Checkpoint for upcoming beta release

TODO

@@ -3,84 +3,95 @@ TODO list (most will be addressed in sudo 2.0)
 01) Redo parsing to be more like op(8) with true command aliases where
     can specify uid, gid(s) and part/all of the environment.
 
-02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH).
-    Defaults = option1, option2, ...
-    Defaults@host = option1, option2, ...
-    Defaults!user = option1, option2, ...
-    Defaults%group = option1, option2, ...
-    Defaults+netgroup = option1, option2, ...
+02) Add a SHELLS reserved word that checks against /etc/shells.
 
-03) Add a SHELLS reserved word that checks against /etc/shells.
+03) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.
 
-04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.
+04) Add a -h (?) flag to sudo for a history mechanism.
 
-05) Add a -h (?) flag to sudo for a history mechanism.
+05) Add an option to set LD_LIBRARY_PATH?
 
-06) Add an option to hard-code LD_LIBRARY_PATH?
+06) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
 
-07) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
+07) check for <net/errno.h> in configure and include it in sudo.c if it exists.
 
-08) check for <net/errno.h> in configure and include it in sudo.c if it exists.
+08) Add generic STREAMS support for getting interfaces and netmasks.
 
-09) Add generic STREAMS support for getting interfaces and netmasks.
-
-10) Add support for "safe scripts" by checking for shell script
+09) Add support for "safe scripts" by checking for shell script
     cookie (first two bytes are "#!") and execing the shell outselves
     after doing the stat to guard against spoofing.  This should avoid
     the race condition caused by going through namei() twice...
 
-11) Overhaul testsudoers to use things from parse.o so we don't reimplement
+10) Overhaul testsudoers to use things from parse.o so we don't reimplement
     things.
 
-12) Make runas_user a struct "runas" with user and group components.
+11) Make runas_user a struct "runas" with user and group components.
     (maybe uid and gid too???)
 
-13) Add -g group/gid option.
+12) Add -g group/gid option.
 
-14) Should be able to mix Cmnd_Alias's and command args.  Ie:
+13) Should be able to mix Cmnd_Alias's and command args.  Ie:
 	pete   ALL=PASSWD [A-z]*,!PASSWD root
     where PASSWD was defined to be /usr/bin/passwd.
     This requires the arg parsing to happen in the yacc grammer.
     At the very least, commands and args have to become separate
     tokens in the lexer.
 
-15) Add a per-tty restriction?  Ie: only can run foo from /dev/console.
+14) Add a per-tty restriction?  Ie: only can run foo from /dev/console.
 
-16) Add test for how to read ether interfaces in configure script
+15) Add test for how to read ether interfaces in configure script
 
-17) Add configure check for $(CC) -R and use it in addition to -L
+16) Add configure check for $(CC) -R and use it in addition to -L
 
-18) An option to make "sudo -s" use the target user's shell might be nice
-    (and more like su).
+17) An option to make "sudo -s" use the target user's shell might be nice
+    (and more like su).  Overlaps with the upcoming -i option.
 
-19) Use getrlimit() in preference to getconf()/getdtablesize().
-
-20) Add configure option to enable old behavior of visudo (O_EXCL)?
+18) Add configure option to enable old behavior of visudo (O_EXCL)?
     --without-sudoers-lock?
 
-21) Profile sudo again (is the yacc grammar optimal?)
+19) Profile sudo again (is the yacc grammar optimal?)
 
-22) Zero out encrypted passwords after use.  Use an Exit function or
+20) Zero out encrypted passwords after use.  Use an Exit function or
     some such (have to hook in to emalloc() and friends).
     Hard (impossible?) to be thorough w/ atexit/on_exit.
 
-23) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
+21) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified
     user.
 
-24) Use strtol() and strtoul(), not atoi()
+22) Use strtol() and strtoul(), not atoi()
 
-25) In parse.yacc get rid on unneeded '{ ; }'
+23) In parse.yacc get rid of unneeded '{ ; }'
 
-26) Look into %e, %p, %k in parse.lex
+24) Look into %e, %p, %k in parse.lex
 
-27) Document Defaults stuff in sudoers.pod
+25) Make syslog stuff work on vanilla ultrix
 
-28) Make syslog stuff work on vanilla ultrix
+26) Implement date_format and log_format options.
 
-29) Implement date_format and log_format options.
+27) Add support for: Default:user@host
 
-30) Add support for: Default:user@host
+28) Do login-style -sh hack for sudo -s? (new option or do it always?)
 
-31) Do login-style -sh hack for sudo -s?
+29) Make visudo rcs-aware
 
-32) Make visudo rcs-aware
+30) Add support for parsing multiple sudoers files.  Basically make
+    _PATH_SUDOERS be a colon-separated list of pathname like EDITOR.
+    Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp").
+
+31) Add -i (simulate initial login) option as per 946 +sudo
+    (requires two-pass parser).  Also add "default_path" Defaults option
+    to go with it.  (See MINUS_I.patch)
+
+32) Some people want to be able to specify a special password in sudoers
+    in addition or instead of the normal one.
+
+33) Add support for trusted users.  E.g. allow user to run a certain
+    command regardless of what dir it is in if it is owned by the
+    trusted user.
+
+34) Add mechanism to choose logfile based on RunasUser
+
+35) Split the parser into two stages.  The first parse checks for
+    syntax and sets the Defaults options and sets up the
+    data structures to check a user.  The second stage does
+    the actual user check.