o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS.

It turns out the old DES crypt does the right thing with passwords
   longert than 8 characters.
 o Fix common typo (necesary -> necessary)
 o Update TODO list

CHANGES

@@ -43,7 +43,7 @@ CHANGES from sudo 1.2 (unofficial version)
 15) Ported to Solaris 2.x (based on a port of sudo 1.1 done by UnixOps).
 
 16) Took out setuid(0); setruid(uid); pairs that bracketed calls to
-    update_timestamp() since they are unnecesary and setruid() is
+    update_timestamp() since they are unnecessary and setruid() is
     broken on systems without a setreuid(2) or setresuid(2) system call.
     (Ie: AIX and Solaris 2.x).
 
@@ -95,7 +95,7 @@ CHANGES from sudo 1.3
 
 32) Now use sysconf(2) instead of getdtablesize(2) if it is available
     (see change #31).  Because of the the getdtablesize() emulation for
-    hpux is no longer necesary.
+    hpux is no longer necessary.
 
 33) Now only do a getcwd(3) or getwd(3) once and do it as the real user.
     Sudo should no longer complain that it can't get the cwd unless
@@ -357,7 +357,7 @@ CHANGES from sudo 1.3.1pl4
      validated but before the exec().
 
 118) Now update timestamp file via utime() (and emulate via utimes()
-     if necesary) to eliminate a small race.  Works with
+     if necessary) to eliminate a small race.  Works with
      both POSIX utime() as well as old utime() in BSD <= 4.3.
 
 119) Kerberos ticket file now lives in same dirs as sudo timestamp
@@ -567,7 +567,7 @@ CHANGES from sudo 1.4
      instead of a flat string to make wildcard matching simpler.
 
 177) Added NewArgv and NewArgc that describe the command to be
-     executed.  The copy of args in cmnd_args is no longer necesary
+     executed.  The copy of args in cmnd_args is no longer necessary
      and has been removed.
 
 178) Using strcmp(3) for argument matching in command_matches()
@@ -705,7 +705,7 @@ CHANGES from sudo 1.4.3
 
 215) Fixed a core dump problem when built with -DSHELL_IF_NO_ARGS.
 
-216) Fixed 2 typos in parse.yacc and removed some unnecesary if's.
+216) Fixed 2 typos in parse.yacc and removed some unnecessary if's.
 
 217) Now always use install-sh since SunOS install can't do uid/gid's.
      Other BSD installs are probably similarly afflicted.
@@ -1061,5 +1061,7 @@ Sudo 1.5.9 released.
 332) You can now specifiy a host list instead of just a host or alias
      in a privilege list.  Ie: user=host1,host2,ALIAS,!host3 /bin/ls
 
-333)  Stash the "safe" path to the command instead of stashing the struct
+333) Stash the "safe" path to the command instead of stashing the struct
      stat.  Should be safer.
+
+334) Now set $LOGNAME in addition to $USER.

INSTALL

@@ -516,6 +516,9 @@ Digital UNIX:
 	#ifdef __cplusplus
     to:
 	#if defined(__cplusplus) || defined(__GNUC__)
+    If you don't like the idea of editing the system header file
+    you can just make a copy in gcc's private include tree and
+    edit that.
 
 Linux:
     One person reported that he needed to run configure with

TODO

@@ -11,53 +11,51 @@ TODO list (most will be addressed in the next rewrite)
 
 05) Add a -h (?) flag to sudo for a history mechanism.
 
-06) Make parse.lex in the same coding style as everything else...
+06) Add an option to hard-code LD_LIBRARY_PATH?
 
-07) Add an option to hard-code LD_LIBRARY_PATH?
+07) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
 
-08) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
+08) check for <net/errno.h> in configure and include it in sudo.c if it exists.
 
-09) check for <net/errno.h> in configure and include it in sudo.c if it exists.
+09) Add generic STREAMS support for getting interfaces and netmasks.
 
-10) Add generic STREAMS support for getting interfaces and netmasks.
-
-11) Do all the environment variable additions in one fell swoop for
+10) Do all the environment variable additions in one fell swoop for
     efficiency and speed.
 
-12) Catch/ignore signals in sudo?
+11) Catch/ignore signals in sudo?
 
-13) Make -p work with -v and -l in any order.
-
-14) Add support for "safe scripts" by checking for shell script
+12) Add support for "safe scripts" by checking for shell script
     cookie (first two bytes are "#!") and execing the shell outselves
     after doing the stat to guard against spoofing.  This should avoid
     the race condition caused by going through namei() twice...
 
-15) Sudo should not allow someone with a nil password to run commands.
+13) Sudo should not allow someone with a nil password to run commands.
 
-16) Overhaul testsudoers to use parse.o so we don't reimplement things.
+14) Overhaul testsudoers to use parse.o so we don't reimplement things.
 
-17) Make runas_user a struct "runas" with user and group components.
+15) Make runas_user a struct "runas" with user and group components.
     (make uid and gid too???)
 
-18) Add -g group/gid option.
+16) Add -g group/gid option.
 
-19) Should be able to mix Cmnd_Alias's and command args.  Ie:
+17) Should be able to mix Cmnd_Alias's and command args.  Ie:
 	pete   ALL=PASSWD [A-z]*,!PASSWD root
     where PASSWD was defined to be /usr/bin/passwd.
     This requires the arg parsing to happen in the yacc grammer.
 
-20) Add a per-tty restriction?  Ie: only can run foo from /dev/console.
+18) Add a per-tty restriction?  Ie: only can run foo from /dev/console.
 
-21) Use popen.c instead of rolling own in logging.c
+19) Use popen.c instead of rolling own in logging.c
     Need to make popen.c portable first...
 
-22) Add test for how to read ether interfaces in configure script
+20) Add test for how to read ether interfaces in configure script
 
-23) Add configure check for $(CC) -R and use it in addition to -L
+21) Add configure check for $(CC) -R and use it in addition to -L
 
-24) An option to make "sudo -s" use the target user's shell might be nice
+22) An option to make "sudo -s" use the target user's shell might be nice
     (and more like su).
 
-25) Sudo should have a separate error message for when the user is in sudoers
+23) Sudo should have a separate error message for when the user is in sudoers
     but not allowed to run stuff on that host, and send mail.
+
+24) Break authentication stuff out of check.c into auth.c

check.c

@@ -595,7 +595,7 @@ check_passwd()
     char *pass;			/* this is what gets entered */
     int counter = TRIES_FOR_PASSWORD;
 #if defined(HAVE_KERB4) && defined(USE_GETPASS)
-    char kpass[_PASSWD_LEN + 1];
+    char kpass[SUDO_PASS_MAX + 1];
 #endif /* HAVE_KERB4 && USE_GETPASS */
 #ifdef HAVE_AUTHENTICATE
     char *message;

compat.h

@@ -93,31 +93,12 @@
 #endif
 
 /*
- * We need to know how long the longest password may be.
- * For alternate password schemes we need longer passwords.
- * This is a bit, ummm, gross but necesary.
+ * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
+ * but that caused problems with various alternate authentication
+ * methods.  So, we just define our own and assume that it is >= the
+ * system max.
  */
-#if defined(HAVE_KERB4) || defined(HAVE_AFS) || defined(HAVE_DCE) || defined(HAVE_SKEY) || defined(HAVE_OPIE)
-#  undef _PASSWD_LEN
-#  define _PASSWD_LEN		256
-#else
-#  ifdef  HAVE_GETPRPWNAM
-#    undef _PASSWD_LEN
-#    define _PASSWD_LEN		AUTH_MAX_PASSWD_LENGTH
-#  else
-#    ifndef _PASSWD_LEN
-#      ifdef PASS_MAX
-#        define _PASSWD_LEN	PASS_MAX
-#      else
-#        if (SHADOW_TYPE != SPW_NONE)
-#          define _PASSWD_LEN	24
-#        else
-#          define _PASSWD_LEN	8
-#        endif /* SHADOW_TYPE != SPW_NONE */
-#      endif /* PASS_MAX */
-#    endif /* !_PASSWD_LEN */
-#  endif /* HAVE_GETPRPWNAM */
-#endif /* HAVE_KERB4 || HAVE_AFS || HAVE_DCE || HAVE_SKEY || HAVE_OPIE */
+#define SUDO_PASS_MAX	256
 
 /*
  * Some OS's lack these

getspwuid.c

@@ -23,7 +23,7 @@
  *  This module contains sudo_getpwuid(), a function that
  *  Makes a dynamic copy of the struct passwd returned by
  *  getpwuid() and substitutes the shadow password if
- *  necesary.
+ *  necessary.
  *
  *  Todd C. Miller  Mon Nov 20 13:53:06 MST 1995
  */

logging.c

@@ -86,7 +86,7 @@ extern int errorlineno;
  *  syslog_wrapper()
  *
  *  This function logs via syslog w/ a priority and 3 strings args.
- *  It really shouldn't be necesary but some syslog()'s don't
+ *  It really shouldn't be necessary but some syslog()'s don't
  *  guarantee that the syslog() operation will succeed!
  */
 
@@ -154,7 +154,7 @@ log_error(code)
 
     /*
      * we will skip this stuff when using syslog(3) but it is
-     * necesary for mail and file logs.
+     * necessary for mail and file logs.
      */
     now = time((time_t) 0);
     p = ctime(&now) + 4;
@@ -321,7 +321,7 @@ log_error(code)
 #endif /* Syslog_facility */
 
     /*
-     * Log the full line, breaking into multiple syslog(3) calls if necesary
+     * Log the full line, breaking into multiple syslog(3) calls if necessary
      */
     p = &logline[header_length];	/* skip past the date, host, and user */
     for (count = 0; count < strlen(logline) / MAXSYSLOGLEN + 1; count++) {

parse.yacc

@@ -559,7 +559,7 @@ cmndalias	:	ALIAS {
 			    push;
 			    if (printmatches == TRUE) {
 				in_alias = TRUE;
-				/* Allocate space for ga_list if necesary. */
+				/* Allocate space for ga_list if necessary. */
 				expand_ga_list();
 				ga_list[ga_list_len-1].alias = estrdup($1);
 			     }
@@ -587,7 +587,7 @@ runasalias	:	ALIAS {
 			    push;
 			    if (printmatches == TRUE) {
 				in_alias = TRUE;
-				/* Allocate space for ga_list if necesary. */
+				/* Allocate space for ga_list if necessary. */
 				expand_ga_list();
 				ga_list[ga_list_len-1].alias = estrdup($1);
 			    }
@@ -936,7 +936,7 @@ append(src, dstp, dst_len, dst_size, separator)
 	*dstp = dst;
     }
 
-    /* Allocate more space if necesary. */
+    /* Allocate more space if necessary. */
     if (*dst_size <= *dst_len + src_len) {
 	while (*dst_size <= *dst_len + src_len)
 	    *dst_size += BUFSIZ;
@@ -977,7 +977,7 @@ reset_aliases()
  *
  * expand_ga_list()
  *
- *  This function increments ga_list_len, allocating more space as necesary.
+ *  This function increments ga_list_len, allocating more space as necessary.
  */
 
 static void
@@ -998,7 +998,7 @@ expand_ga_list()
  *
  * expand_match_list()
  *
- *  This function increments cm_list_len, allocating more space as necesary.
+ *  This function increments cm_list_len, allocating more space as necessary.
  */
 
 static void

sudo.c

@@ -412,8 +412,8 @@ load_globals(sudo_mode)
 
     /*
      * Get a local copy of the user's struct passwd with the shadow password
-     * if necesary.  It is assumed that euid is 0 at this point so we
-     * can read the shadow passwd file if necesary.
+     * if necessary.  It is assumed that euid is 0 at this point so we
+     * can read the shadow passwd file if necessary.
      */
     if ((user_pw_ent = sudo_getpwuid(getuid())) == NULL) {
 	/* need to make a fake user_pw_ent */

sudo.tab.c

@@ -776,7 +776,7 @@ append(src, dstp, dst_len, dst_size, separator)
 	*dstp = dst;
     }
 
-    /* Allocate more space if necesary. */
+    /* Allocate more space if necessary. */
     if (*dst_size <= *dst_len + src_len) {
 	while (*dst_size <= *dst_len + src_len)
 	    *dst_size += BUFSIZ;
@@ -817,7 +817,7 @@ reset_aliases()
  *
  * expand_ga_list()
  *
- *  This function increments ga_list_len, allocating more space as necesary.
+ *  This function increments ga_list_len, allocating more space as necessary.
  */
 
 static void
@@ -838,7 +838,7 @@ expand_ga_list()
  *
  * expand_match_list()
  *
- *  This function increments cm_list_len, allocating more space as necesary.
+ *  This function increments cm_list_len, allocating more space as necessary.
  */
 
 static void
@@ -1489,7 +1489,7 @@ case 55:
 			    push;
 			    if (printmatches == TRUE) {
 				in_alias = TRUE;
-				/* Allocate space for ga_list if necesary. */
+				/* Allocate space for ga_list if necessary. */
 				expand_ga_list();
 				ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string);
 			     }
@@ -1518,7 +1518,7 @@ case 61:
 			    push;
 			    if (printmatches == TRUE) {
 				in_alias = TRUE;
-				/* Allocate space for ga_list if necesary. */
+				/* Allocate space for ga_list if necessary. */
 				expand_ga_list();
 				ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string);
 			    }

tgetpass.c

@@ -66,14 +66,6 @@
 #include <sys/ioctl.h>
 #endif /* HAVE_TERMIO_H */
 #endif /* HAVE_TERMIOS_H */
-#ifdef HAVE_GETPRPWNAM
-#  ifdef __hpux
-#    include <hpsecurity.h>
-#  else
-#    include <sys/security.h>
-#  endif /* __hpux */
-#  include <prot.h>			/* for AUTH_MAX_PASSWD_LENGTH */
-#endif /* HAVE_GETPRPWNAM */
 
 #include <pathnames.h>
 #include "compat.h"
@@ -118,7 +110,7 @@ tgetpass(prompt, timeout)
 #endif /* POSIX_SIGNALS */
     int n, echo;
     FILE *input, *output;
-    static char buf[_PASSWD_LEN + 1];
+    static char buf[SUDO_PASS_MAX + 1];
     fd_set *readfds;
     struct timeval tv;
 
@@ -150,7 +142,7 @@ tgetpass(prompt, timeout)
     if (prompt)
 	fputs(prompt, output);
 
-    /* rewind if necesary */
+    /* rewind if necessary */
     if (input == output) {
 	(void) fflush(output);
 	(void) rewind(output);
@@ -241,7 +233,7 @@ tgetpass(prompt, timeout)
 #endif /* HAVE_TERMIO_H */
 #endif /* HAVE_TERMIOS_H */
 
-    /* rewind if necesary */
+    /* rewind if necessary */
     if (input == output) {
 	(void) fflush(output);
 	(void) rewind(output);