add a flag to specify an auth method is running alone (the only
one). Pass auth methods their sudo_auth pointer, not the data
pointer. This allows us to get at the flags and tell if we are the
only auth method. That, in turn, allows the method to be able to
decide what should/should not be a fatal error. Currently only
rfc1938 uses it this way, which allows us to kill the OTP_ONLY
define and te hackery that went with it. With access to the
sudo_auth struct, methods can also get at a string holding their
cannonical name (useful in error messages).
o real dependencies in the Makefile
o --with-devel option to enable yacc, lex, and -Wall
o style -- "foo -> bar" becomes "foo->bar"
o ALL goes back to being a token, not a string but don't leak memory
o rename hsotspec -> host in parse.yacc
since -ldb includes a bogus snprintf().
o Add forward refs for struct mbuf and struct rtentry for Digital UNIX.
o Reorder some functions in snprintf.c to fix -Wall
o Add missing includes to fix more -Wall
where an alias may be used before it is defined. Only turned on for visudo
and testsudoers.
o Add --disable-authentication option that makes sudo not require
authentication by default. The PASSWD tag can be used to require
authentication for an entry. We no longer overload --without-passwd.
o find_alias() now returns an aliasinfo * instead of boolean
o add_alias() now takes a value parameter to store in the aliasinfo.val
o The cmnd, hostspec, runasuser, and user rules now return:
1) positive match
0) negative match (due to '!')
-1) no match
This means setting $$ explicitly in all cases, which I should have done in
the first place. It also means that we always store a value that is != -1
and when we see a '!' we can set *_matches to !rv if rv != -1.
The upshot of all of this is that '!' now works the way it should in
lists and some of the rules are more uniform and sensible.
o Visudo now locks the sudoers temp file instead of bailing when
the temp file already exists. This fixes the problem of stale
temp files but it does *require* that you not try to put the
temp file in a world-writable directory. This shoud not be
an issue as the temp file should live in the same dir as sudoers.
o Visudo now only installs the temp file as sudoers if it changed.
o Add shortcut macros for append() to make things more readable.
o The separator in append() is now a string instead of a char.
o In append(), only prepend the separator if the last char is not a '!'.
This is a hack but it greatly simplifies '!' handling.
o In -l mode, Runas lists and NOPASSWD/PASSWD tags are now inherited
across entries in a list (matches current behavior).
o Fix formatting in -l mode such that items in a list are separated by
a space. Greatlt improves readability.
o Space for name field in struct aliasinfo is now allocated dyanically
instead of using a (big) buffer.
o In add_alias(), only search the list once (lsearch instead of lfind + lsearch)
o In the case of opFOO, have FOO give a boolean return value and set
foo_matches in opFOO, not FOO.
o Treat 'ALL' as a string since it gets fill()'d in parse.lex--fixes a
small memory leak. In the long run it may be better to just fix parse.lex
and make ALL back into a token. However, having it be a string is useful
since it can be easily passed back to the parent rule if we so desire.
