when possible since that allows us to support the stay_setuid option and
we always know exactly what the semantics will be (various Linux kernels
have broken POSIX saved uid support).
call initgroups() if the target user was root. Now it always calls
initgroups() unless the -P command line option or the "preserve_groups"
sudoers option is set. Idea from TJ Saunders.
Rename set_perms_saved_uid() -> set_perms_posix()
Make set_perms_setreuid simply be set_perms_fallback() and simply include
the appropriate function at compile time (setreuid() vs. setuid()).
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
o env_reset - reset the environment to a sane default
o env_keep - preserve environment variables that would otherwise be cleared
No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
that holds flags to be passed in to tgetpass(). Change echo_off
param to tgetpass() into a flags field. There are currently 2
possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(),
abstract the echo set/clear via macros and if (flags & TGP_ECHO)
but echo is not set on the terminal, but sure to set it.
until after the sudoers file has been parsed but since there are now
other options that operate that way this one can too. Based on a patch
from bguillory@email.com.
if there is *any* entry for the user on the host with a NOPASSWD flag.
For -v, only allow w/o a passwd if *all* entries for the user on the host
w/ the specified runas user have the NOPASSWD flag set.
be set before sudoers is parsed.
o Fix the "set_home" sudoers option (only worked at compile time).
o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which
gets called when the "fqdn" option is set in sudoers.
o Move the openlog() to store_syslogfac() so this gets overridden
correctly from the sudoers file.
changable at runtime (and on a global, per-host and per-user basis).
Both the names and the internal representation are still subject to change.
It was necessary to make sudo_user.runas but a char ** instead of a
char * since this value can be changed by a Defaults line. There is a
similar (but more complicated) issue with sudo_user.prompt but it
is handled differently at the moment.
Add a "-L" flag to list the name of options with their descriptions. This
may only be temporary.
Move some prototypes to parse.h
Be much less restrictive on what is allowed for a username.
possible to express things like "failed to validate because user not listed
for this host". Some thigns that were previously VALIDATE_FOO are now
FLAG_FOO. This may change later on.
Reorganized code in log_auth() and sudo.c to deal with above changes.
Safer versions of push/pushcp with in the do { ... } while (0) style
parse.yacc now saves info on the stack to allow parse.c to determine
if a user was listed, but not for the host he/she tried to run on.
Added --with-mail-if-no-host option
since -ldb includes a bogus snprintf().
o Add forward refs for struct mbuf and struct rtentry for Digital UNIX.
o Reorder some functions in snprintf.c to fix -Wall
o Add missing includes to fix more -Wall
o Visudo now locks the sudoers temp file instead of bailing when
the temp file already exists. This fixes the problem of stale
temp files but it does *require* that you not try to put the
temp file in a world-writable directory. This shoud not be
an issue as the temp file should live in the same dir as sudoers.
o Visudo now only installs the temp file as sudoers if it changed.
Tgetpass now takes an echo flag for use with PAM_PROMPT_ECHO_ON
Block SIGINT and SIGTSTP during auth
remove a useless umask setting
Change error from BAD_ALLOCATION -> BAD_AUTH_INIT (for use with sia/PAM)
Some cosmetic changes to auth.c for consistency
system strdup(3) which may or may not exist. There is now no need to
provide strdup() for those w/o it. Also, the prototype for estrdup()
was wrong, it returns char * and its param is const.
but the NOPASSWD flag was set.
Make runasspec, runaslist, runasuser, and nopasswd typeless in parse.yacc
Add support for '!' in the runas list
Fix double printing of '%' and '+' for groups and netgroups respectively
Add *_matched macros (no need for local stack variable). Should only be
used directly after a pop (since top must be >= 2).
