enum type. Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples. This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.
lecture is now a tuple with the following values: never, once, always
We no longer use both an int and string entry for syslog facilities
and priorities. Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.
initialized. This means that if the last char in the prompt is '%' and the
first char is 'h' or 'u' a extra copy of the host or user name would be
copied, for which space had not been allocated.
sets its gid to a a value that makes sudoers readable. Previously
if you used gid 0 as the exempt group everyone would be exempt.
From Paul Kranenburg <pk@cs.few.eur.nl>
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
o env_reset - reset the environment to a sane default
o env_keep - preserve environment variables that would otherwise be cleared
No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
o Implement mailer_flags
o Store syslog stuff both in int and string form. Setting the string
form magically updates the int version.
o Add boolean attribute to strings where it makes sense to say !foo
changable at runtime (and on a global, per-host and per-user basis).
Both the names and the internal representation are still subject to change.
It was necessary to make sudo_user.runas but a char ** instead of a
char * since this value can be changed by a Defaults line. There is a
similar (but more complicated) issue with sudo_user.prompt but it
is handled differently at the moment.
Add a "-L" flag to list the name of options with their descriptions. This
may only be temporary.
Move some prototypes to parse.h
Be much less restrictive on what is allowed for a username.
gain us anything to run as the user since an attacker can just have
an setuid(0) in their egg. Running as root solves potential problems
wrt signalling.
where an alias may be used before it is defined. Only turned on for visudo
and testsudoers.
o Add --disable-authentication option that makes sudo not require
authentication by default. The PASSWD tag can be used to require
authentication for an entry. We no longer overload --without-passwd.
o Visudo now locks the sudoers temp file instead of bailing when
the temp file already exists. This fixes the problem of stale
temp files but it does *require* that you not try to put the
temp file in a world-writable directory. This shoud not be
an issue as the temp file should live in the same dir as sudoers.
o Visudo now only installs the temp file as sudoers if it changed.
done more reasonably--better sanity checks and tty-based stamps are
now done as files in a directory with the same name as the invoking
user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
to mix tty and non-tty based ticket schemes but this may change in
the future (it requires sudo to use a directory instead of a file
in the non-tty case). Also, ``sudo -k'' now sets the ticket back
to the epoch and ``sudo -K'' really deletes the file. That way you
don't get the lecture again just because you killed your ticket in
.logout. BSD-style copyright now.
Tgetpass now takes an echo flag for use with PAM_PROMPT_ECHO_ON
Block SIGINT and SIGTSTP during auth
remove a useless umask setting
Change error from BAD_ALLOCATION -> BAD_AUTH_INIT (for use with sia/PAM)
Some cosmetic changes to auth.c for consistency
