 millert - - * lsearch.c, emul/search.h: void * -> VOID * - -1995-03-28 00:45 millert - - * config.h.in: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, - HAVE_SYS_NDIR_H, HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH - -1995-03-28 00:44 millert - - * compat.h: added _S_IFMT, _S_IFREG, and S_ISREG - -1995-03-28 00:44 millert - - * aclocal.m4: took out SUDO_PROG_INSTALL 1.x to 2.x changes added - echo and results to most SUDO_* macros - -1995-03-28 00:43 millert - - * Makefile.in: no more -I. - -1995-03-28 00:22 millert - - * configure.in: various 1.x ro 2.x autoconf changes now check for - strcasecmp now use AC_INSTALL_PROG instead of custom one added - check for fully woorking void implementation - -1995-03-28 00:02 millert - - * Makefile.in: added lsearch & search.h visudo links into - $(LIBOBJS) - -1995-03-27 23:43 millert - - * aclocal.m4: partial 1.x to 2.x changes added SUDO_FULL_VOID - -1995-03-27 23:40 millert - - * visudo.c: whatnow_help was prototyped to be static be was not - declared as such - -1995-03-27 21:15 millert - - * configure.in: autoconf 2.x changes took out HAVE_FLEX (no longer - used) added check for dirent/dir/ndir.h - -1995-03-27 21:09 millert - - * parse.c: now use groovy gnu autoconf macro AC_HEADER_DIRENT - -1995-03-27 20:38 millert - - * getcwd.c, getwd.c: MAXPATHLEN -> MAXPATHLEN+1 - -1995-03-27 20:23 millert - - * emul/search.h, lsearch.c: Initial revision - -1995-03-27 18:26 millert - - * parse.yacc: eliminated bison warnings - -1995-03-27 17:10 millert - - * parse.lex: added missing case - -1995-03-27 17:04 millert - - * visudo.c: now iincludes signal.h - -1995-03-27 15:16 millert - - * parse.yacc: only clear data structures on a parse error - -1995-03-27 15:01 millert - - * visudo.c: whatnow() now gives help on invalid input - -1995-03-27 14:54 millert - - * visudo.c: added a whatnow() function (sort of like mh) - -1995-03-27 14:53 millert - - * parse.yacc: kill_aliases -> reset_aliases yywrap() now cleans up - by calling reset_aliases() and clearing top took reset stuff out - of yyerror() since it doesn't beling there (and doesn't work - anyway). errorlineno is now initially set to -1 so we can set it - to the first error that occurrs (it was getting set to the last) - -1995-03-27 14:53 millert - - * parse.lex: added a void cast - -1995-03-27 13:26 millert - - * visudo.c: rewrote from scratch based on 4.3BSD vipw.c - -1995-03-26 01:33 millert - - * sudo.c, sudo.h: removed ocmnd - -1995-03-26 01:19 millert - - * sudo.h: no more sudo_realpath() and find_path() changed params - -1995-03-26 01:19 millert - - * sudo.c: find_path() changed since no more realpath() - -1995-03-26 01:18 millert - - * parse.yacc: on error, errorlineno is set to the line where the - error occurred added kill_aliases() to free the aliases struct - now clean up in yyerror() so we can reparse cleanly - -1995-03-26 01:17 millert - - * logging.c: changed to use new find_path() - -1995-03-26 01:17 millert - - * options.h, parse.c: no more USE_REALPATH - -1995-03-26 01:16 millert - - * find_path.c: removed all the realpath() stuff - -1995-03-26 01:16 millert - - * Makefile.in: sudo_realpath.c -> sudo_goodpath.c - -1995-03-26 01:12 millert - - * visudo.c: now works correctly with utk parser - -1995-03-26 00:04 millert - - * goodpath.c: Initial revision - -1995-03-25 23:23 millert - - * sudo_realpath.c: eliminated a compiler warning - -1995-03-25 21:56 millert - - * sudo.c: elinated compiler warning - -1995-03-25 20:40 millert - - * sudo_realpath.c: added sudo_goodpath() - -1995-03-25 20:40 millert - - * sudo.h: added prototype for sudo_goodpath - -1995-03-25 20:39 millert - - * parse.c: added support for /sys/dir.h - -1995-03-25 20:39 millert - - * options.h: USE_REALPATH turned off - -1995-03-25 20:39 millert - - * find_path.c: added calls to sudo_goodpath() - -1995-03-25 20:39 millert - - * configure.in: added check for dirent.h - -1995-03-25 20:38 millert - - * config.h.in: added HAVE_DIRENT_H - -1995-03-25 19:27 millert - - * configure.in: added in linux shadow pass stuff  - -1995-03-24 14:43 millert - - * visudo.c: added back host, user, cmnd, parse_error - -1995-03-24 14:19 millert - - * visudo.c: added in utk changes plus some minor cosmetic changes - -1995-03-24 14:17 millert - - * sudo.c, sudo_realpath.c: added void casts for printf's - -1995-03-24 14:17 millert - - * options.h: added a define of USE_REALPATH - -1995-03-24 14:17 millert - - * configure.in: there is no more visudoers/Makefile - -1995-03-24 14:16 millert - - * Makefile.in: added in utk changes (visudo is now built from the - toplevel) - -1995-03-24 14:15 millert - - * find_path.c: added (void) casts to printf's - -1995-03-23 22:32 millert - - * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: merged - in utk changes - -1995-03-22 23:13 millert - - * find_path.c: now check to see that what we are trying to run is a - file (or a link to a file, we do a stat(2) so there is no diff) - -1995-03-13 15:56 millert - - * CHANGES: updated - -1995-03-13 15:56 millert - - * Makefile.in: aclocal.m4 -> acsite.m4 make realclean updated for - new autoconf  - -1995-03-13 15:11 millert - - * sudo.man: added myself as maintainer - -1995-02-16 23:31 millert - - * sudo.c: changed setegid -> setgid - -1995-02-06 17:43 millert - - * configure.in: fixed the test for irix 5.x to skip bad libs - -1995-02-06 17:43 millert - - * aclocal.m4: now initialize OS and OSREV - -1995-01-26 20:52 millert - - * configure.in: irix5 changes - -1995-01-26 20:28 millert - - * configure.in: AC_WITH -> AC_ARG_WITH changes other misc changes - for autoconf 2.1 compatibility - -1995-01-18 19:49 millert - - * visudo.c: use YY_NEW_FILE, not yyrestart since OSF flex doesn't - do the righ thing wrt yyrestart (grrrr) - -1995-01-16 18:44 millert - - * Makefile.in: added visudoers/compat.h to DISTFILES - -1995-01-16 17:01 millert - - * configure.in: fixed an echo - -1995-01-16 16:36 millert - - * sudo.c: added ocmnd declaration adjusted for find_path()'s new - parameters - -1995-01-16 16:35 millert - - * sudo.h: added ocmnd extern adjusted find_path() prototype - -1995-01-16 16:34 millert - - * parse.c: cmndcmp() now takes 3 arguments and checks against the - qualified as well as the unqualified pathname. more code that - should use cmndcmp() but did not, now does - -1995-01-16 16:34 millert - - * options.h: added to a comment - -1995-01-16 16:33 millert - - * logging.c: changed to use new find_path() parameter passing - -1995-01-16 16:32 millert - - * find_path.c: find_path() now takes 2 copyout parameters (one for - the qualified pathname and one for the unqualified pathname). - The third parameter may be NULL. - -1995-01-16 16:31 millert - - * configure.in: no longer munge pathnames.h - -1995-01-16 16:30 millert - - * pathnames.h.in: changed _PATH_* to use _SUDO_PATH_* (which are - defined in config.h) as a result, pathnames.h does not need to be - run through configure and the user can override the configured - values easily. - -1995-01-16 16:30 millert - - * config.h.in: added _SUDO_PATH_* entries - -1995-01-16 16:30 millert - - * aclocal.m4: _PATH* -> _SUDO_PATH_* - -1995-01-16 16:28 millert - - * Makefile.in: updated DISTFILES and HDRS .o's now depend on - config.h - -1995-01-13 12:52 millert - - * compat.h: removed extraneous #endif - -1995-01-13 12:48 millert - - * aclocal.m4: added SUDO_PROG_MV - -1995-01-13 12:47 millert - - * configure.in: added SUDO_PROG_MV added riscos and isc os types - took out -DSHORT_MESSAGE from --with-csops since it is now the - default - -1995-01-13 12:46 millert - - * sudo.c: move the include of id.h to compat.h now includes - options.h - -1995-01-13 12:45 millert - - * sudo.h: moved compatibility #defines to compat.h - -1995-01-13 12:45 millert - - * pathnames.h.in: added _PATH_MV - -1995-01-13 12:43 millert - - * config.h.in: move __P to compat.h - -1995-01-13 12:39 millert - - * getcwd.c, getwd.c, putenv.c: now includes compat.h - -1995-01-13 12:39 millert - - * compat.h: Initial revision - -1995-01-11 19:11 millert - - * sudo.h: pull user-configurable stuff out and put in options.h - -1995-01-11 18:43 millert - - * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c, - sudo_setenv.c, parse.lex, parse.yacc, visudo.c: now includes - options.h - -1995-01-11 18:41 millert - - * Makefile.in: added visudoers/options.h - -1995-01-11 18:40 millert - - * options.h, OPTIONS: Initial revision - -1995-01-11 18:39 millert - - * Makefile.in: added OPTIONS and options.h - -1995-01-11 18:36 millert - - * logging.c: changed #ifdef's to use LOGGING and - SLOG_SYSLOG/SLOG_FILE - -1995-01-11 11:02 millert - - * check.c, sudo.h: changed PASSWORD_TIMEOUT to minutes - -1994-12-17 18:18 millert - - * visudo.c: now only do Editor +line_num if line_num != 0 - -1994-12-15 21:06 millert - - * visudo.c: now use mv if rename(2) fails - -1994-12-15 20:32 millert - - * BUGS: added a visudo bug - -1994-12-15 19:46 millert - - * check.c: expanded comment - -1994-11-12 18:33 millert - - * check.c: fixed user_is_exempt to return 0 if EXEMPTGROUP is not - set - -1994-11-09 19:49 millert - - * sudo.c: added mips & isc support - -1994-11-09 19:49 millert - - * parse.c: added support for non-root owned sudoers file - -1994-11-09 19:48 millert - - * check.c: added exempt group support - -1994-11-09 19:47 millert - - * sudo.h: added set_perms() support added SUDOERS_OWNER so can have - non-root own sudoers file added exempt group support added isc - support - -1994-11-09 19:46 millert - - * visudo.c: now copy sudoers to temp file via read/write (not - stdio) now chown new sudoers file to SUDOERS_OWNER - -1994-11-07 20:40 millert - - * configure.in: added skey support - -1994-11-07 20:39 millert - - * sudo.h: fixed typo added set_perms support added skey support - added seteuid()/setegid() emulation for AIX - -1994-11-07 20:38 millert - - * sudo.c: be_* -> setperms() now check to make sure sudoers file is - owned by root nread/write by only root - -1994-11-07 20:38 millert - - * logging.c, parse.c, sudo_realpath.c: be_* -> setperms() - -1994-11-07 20:38 millert - - * check.c: be_* -> set_perms() added skey support - -1994-11-06 18:59 millert - - * Makefile.in: ++version - -1994-11-06 18:59 millert - - * version.h: ++ - -1994-10-21 13:16 millert - - * sudo.c: now sets IFS - -1994-10-21 12:02 millert - - * insults.h: fixed typo - -1994-10-15 15:48 millert - - * config.h.in: added HAVE_SKEY - -1994-10-04 13:00 millert - - * CHANGES: updated - -1994-10-04 12:57 millert - - * Makefile.in: ++version - -1994-10-04 12:57 millert - - * version.h: ++ - -1994-10-04 12:56 millert - - * sudo.c: now bail if ARgv[1] > MAXPATHLEN - -1994-10-04 12:56 millert - - * configure.in: added function check for tcgetattr(3) - -1994-10-04 12:55 millert - - * config.h.in: only define HAVE_TERMIOS_H if you have tcgetattr(3) - -1994-10-04 12:53 millert - - * config.h.in: added check for tcgetattr - -1994-09-26 17:38 millert - - * CHANGES: updated - -1994-09-22 13:30 millert - - * parse.lex: now only include unistd.h for linux - -1994-09-21 14:29 millert - - * Makefile.in: added visudo.8 generation - -1994-09-21 14:07 millert - - * configure.in: added -Wl,-bI:./aixcrypt.exp to aix flags - -1994-09-20 19:39 millert - - * BUGS: added one - -1994-09-20 19:39 millert - - * CHANGES: updated - -1994-09-20 19:38 millert - - * README: added mailing list info - -1994-09-20 19:37 millert - - * parse.yacc: now use sudolineno instead of yylineno fixed bison - warnings - -1994-09-20 19:37 millert - - * configure.in: now use -no_library_replacement for osf don't make - a static binary for hpux >= 9.0 - -1994-09-20 19:21 millert - - * tgetpass.c: added string.h/strings.h inclusion - -1994-09-20 19:21 millert - - * config.h.in: added ssize_t def - -1994-09-20 19:18 millert - - * parse.lex: added inclusion of string.h/strings.h - -1994-09-20 18:48 millert - - * aclocal.m4: fixed uname | sed (needed to quote the '[') - -1994-09-20 18:42 millert - - * parse.lex: replaced yylineno with sudolineno fixed bison syntax - errors - -1994-09-20 18:13 millert - - * visudo.c: changed yylineno to sudolineno since yylineno cannot be - counted upon. - -1994-09-20 18:10 millert - - * TODO: updated - -1994-09-20 17:52 millert - - * parse.c: added code to support command listings - -1994-09-20 17:36 millert - - * sudo.c: added code for -l flag - -1994-09-20 17:35 millert - - * sudo.man: fixed typo added info for -l flag - -1994-09-20 14:45 millert - - * configure.in: AC_SSIZE_T -> SUDO_SSIZE_T - -1994-09-20 14:45 millert - - * aclocal.m4: added SUDO_SSIZE_T - -1994-09-20 14:44 millert - - * sudo.h: added MODE_LIST - -1994-09-20 14:43 millert - - * configure.in: added AC_SSIZE_T - -1994-09-19 20:53 millert - - * find_path.c, sudo_realpath.c: readlink() is now declared as - returning ssize~_t - -1994-09-19 20:44 millert - - * configure.in: added -laud for OSF c2 - -1994-09-02 15:55 millert - - * config.h.in, parse.lex, parse.yacc, pathnames.h.in, visudo.c, - Makefile.in: changed sudo-bugs.cs.colorado.edu -> - sudo-bugs@cs.colorado.edu - -1994-09-02 15:54 millert - - * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c, - parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c, - sudo_setenv.c, tgetpass.c, version.h: changed - sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed - -1994-09-01 15:56 millert - - * Makefile.in: ++version - -1994-09-01 15:55 millert - - * version.h: ++ - -1994-09-01 15:55 millert - - * logging.c: added host to alertmail messages - -1994-09-01 15:55 millert - - * CHANGES, TODO: udpated - -1994-09-01 15:26 millert - - * logging.c: fixed logging problem where mail would not say which - user it was - -1994-09-01 13:45 millert - - * configure.in: added -laud for gcc if osf & c2 - -1994-09-01 13:39 millert - - * check.c: moved set_auth_parameters to sudo.c - -1994-09-01 13:38 millert - - * sudo.c: added set_auth_parameters for osf - -1994-09-01 13:22 millert - - * configure.in: cleaned up -static stuff - -1994-09-01 13:15 millert - - * Makefile.in: ++version - -1994-09-01 13:15 millert - - * version.h: ++ - -1994-09-01 13:15 millert - - * sudo.c: changed setenv() to sudo_setenv() - -1994-09-01 13:12 millert - - * check.c: fixed osf problem - -1994-08-31 22:17 millert - - * configure.in: added OSF C2 stuff - -1994-08-31 22:00 millert - - * CHANGES: updated - -1994-08-31 21:56 millert - - * check.c: added osf auth support & removed some extra spaces - -1994-08-31 21:52 millert - - * INSTALL, SUPPORTED: added osf C2 stuff - -1994-08-31 19:52 millert - - * TODO: added 2 suggestions - -1994-08-31 19:33 millert - - * Makefile.in: removed README.v1.3.1 and added VERSION stuff - -1994-08-31 18:48 millert - - * version.h: pl1 - -1994-08-30 18:31 millert - - * version.h: 1.3.1final - -1994-08-30 18:30 millert - - * Makefile.in: added HISTORY - -1994-08-30 18:30 millert - - * sudo.man: mention HISTPRY file - -1994-08-30 18:30 millert - - * sudo.c: use sizeof instead of a constant in 1 place - -1994-08-30 18:30 millert - - * parse.yacc: added unistd.h - -1994-08-30 18:29 millert - - * parse.lex: added unistd.h - -1994-08-30 18:27 millert - - * README: udpated - -1994-08-30 18:15 millert - - * HISTORY: Initial revision - -1994-08-17 12:45 millert - - * version.h: ++ - -1994-08-17 12:39 millert - - * CHANGES: updated - -1994-08-17 12:36 millert - - * sudo_setenv.c: added unistd.h include - -1994-08-16 15:46 millert - - * sudo.c: added sys/time.h for AIX - -1994-08-14 21:22 millert - - * configure.in: added check for -lsocket and sys/sockio.h - -1994-08-14 21:21 millert - - * config.h.in: took out libshadow check and added in sys/sockio.h - check - -1994-08-14 21:21 millert - - * sudo.c: now include sockio.h instead of ioctl.h if it exists - "sudo -" now gets a better error message - -1994-08-14 20:47 millert - - * sample.sudoers: now has a dir and subnet entry - -1994-08-13 18:15 millert - - * sudo.c: removed if_ether.h - -1994-08-13 17:16 millert - - * TODO: added an item - -1994-08-13 17:15 millert - - * sudo.man: added network and ip addresses to man page - -1994-08-13 17:09 millert - - * sudo.c: no error if can't get interfaces or netmask since - networking may not be in the kernel. - -1994-08-13 17:08 millert - - * parse.c: nwo check for interfaces == NULL - -1994-08-12 21:22 millert - - * parse.c: fixed a bug that caused directory specs in a Cmnd_Alias - to fail if the last entry in the spec failed (ie: it was only - looking at the last entry). CLeaned things up by adding the - cmndcmp() function--all neat & tidy - -1994-08-12 21:21 millert - - * CHANGES: added one - -1994-08-11 23:42 millert - - * sudo.c: now do two passes to skip bogus interfaces (lo0, etc) - -1994-08-11 21:58 millert - - * logging.c, sudo_realpath.c, sudo_setenv.c: added ninclude of - netinet/in.h - -1994-08-11 21:58 millert - - * check.c, find_path.c, getcwd.c, getwd.c, parse.lex, parse.yacc, - visudo.c: added include of netinet/in.h - -1994-08-11 21:57 millert - - * version.h: ++ - -1994-08-11 21:57 millert - - * sudo.h: added interfaces global - -1994-08-11 21:56 millert - - * parse.c: now uses new interfaces global - -1994-08-11 21:56 millert - - * sudo.c: now ip addresses are gleaned fw/o dns - -1994-08-10 19:21 millert - - * sudo.c: added load_ip_addrs() to load the ip_addrs global var - -1994-08-10 19:21 millert - - * parse.c: added hostcmp() to compare hostnames, ip addrs, and - network addrs - -1994-08-10 19:20 millert - - * sudo.h: added ip_addrs def added load_ip_addrs prototype - -1994-08-08 16:03 millert - - * CHANGES: updated - -1994-08-08 15:57 millert - - * Makefile.in: removed multiple entries in DISTFILES - -1994-08-08 13:05 millert - - * visudo.c: ansified the !STDC_HEADERS decls - -1994-08-08 13:05 millert - - * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: don't do - malloc decl if gnuc - -1994-08-08 13:04 millert - - * sudo.c: can't use getopt(3) since it munges args to the command - to be run as root don't do malloc decl if gnuc - -1994-08-08 00:41 millert - - * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c, - sudo_realpath.c, sudo_setenv.c: ansi-fied !STDC_HEADER function - prottypes - -1994-08-08 00:27 millert - - * getcwd.c, getwd.c: added missing paren - -1994-08-08 00:23 millert - - * Makefile.in: added putenv.c to DISTFILES - -1994-08-08 00:08 millert - - * sudo_setenv.c: added params to func decls when STDC_HEADERS is - not defined now can count on putenv() being there - -1994-08-08 00:08 millert - - * sudo_realpath.c: took out errno decl since sudo.h does it for us - fixed up a next cc warning added params to func decls when - STDC_HEADERS is not defined - -1994-08-08 00:07 millert - - * sudo.h: took out environ extern added local declaratio of - putenv() if local version is needed - -1994-08-08 00:05 millert - - * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: added params to - func decls when STDC_HEADERS is not defined - -1994-08-08 00:04 millert - - * config.h.in: added memcpy check check to see that ansi vs bsd - macros are ntot already defiend before defining (ie: avoid - redefinition) - -1994-08-08 00:03 millert - - * configure.in: removed fluff setenv check plus check w/ replace - for putenv if also no setenv - -1994-08-08 00:01 millert - - * putenv.c: Initial revision - -1994-08-06 19:19 millert - - * sudo_setenv.c: Initial revision - -1994-08-06 19:19 millert - - * sudo.h: rm'd s realp[ath added sudo_realpath and sudo_setenv - -1994-08-06 19:19 millert - - * sudo.c: now use sudo_setenvc - -1994-08-06 19:18 millert - - * configure.in: added puteenv and setenv, removed realpath - -1994-08-06 19:18 millert - - * config.h.in: added putenv & setenv - -1994-08-06 19:18 millert - - * Makefile.in: added sudo_setenv - -1994-08-06 19:16 millert - - * version.h: ++ - -1994-08-05 19:43 millert - - * configure.in: added MAN_POSTINSTALL and /usr/share/catman for - irix - -1994-08-05 19:43 millert - - * Makefile.in: added MAN_POSTINSTALL - -1994-08-05 19:43 millert - - * CHANGES: added - -1994-08-05 19:10 millert - - * sudo.man: added SUDO_* plus new options - -1994-08-05 19:10 millert - - * CHANGES: added one - -1994-08-05 19:07 millert - - * configure.in: took out shadow lib - -1994-08-05 18:35 millert - - * TODO: adde done - -1994-08-05 17:52 millert - - * visudo.c: now use yyrestart() if flex now reset yylineno to 0 - -1994-08-05 17:49 millert - - * Makefile.in: support for installing a cat page instead of a man - page if no nroff - -1994-08-05 17:48 millert - - * configure.in: now defines HAVE_FLEX fixed up man stuff so that it - looks for nroff to determine whether or not to install a cat or - man page - -1994-08-05 17:48 millert - - * config.h.in: added HAVE_FLEX - -1994-08-05 16:14 millert - - * sudo.c: not set ret to MODE_RUN initially - -1994-08-05 16:12 millert - - * find_path.c: made command (and therefor cmnd dynamically - allocated) - -1994-08-04 20:25 millert - - * TODO: did #8 - -1994-08-04 20:24 millert - - * version.h: ++ - -1994-08-04 20:24 millert - - * sudo_realpath.c: changed bufs from MAXPATHLEN to MAXPATHLEN+1 - -1994-08-04 20:24 millert - - * sudo.h: added MODE_ removed validate_only and added - remove_timestamp() - -1994-08-04 20:22 millert - - * sudo.c: usage() now takes an int (exit value) added parse_args() - to parse command line arguments moved call to find_path() from - load_globals to new function load_cmnd() removed validate_only - global -- now use the concept of "modes" added -h and -k options - -1994-08-04 20:21 millert - - * parse.c: no longer use global validate_only now checks for - command called "validate" removed check for non-fully qualified - commands since that is done by find_path - -1994-08-04 20:20 millert - - * find_path.c: changed MAXPATHLEN r to MAXPATHLEN+1 - -1994-08-04 20:17 millert - - * find_path.c: fixed off by one error with MAXPATHLEN and fixed a - comment - -1994-08-04 20:17 millert - - * check.c: check_timestamp no longer runs reminder(), it is implied - in the return val added remove_timestamp() - -1994-08-04 20:16 millert - - * CHANGES: updated - -1994-08-04 16:38 millert - - * BUGS: fixed on - -1994-08-04 16:38 millert - - * sudo_realpath.c: took out old_errno - -1994-08-04 16:37 millert - - * CHANGES: updated - -1994-08-03 12:08 millert - - * logging.c: moved send_mail to after syslog - -1994-08-02 22:41 millert - - * sudo.c: now set SUDO_ envariables - -1994-08-01 13:40 millert - - * version.h: ++ - -1994-08-01 13:39 millert - - * sudo_realpath.c: now print error if chdir fails - -1994-08-01 13:39 millert - - * find_path.c: removed an XXX - -1994-07-25 20:40 millert - - * CHANGES: updated - -1994-07-25 20:36 millert - - * configure.in: no more static binaries for aix - -1994-07-25 18:37 millert - - * INSTALL: fixed typo - -1994-07-25 18:33 millert - - * sudo_realpath.c: took out stuff not needed for sudo now does - be_root/be_user itself now uses cwd global - -1994-07-25 18:32 millert - - * version.h: +=2 - -1994-07-25 18:31 millert - - * logging.c, sudo.c: be_root/be_user is now down in sudo_realpath() - -1994-07-25 18:26 millert - - * logging.c, sudo.h: now works with 4.2BSD syslog (blech) - -1994-07-25 18:25 millert - - * find_path.c: now use sudo_realpath() - -1994-07-25 18:25 millert - - * config.h.in: took out realpth() stuff since we now use - sudo_realpath() - -1994-07-25 18:25 millert - - * configure.in: ultrix enhanced sec - -1994-07-25 18:25 millert - - * SUPPORTED: added ultrix enhanced sec. - -1994-07-25 18:24 millert - - * INSTALL: updated - -1994-07-25 18:21 millert - - * check.c: ultrix enhanced security suport - -1994-07-25 18:20 millert - - * Makefile.in: added sudo_realpath.c - -1994-07-25 18:18 millert - - * CHANGES: updated - -1994-07-25 14:28 millert - - * tgetpass.c: increased passwd len to 24 for c2 security - -1994-07-25 13:17 millert - - * BUGS: updated BUGS - -1994-07-15 11:49 millert - - * check.c: now use user global var - -1994-07-15 11:48 millert - - * configure.in: took out -ls - -1994-07-14 19:11 millert - - * configure.in: added AFS libs - -1994-07-14 17:45 millert - - * sudo.h: user is now a char * added epasswd - -1994-07-14 17:43 millert - - * sudo.c: added tzset() to load_globals added epasswd (encrypted - password) global made user dynamically allocated - -1994-07-14 17:43 millert - - * configure.in: added tzset test - -1994-07-14 17:43 millert - - * config.h.in: added HAVE_TZSET - -1994-07-14 17:42 millert - - * check.c: cleaned up encrypted passwd grab somewhat - -1994-07-14 12:34 millert - - * configure.in: fixed AFS typo - -1994-07-14 12:34 millert - - * INSTALL: added AFS not - -1994-07-14 12:34 millert - - * CHANGES: udpated - -1994-07-14 12:33 millert - - * logging.c: can now log to both syslog & a file - -1994-07-14 12:12 millert - - * sudo.h: added BOTH_LOGS - -1994-07-14 11:34 millert - - * CHANGES: updated - -1994-07-14 11:32 millert - - * configure.in: --with-AFS - -1994-07-14 11:32 millert - - * config.h.in: added HAVE_AFS - -1994-07-14 11:31 millert - - * check.c: added afs changes - -1994-07-14 11:21 millert - - * sudo.h: removed AFS stuff :-) - -1994-07-14 11:19 millert - - * tgetpass.c: include sys/select for AIX - -1994-07-14 11:17 millert - - * sudo.h: added AFS - -1994-07-14 11:16 millert - - * version.h: ++ - -1994-07-07 14:45 millert - - * SUPPORTED, CHANGES: updated - -1994-07-07 14:44 millert - - * logging.c: can now have MAILER undefined - -1994-07-07 14:37 millert - - * INSTALL: new sub-note about MAILER - -1994-07-06 23:11 millert - - * sudo.man: added blurb about password timeout - -1994-07-06 20:52 millert - - * configure.in: convex c2 changes - -1994-07-06 20:52 millert - - * aclocal.m4: took out duplicate define of _CONVEX_SOURCE - -1994-07-06 20:51 millert - - * Makefile.in: added OSDEFS - -1994-07-06 20:46 millert - - * config.h.in: added spaces - -1994-07-06 20:08 millert - - * tgetpass.c: added a goto if fgets fails - -1994-07-06 20:08 millert - - * sudo.h: use __hpux not hpux convex c2 stuff - -1994-07-06 20:08 millert - - * sudo.c: use __hpux not hpux - -1994-07-06 20:08 millert - - * logging.c: convex c2 stuff - -1994-07-06 20:07 millert - - * config.h.in: define ansi-ish cpp os defines if non-ansi are - defined for hpux & convex - -1994-07-06 20:07 millert - - * INSTALL: updated to say we support sonvex C2 - -1994-07-06 20:05 millert - - * check.c: added convex c2 support - -1994-07-01 12:06 millert - - * tgetpass.c: no more ioctl never returns NULL uses fgets() and - select() to timeout - -1994-06-29 17:04 millert - - * configure.in: things were testing -n "$GCC" instead of -z "$GCC" - -1994-06-29 16:39 millert - - * tgetpass.c: now works + uses fgets() - -1994-06-28 18:25 millert - - * tgetpass.c: select doesn't seem to recognize a single '\n' as - input waiting so we can;t use it, sigh. - -1994-06-26 16:38 millert - - * PORTING: updated tgetpass() blurb - -1994-06-26 16:35 millert - - * configure.in: added --with-getpass - -1994-06-26 16:35 millert - - * Makefile.in: added tgetpass stuff - -1994-06-26 15:25 millert - - * tgetpass.c: now uses stdio - -1994-06-26 15:17 millert - - * version.h: ++ - -1994-06-24 19:48 millert - - * PORTING: updated ,. - -1994-06-24 19:46 millert - - * config.h.in: added USE_GETPASS && HAVE_C2_SECURITY - -1994-06-24 19:45 millert - - * configure.in: fixed a test aded --with-C2 and --with-tgetpass - -1994-06-24 19:45 millert - - * check.c: added hpux C2 shit - -1994-06-24 19:45 millert - - * Makefile.in: took out tgetpass.* - -1994-06-24 19:45 millert - - * INSTALL: added C2 blurb - -1994-06-13 15:54 millert - - * configure.in: no termio(s) for ultrix since it is broken - -1994-06-13 15:41 millert - - * check.c: added a space (yeah, anal) - -1994-06-13 15:17 millert - - * realpath.c, sudo_realpath.c: fixed it (duh, rtfm) - -1994-06-08 14:34 millert - - * config.h.in: took out bsd signal stuff for irix - -1994-06-08 14:26 millert - - * visudo.c: comments in #endif - -1994-06-08 14:09 millert - - * configure.in: don't define BSD signals for irix - -1994-06-08 12:57 millert - - * TODO: did some... - -1994-06-08 12:57 millert - - * CHANGES: updated - -1994-06-08 12:56 millert - - * realpath.c, sudo_realpath.c: took out unneeded code by changing - where a strings was terminated - -1994-06-07 19:21 millert - - * realpath.c, sudo_realpath.c: fix bug where /dirname would return - NULL - -1994-06-07 17:40 millert - - * sudo.h: move __P to config.h - -1994-06-07 17:40 millert - - * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: added errno - definition - -1994-06-07 17:40 millert - - * config.h.in: added __P - -1994-06-07 17:21 millert - - * config.h.in: added HAVE_FCHDIR - -1994-06-07 17:18 millert - - * strdup.c: now include stdio - -1994-06-07 14:55 millert - - * realpath.c, sudo_realpath.c: now works if no fchdir - -1994-06-07 14:55 millert - - * visudo.c: define SA_RESETHAND to null if not defined - -1994-06-07 14:54 millert - - * configure.in: added check & replace - -1994-06-06 20:05 millert - - * configure.in: took out -static for nextstep -- it doesn't work - -1994-06-06 19:59 millert - - * logging.c: moved #endif to where it belongs - -1994-06-06 19:54 millert - - * SUPPORTED: correction - -1994-06-06 19:42 millert - - * configure.in: now checks for strdup realpath getcwd bzero - -1994-06-06 19:31 millert - - * config.h.in: emulate bzero - -1994-06-06 16:57 millert - - * visudo.c: added posic signals - -1994-06-06 16:57 millert - - * tgetpass.c: bzero cast - -1994-06-06 16:57 millert - - * logging.c: added posix signals - -1994-06-06 16:56 millert - - * configure.in: removed BROKEN_GETPASS added new srcs toreplace - missing functions - -1994-06-06 16:56 millert - - * config.h.in: added posix signal stuff - -1994-06-06 16:56 millert - - * Makefile.in: added new srcs - -1994-06-06 12:53 millert - - * visudo.c: updated useag - -1994-06-06 12:39 millert - - * tgetpass.c: now uses posix signals - -1994-06-05 20:17 millert - - * PORTING: updated sto reflect major changes - -1994-06-05 20:05 millert - - * TODO, CHANGES: updated - -1994-06-05 20:04 millert - - * tgetpass.c: uses sysconf() if available - -1994-06-05 20:04 millert - - * sudo.h: added PASSWORD_TIMEOUT + prototypes for new functions - -1994-06-05 20:04 millert - - * realpath.c, sudo_realpath.c: for those w/o this in libc - -1994-06-05 20:03 millert - - * getcwd.c, getwd.c: Initial revision - -1994-06-05 20:03 millert - - * find_path.c: rewrote to use realpath(3) - nis now all my code - -1994-06-05 20:02 millert - - * config.h.in: added HAVE_REALPATH - -1994-06-05 20:02 millert - - * check.c: now use tgetpass - -1994-06-05 20:02 millert - - * Makefile.in: added LIBOBJS use tgetpass.c - -1994-06-05 18:55 millert - - * tgetpass.c: works now :-) - -1994-06-05 18:27 millert - - * tgetpass.c: Initial revision - -1994-06-05 17:17 millert - - * pathnames.h.in: added /dev/tty - -1994-06-04 17:12 millert - - * version.h: incremented - -1994-06-04 15:29 millert - - * sudo.c: always use getcwd - -1994-06-04 14:49 millert - - * config.h.in: added check for getwd - -1994-06-04 14:48 millert - - * configure.in: replace strdup & realpath & getcwd if missing - -1994-06-04 14:47 millert - - * pathnames.h.in: added _PATH_PWD - -1994-06-04 14:46 millert - - * aclocal.m4: added SUDO_PROG_PWD - -1994-06-04 14:37 millert - - * realpath.c, sudo_realpath.c, strdup.c: Initial revision - -1994-06-03 11:31 millert - - * configure.in: quoted quare brackets - -1994-06-02 17:49 millert - - * sudo.c: no need to strdup() a constant - -1994-06-02 15:45 millert - - * CHANGES: updated - -1994-06-02 15:44 millert - - * sudo.man: added validate - -1994-06-02 15:42 millert - - * sudo.c: added -v to usage - -1994-06-02 15:41 millert - - * parse.c, sudo.c, sudo.h: added validate_only stuff - -1994-05-29 21:29 millert - - * configure.in: now finds sed - -1994-05-29 21:28 millert - - * aclocal.m4: $OSREV is now an int - -1994-05-29 19:13 millert - - * configure.in: added mtxinu to caser - -1994-05-29 18:37 millert - - * sudo.h: added EXEC macro - -1994-05-29 18:36 millert - - * sudo.c: now use the EXEC nmacro now only do a gethostbyname() if - FQDN is set - -1994-05-29 18:36 millert - - * logging.c: changed mail_argv[] def now use EXEC() macro - -1994-05-29 18:35 millert - - * check.c: took out crypt() definition - -1994-05-29 17:23 millert - - * version.h: upped the version - -1994-05-29 15:52 millert - - * configure.in: always look for -lnsl - -1994-05-29 15:29 millert - - * aclocal.m4: added an echo - -1994-05-29 15:25 millert - - * sudo.h: SHORT_MESSAGE is now the default - -1994-05-29 15:18 millert - - * config.h.in: fixed typo - -1994-05-29 01:29 millert - - * configure.in: added missing AC_DEFINE(SVR4) for solaris - -1994-05-28 20:42 millert - - * sudo.man: documented the -v flag - -1994-05-28 20:34 millert - - * SUPPORTED: updated - -1994-05-28 20:31 millert - - * check.c: proto-ized crypt() - -1994-05-28 20:28 millert - - * config.h.in: added LIBSHADOW undef - -1994-05-28 20:18 millert - - * configure.in: nwo set OS to be lowercase - -1994-05-28 19:36 millert - - * configure.in: now use SUDO_OSTYPE to set $OS - -1994-05-28 19:36 millert - - * aclocal.m4: now use uname to determine os - -1994-05-28 16:23 millert - - * visudo.c: added prototypes & moved sig handler around - -1994-05-28 15:13 millert - - * sudo.h: added prototyppes - -1994-05-28 15:13 millert - - * parse.c: added comment - -1994-05-28 15:12 millert - - * config.h.in: nwo use _BSD_SIGNALS not _BSD_COMPAT - -1994-05-28 15:11 millert - - * check.c, logging.c, sudo.c: added prototypes - -1994-05-28 15:11 millert - - * aixcrypt.exp: Initial revision - -1994-05-28 15:11 millert - - * Makefile.in: added aixcrypt.exp - -1994-05-28 13:21 millert - - * parse.lex, parse.yacc: moved config.h to top of includes - -1994-05-25 15:48 millert - - * find_path.c: now don't bitch if get EACCESS (treat like EPERM) - -1994-05-24 23:08 millert - - * visudo.c: added -v flag and usage() - -1994-05-24 23:08 millert - - * version.h: fixed a typo - -1994-05-24 23:08 millert - - * sudo.c: cast Argv to a const for exec added -v flag - -1994-05-24 23:07 millert - - * logging.c: mail_argv is now a const - -1994-05-24 23:07 millert - - * configure.in: only set RETSIGTYPE if it is not set already - -1994-05-24 23:07 millert - - * aclocal.m4: now defines & STDC_HEADERS for Irix - -1994-05-24 23:07 millert - - * Makefile.in: added version.h - -1994-05-24 21:25 millert - - * insults.h, sudo.h: prevent multiple inclusion - -1994-05-24 21:20 millert - - * version.h: Initial revision - -1994-05-24 21:09 millert - - * parse.lex, parse.yacc: now includes config.h - -1994-05-24 20:54 millert - - * aclocal.m4: now talks about sunos 4.x - -1994-05-24 20:23 millert - - * visudo.c: calls to Exit now pass an arg - -1994-05-24 18:00 millert - - * visudo.c: signal handler now takes an int argument - -1994-05-24 18:00 millert - - * CHANGES: updated - -1994-05-24 17:44 millert - - * sudo.c: ok, the getcwd() is now *really* done as the user - -1994-05-24 17:44 millert - - * configure.in: changed AIX STATIC_FLAGS - -1994-05-24 16:27 millert - - * aclocal.m4: solaris now defines SVR4 - -1994-05-24 16:18 millert - - * sudo.h: added cwd and fixed stupid core dump that makes no sense. - sigh. - -1994-05-24 16:18 millert - - * sudo.c: moved getcwd stuff into load_globals - -1994-05-24 16:18 millert - - * parse.c: took out externs that are in suod.h - -1994-05-24 16:18 millert - - * logging.c: moved cwd into load_globals - -1994-05-24 16:17 millert - - * find_path.c: moved cwd stuff - -1994-05-24 15:55 millert - - * Makefile.in: fixed make distclean & realclean - -1994-05-24 12:51 millert - - * TODO: updated ., - -1994-05-24 12:51 millert - - * CHANGES: added solaris changes - -1994-05-24 12:51 millert - - * aclocal.m4: added solaris changes, need to rework - -1994-05-24 12:50 millert - - * configure.in: cleaned up for solaris - -1994-05-24 12:13 millert - - * logging.c: reinstall reapchild signal handler for non-bsd signals - -1994-05-24 12:03 millert - - * sudo.h: took out getdtablesize() emulation for HP-UX (no longer - needed) - -1994-05-24 12:03 millert - - * sudo.c: support for HAVE_SYSCONF - -1994-05-24 12:02 millert - - * visudo.c: added for solaris & reorg'd the includes + - minor prettying up / - -1994-05-23 20:26 millert - - * config.h.in: added HAVE_SYSCONF - -1994-05-16 18:57 millert - - * configure.in: now tells you what os you are running /. - -1994-05-16 18:56 millert - - * aclocal.m4: took out extra ',' - -1994-05-14 17:56 millert - - * config.h.in: added _BSD_COMPAT - -1994-05-14 17:56 millert - - * aclocal.m4: fixed for irix5 - -1994-05-14 17:55 millert - - * CHANGES: updated - -1994-05-14 17:27 millert - - * sudo.c: uid seinitialized to -2 - -1994-04-28 12:36 millert - - * sudo.c: now removes LIBPATH for AIX - -1994-03-12 20:41 millert - - * configure.in: now uses ufc if it finds it - -1994-03-12 17:42 millert - - * sudo.h: no longer define yyval & yylval since yacc does it - -1994-03-12 17:42 millert - - * parse.lex: now defines yylval as extenr - -1994-03-12 17:41 millert - - * configure.in: BROKEN_GETPASS is now an OPTION - -1994-03-12 17:41 millert - - * config.h.in: took out BROKEN_GETPASS - -1994-03-12 17:20 millert - - * Makefile.in: took out big comment - -1994-03-12 16:24 millert - - * README: updated - -1994-03-12 16:20 millert - - * Makefile.in: took out README.beta - -1994-03-12 16:19 millert - - * SUPPORTED: Initial revision - -1994-03-12 16:19 millert - - * INSTALL: now reference SUPPORTED ., - -1994-03-12 16:17 millert - - * config.h.in: now check for convex OR __convex__ - -1994-03-12 16:16 millert - - * aclocal.m4: now check for convex or __convex__ - -1994-03-12 16:15 millert - - * Makefile.in: added dist target - -1994-03-12 15:19 millert - - * aclocal.m4: use __convex__ - -1994-03-12 14:33 millert - - * find_path.c: now use _S_* stat stuff to be ansi-like - -1994-03-12 14:11 millert - - * INSTALL: updated for configure directions - -1994-03-12 14:05 millert - - * Makefile.in: distclean now removes config.h and pathnames.h - -1994-03-12 14:03 millert - - * CHANGES: updated - -1994-03-12 14:00 millert - - * TODO: fixed typoe - -1994-03-12 13:57 millert - - * Makefile.in, visudo.c: updated version - -1994-03-12 13:57 millert - - * config.h.in, pathnames.h.in: added copyright header - -1994-03-12 13:55 millert - - * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex, - parse.yacc, sudo.c, sudo.h: udpated version - -1994-03-12 13:39 millert - - * visudo.c: udpated to use configure + pathnames.h - -1994-03-12 13:37 millert - - * Makefile.in, config.h.in, configure.in, aclocal.m4: updated - -1994-03-12 13:37 millert - - * sudo.h: now works with configure - -1994-03-12 13:36 millert - - * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c: - updated to work with configure + pathnames.h - -1994-03-12 10:40 millert - - * Makefile.in: added LEXLIB - -1994-03-10 03:18 millert - - * COPYING: updated gnu general licence to versio 2 - -1994-03-10 02:44 millert - - * pathnames.h.in, config.h.in: Initial revision - -1994-03-10 01:43 millert - - * sudo.h: changed to work with configure - -1994-03-09 18:51 millert - - * Makefile.in, aclocal.m4, configure.in: Initial revision - -1994-03-09 17:36 millert - - * visudo.c: now uses defines used by configure - -1994-03-01 16:31 millert - - * find_path.c: sudo won't bitch about EPERM now, for real - -1994-02-28 00:36 millert - - * logging.c: renamed exec_argv to eliminate a libc name clash with - ksros - -1994-02-28 00:28 millert - - * CHANGES: corrected - -1994-02-28 00:27 millert - - * logging.c, sudo.c, sudo.h: execve -> execv - -1994-02-27 23:27 millert - - * TODO: upated - -1994-02-27 23:19 millert - - * PORTING: added 2 mroe items - -1994-02-27 23:12 millert - - * CHANGES: updated - -1994-02-27 23:11 millert - - * sudo.h: added UMASK and mode_t declaration - -1994-02-27 23:11 millert - - * sudo.c: added UMASK - -1994-02-27 20:55 millert - - * logging.c: now opens log file with mode 077 - -1994-02-27 20:55 millert - - * check.c: saved current umask ans restores it - -1994-02-27 20:36 millert - - * sudo.h: added MAXLOGFILELEN - -1994-02-27 20:35 millert - - * logging.c: split long log lines. FOr syslog, split into multiple - entries, for a log file, indent the extra for readability - -1994-02-27 17:22 millert - - * CHANGES: added changes - -1994-02-27 17:18 millert - - * sudo.h: MAXLOGLEN & MAXSYSLOGLEN are now different (as they - should be) - -1994-02-25 16:04 millert - - * TODO: added input from Brett M Hogden - -1994-02-16 13:35 millert - - * sudo.c: added rmenv() to remove stuff from environ. can now uses - execvp() OR execve() becuase of this. - -1994-02-16 13:35 millert - - * logging.c: now uses execvp() OR execve() - -1994-02-16 13:31 millert - - * sudo.h: added USE_EXECVE - -1994-02-16 13:27 millert - - * sudo.h: added environ - -1994-02-16 12:53 millert - - * find_path.c: now ignore EPERM - -1994-02-15 23:52 millert - - * sudo.h: moved some func decls out of sudo.h and into sudo.c as - statics /. - -1994-02-15 23:52 millert - - * CHANGES: updated - -1994-02-15 23:40 millert - - * sudo.h: took out Envp - -1994-02-14 12:28 millert - - * BUGS: Initial revision - -1994-02-10 14:29 millert - - * sudo.c, sudo.h, CHANGES: added SECURE_PATH - -1994-02-10 14:05 millert - - * sudo.h: added SECURE_PATH - -1994-02-10 13:50 millert - - * INSTALL: added sample.sudoers note - -1994-02-10 13:47 millert - - * sudoers: Initial revision - -1994-02-09 14:54 millert - - * find_path.c: fixed typo - -1994-02-08 23:06 millert - - * PORTING: took out SAVED_UID garbage - -1994-02-08 22:55 millert - - * INSTALL: mentioned HAL - -1994-02-08 22:50 millert - - * sudo.h: added HAL line - -1994-02-08 22:48 millert - - * insults.h: added HAL insults - -1994-02-08 22:48 millert - - * TODO: updated - -1994-02-08 22:02 millert - - * logging.c: more verbose error if mailer not found - -1994-02-08 22:02 millert - - * check.c: now do getpwent as root for soem shadow password systems - (bsdi) - -1994-02-08 13:22 millert - - * sudo.h: took out SAVED_UID garbade - -1994-02-08 13:21 millert - - * sudo.c: took out SAVED_UID garbage since it don't work - -1994-02-06 17:43 millert - - * README: updated - -1994-02-06 17:40 millert - - * insults.h: added a missing space :-) - -1994-02-05 19:48 millert - - * sudo.c, sudo.h: took out multimax cruft - -1994-02-05 19:30 millert - - * INSTALL: minor update - -1994-02-05 19:30 millert - - * PORTING: finished - -1994-02-05 19:19 millert - - * sudo.c: fixed a typo + indentation - -1994-02-05 18:43 millert - - * sudo.h: took outumoved some defines to the config file ,. ,. - -1994-02-05 15:17 millert - - * PORTING: Initial revision - -1994-02-05 15:17 millert - - * TODO: did #6 - -1994-02-05 15:16 millert - - * sudo.h: added HAS_SAVED_UID - -1994-02-05 15:16 millert - - * sudo.c: put back AIX cruft - -1994-02-03 00:44 millert - - * sudo.c: aix changes - -1994-02-02 01:31 millert - - * CHANGES: updated - -1994-02-02 01:30 millert - - * check.c, logging.c, parse.c, sudo.c, sudo.h: now is only root - when abs necesary - -1994-02-01 22:21 millert - - * check.c: added missing %s\n - -1994-01-31 02:06 millert - - * install-sh: Initial revision - -1994-01-31 01:58 millert - - * CHANGES, TODO: updated - -1994-01-31 01:56 millert - - * sudo.c: now removed _RLD_* for alphas - -1994-01-31 01:50 millert - - * INSTALL: updated for new config scheme - -1994-01-30 19:42 millert - - * find_path.c: more verbose eror messages - -1994-01-27 14:08 millert - - * TODO: now have solaris - -1994-01-27 14:07 millert - - * sudo.h: define __svr4__ for SOLARIS - -1994-01-27 14:07 millert - - * check.c: added svr4 junk for shadow pws for solaris 2.x - -1994-01-27 13:19 millert - - * check.c, sudo.c: took out setuid(0) and setreuid(udi) garbage. - Its not needed since we start out setuid with the correct perms. - -1994-01-26 19:51 millert - - * check.c, sudo.c, sudo.h: now use setreuid() - -1994-01-26 18:58 millert - - * sudo.man: revised AUTHORS secrtion & added ENV_EDITOR stuff to - VARIABLES sectoin - -1994-01-26 18:52 millert - - * visudo.c: now uses ENV_EDITOR if you want to use the EDITOR envar - -1994-01-26 18:52 millert - - * sudo.h: now uses ENV_EDITOR if you want to use the EDITOR envar - >> . - -1993-12-07 01:33 millert - - * README: minor update + spell fix - -1993-12-07 01:33 millert - - * INSTALL: rewrote most of this - -1993-12-07 01:13 millert - - * sudo.h: added all options that are in the Makefile - -1993-12-07 00:23 millert - - * getpass.c: now use USE_TERMIO #define for sgi & hpux - -1993-12-06 23:19 millert - - * TODO: todo: posix sigs - -1993-12-06 01:12 millert - - * check.c, find_path.c: always include strings.h - -1993-12-05 20:34 millert - - * visudo.c: added STATICEDITOR - -1993-12-05 20:30 millert - - * sudo.h: sgi has vi in /usr/bin too - -1993-12-05 20:23 millert - - * sudo.man: added VISUAL - -1993-12-02 22:20 millert - - * sudo.h: sue /usr/bin/vi on some systems - -1993-12-02 22:19 millert - - * sudo.c: fixed warning (include strings.h) - -1993-12-02 22:06 millert - - * sudo.man: added John_Rouillard@dl5000.bc.edu's changes (new - features) - -1993-12-02 21:38 millert - - * CHANGES: changes from John_Rouillard@dl5000.bc.edu - -1993-12-02 21:35 millert - - * visudo.c: added EDITOR envar - -1993-12-02 21:34 millert - - * check.c, find_path.c, parse.c, sudo.c: added patches from - John_Rouillard directory spec uses EDITOR - -1993-12-01 19:32 millert - - * getpass.c: added flush for hpux - -1993-11-30 13:37 millert - - * sudo.c: no longer assume malloc returns a char * - -1993-11-29 20:35 millert - - * sudo.c: alpha change to remove LD_-like thing fixed SHLIB_PATH - stuff -- now gets removed correctly - -1993-11-29 19:31 millert - - * sudo.h: added STD_HEADERS macro - -1993-11-29 19:14 millert - - * sudo.c: now uses STD_HEADERS macor for ansi - -1993-11-29 19:14 millert - - * find_path.c: now uses STD_HEADERS macro - -1993-11-29 19:13 millert - - * check.c: niceties for C compiler bitches -- no real change - -1993-11-29 13:04 millert - - * visudo.c: now doesn't fclose a file never opened. - -1993-11-28 16:35 millert - - * sudo.man: added visudo line - -1993-11-28 16:31 millert - - * sudo.man: added error stuff added me in there... - -1993-11-28 03:12 millert - - * CHANGES: noted insults - -1993-11-28 03:01 millert - - * INSTALL: added blurb about reading stuff - -1993-11-28 03:00 millert - - * sudo.h: added insults - -1993-11-28 03:00 millert - - * insults.h: corrected somments and removed newlines - -1993-11-28 03:00 millert - - * check.c: now uses insults - -1993-11-28 02:45 millert - - * insults.h: Initial revision - -1993-11-27 19:46 millert - - * INSTALL: added dec syslog note - -1993-11-27 19:25 millert - - * sample.sudoers: added real stuff in there - -1993-11-27 19:24 millert - - * TODO: added a todo - -1993-11-27 19:10 millert - - * TODO: added one - -1993-11-27 18:59 millert - - * sample.sudoers: Initial revision - -1993-11-27 18:59 millert - - * sudo.man: updated with changes - -1993-11-27 18:52 millert - - * sudo.man: Initial revision - -1993-11-27 18:48 millert - - * CHANGES, COPYING, INSTALL, README, TODO, indent.pro: Initial - revision - -1993-11-27 18:46 millert - - * visudo.c: updated version number and took out jeff's old addr - since it is no good - -1993-11-27 18:42 millert - - * sudo.h, check.c, find_path.c, logging.c, parse.c, parse.lex, - parse.yacc, sudo.c: updated version number and took out jeff's - email (since it is invalid) - -1993-10-28 09:36 millert - - * check.c: added fflush() - -1993-10-22 20:46 millert - - * find_path.c: now return NULL instead pfof exiting for - nopnn-fatal errors - -1993-10-21 16:57 millert - - * check.c: new banner - -1993-10-21 16:42 millert - - * parse.lex: now sudo.h gets included first - -1993-10-17 20:31 millert - - * parse.lex: now can use flex - -1993-10-17 20:31 millert - - * sudo.h: linux patch - -1993-10-17 20:30 millert - - * sudo.c: hpux 9 fix, removes SHLIB_PATH linux patch - -1993-10-17 20:30 millert - - * check.c: linux diff - -1993-10-15 16:03 millert - - * find_path.c: stat now ignores EINVAL - -1993-10-05 21:48 millert - - * find_path.c, sudo.c: now declare strdup as extern - -1993-10-04 15:23 millert - - * visudo.c: reformatted with indent + by hand - -1993-10-04 15:10 millert - - * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, - sudo.h: used indent to "fix" coding style - -1993-10-03 20:12 millert - - * find_path.c: now checks '.' or '.' or '' in PATH -- but does it - LAST should maybe move the code that does this into the loop - body. makes it messier tho. hmmm. - -1993-09-08 11:53 millert - - * find_path.c: redid the fix for non-executable files in an easier - to read way plus some minor aethetic changes - -1993-09-08 11:39 millert - - * find_path.c: fixed bug with non-executable tings of same name in - path introduced by checkig errno after stat(2). - -1993-09-05 10:02 millert - - * sudo.c: fixed off by one error - -1993-09-05 09:55 millert - - * find_path.c: now handles decending below '/' correctly - -1993-09-05 08:35 millert - - * sudo.c: now actually builds Envp instead of munging envp - -1993-09-04 15:42 millert - - * parse.yacc: now includes sys/param.h - -1993-09-04 15:41 millert - - * visudo.c: now includes sys/param.h - -1993-09-04 15:30 millert - - * sudo.h: fixed ifndef -> ifdef - -1993-09-04 15:19 millert - - * qualify.c: make more like find_path.c - -1993-09-04 15:18 millert - - * find_path.c: rewritten by millert - -1993-09-04 15:17 millert - - * sudo.h: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP - added info about new defines in the comment - -1993-09-04 15:15 millert - - * logging.c: now uses USE_CWD - -1993-09-04 14:10 millert - - * sudo.h: added delc for clean_envp() and Envp - -1993-09-04 14:09 millert - - * sudo.c: now rips LD_* env vars out of envp and passed sanitized - Envp to exec - -1993-09-04 14:09 millert - - * logging.c: now uses execve() - -1993-09-04 14:08 millert - - * find_path.c: ENOTDIR is ok now too (in case part of the path is - bogus) - -1993-09-04 08:17 millert - - * qualify.c: now works correctly (ttaltotal rewrite) - -1993-09-04 07:59 millert - - * parse.lex: now includes sys/param.h didn't match trailing / -- - fix from rouilj@cs.umb.edu - -1993-06-11 18:04 millert - - * sudo.c: moved around the #ifndef _AIX - -1993-06-11 18:03 millert - - * check.c, logging.c, parse.c: Initial revision - -1993-03-20 07:57 millert - - * qualify.c: Initial revision - -1993-03-13 15:09 millert - - * find_path.c: now works if you do sudo bin/test - -1993-03-13 14:20 millert - - * find_path.c: works - -1993-03-02 18:28 millert - - * sudo.h: Initial revision - -1993-03-02 11:35 millert - - * visudo.c: Initial revision - -1993-03-02 11:32 millert - - * parse.lex, parse.yacc: Initial revision - -1993-02-16 13:24 millert - - * sudo.c: took out errno.h - -1993-02-16 13:22 millert - - * sudo.c: now spews error if exec fails and exits with -1 - -1993-02-16 12:07 millert - - * sudo.c: Initial revision - -1993-02-15 22:27 millert - - * find_path.c: now only execs files with (an) executable bit set. - -1993-02-15 22:01 millert - - * find_path.c: Initial revision - -1993-02-15 14:32 millert - - * getpass.c: added nice comment - -1993-02-15 14:19 millert - - * getpass.c: now works on sgi's - -1993-02-15 13:57 millert - - * getpass.c: Initial revision - diff --git a/Makefile.in b/Makefile.in index b31c893a8..c331abe8a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -507,13 +507,13 @@ realclean: distclean cleandir: realclean -dist: +dist: ChangeLog pax -w -x ustar -s '/^/sudo-$(VERSION)\//' -f ../sudo-$(VERSION).tar \ $(DISTFILES) gzip -9f ../sudo-$(VERSION).tar ls -l ../sudo-$(VERSION).tar.gz -bindist: +bindist: ChangeLog ( \ ARCH=`uname -m|sed 's:/:_:g'`+`uname -sr|sed 's/ /_/g'` ; \ mkdir tmp.$$ARCH ; \ -- 2.49.0