From 651a7c3679a495ba6ce2b9768029179419d5d4a3 Mon Sep 17 00:00:00 2001 From: Bdale Garbee Date: Thu, 10 Jun 2010 15:40:13 -0600 Subject: [PATCH] Imported Upstream version 1.7.2p7 --- ChangeLog | 73 +- Makefile.in | 2 +- README.LDAP | 4 +- aclocal.m4 | 7 +- alias.c | 2 +- auth/pam.c | 3 +- configure | 1598 ++++++++++++++++++++++++------------------- configure.in | 28 +- env.c | 43 +- sudo.cat | 20 +- sudo.man.in | 2 +- sudoers.cat | 52 +- sudoers.ldap.cat | 24 +- sudoers.ldap.man.in | 2 +- sudoers.man.in | 4 +- sudoers.pod | 2 +- vasgroups.c | 6 +- visudo.c | 89 ++- visudo.cat | 6 +- visudo.man.in | 2 +- 20 files changed, 1129 insertions(+), 840 deletions(-) diff --git a/ChangeLog b/ChangeLog index a8d71a2..6ff582f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,38 +1,79 @@ +2010-06-02 Todd C. Miller + + * auth/pam.c: Fix OpenPAM detection for newer versions. + + * vasgroups.c: Sync with Quest sudo git repo + + * aclocal.m4, configure, configure.in: Adapted from Quest sudo. + HP-UX ld uses +b instead of -R or -rpath. + Fix typo in libvas check. + libvas may need libdl for dlopen(). + Add missing template for ENV_DEBUG. + + * README.LDAP: + Fix typos; from Quest Sudo + + * Makefile.in, configure.in: + Use value of SHELL from configure in Makefile + +2010-05-28 Todd C. Miller + + * env.c: Handle duplicate variables in the environment. + For unsetenv(), keep looking even after remove the first instance. + For sudo_putenv(), check for and remove dupes after we replace an + existing value. + +2010-04-29 Todd C. Miller + + * visudo.c: Fix a crash when checking a sudoers file that has aliases + that reference themselves. Based on a diff from David Wood. + +2010-04-15 Todd C. Miller + + * alias.c: Fix use after free in error message when a duplicate + alias exists. + +2010-04-14 Todd C. Miller + + * visudo.c: Set errorfile to the sudoers path if we set parse_error + manually. This prevents a NULL dereference in printf() when + checking a sudoers file in strict mode when alias errors are present. + 2010-04-09 Todd C. Miller - * configure, configure.in: Fix installation of sudoers.ldap - in "make install" when --with-ldap was specified without a - directory. From Prof. Dr. Andreas Mueller + * configure, configure.in: Fix installation of sudoers.ldap + in "make install" when --with-ldap was specified without a + directory. From Prof. Dr. Andreas Mueller 2010-04-09 Todd C. Miller - * find_path.c: Qualify the command even if it is in the - current working directory, e.g. "./foo" instead of just - returning "foo". This removes an ambiguity between real - commands and possible pseudo-commands in command matching. + * find_path.c: Qualify the command even if it is in the + current working directory, e.g. "./foo" instead of just + returning "foo". This removes an ambiguity between real + commands and possible pseudo-commands in command matching. 2010-04-07 Todd C. Miller - * sudoers.cat, sudoers.man.in, sudoers.pod: Add a note about - the security implications of the fast_glob option. + * sudoers.cat, sudoers.man.in, sudoers.pod: Add a note about + the security implications of the fast_glob option. * memrchr.c: Remove duplicate includes 2010-03-10 Todd C. Miller - * sudo.c: Fix a bug introduced with def_closefrom. The value - of def_closefrom already includes the +1. + * sudo.c: Fix a bug introduced with def_closefrom. The value + of def_closefrom already includes the +1. 2010-03-09 Todd C. Miller - * match.c: When doing a glob match, short circuit if - gl.gl_pathc is 0. From Mark Kettenis. + * match.c: When doing a glob match, short circuit if + gl.gl_pathc is 0. From Mark Kettenis. 2010-02-22 Todd C. Miller - * match.c: Check for pseudo-command by looking at the first - character of the command in sudoers instead of checking the - user-supplied command for a slash. + * match.c: Check for pseudo-command by looking at the first + character of the command in sudoers instead of checking the + user-supplied command for a slash. 2010-02-09 Todd C. Miller diff --git a/Makefile.in b/Makefile.in index 8d69f81..ac65fa7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -96,7 +96,7 @@ DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -DSUDOERS_UID=$(sudoer #### End of system configuration section. #### -SHELL = /bin/sh +SHELL = @SHELL@ PROGS = @PROGS@ diff --git a/README.LDAP b/README.LDAP index 85f05f5..113b0f1 100644 --- a/README.LDAP +++ b/README.LDAP @@ -35,7 +35,7 @@ They are one and the same. Build instructions ================== -The most simplest way to build sudo with LDAP support is to include the +The simplest way to build sudo with LDAP support is to include the '--with-ldap' option. $ ./configure --with-ldap @@ -48,7 +48,7 @@ to specify them at configure time. E.g. Sudo is developed using OpenLDAP but Netscape-based LDAP libraries (such as those present in Solaris) are also known to work. -Your Mileage may vary. Please let the sudo workers mailing list +Your mileage may vary. Please let the sudo workers mailing list know if special configuration was required to build an LDAP-enabled sudo so we can improve sudo. diff --git a/aclocal.m4 b/aclocal.m4 index 1a6d990..d8b55c0 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -349,7 +349,12 @@ dnl append a libpath to an LDFLAGS style variable dnl AC_DEFUN(SUDO_APPEND_LIBPATH, [ if test X"$with_rpath" = X"yes"; then - $1="${$1} -L$2 -R$2" + case "$host" in + *-*-hpux*) $1="${$1} -L$2 -Wl,+b,$2" + ;; + *) $1="${$1} -L$2 -Wl,-R$2" + ;; + esac else $1="${$1} -L$2" fi diff --git a/alias.c b/alias.c index e389c71..0478e5a 100644 --- a/alias.c +++ b/alias.c @@ -121,8 +121,8 @@ alias_add(name, type, members) a->seqno = 0; list2tq(&a->members, members); if (rbinsert(aliases, a)) { - alias_free(a); snprintf(errbuf, sizeof(errbuf), "Alias `%s' already defined", name); + alias_free(a); return(errbuf); } return(NULL); diff --git a/auth/pam.c b/auth/pam.c index f4269b8..f9fa26d 100644 --- a/auth/pam.c +++ b/auth/pam.c @@ -66,7 +66,8 @@ #include "sudo_auth.h" /* Only OpenPAM and Linux PAM use const qualifiers. */ -#if defined(_OPENPAM) || defined(__LIBPAM_VERSION) || defined(__LINUX_PAM__) +#if defined(_OPENPAM) || defined(OPENPAM_VERSION) || \ + defined(__LIBPAM_VERSION) || defined(__LINUX_PAM__) # define PAM_CONST const #else # define PAM_CONST diff --git a/configure b/configure index 95f96c4..fefb328 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for sudo 1.7.2p6. +# Generated by GNU Autoconf 2.61 for sudo 1.7.2p7. # # Report bugs to . # @@ -724,8 +724,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.2p6' -PACKAGE_STRING='sudo 1.7.2p6' +PACKAGE_VERSION='1.7.2p7' +PACKAGE_STRING='sudo 1.7.2p7' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' # Factoring default headers for most tests. @@ -870,11 +870,11 @@ ldap_secret nsswitch_conf netsvc_conf secure_path -EGREPPROG CC ac_ct_CC EXEEXT OBJEXT +EGREPPROG CPP build build_cpu @@ -1417,7 +1417,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.2p6 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.2p7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.2p6:";; + short | recursive ) echo "Configuration of sudo 1.7.2p7:";; esac cat <<\_ACEOF @@ -1684,7 +1684,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.2p6 +sudo configure 1.7.2p7 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1698,7 +1698,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.2p6, which was +It was created by sudo $as_me 1.7.2p7, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2122,6 +2122,7 @@ echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} + timeout=5 @@ -3803,359 +3804,160 @@ echo "${ECHO_T}no" >&6; } fi - -# Check whether --with-libvas was given. -if test "${with_libvas+set}" = set; then - withval=$with_libvas; case $with_libvas in - yes) with_libvas=libvas.so - ;; - no) ;; - *) -cat >>confdefs.h <<_ACEOF -#define LIBVAS_SO "$with_with_libvas" -_ACEOF - - ;; -esac -if test X"$with_libvas" != X"no"; then - -cat >>confdefs.h <<_ACEOF -#define LIBVAS_SO "$with_libvas" -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define USING_NONUNIX_GROUPS 1 -_ACEOF - - NONUNIX_GROUPS_IMPL="vasgroups.o" - -# Check whether --with-libvas-rpath was given. -if test "${with_libvas_rpath+set}" = set; then - withval=$with_libvas_rpath; LIBVAS_RPATH=$withval +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - LIBVAS_RPATH=/opt/quest/lib -fi + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS fi - fi - - - -{ echo "$as_me:$LINENO: checking whether to do user authentication by default" >&5 -echo $ECHO_N "checking whether to do user authentication by default... $ECHO_C" >&6; } -# Check whether --enable-authentication was given. -if test "${enable_authentication+set}" = set; then - enableval=$enable_authentication; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - cat >>confdefs.h <<\_ACEOF -#define NO_AUTHENTICATION 1 -_ACEOF - - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;} - ;; - esac - +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } fi -{ echo "$as_me:$LINENO: checking whether to disable running the mailer as root" >&5 -echo $ECHO_N "checking whether to disable running the mailer as root... $ECHO_C" >&6; } -# Check whether --enable-root-mailer was given. -if test "${enable_root_mailer+set}" = set; then - enableval=$enable_root_mailer; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define NO_ROOT_MAILER 1 -_ACEOF - - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} - ;; - esac +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi - -# Check whether --enable-setreuid was given. -if test "${enable_setreuid+set}" = set; then - enableval=$enable_setreuid; case "$enableval" in - no) SKIP_SETREUID=yes - ;; - *) ;; - esac - + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" fi - -# Check whether --enable-setresuid was given. -if test "${enable_setresuid+set}" = set; then - enableval=$enable_setresuid; case "$enableval" in - no) SKIP_SETRESUID=yes - ;; - *) ;; - esac +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS fi - - -{ echo "$as_me:$LINENO: checking whether to disable shadow password support" >&5 -echo $ECHO_N "checking whether to disable shadow password support... $ECHO_C" >&6; } -# Check whether --enable-shadow was given. -if test "${enable_shadow+set}" = set; then - enableval=$enable_shadow; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CHECKSHADOW="false" - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;} - ;; - esac - +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi -{ echo "$as_me:$LINENO: checking whether root should be allowed to use sudo" >&5 -echo $ECHO_N "checking whether root should be allowed to use sudo... $ECHO_C" >&6; } -# Check whether --enable-root-sudo was given. -if test "${enable_root_sudo+set}" = set; then - enableval=$enable_root_sudo; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - ;; - no) cat >>confdefs.h <<\_ACEOF -#define NO_ROOT_SUDO 1 -_ACEOF - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - root_sudo=off - ;; - *) { { echo "$as_me:$LINENO: error: \"--enable-root-sudo does not take an argument.\"" >&5 -echo "$as_me: error: \"--enable-root-sudo does not take an argument.\"" >&2;} - { (exit 1); exit 1; }; } - ;; - esac - -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to log the hostname in the log file" >&5 -echo $ECHO_N "checking whether to log the hostname in the log file... $ECHO_C" >&6; } -# Check whether --enable-log-host was given. -if test "${enable_log_host+set}" = set; then - enableval=$enable_log_host; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define HOST_IN_LOG 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to invoke a shell if sudo is given no arguments" >&5 -echo $ECHO_N "checking whether to invoke a shell if sudo is given no arguments... $ECHO_C" >&6; } -# Check whether --enable-noargs-shell was given. -if test "${enable_noargs_shell+set}" = set; then - enableval=$enable_noargs_shell; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define SHELL_IF_NO_ARGS 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to set \$HOME to target user in shell mode" >&5 -echo $ECHO_N "checking whether to set \$HOME to target user in shell mode... $ECHO_C" >&6; } -# Check whether --enable-shell-sets-home was given. -if test "${enable_shell_sets_home+set}" = set; then - enableval=$enable_shell_sets_home; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define SHELL_SETS_HOME 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to disable 'command not found' messages" >&5 -echo $ECHO_N "checking whether to disable 'command not found' messages... $ECHO_C" >&6; } -# Check whether --enable-path_info was given. -if test "${enable_path_info+set}" = set; then - enableval=$enable_path_info; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define DONT_LEAK_PATH_INFO 1 -_ACEOF - - path_info=off - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to enable environment debugging" >&5 -echo $ECHO_N "checking whether to enable environment debugging... $ECHO_C" >&6; } -# Check whether --enable-env_debug was given. -if test "${enable_env_debug+set}" = set; then - enableval=$enable_env_debug; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define ENV_DEBUG 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - -# Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then - withval=$with_selinux; case $with_selinux in - yes) SELINUX_USAGE="[-r role] [-t type] " - cat >>confdefs.h <<\_ACEOF -#define HAVE_SELINUX 1 -_ACEOF - - SUDO_LIBS="${SUDO_LIBS} -lselinux" - SUDO_OBJS="${SUDO_OBJS} selinux.o" - PROGS="${PROGS} sesh" - SELINUX="" - SEMAN="" - ;; - no) ;; - *) { { echo "$as_me:$LINENO: error: \"--with-selinux does not take an argument.\"" >&5 -echo "$as_me: error: \"--with-selinux does not take an argument.\"" >&2;} - { (exit 1); exit 1; }; } - ;; -esac -fi - - -# Check whether --enable-gss_krb5_ccache_name was given. -if test "${enable_gss_krb5_ccache_name+set}" = set; then - enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval -else - check_gss_krb5_ccache_name=no + fi fi - - -# Extract the first word of "egrep", so it can be a program name with args. -set dummy egrep; ac_word=$2 +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_EGREPPROG+set}" = set; then +if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else - if test -n "$EGREPPROG"; then - ac_cv_prog_EGREPPROG="$EGREPPROG" # Let the user override the test. + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. else + ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4163,7 +3965,11 @@ do test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_EGREPPROG="egrep" + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -4171,36 +3977,37 @@ done done IFS=$as_save_IFS +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi fi fi -EGREPPROG=$ac_cv_prog_EGREPPROG -if test -n "$EGREPPROG"; then - { echo "$as_me:$LINENO: result: $EGREPPROG" >&5 -echo "${ECHO_T}$EGREPPROG" >&6; } +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi -if test -z "$EGREPPROG"; then - { { echo "$as_me:$LINENO: error: Sorry, configure requires egrep to run." >&5 -echo "$as_me: error: Sorry, configure requires egrep to run." >&2;} - { (exit 1); exit 1; }; } -fi - -if test "$with_devel" != "yes"; then - ac_cv_prog_cc_g=no fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CC+set}" = set; then @@ -4216,7 +4023,7 @@ do test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -4236,11 +4043,15 @@ echo "${ECHO_T}no" >&6; } fi + test -n "$CC" && break + done fi -if test -z "$ac_cv_prog_CC"; then +if test -z "$CC"; then ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then @@ -4256,207 +4067,7 @@ do test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_CC="gcc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 -echo "${ECHO_T}$ac_ct_CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -else - CC="$ac_cv_prog_CC" -fi - -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - fi -fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - ac_prog_rejected=no -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi -fi -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$CC" && break - done -fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_CC="$ac_prog" + ac_cv_prog_ac_ct_CC="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -4971,147 +4582,602 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag -fi -{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 -echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 +echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } +if test "${ac_cv_prog_cc_c89+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_c89=$ac_arg +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6; } ;; + xno) + { echo "$as_me:$LINENO: result: unsupported" >&5 +echo "${ECHO_T}unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; +esac + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +# Check whether --with-libvas was given. +if test "${with_libvas+set}" = set; then + withval=$with_libvas; case $with_libvas in + yes) with_libvas=libvas.so + ;; + no) ;; + *) +cat >>confdefs.h <<_ACEOF +#define LIBVAS_SO "$with_libvas" +_ACEOF + + ;; +esac +if test X"$with_libvas" != X"no"; then + +cat >>confdefs.h <<_ACEOF +#define LIBVAS_SO "$with_libvas" +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define USING_NONUNIX_GROUPS 1 +_ACEOF + + NONUNIX_GROUPS_IMPL="vasgroups.o" + +# Check whether --with-libvas-rpath was given. +if test "${with_libvas_rpath+set}" = set; then + withval=$with_libvas_rpath; LIBVAS_RPATH=$withval +else + LIBVAS_RPATH=/opt/quest/lib +fi + + +{ echo "$as_me:$LINENO: checking for main in -ldl" >&5 +echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6; } +if test "${ac_cv_lib_dl_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_dl_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_dl_main=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_main" >&5 +echo "${ECHO_T}$ac_cv_lib_dl_main" >&6; } +if test $ac_cv_lib_dl_main = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDL 1 +_ACEOF + + LIBS="-ldl $LIBS" + +fi + +fi + +fi + + + +{ echo "$as_me:$LINENO: checking whether to do user authentication by default" >&5 +echo $ECHO_N "checking whether to do user authentication by default... $ECHO_C" >&6; } +# Check whether --enable-authentication was given. +if test "${enable_authentication+set}" = set; then + enableval=$enable_authentication; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + cat >>confdefs.h <<\_ACEOF +#define NO_AUTHENTICATION 1 +_ACEOF + + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to disable running the mailer as root" >&5 +echo $ECHO_N "checking whether to disable running the mailer as root... $ECHO_C" >&6; } +# Check whether --enable-root-mailer was given. +if test "${enable_root_mailer+set}" = set; then + enableval=$enable_root_mailer; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define NO_ROOT_MAILER 1 +_ACEOF + + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +# Check whether --enable-setreuid was given. +if test "${enable_setreuid+set}" = set; then + enableval=$enable_setreuid; case "$enableval" in + no) SKIP_SETREUID=yes + ;; + *) ;; + esac + +fi + + +# Check whether --enable-setresuid was given. +if test "${enable_setresuid+set}" = set; then + enableval=$enable_setresuid; case "$enableval" in + no) SKIP_SETRESUID=yes + ;; + *) ;; + esac + +fi + + +{ echo "$as_me:$LINENO: checking whether to disable shadow password support" >&5 +echo $ECHO_N "checking whether to disable shadow password support... $ECHO_C" >&6; } +# Check whether --enable-shadow was given. +if test "${enable_shadow+set}" = set; then + enableval=$enable_shadow; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + CHECKSHADOW="false" + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether root should be allowed to use sudo" >&5 +echo $ECHO_N "checking whether root should be allowed to use sudo... $ECHO_C" >&6; } +# Check whether --enable-root-sudo was given. +if test "${enable_root_sudo+set}" = set; then + enableval=$enable_root_sudo; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + ;; + no) cat >>confdefs.h <<\_ACEOF +#define NO_ROOT_SUDO 1 +_ACEOF + + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + root_sudo=off + ;; + *) { { echo "$as_me:$LINENO: error: \"--enable-root-sudo does not take an argument.\"" >&5 +echo "$as_me: error: \"--enable-root-sudo does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + esac + +else + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to log the hostname in the log file" >&5 +echo $ECHO_N "checking whether to log the hostname in the log file... $ECHO_C" >&6; } +# Check whether --enable-log-host was given. +if test "${enable_log_host+set}" = set; then + enableval=$enable_log_host; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define HOST_IN_LOG 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to invoke a shell if sudo is given no arguments" >&5 +echo $ECHO_N "checking whether to invoke a shell if sudo is given no arguments... $ECHO_C" >&6; } +# Check whether --enable-noargs-shell was given. +if test "${enable_noargs_shell+set}" = set; then + enableval=$enable_noargs_shell; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define SHELL_IF_NO_ARGS 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to set \$HOME to target user in shell mode" >&5 +echo $ECHO_N "checking whether to set \$HOME to target user in shell mode... $ECHO_C" >&6; } +# Check whether --enable-shell-sets-home was given. +if test "${enable_shell_sets_home+set}" = set; then + enableval=$enable_shell_sets_home; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define SHELL_SETS_HOME 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to disable 'command not found' messages" >&5 +echo $ECHO_N "checking whether to disable 'command not found' messages... $ECHO_C" >&6; } +# Check whether --enable-path_info was given. +if test "${enable_path_info+set}" = set; then + enableval=$enable_path_info; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define DONT_LEAK_PATH_INFO 1 +_ACEOF + + path_info=off + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to enable environment debugging" >&5 +echo $ECHO_N "checking whether to enable environment debugging... $ECHO_C" >&6; } +# Check whether --enable-env_debug was given. +if test "${enable_env_debug+set}" = set; then + enableval=$enable_env_debug; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define ENV_DEBUG 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;} + ;; + esac + else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } fi -{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 -echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } -if test "${ac_cv_prog_cc_c89+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include -#include -#include -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} +# Check whether --with-selinux was given. +if test "${with_selinux+set}" = set; then + withval=$with_selinux; case $with_selinux in + yes) SELINUX_USAGE="[-r role] [-t type] " + cat >>confdefs.h <<\_ACEOF +#define HAVE_SELINUX 1 _ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; + + SUDO_LIBS="${SUDO_LIBS} -lselinux" + SUDO_OBJS="${SUDO_OBJS} selinux.o" + PROGS="${PROGS} sesh" + SELINUX="" + SEMAN="" + ;; + no) ;; + *) { { echo "$as_me:$LINENO: error: \"--with-selinux does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-selinux does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_prog_cc_c89=$ac_arg -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +fi +# Check whether --enable-gss_krb5_ccache_name was given. +if test "${enable_gss_krb5_ccache_name+set}" = set; then + enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval +else + check_gss_krb5_ccache_name=no fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break + +# Extract the first word of "egrep", so it can be a program name with args. +set dummy egrep; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_EGREPPROG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$EGREPPROG"; then + ac_cv_prog_EGREPPROG="$EGREPPROG" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_EGREPPROG="egrep" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi done -rm -f conftest.$ac_ext -CC=$ac_save_CC +done +IFS=$as_save_IFS fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { echo "$as_me:$LINENO: result: none needed" >&5 -echo "${ECHO_T}none needed" >&6; } ;; - xno) - { echo "$as_me:$LINENO: result: unsupported" >&5 -echo "${ECHO_T}unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 -echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; -esac +fi +EGREPPROG=$ac_cv_prog_EGREPPROG +if test -n "$EGREPPROG"; then + { echo "$as_me:$LINENO: result: $EGREPPROG" >&5 +echo "${ECHO_T}$EGREPPROG" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -z "$EGREPPROG"; then + { { echo "$as_me:$LINENO: error: Sorry, configure requires egrep to run." >&5 +echo "$as_me: error: Sorry, configure requires egrep to run." >&2;} + { (exit 1); exit 1; }; } +fi +if test "$with_devel" != "yes"; then + ac_cv_prog_cc_g=no +fi { echo "$as_me:$LINENO: checking for library containing strerror" >&5 echo $ECHO_N "checking for library containing strerror... $ECHO_C" >&6; } @@ -6268,7 +6334,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6271 "configure"' > conftest.$ac_ext + echo '#line 6337 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8132,11 +8198,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8135: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8201: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8139: \$? = $ac_status" >&5 + echo "$as_me:8205: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8422,11 +8488,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8425: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8491: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8429: \$? = $ac_status" >&5 + echo "$as_me:8495: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8526,11 +8592,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8529: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8595: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8533: \$? = $ac_status" >&5 + echo "$as_me:8599: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10886,7 +10952,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5 + case "$LIBS" in + *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam" + ;; + *) { echo "$as_me:$LINENO: checking for main in -ldl" >&5 echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6; } if test "${ac_cv_lib_dl_main+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -19903,7 +19977,9 @@ else SUDO_LIBS="${SUDO_LIBS} -lpam" fi - ac_cv_lib_dl=ac_cv_lib_dl_main + ac_cv_lib_dl=ac_cv_lib_dl_main + ;; + esac @@ -20478,7 +20554,12 @@ if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -R${with_fwtk}" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,+b,${with_fwtk}" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,-R${with_fwtk}" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" fi @@ -20505,7 +20586,12 @@ if test ${with_SecurID-'no'} != "no"; then _LDFLAGS="${LDFLAGS}" if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_SecurID} -R${with_SecurID}" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_SecurID}" fi @@ -20588,7 +20674,12 @@ if test $ac_cv_lib_aceclnt_SD_Init_______lpthread_______ = yes; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -R${with_SecurID}" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID}" fi @@ -20660,7 +20751,12 @@ rm -f conftest.err conftest.$ac_ext else if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -R${with_kerb4}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib" fi @@ -20670,7 +20766,12 @@ rm -f conftest.err conftest.$ac_ext if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -R${with_kerb4}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib" fi @@ -21352,7 +21453,12 @@ echo "$as_me: WARNING: Unable to locate Kerberos V include files, you will have else if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -R${with_kerb5}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,+b,${with_kerb5}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,-R${with_kerb5}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib" fi @@ -21800,7 +21906,12 @@ if test ${with_AFS-'no'} = "yes"; then if test -d ${i}; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -R$i" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,+b,$i" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,-R$i" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i" fi @@ -21859,7 +21970,12 @@ if test ${with_skey-'no'} = "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_skey}/lib -R${with_skey}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_skey}/lib" fi @@ -21869,7 +21985,12 @@ if test ${with_skey-'no'} = "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -R${with_skey}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib" fi @@ -21944,7 +22065,12 @@ rm -f conftest.err conftest.$ac_ext else if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${dir}/lib" fi @@ -21954,7 +22080,12 @@ rm -f conftest.err conftest.$ac_ext if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib" fi @@ -22109,7 +22240,12 @@ if test ${with_opie-'no'} = "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_opie}/lib -R${with_opie}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_opie}/lib" fi @@ -22119,7 +22255,12 @@ if test ${with_opie-'no'} = "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -R${with_opie}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib" fi @@ -22194,7 +22335,12 @@ rm -f conftest.err conftest.$ac_ext else if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${dir}/lib" fi @@ -22204,7 +22350,12 @@ rm -f conftest.err conftest.$ac_ext if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib" fi @@ -22864,7 +23015,12 @@ if test ${with_ldap-'no'} != "no"; then if test "$with_ldap" != "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -R${with_ldap}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib" fi @@ -22874,7 +23030,12 @@ if test ${with_ldap-'no'} != "no"; then if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -R${with_ldap}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_ldap}/lib" fi @@ -24011,7 +24172,12 @@ if test X"$LIBVAS_RPATH" != X""; then if test -n "$blibpath"; then blibpath_add="${blibpath_add}:$LIBVAS_RPATH" else - LDFLAGS="$LDFLAGS -R$LIBVAS_RPATH" + case "$host" in + *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" + ;; + *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" + ;; + esac fi fi @@ -24559,7 +24725,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.2p6, which was +This file was extended by sudo $as_me 1.7.2p7, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24608,7 +24774,7 @@ Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.7.2p6 +sudo config.status 1.7.2p7 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" @@ -24931,11 +25097,11 @@ ldap_secret!$ldap_secret$ac_delim nsswitch_conf!$nsswitch_conf$ac_delim netsvc_conf!$netsvc_conf$ac_delim secure_path!$secure_path$ac_delim -EGREPPROG!$EGREPPROG$ac_delim CC!$CC$ac_delim ac_ct_CC!$ac_ct_CC$ac_delim EXEEXT!$EXEEXT$ac_delim OBJEXT!$OBJEXT$ac_delim +EGREPPROG!$EGREPPROG$ac_delim CPP!$CPP$ac_delim build!$build$ac_delim build_cpu!$build_cpu$ac_delim @@ -25591,6 +25757,8 @@ fi + + diff --git a/configure.in b/configure.in index 0c08180..2790530 100644 --- a/configure.in +++ b/configure.in @@ -3,7 +3,7 @@ dnl Process this file with GNU autoconf to produce a configure script. dnl dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller dnl -AC_INIT([sudo], [1.7.2p6], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.2p7], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -13,6 +13,7 @@ dnl dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST(HAVE_BSM_AUDIT) +AC_SUBST(SHELL) AC_SUBST(LIBTOOL) AC_SUBST(CFLAGS) AC_SUBST(PROGS) @@ -1044,7 +1045,7 @@ AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas sh yes) with_libvas=libvas.so ;; no) ;; - *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_with_libvas"], [The name of libvas.so]) + *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) ;; esac if test X"$with_libvas" != X"no"; then @@ -1056,6 +1057,10 @@ if test X"$with_libvas" != X"no"; then [Path to look for libvas in [default=/opt/quest/lib]])], [LIBVAS_RPATH=$withval], [LIBVAS_RPATH=/opt/quest/lib]) + dnl + dnl Some platforms require libdl for dlopen() + dnl + AC_CHECK_LIB([dl], [main]) fi ]) @@ -1976,10 +1981,15 @@ dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then dnl - dnl Linux may need this + dnl Some platforms need libdl for dlopen dnl - AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) - ac_cv_lib_dl=ac_cv_lib_dl_main + case "$LIBS" in + *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam" + ;; + *) AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) + ac_cv_lib_dl=ac_cv_lib_dl_main + ;; + esac dnl dnl Some PAM implementations (MacOS X for example) put the PAM headers @@ -2524,7 +2534,12 @@ if test X"$LIBVAS_RPATH" != X""; then if test -n "$blibpath"; then blibpath_add="${blibpath_add}:$LIBVAS_RPATH" else - LDFLAGS="$LDFLAGS -R$LIBVAS_RPATH" + case "$host" in + *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" + ;; + *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" + ;; + esac fi fi @@ -2636,6 +2651,7 @@ AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "clas AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) +AH_TEMPLATE(ENV_DEBUG, [Whether to enable environment debugging.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) diff --git a/env.c b/env.c index 88e6553..f6dd8f4 100644 --- a/env.c +++ b/env.c @@ -317,7 +317,7 @@ int unsetenv(var) const char *var; { - char **ep; + char **ep = env.envp; size_t len; if (strchr(var, '=') != NULL) { @@ -355,13 +355,15 @@ unsetenv(var) } len = strlen(var); - for (ep = env.envp; *ep; ep++) { + while (*ep != NULL) { if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { /* Found it; shift remainder + NULL over by one and update len. */ memmove(ep, ep + 1, (env.env_len - (ep - env.envp)) * sizeof(char *)); env.env_len--; - break; + /* Keep going, could be multiple instances of the var. */ + } else { + ep++; } } #ifndef UNSETENV_VOID @@ -429,6 +431,7 @@ sudo_putenv(str, dupcheck, overwrite) { char **ep; size_t len; + int found = FALSE; /* Make sure there is room for the new entry plus a NULL. */ if (env.env_len + 2 > env.env_size) { @@ -447,20 +450,34 @@ sudo_putenv(str, dupcheck, overwrite) #endif if (dupcheck) { - len = (strchr(str, '=') - str) + 1; - for (ep = env.envp; *ep; ep++) { + len = (strchr(str, '=') - str) + 1; + for (ep = env.envp; !found && *ep != NULL; ep++) { + if (strncmp(str, *ep, len) == 0) { + if (overwrite) + *ep = str; + found = TRUE; + } + } + /* Prune out duplicate variables. */ + if (found && overwrite) { + while (*ep != NULL) { if (strncmp(str, *ep, len) == 0) { - if (overwrite) - *ep = str; - return; + memmove(ep, ep + 1, + (env.env_len - (ep - env.envp)) * sizeof(char *)); + env.env_len--; + } else { + ep++; } } - } else - ep = env.envp + env.env_len; + } + } - env.env_len++; - *ep++ = str; - *ep = NULL; + if (!found) { + ep = env.envp + env.env_len; + env.env_len++; + *ep++ = str; + *ep = NULL; + } } /* diff --git a/sudo.cat b/sudo.cat index 688e09c..23542cc 100644 --- a/sudo.cat +++ b/sudo.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.2p6 March 3, 2010 1 +1.7.2p7 June 1, 2010 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.7.2p6 March 3, 2010 2 +1.7.2p7 June 1, 2010 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.2p6 March 3, 2010 3 +1.7.2p7 June 1, 2010 3 @@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.2p6 March 3, 2010 4 +1.7.2p7 June 1, 2010 4 @@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.2p6 March 3, 2010 5 +1.7.2p7 June 1, 2010 5 @@ -391,7 +391,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.7.2p6 March 3, 2010 6 +1.7.2p7 June 1, 2010 6 @@ -457,7 +457,7 @@ EENNVVIIRROONNMMEENNTT -1.7.2p6 March 3, 2010 7 +1.7.2p7 June 1, 2010 7 @@ -523,7 +523,7 @@ EEXXAAMMPPLLEESS -1.7.2p6 March 3, 2010 8 +1.7.2p7 June 1, 2010 8 @@ -589,7 +589,7 @@ CCAAVVEEAATTSS -1.7.2p6 March 3, 2010 9 +1.7.2p7 June 1, 2010 9 @@ -655,6 +655,6 @@ DDIISSCCLLAAIIMMEERR -1.7.2p6 March 3, 2010 10 +1.7.2p7 June 1, 2010 10 diff --git a/sudo.man.in b/sudo.man.in index b4a53ce..6c01307 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -144,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "June 1, 2010" "1.7.2p7" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/sudoers.cat b/sudoers.cat index 97ad5ad..161e226 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.2p6 April 7, 2010 1 +1.7.2p7 June 1, 2010 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 2 +1.7.2p7 June 1, 2010 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 3 +1.7.2p7 June 1, 2010 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 4 +1.7.2p7 June 1, 2010 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 5 +1.7.2p7 June 1, 2010 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 6 +1.7.2p7 June 1, 2010 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 7 +1.7.2p7 June 1, 2010 7 @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 8 +1.7.2p7 June 1, 2010 8 @@ -589,7 +589,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.7.2p6 April 7, 2010 9 +1.7.2p7 June 1, 2010 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 10 +1.7.2p7 June 1, 2010 10 @@ -717,11 +717,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) passprompt_override The password prompt specified by _p_a_s_s_p_r_o_m_p_t will - normally only be used if the passwod prompt provided by + normally only be used if the password prompt provided by -1.7.2p6 April 7, 2010 11 +1.7.2p7 June 1, 2010 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 12 +1.7.2p7 June 1, 2010 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 13 +1.7.2p7 June 1, 2010 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 14 +1.7.2p7 June 1, 2010 14 @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 15 +1.7.2p7 June 1, 2010 15 @@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 16 +1.7.2p7 June 1, 2010 16 @@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 17 +1.7.2p7 June 1, 2010 17 @@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 18 +1.7.2p7 June 1, 2010 18 @@ -1249,7 +1249,7 @@ EEXXAAMMPPLLEESS -1.7.2p6 April 7, 2010 19 +1.7.2p7 June 1, 2010 19 @@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 20 +1.7.2p7 June 1, 2010 20 @@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 21 +1.7.2p7 June 1, 2010 21 @@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p6 April 7, 2010 22 +1.7.2p7 June 1, 2010 22 @@ -1513,7 +1513,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.7.2p6 April 7, 2010 23 +1.7.2p7 June 1, 2010 23 @@ -1579,7 +1579,7 @@ CCAAVVEEAATTSS -1.7.2p6 April 7, 2010 24 +1.7.2p7 June 1, 2010 24 @@ -1645,6 +1645,6 @@ DDIISSCCLLAAIIMMEERR -1.7.2p6 April 7, 2010 25 +1.7.2p7 June 1, 2010 25 diff --git a/sudoers.ldap.cat b/sudoers.ldap.cat index 38f21ef..0fbab1e 100644 --- a/sudoers.ldap.cat +++ b/sudoers.ldap.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.2p6 March 3, 2010 1 +1.7.2p7 June 1, 2010 1 @@ -127,7 +127,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p6 March 3, 2010 2 +1.7.2p7 June 1, 2010 2 @@ -193,7 +193,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p6 March 3, 2010 3 +1.7.2p7 June 1, 2010 3 @@ -259,7 +259,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p6 March 3, 2010 4 +1.7.2p7 June 1, 2010 4 @@ -325,7 +325,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p6 March 3, 2010 5 +1.7.2p7 June 1, 2010 5 @@ -391,7 +391,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p6 March 3, 2010 6 +1.7.2p7 June 1, 2010 6 @@ -457,7 +457,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p6 March 3, 2010 7 +1.7.2p7 June 1, 2010 7 @@ -523,7 +523,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p6 March 3, 2010 8 +1.7.2p7 June 1, 2010 8 @@ -589,7 +589,7 @@ EEXXAAMMPPLLEESS -1.7.2p6 March 3, 2010 9 +1.7.2p7 June 1, 2010 9 @@ -655,7 +655,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p6 March 3, 2010 10 +1.7.2p7 June 1, 2010 10 @@ -721,7 +721,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p6 March 3, 2010 11 +1.7.2p7 June 1, 2010 11 @@ -787,6 +787,6 @@ DDIISSCCLLAAIIMMEERR -1.7.2p6 March 3, 2010 12 +1.7.2p7 June 1, 2010 12 diff --git a/sudoers.ldap.man.in b/sudoers.ldap.man.in index 828b4cb..c608554 100644 --- a/sudoers.ldap.man.in +++ b/sudoers.ldap.man.in @@ -140,7 +140,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "June 1, 2010" "1.7.2p7" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/sudoers.man.in b/sudoers.man.in index d892ed3..7cfcc1d 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -144,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "April 7, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "June 1, 2010" "1.7.2p7" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -824,7 +824,7 @@ by default. .IP "passprompt_override" 16 .IX Item "passprompt_override" The password prompt specified by \fIpassprompt\fR will normally only -be used if the passwod prompt provided by systems such as \s-1PAM\s0 matches +be used if the password prompt provided by systems such as \s-1PAM\s0 matches the string \*(L"Password:\*(R". If \fIpassprompt_override\fR is set, \fIpassprompt\fR will always be used. This flag is \fIoff\fR by default. .IP "preserve_groups" 16 diff --git a/sudoers.pod b/sudoers.pod index 5dda705..4cf77aa 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -711,7 +711,7 @@ by default. =item passprompt_override The password prompt specified by I will normally only -be used if the passwod prompt provided by systems such as PAM matches +be used if the password prompt provided by systems such as PAM matches the string "Password:". If I is set, I will always be used. This flag is I by default. diff --git a/vasgroups.c b/vasgroups.c index 33a333d..906a669 100644 --- a/vasgroups.c +++ b/vasgroups.c @@ -43,8 +43,8 @@ #include "compat.h" #include "logging.h" #include "nonunix.h" -#include "parse.h" #include "sudo.h" +#include "parse.h" /* Pseudo-boolean types */ @@ -153,8 +153,8 @@ sudo_nonunix_groupcheck( const char* group, const char* user, const struct passw FINISHED: /* cleanups */ - if (vaserr != VAS_ERR_SUCCESS) { - int error_flags = NO_MAIL | MSG_ONLY | (uses_inversion ? 0 : NO_EXIT); + if (vaserr != VAS_ERR_SUCCESS && vaserr != VAS_ERR_NOT_FOUND ) { + int error_flags = NO_MAIL | MSG_ONLY | NO_EXIT; log_error(error_flags, "Error while checking group membership " "for user \"%s\", group \"%s\", error: %s%s.", user, group, diff --git a/visudo.c b/visudo.c index ae2028a..c6a0838 100644 --- a/visudo.c +++ b/visudo.c @@ -111,7 +111,8 @@ static int install_sudoers __P((struct sudoersfile *, int)); static int print_unused __P((void *, void *)); static int reparse_sudoers __P((char *, char *, int, int)); static int run_command __P((char *, char **)); -static void print_undefined __P((char *name, int, int, int)); +static void print_selfref __P((char *, int, int, int)); +static void print_undefined __P((char *, int, int, int)); static void setup_signals __P((void)); static void usage __P((void)) __attribute__((__noreturn__)); @@ -427,14 +428,17 @@ reparse_sudoers(editor, args, strict, quiet) /* Parse the sudoers temp file */ yyrestart(fp); - if (yyparse() && parse_error != TRUE) { + if (yyparse() && !parse_error) { warningx("unabled to parse temporary file (%s), unknown error", sp->tpath); parse_error = TRUE; + errorfile = sp->path; } fclose(yyin); - if (check_aliases(strict, quiet) != 0) + if (!parse_error && check_aliases(strict, quiet) != 0) { parse_error = TRUE; + errorfile = sp->path; + } /* * Got an error, prompt the user for what to do now @@ -698,22 +702,27 @@ check_syntax(sudoers_path, quiet, strict) exit(1); } init_parser(sudoers_path, quiet); - if (yyparse() && parse_error != TRUE) { + if (yyparse() && !parse_error) { if (!quiet) warningx("failed to parse %s file, unknown error", sudoers_path); parse_error = TRUE; + errorfile = sudoers_path; } - if (!parse_error) { - if (check_aliases(strict, quiet) != 0) - parse_error = TRUE; + if (!parse_error && check_aliases(strict, quiet) != 0) { + parse_error = TRUE; + errorfile = sudoers_path; } error = parse_error; if (!quiet) { - if (parse_error) - (void) printf("parse error in %s near line %d\n", errorfile, - errorlineno); - else + if (parse_error) { + if (errorlineno != -1) + (void) printf("parse error in %s near line %d\n", errorfile, + errorlineno); + else + (void) printf("parse error in %s\n", errorfile); + } else { (void) printf("%s: parsed OK\n", sudoers_path); + } } /* Check mode and owner in strict mode. */ #ifdef HAVE_FSTAT @@ -945,18 +954,27 @@ get_hostname() } } -static void -alias_remove_recursive(name, type) +static int +alias_remove_recursive(name, type, strict, quiet) char *name; int type; + int strict; + int quiet; { struct member *m; struct alias *a; + int error = 0; if ((a = alias_find(name, type)) != NULL) { tq_foreach_fwd(&a->members, m) { if (m->type == ALIAS) { - alias_remove_recursive(m->name, type); + if (strcmp(name, m->name) == 0) { + print_selfref(m->name, type, strict, quiet); + error = 1; + } else { + if (!alias_remove_recursive(m->name, type, strict, quiet)) + error = 1; + } } } } @@ -964,6 +982,7 @@ alias_remove_recursive(name, type) a = alias_remove(name, type); if (a) rbinsert(alias_freelist, a); + return(error); } /* @@ -1030,21 +1049,28 @@ check_aliases(strict, quiet) tq_foreach_fwd(&userspecs, us) { tq_foreach_fwd(&us->users, m) { if (m->type == ALIAS) { - (void) alias_remove_recursive(m->name, USERALIAS); + if (!alias_remove_recursive(m->name, USERALIAS, strict, quiet)) + error++; } } tq_foreach_fwd(&us->privileges, priv) { tq_foreach_fwd(&priv->hostlist, m) { if (m->type == ALIAS) - (void) alias_remove_recursive(m->name, HOSTALIAS); + if (!alias_remove_recursive(m->name, HOSTALIAS, strict, + quiet)) + error++; } tq_foreach_fwd(&priv->cmndlist, cs) { tq_foreach_fwd(&cs->runasuserlist, m) { if (m->type == ALIAS) - (void) alias_remove_recursive(m->name, RUNASALIAS); + if (!alias_remove_recursive(m->name, RUNASALIAS, + strict, quiet)) + error++; } if ((m = cs->cmnd)->type == ALIAS) - (void) alias_remove_recursive(m->name, CMNDALIAS); + if (!alias_remove_recursive(m->name, CMNDALIAS, strict, + quiet)) + error++; } } } @@ -1068,19 +1094,18 @@ check_aliases(strict, quiet) tq_foreach_fwd(&d->binding, binding) { for (m = binding; m != NULL; m = m->next) { if (m->type == ALIAS) - (void) alias_remove_recursive(m->name, atype); + if (!alias_remove_recursive(m->name, atype, strict, quiet)) + error++; } } } rbdestroy(alias_freelist, alias_free); /* If all aliases were referenced we will have an empty tree. */ - if (no_aliases()) - return(0); - if (!quiet) { + if (!no_aliases() && !quiet) alias_apply(print_unused, strict ? "Error" : "Warning"); - } - return (strict ? 1 : 0); + + return (strict ? error : 0); } static void @@ -1099,6 +1124,22 @@ print_undefined(name, type, strict, quiet) } } +static void +print_selfref(name, type, strict, quiet) + char *name; + int type; + int strict; + int quiet; +{ + if (!quiet) { + warningx("%s: %s_Alias `%s' references self", + strict ? "Error" : "Warning", + type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" : + type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" : + "Unknown", name); + } +} + static int print_unused(v1, v2) void *v1; diff --git a/visudo.cat b/visudo.cat index d46fb54..b6f6394 100644 --- a/visudo.cat +++ b/visudo.cat @@ -61,7 +61,7 @@ OOPPTTIIOONNSS -1.7.2p6 March 3, 2010 1 +1.7.2p7 June 1, 2010 1 @@ -127,7 +127,7 @@ AAUUTTHHOORR -1.7.2p6 March 3, 2010 2 +1.7.2p7 June 1, 2010 2 @@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR -1.7.2p6 March 3, 2010 3 +1.7.2p7 June 1, 2010 3 diff --git a/visudo.man.in b/visudo.man.in index e5d59b0..faec856 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -144,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "June 1, 2010" "1.7.2p7" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l -- 2.30.2