the passwd file, set runas_user to the name, not the uid.
When comparing usernames in sudoers, if a name is really a uid (starts
with '#') compare it numerically to pw_uid.
function that just sets error and returns -1. This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally. There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.
There's really no need for a separate token for fully-qualified vs.
unqualified anymore so FQHOST is now history and hostname_matches
now decides which hostname (short or long) to check based on whether
or not the pattern contains a '.'.
if there is *any* entry for the user on the host with a NOPASSWD flag.
For -v, only allow w/o a passwd if *all* entries for the user on the host
w/ the specified runas user have the NOPASSWD flag set.
o oprunasuser and runaslist now return a value
o in a runasspec, if a runaslist does not return TRUE, set runas_matches to
FALSE. Normally, a runaslist only returns FALSE for explicitly denied
users.
o since runaslist does not modify the stack there is no need for a push/pop
in runasalias.
o Implement mailer_flags
o Store syslog stuff both in int and string form. Setting the string
form magically updates the int version.
o Add boolean attribute to strings where it makes sense to say !foo
changable at runtime (and on a global, per-host and per-user basis).
Both the names and the internal representation are still subject to change.
It was necessary to make sudo_user.runas but a char ** instead of a
char * since this value can be changed by a Defaults line. There is a
similar (but more complicated) issue with sudo_user.prompt but it
is handled differently at the moment.
Add a "-L" flag to list the name of options with their descriptions. This
may only be temporary.
Move some prototypes to parse.h
Be much less restrictive on what is allowed for a username.
stored with the contents. This could lead to incorrect output
if the sudoers file had different alias types with the same name.
Normal parsing (ie: not in '-l' mode) is unaffected.
possible to express things like "failed to validate because user not listed
for this host". Some thigns that were previously VALIDATE_FOO are now
FLAG_FOO. This may change later on.
Reorganized code in log_auth() and sudo.c to deal with above changes.
Safer versions of push/pushcp with in the do { ... } while (0) style
parse.yacc now saves info on the stack to allow parse.c to determine
if a user was listed, but not for the host he/she tried to run on.
Added --with-mail-if-no-host option
o real dependencies in the Makefile
o --with-devel option to enable yacc, lex, and -Wall
o style -- "foo -> bar" becomes "foo->bar"
o ALL goes back to being a token, not a string but don't leak memory
o rename hsotspec -> host in parse.yacc
where an alias may be used before it is defined. Only turned on for visudo
and testsudoers.
o Add --disable-authentication option that makes sudo not require
authentication by default. The PASSWD tag can be used to require
authentication for an entry. We no longer overload --without-passwd.
o find_alias() now returns an aliasinfo * instead of boolean
o add_alias() now takes a value parameter to store in the aliasinfo.val
o The cmnd, hostspec, runasuser, and user rules now return:
1) positive match
0) negative match (due to '!')
-1) no match
This means setting $$ explicitly in all cases, which I should have done in
the first place. It also means that we always store a value that is != -1
and when we see a '!' we can set *_matches to !rv if rv != -1.
The upshot of all of this is that '!' now works the way it should in
lists and some of the rules are more uniform and sensible.
o Add shortcut macros for append() to make things more readable.
o The separator in append() is now a string instead of a char.
o In append(), only prepend the separator if the last char is not a '!'.
This is a hack but it greatly simplifies '!' handling.
o In -l mode, Runas lists and NOPASSWD/PASSWD tags are now inherited
across entries in a list (matches current behavior).
o Fix formatting in -l mode such that items in a list are separated by
a space. Greatlt improves readability.
o Space for name field in struct aliasinfo is now allocated dyanically
instead of using a (big) buffer.
o In add_alias(), only search the list once (lsearch instead of lfind + lsearch)
o In the case of opFOO, have FOO give a boolean return value and set
foo_matches in opFOO, not FOO.
o Treat 'ALL' as a string since it gets fill()'d in parse.lex--fixes a
small memory leak. In the long run it may be better to just fix parse.lex
and make ALL back into a token. However, having it be a string is useful
since it can be easily passed back to the parent rule if we so desire.
-l and -v flags that were broken by earlier parser changes.
2) In a Runas list, don't negate FALSE -> TRUE since that would make !foo
match any time the user specified a runas user (via -u) other than foo.
It turns out the old DES crypt does the right thing with passwords
longert than 8 characters.
o Fix common typo (necesary -> necessary)
o Update TODO list
