From: millert Date: Mon, 27 Mar 2000 03:44:37 +0000 (+0000) Subject: sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=788247a7182a629d4506b163f39811fdd6b3c98c;p=openbsd sudo 1.6.3; see courtesan.com/sudo/current.html for a list of changes. --- diff --git a/usr.bin/sudo/BUGS b/usr.bin/sudo/BUGS index 9077baf784b..d0c7d0bb91d 100644 --- a/usr.bin/sudo/BUGS +++ b/usr.bin/sudo/BUGS @@ -1,4 +1,4 @@ -Known bugs in sudo version 1.6.2 +Known bugs in sudo version 1.6.3 ================================ 1) "make install-man" should substitute correct paths into the diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES index 72733c0fea7..9d56f211303 100644 --- a/usr.bin/sudo/CHANGES +++ b/usr.bin/sudo/CHANGES @@ -1252,3 +1252,48 @@ Sudo 1.6.2 released. 395) Fixed a bug that caused an infinite loop when the password timeout was disabled. + +396) It is now possible to set the path to the editor for visudo as well + as the flag that determines whether or not visudo will look at + $EDITOR in the sudoers file. + +397) configure now pulls in the values of LIBS, LDFLAGS, CPPFLAGS, etc + as the documentation says it ought to. + +398) Added rootpw, runaspw, and targetpw to prompt for the root, runas_default + and target user's passwords respectively (instead of the invoking user's + password). + +399) Added -S flag to force password read from stdin. + +400) Restore coredumpsize resource limit before exec'ing the child + process (sudo sets it to 0 internally). + +401) Truncate unencrypted password to 8 chars if encrypted password is exactly + 13 characters (indicateing standard a DES password). Many versions + of crypt() do this for you, but not all (like HP-UX's). + +402) Fixed a typo/thinko that broke secureware support for long passwords. + +403) Added a new command line switch '-c' to support BSD login classes. + The '-c' option can be used to sudo a command with specific resource + limits in the login.conf database. This feature is optionally enabled + via the --with-logincap configure switch. Based on a patch from + Michael D. Marchionna. + +404) Fixed a bug where sudo would hang around and consume CPU if we spawn + a long-running process. + +405) Deal with HP-UX password aging info tacked on to the end of the + encrypted password. + +406) Added set_logname run-time option. When unset, sudo will not set + the USER and LOGNAME environment variables. + +407) Wildcards are now allowed in the hostnames specified in sudoers. + The 'fqdn' option is often required for this to be useful. + +408) Fixed a bug where host and user qualifiers in a Defaults entry were + not being used correctly and the entry was being applied globally. + +Sudo 1.6.3 released. diff --git a/usr.bin/sudo/INSTALL b/usr.bin/sudo/INSTALL index 20a1c59da55..ac64197e29d 100644 --- a/usr.bin/sudo/INSTALL +++ b/usr.bin/sudo/INSTALL @@ -1,4 +1,4 @@ -Installation instructions for Sudo 1.6.2 +Installation instructions for Sudo 1.6.3 ======================================== Sudo uses a `configure' script to probe the capabilities and type @@ -186,6 +186,14 @@ Special features/options: `configure' changes; you should check to see if your platform can access DCE via PAM before using this option. + --with-logincap + Enable support for BSD login classes on FreeBSD and BSD/OS. This + adds support for the login classes specified in /etc/login.conf. + By default, a login class is not applied unless the 'use_loginclass' + option is defined in sudoers or the user specifies a class on the + command line. It does *not*, however cause sudo to use BSD + authentication. + --disable-sia Disable SIA support. This is the "Security Integration Architecture" on Digital UNIX. If you disable SIA sudo will use its own @@ -229,17 +237,6 @@ Special features/options: It should only be used when another, alternate, authentication scheme is in use. - --with-editor=path - Specify the default editor used by visudo (and the only editor used - unless --with-env-editor is specified). The default is the path - to vi on your system. - - --with-env-editor - Makes visudo consult the EDITOR and VISUAL environment variables before - falling back on the default editor. Note that this may create a - security hole as most editors allow a user to get a shell (which would - be a root shell and hence, no logging). - --with-otp-only This option is now just an alias for --without-passwd. @@ -415,6 +412,17 @@ The following options are also configurable at runtime: --without-lecture Don't print the lecture the first time a user runs sudo. + --with-editor=path + Specify the default editor used by visudo (and the only editor used + unless --with-env-editor is specified). The default is the path + to vi on your system. + + --with-env-editor + Makes visudo consult the EDITOR and VISUAL environment variables before + falling back on the default editor. Note that this may create a + security hole as most editors allow a user to get a shell (which would + be a root shell and hence, no logging). + --disable-authentication By default, sudo requires the user to authenticate via a password or similar means. This options causes sudo to @@ -562,8 +570,10 @@ Linux: It is not possible to access the sudoers file via NFS on Linux. This is due to a bug in the Linux client-side NFS implementation. - It has been fixed in the developement kernel but, as of Aug 27, 1999, - the fixes have not made it into the mainstream kernel. + It has been fixed in the developement kernel but, as of Aug 27, + 1999, the fixes have not made it into the mainstream kernel. + There is a workaround on the sudo ftp site, linux_nfs.patch, + if you need to NFS-mount sudoers on Linux. Mac OS X: It has been reported that for sudo to work on Mac OS X it must @@ -577,3 +587,10 @@ SCO ODT: You'll probably need libcrypt_i.a available via anonymous ftp from sosco.sco.com. The necessary files are /SLS/lng225b.Z and /SLS/lng225b.ltr.Z. + +Dynix: + Some people have experienced problems building sudo with gcc + on Dynix. If you experience problems compiling sudo using gcc + on Dynix, try using the native compiler (cc). You can do so + by removing the config.cache file and then re-running configure + with the --with-CC=cc option. diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in index 3795d0da53e..e9c3735a730 100644 --- a/usr.bin/sudo/Makefile.in +++ b/usr.bin/sudo/Makefile.in @@ -34,7 +34,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.194 2000/01/24 15:48:46 millert Exp $ +# $Sudo: Makefile.in,v 1.200 2000/03/27 02:57:52 millert Exp $ # #### Start of system configuration section. #### @@ -85,12 +85,11 @@ visudodir = $(sbindir) sudoersdir = $(sysconfdir) # Directory in which to install the man page -# set mansect5 to 4 on sysV machines. mantype = @MANTYPE@ -mansect8 = 8 -mansect5 = 5 -mandir8 = $(mandir)/$(mantype)$(mansect8) -mandir5 = $(mandir)/$(mantype)$(mansect5) +mansectsu = @mansectsu@ +mansectform = @mansectform@ +mandirsu = $(mandir)/$(mantype)$(mansectsu) +mandirform = $(mandir)/$(mantype)$(mansectform) # User and group ids the installed files should be "owned" by install_uid = 0 @@ -138,15 +137,16 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.2 +VERSION = 1.6.3 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES FAQ HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README RUNSON TODO TROUBLESHOOTING \ UPGRADE acsite.m4 aixcrypt.exp config.guess config.h.in config.sub \ configure configure.in fnmatch.3 indent.pro install-sh \ mkinstalldirs pathnames.h.in sample.pam sample.syslog.conf \ - sample.sudoers sudo.cat sudo.man sudo.pod sudoers sudoers.cat \ - sudoers.man sudoers.pod visudo.cat visudo.man visudo.pod auth/API + sample.sudoers sudo.cat sudo.man.in sudo.pod sudoers sudoers.cat \ + sudoers.man.in sudoers.pod visudo.cat visudo.man.in visudo.pod \ + auth/API BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \ UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \ @@ -178,7 +178,7 @@ sudo: $(SUDOBJS) $(LIBOBJS) $(CC) -o $@ $(SUDOBJS) $(LIBOBJS) $(SUDO_LDFLAGS) $(SUDO_LIBS) visudo: $(VISUDOBJS) $(LIBOBJS) - $(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) + $(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS) testsudoers: $(TESTOBJS) $(LIBOBJS) $(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS) @@ -251,35 +251,44 @@ securid.o: $(authdir)/securid.c $(AUTHDEP) sia.o: $(authdir)/sia.c $(AUTHDEP) $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c -sudo.man: $(srcdir)/sudo.pod +sudo.man.in: $(srcdir)/sudo.pod @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2man --section=$(mansect8) --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod > $(srcdir)/$@) + (cd $(srcdir); pod2man --section=`echo @MANSECTSU@|tr A-Z a-z` --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod > $(srcdir)/$@) + +sudo.man: sudo.man.in + CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status sudo.cat: sudo.man -visudo.man: $(srcdir)/visudo.pod +visudo.man.in: $(srcdir)/visudo.pod @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2man --section=$(mansect8) --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod > $(srcdir)/$@) + (cd $(srcdir); pod2man --section=`echo @MANSECTSU@|tr A-Z a-z` --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod > $(srcdir)/$@) + +visudo.man: visudo.man.in + CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status visudo.cat: visudo.man -sudoers.man: $(srcdir)/sudoers.pod +sudoers.man.in: $(srcdir)/sudoers.pod @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2man --section=$(mansect5) --release=$(VERSION) --center="FILE FORMATS" sudoers.pod > $(srcdir)/$@) + (cd $(srcdir); pod2man --section=`echo @MANSECTFORM@|tr A-Z a-z` --release=$(VERSION) --center="FILE FORMATS" sudoers.pod | sed 's/"\\f(CW""\\fR"/\\f(CW""\\fR/' > $(srcdir)/$@) + +sudoers.man:: sudoers.man.in + CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status sudoers.cat: sudoers.man install: install-dirs install-binaries install-sudoers install-man install-dirs: - $(SHELL) $(srcdir)/mkinstalldirs $(sudodir) $(visudodir) $(sudoersdir) $(mandir8) $(mandir5) + $(SHELL) $(srcdir)/mkinstalldirs $(sudodir) $(visudodir) $(sudoersdir) $(mandirsu) $(mandirform) install-binaries: $(PROGS) $(INSTALL) -o $(install_uid) -g $(install_gid) -m 4111 -s sudo $(sudodir)/sudo $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 -s visudo $(visudodir)/visudo install-sudoers: - @ if [ -f $(sudoersdir)/sudoers ]; then \ + @if [ -f $(sudoersdir)/sudoers ]; then \ echo "Setting user/group and mode on existing $(sudoersdir)/sudoers file."; \ chown $(sudoers_uid) $(sudoersdir)/sudoers; \ chgrp $(sudoers_gid) $(sudoersdir)/sudoers; \ @@ -290,9 +299,9 @@ install-sudoers: fi install-man: - $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $(srcdir)/sudo.$(mantype) $(mandir8)/sudo.$(mansect8) - $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $(srcdir)/visudo.$(mantype) $(mandir8)/visudo.$(mansect8) - $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $(srcdir)/sudoers.$(mantype) $(mandir5)/sudoers.$(mansect5) + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudo.$(mantype) $(mandirsu)/sudo.$(mansectsu) + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/visudo.$(mantype) $(mandirsu)/visudo.$(mansectsu) + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.$(mantype) $(mandirform)/sudoers.$(mansectform) @MAN_POSTINSTALL@ check: @@ -311,7 +320,7 @@ clean: mostlyclean: clean distclean: clean - -rm -f Makefile pathnames.h config.h config.status config.cache \ + -rm -f Makefile *.man pathnames.h config.h config.status config.cache \ config.log $(PARSESRCS) clobber: distclean @@ -321,7 +330,7 @@ realclean: distclean cleandir: realclean -dist: $(DISTFILES) +dist: rm -f ../sudo-$(VERSION).tar.gz ( cd .. ; TF="/tmp/sudo.dist$$$$" ; rm -f $$TF ; for i in $(DISTFILES) ; \ do echo sudo-$(VERSION)/$$i >> $$TF ; done ; \ diff --git a/usr.bin/sudo/README b/usr.bin/sudo/README index 2356fbabe34..b5187e7e99a 100644 --- a/usr.bin/sudo/README +++ b/usr.bin/sudo/README @@ -1,4 +1,4 @@ -This is Sudo version 1.6.2 +This is Sudo version 1.6.3 The sudo philosophy =================== diff --git a/usr.bin/sudo/RUNSON b/usr.bin/sudo/RUNSON index a26757d42b2..c4287ab6a73 100644 --- a/usr.bin/sudo/RUNSON +++ b/usr.bin/sudo/RUNSON @@ -6,16 +6,17 @@ the current version of sudo does not mean it won't work... Name Rev Arch Used Version By Options ======= ======= ======= =============== ======= =============== =============== Auspex 1.6.1 sun4 bundled cc 1.3.4 Alek Komarnitsky none -SunOS 4.1.3 sun4 bundled cc 1.6.2p2 Todd Miller none -SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p2 Todd Miller none +SunOS 4.1.3 sun4 bundled cc 1.6.3 Todd Miller none +SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.3 Todd Miller none SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 -SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey +SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.3 Todd Miller --with-skey Solaris 2.5.1 sparc SC4.0 1.5.6p1 Brian Jackson none Solaris 2.5.1 sun4u gcc2.7.2.3 1.5.4 Leon von Stauber none Solaris 2.5.1 i386 gcc2.7.2 1.5.4 Leon von Stauber none -Solaris 2.6 sparc gcc2.9.5.2 1.6.2p2 Todd Miller none -Solaris 2.6 sparc gcc2.9.5.2 1.6.2p2 Todd Miller --with-pam -Solaris 2.6 i386 gcc2.9.5.2 1.6.2p2 Todd Miller none +Solaris 2.6 sparc gcc2.9.5.2 1.6.3 Todd Miller none +Solaris 2.6 sparc gcc2.9.5.2 1.6.3 Todd Miller --with-pam +Solaris 2.6 i386 gcc2.9.5.2 1.6.3 Todd Miller none +Solaris 2.6 i386 gcc2.9.5.2 1.6.3 Todd Miller --with-pam Solaris 2.6 sparc unbundled cc 1.5.7 Giff Hammar none Solaris 2.6 i386 unbundled cc 1.5.8p2 Udo Keller none Solaris 7 i386 gcc 2.8.1 1.6.1 Ido Dubrawsky none @@ -32,15 +33,14 @@ HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller none HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 HP-UX 9.07 hp700 unbundled cc 1.5 Alek Komarnitsky --with-C2 HP-UX 9.05 hp700 unbundled cc 1.4 Todd Miller none -HP-UX 10.10 hp700 unbundled cc 1.6.2p2 Todd Miller --with-skey -HP-UX 10.20 hp700 gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey -HP-UX 10.20 hp700 bundled cc 1.6.2p2 Todd Miller none -HP-UX 10.20 PA-RISC2.0 bundled cc 1.5.4 Leon von Stauber none +HP-UX 10.10 hp700 unbundled cc 1.6.3 Todd Miller --with-skey +HP-UX 10.20 hp700 gcc2.9.5.2 1.6.3 Todd Miller --with-skey +HP-UX 10.20 hp700 bundled cc 1.6.3 Todd Miller none HP-UX 11.00 hp700 ansi-c 1.5.5b1 Alek Komarnitsky --with-C2 HP-UX 11.00 hp700 bundled cc 1.5.5p5 Lynn Osburn none HP-UX 11.00 hp700 HP C compiler 1.6.2 Jeff Earickson --with-pam HP-UX 10.20 hp700 gcc 2.95.2 1.6.2 Jeff Earickson --with-DCE -Ultrix 4.3 mips bundled cc 1.6.2p2 Todd Miller none +Ultrix 4.3 mips bundled cc 1.6.3b2 Todd Miller none Ultrix 4.3 mips gcc2.7.2.1 1.5.9 Todd Miller --with-skey IRIX 4.05H mips gcc2.6.3 1.5.3 Todd Miller none IRIX 4.05H mips unbundled cc 1.4 Todd Miller none @@ -48,8 +48,8 @@ IRIX 5.2 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 5.3 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 6.2 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 6.5 mips MipsPro C 1.5.6p1 Brian Jackson none -IRIX 5.3 mips unbundled cc 1.6.2p2 Todd Miller none -IRIX 5.3 mips gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey +IRIX 5.3 mips unbundled cc 1.6.3 Todd Miller none +IRIX 5.3 mips gcc2.9.5.2 1.6.3 Todd Miller --with-skey IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 IRIX 5.3 mips unbundled cc 1.4 Wallace Winfrey --with-C2 IRIX 6.2 mips unbundled cc 1.5 Alek Komarnitsky --with-C2 @@ -67,7 +67,7 @@ NEXTSTEP 3.2 i386 bundled cc 1.3.2 Jonathan Adams none NEXTSTEP 3.3 i386 bundled cc 1.4 Jonathan Adams none NEXTSTEP 3.3 sparc bundled cc 1.5.3 Mike Kienenberger none DEC UNIX 3.2c alpha bundled cc 1.5.3 Todd Miller none -DEC UNIX 4.0D alpha gcc-2.9.5.2 1.6.2p2 Todd Miller --with-skey +DEC UNIX 4.0D alpha gcc-2.9.5.2 1.6.3 Todd Miller --with-skey DEC UNIX 4.0 alpha gcc-2.7.2.1 1.5.3 Todd Miller --with-kerb4 DEC UNIX 4.0D alpha bundled cc 1.5.3 Randall R. Cable --with-C2 DEC UNIX 4.0E alpha bundled cc 1.5.9p2 Vangelis Haniotakis none @@ -84,10 +84,10 @@ AIX 4.3 rs6000 bundled cc 1.5.4 Leon von Stauber none AIX 4.3.2 rs6000 egcs 1.1.2 1.5.9p4 Scott Kinnane none ConvexOS 9.1 convex bundled cc 1.3.6 Todd Miller none ConvexOS 9.1 convex gcc2.4.5 1.3.6 Todd Miller none -BSD/OS 2.1 i386 shlicc 1.5.3 Todd Miller none -OpenBSD 2.X i586 gcc-2.8.1 1.6.2p2 Todd Miller none -OpenBSD 2.X alpha gcc-2.8.1 1.6.2p2 Todd Miller none -OpenBSD 2.X m68k gcc-2.8.1 1.6.2p2 Todd Miller none +BSD/OS 4.1 i386 cc 1.6.3 Todd Miller --with-skey +OpenBSD 2.X i586 gcc-2.95.2 1.6.3 Todd Miller none +OpenBSD 2.X alpha gcc-2.95.2 1.6.3 Todd Miller none +OpenBSD 2.X m68k gcc-2.95.2 1.6.3 Todd Miller none OpenBSD 2.X mvme88k gcc-2.8.1 1.5.9 Steve Murphree none FreeBSD 1.1 i386 gcc 1.3.2 Dworkin Muller none FreeBSD 2.0.5 i386 gcc 1.3.4 Dworkin Muller none @@ -95,12 +95,11 @@ FreeBSD 3.2 i386 gcc 2.7.2.1 1.6 Brian Jackson none Linux 1.2.13 i486 gcc-2.7.0 1.4 Michael Forman none Linux 1.2.8 i486 gcc-2.5.8 1.3.5 Ted Coady --with-C2 Linux 2.0.15 i586 gcc-2.7.2.1 1.5 Danny Barron none -Linux 2.0.36 i586 gcc-2.95.2 1.6.2p2 Todd Miller none Linux 2.0.34 i586 egcs-2.91.57 1.5.6p2 Darrin Chandler none Linux 2.0.36 i586 gcc-2.7.2.3 1.5.7p4 Nathan Haney none -Linux 2.0.34 alpha egcs-2.90.27 1.5.3 Karl Schlitt none Linux 2.0.33pl1 m68k gcc 2.7.2.3 1.5.6 James Troup none -Linux 2.2.12 i586 gcc-2.95.2 1.6.2p2 Todd Miller --with-pam +Linux 2.2.12 i586 gcc-2.95.2 1.6.3 Todd Miller --with-pam +Linux 2.2.13 alpha egcs-2.91.66 1.6.3 Todd Miller --with-pam Linux 2.2.6-15 ppc egcs-1.1.2 1.5.9p4 Barbara Schelkle none Linux 2.0.34 mips gcc-2.7.2 1.6 Tristan Roddis none UnixWare 1.1.4 i386 gcc-2.7.2 1.4 Michael Hancock none @@ -130,6 +129,7 @@ Dynix/ptx 4.4.2 Sequent bundled cc 1.5.4p1 Larry Mascarenhas none Dynix/ptx 4.4.3 Sequent bundled cc 1.5.6p2 Sandra Birgerson none Dynix/ptx 4.4.4 Sequent bundled cc 1.5.9p2 Jason Merritt none Dynix/ptx 4.4.6 Sequent bundled cc 1.6 Larry Mascarenhase none +Dynix/ptx 4.4.7 Sequent bundled cc 1.6.2p1 Dana Kaempen --with-CC=cc DC-OSx 1.1-9x mips PyrC 4.0A20 1.5.6p2 Brian Jackson none HI-UX/MPP 02-03 sr2201 bundled cc 1.5.4 Ben Edgington none SVR4 4.4 m88k bundled gcc 1.6rc1 Gerry Belanger CFLAGS= diff --git a/usr.bin/sudo/TODO b/usr.bin/sudo/TODO index 9c7b448e44e..a76b19f1129 100644 --- a/usr.bin/sudo/TODO +++ b/usr.bin/sudo/TODO @@ -81,4 +81,6 @@ TODO list (most will be addressed in sudo 2.0) 30) Add support for: Default:user@host -31) Add -S flag to force password read from stdin +31) Do login-style -sh hack for sudo -s? + +32) Make visudo rcs-aware diff --git a/usr.bin/sudo/acsite.m4 b/usr.bin/sudo/acsite.m4 index 3903c88406e..a04fda5c496 100644 --- a/usr.bin/sudo/acsite.m4 +++ b/usr.bin/sudo/acsite.m4 @@ -139,14 +139,15 @@ AC_DEFUN(SUDO_TIMEDIR, [AC_MSG_CHECKING(for timestamp file location) if test -n "$with_timedir"; then AC_MSG_RESULT($with_timedir) AC_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$with_timedir") + TIMEDIR="$with_timedir" elif test -d "/var/run"; then AC_MSG_RESULT(/var/run/sudo) AC_DEFINE(_PATH_SUDO_TIMEDIR, "/var/run/sudo") -elif test -d "/tmp"; then + TIMEDIR="/var/run/sudo" +else AC_MSG_RESULT(/tmp/.odus) AC_DEFINE(_PATH_SUDO_TIMEDIR, "/tmp/.odus") -else - AC_MSG_RESULT(unknown, you will have to set _PATH_SUDO_TIMEDIR by hand) + TIMEDIR="/tmp/.odus" fi ])dnl @@ -232,11 +233,11 @@ dnl dnl check for working fnmatch(3) dnl AC_DEFUN(SUDO_FUNC_FNMATCH, -[AC_MSG_CHECKING(for working fnmatch) +[AC_MSG_CHECKING(for working fnmatch with FNM_CASEFOLD) AC_CACHE_VAL(sudo_cv_func_fnmatch, [rm -f conftestdata; > conftestdata AC_TRY_RUN([#include -main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", 0)); } +main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); } ], sudo_cv_func_fnmatch=yes, sudo_cv_func_fnmatch=no, sudo_cv_func_fnmatch=no) rm -f core core.* *.core])dnl diff --git a/usr.bin/sudo/auth/aix_auth.c b/usr.bin/sudo/auth/aix_auth.c index 670c0fb6a7c..3748d4dd869 100644 --- a/usr.bin/sudo/auth/aix_auth.c +++ b/usr.bin/sudo/auth/aix_auth.c @@ -55,7 +55,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: aix_auth.c,v 1.7 1999/10/07 21:21:07 millert Exp $"; +static const char rcsid[] = "$Sudo: aix_auth.c,v 1.8 2000/02/27 03:49:05 millert Exp $"; #endif /* lint */ int @@ -67,7 +67,7 @@ aixauth_verify(pw, prompt, auth) char *message, *pass; int reenter = 1; - pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1); + pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags); if (authenticate(pw->pw_name, pass, &reenter, &message) == 0) return(AUTH_SUCCESS); else diff --git a/usr.bin/sudo/auth/fwtk.c b/usr.bin/sudo/auth/fwtk.c index 448faf87f97..dbbb9275b4c 100644 --- a/usr.bin/sudo/auth/fwtk.c +++ b/usr.bin/sudo/auth/fwtk.c @@ -58,7 +58,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: fwtk.c,v 1.9 1999/10/12 00:53:41 millert Exp $"; +static const char rcsid[] = "$Sudo: fwtk.c,v 1.10 2000/02/27 03:49:06 millert Exp $"; #endif /* lint */ int @@ -118,9 +118,10 @@ fwtk_verify(pw, prompt, auth) /* Get the password/response from the user. */ if (strncmp(resp, "challenge ", 10) == 0) { (void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]); - pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60, 0); + pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60, + tgetpass_flags | TGP_ECHO); } else if (strncmp(resp, "password", 8) == 0) { - pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1); + pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags); } else { (void) fprintf(stderr, "%s: %s\n", Argv[0], resp); return(AUTH_FATAL); diff --git a/usr.bin/sudo/auth/pam.c b/usr.bin/sudo/auth/pam.c index 12dad345726..169602dda74 100644 --- a/usr.bin/sudo/auth/pam.c +++ b/usr.bin/sudo/auth/pam.c @@ -57,7 +57,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: pam.c,v 1.14 2000/01/24 03:23:40 millert Exp $"; +static const char rcsid[] = "$Sudo: pam.c,v 1.15 2000/02/27 03:49:06 millert Exp $"; #endif /* lint */ static int sudo_conv __P((int, PAM_CONST struct pam_message **, @@ -135,7 +135,6 @@ sudo_conv(num_msg, msg, response, appdata_ptr) struct pam_response *pr; PAM_CONST struct pam_message *pm; const char *p = def_prompt; - int echo = 0; extern int nil_pw; if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL) @@ -145,7 +144,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr) for (pr = *response, pm = *msg; num_msg--; pr++, pm++) { switch (pm->msg_style) { case PAM_PROMPT_ECHO_ON: - echo = 1; + tgetpass_flags |= TGP_ECHO; case PAM_PROMPT_ECHO_OFF: /* Only override PAM prompt if it matches /^Password: ?/ */ if (strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0' @@ -153,7 +152,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr) p = pm->msg; /* Read the password. */ pr->resp = estrdup((char *) tgetpass(p, - def_ival(I_PW_TIMEOUT) * 60, !echo)); + def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags)); if (*pr->resp == '\0') nil_pw = 1; /* empty password */ break; diff --git a/usr.bin/sudo/auth/passwd.c b/usr.bin/sudo/auth/passwd.c index 62f3a126584..9ec631dc4fd 100644 --- a/usr.bin/sudo/auth/passwd.c +++ b/usr.bin/sudo/auth/passwd.c @@ -55,25 +55,50 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: passwd.c,v 1.4 1999/08/14 15:36:46 millert Exp $"; +static const char rcsid[] = "$Sudo: passwd.c,v 1.7 2000/03/23 00:27:41 millert Exp $"; #endif /* lint */ +#define DESLEN 13 +#define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',') + int passwd_verify(pw, pass, auth) struct passwd *pw; char *pass; sudo_auth *auth; { + char sav, *epass; + size_t pw_len; + int error; + + pw_len = strlen(pw->pw_passwd); #ifdef HAVE_GETAUTHUID /* Ultrix shadow passwords may use crypt16() */ - if (!strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd))) + error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd)); + if (!error) return(AUTH_SUCCESS); #endif /* HAVE_GETAUTHUID */ - /* Normal UN*X password check */ - if (!strcmp(pw->pw_passwd, (char *) crypt(pass, pw->pw_passwd))) - return(AUTH_SUCCESS); + /* + * Truncate to 8 chars if standard DES since not all crypt()'s do this. + * If this turns out not to be safe we will have to use OS #ifdef's (sigh). + */ + sav = pass[8]; + if (pw_len == DESLEN || HAS_AGEINFO(pw->pw_passwd, pw_len)) + pass[8] = '\0'; + + /* + * Normal UN*X password check. + * HP-UX may add aging info (separated by a ',') at the end so + * only compare the first DESLEN characters in that case. + */ + epass = (char *) crypt(pass, pw->pw_passwd); + pass[8] = sav; + if (HAS_AGEINFO(pw->pw_passwd, pw_len) && strlen(epass) == DESLEN) + error = strncmp(pw->pw_passwd, epass, DESLEN); + else + error = strcmp(pw->pw_passwd, epass); - return(AUTH_FAILURE); + return(error ? AUTH_FAILURE : AUTH_SUCCESS); } diff --git a/usr.bin/sudo/auth/sudo_auth.c b/usr.bin/sudo/auth/sudo_auth.c index c9b65e257aa..cb847d452cb 100644 --- a/usr.bin/sudo/auth/sudo_auth.c +++ b/usr.bin/sudo/auth/sudo_auth.c @@ -57,7 +57,7 @@ #include "insults.h" #ifndef lint -static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.17 1999/12/06 06:47:19 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.19 2000/03/06 19:42:21 millert Exp $"; #endif /* lint */ sudo_auth auth_switch[] = { @@ -67,7 +67,7 @@ sudo_auth auth_switch[] = { # ifndef WITHOUT_PASSWD AUTH_ENTRY(0, "passwd", NULL, NULL, passwd_verify, NULL) # endif -# if defined(HAVE_SECUREWARE) && !defined(WITHOUT_PASSWD) +# if defined(HAVE_GETPRPWNAM) && !defined(WITHOUT_PASSWD) AUTH_ENTRY(0, "secureware", secureware_init, NULL, secureware_verify, NULL) # endif # ifdef HAVE_AFS @@ -155,7 +155,8 @@ verify_user(prompt) #ifdef AUTH_STANDALONE p = prompt; #else - p = (char *) tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1); + p = (char *) tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, + tgetpass_flags); if (!p || *p == '\0') nil_pw = 1; #endif /* AUTH_STANDALONE */ diff --git a/usr.bin/sudo/check.c b/usr.bin/sudo/check.c index becaadf8e14..d209194588f 100644 --- a/usr.bin/sudo/check.c +++ b/usr.bin/sudo/check.c @@ -61,7 +61,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: check.c,v 1.193 1999/12/05 02:54:20 millert Exp $"; +static const char rcsid[] = "$Sudo: check.c,v 1.194 2000/02/15 23:36:03 millert Exp $"; #endif /* lint */ /* Status codes for timestamp_status() */ @@ -71,7 +71,6 @@ static const char rcsid[] = "$Sudo: check.c,v 1.193 1999/12/05 02:54:20 millert #define TS_NOFILE 3 #define TS_ERROR 4 - int user_is_exempt __P((void)); static void build_timestamp __P((char **, char **)); static int timestamp_status __P((char *, char *, char *, int)); static char *expand_prompt __P((char *, char *, char *)); diff --git a/usr.bin/sudo/config.h.in b/usr.bin/sudo/config.h.in index 123cb20a624..c30ddcb222d 100644 --- a/usr.bin/sudo/config.h.in +++ b/usr.bin/sudo/config.h.in @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: config.h.in,v 1.143 2000/01/19 19:07:23 millert Exp $ + * $Sudo: config.h.in,v 1.144 2000/03/07 04:29:42 millert Exp $ */ /* @@ -491,6 +491,9 @@ /* Define if you use OSF DCE. */ #undef HAVE_DCE +/* Define if you use the BSD login capabilities database. */ +#undef HAVE_LOGINCAP + /* Define if you use the FWTK authsrv daemon. */ #undef HAVE_FWTK diff --git a/usr.bin/sudo/configure b/usr.bin/sudo/configure index 438e0cd795e..baba50fbd26 100644 --- a/usr.bin/sudo/configure +++ b/usr.bin/sudo/configure @@ -51,6 +51,8 @@ ac_help="$ac_help --with-AFS enable AFS support" ac_help="$ac_help --with-DCE enable DCE support" +ac_help="$ac_help + --with-logincap enable login class support" ac_help="$ac_help --without-lecture don't print lecture for first-time sudoer" ac_help="$ac_help @@ -657,23 +659,18 @@ fi -echo "Configuring Sudo version 1.6.2" +echo "Configuring Sudo version 1.6.3" + + + + + PROGS="sudo visudo" -CPPFLAGS="" -LDFLAGS="" -SUDO_LDFLAGS="" -LIBS="" -SUDO_LIBS="" -NET_LIBS="" -AFS_LIBS="" -OSDEFS="" -AUTH_OBJS="" -LIBOBJS="" -MANTYPE="man" -MAN_POSTINSTALL="" -SUDOERS_MODE=0440 -SUDOERS_UID=0 -SUDOERS_GID=0 +test -n "$MANTYPE" || MANTYPE="man" +test -n "$mansrcdir" || mansrcdir="." +test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440 +test -n "$SUDOERS_UID" || SUDOERS_UID=0 +test -n "$SUDOERS_GID" || SUDOERS_GID=0 DEV="#" CHECKSHADOW=true @@ -797,7 +794,7 @@ if test "${with_devel+set}" = set; then DEV="" ;; no) ;; - *) echo "Ignoring unknown argument to --with-devel: $with_csops" + *) echo "Ignoring unknown argument to --with-devel: $with_devel" ;; esac fi @@ -832,7 +829,7 @@ if test "${with_passwd+set}" = set; then EOF echo $ac_n "checking whether to use shadow/passwd file authentication""... $ac_c" 1>&6 -echo "configure:836: checking whether to use shadow/passwd file authentication" >&5 +echo "configure:833: checking whether to use shadow/passwd file authentication" >&5 echo "$ac_t""no" 1>&6 ;; *) { echo "configure: error: "Sorry, --with-passwd does not take an argument."" 1>&2; exit 1; } @@ -853,7 +850,7 @@ if test "${with_skey+set}" = set; then EOF echo $ac_n "checking whether to try S/Key authentication""... $ac_c" 1>&6 -echo "configure:857: checking whether to try S/Key authentication" >&5 +echo "configure:854: checking whether to try S/Key authentication" >&5 echo "$ac_t""yes" 1>&6 AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; @@ -876,7 +873,7 @@ if test "${with_opie+set}" = set; then EOF echo $ac_n "checking whether to try NRL OPIE authentication""... $ac_c" 1>&6 -echo "configure:880: checking whether to try NRL OPIE authentication" >&5 +echo "configure:877: checking whether to try NRL OPIE authentication" >&5 echo "$ac_t""yes" 1>&6 AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; @@ -896,7 +893,7 @@ if test "${with_long_otp_prompt+set}" = set; then EOF echo $ac_n "checking whether to use a two line prompt for OTP authentication""... $ac_c" 1>&6 -echo "configure:900: checking whether to use a two line prompt for OTP authentication" >&5 +echo "configure:897: checking whether to use a two line prompt for OTP authentication" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -916,7 +913,7 @@ if test "${with_SecurID+set}" = set; then EOF echo $ac_n "checking whether to use SecurID for authentication""... $ac_c" 1>&6 -echo "configure:920: checking whether to use SecurID for authentication" >&5 +echo "configure:917: checking whether to use SecurID for authentication" >&5 echo "$ac_t""yes" 1>&6 with_passwd=no AUTH_OBJS="securid.o" @@ -934,7 +931,7 @@ if test "${with_fwtk+set}" = set; then EOF echo $ac_n "checking whether to use FWTK AuthSRV for authentication""... $ac_c" 1>&6 -echo "configure:938: checking whether to use FWTK AuthSRV for authentication" >&5 +echo "configure:935: checking whether to use FWTK AuthSRV for authentication" >&5 echo "$ac_t""yes" 1>&6 with_passwd=no AUTH_OBJS="fwtk.o" @@ -945,7 +942,7 @@ echo "configure:938: checking whether to use FWTK AuthSRV for authentication" >& EOF echo $ac_n "checking whether to use FWTK AuthSRV for authentication""... $ac_c" 1>&6 -echo "configure:949: checking whether to use FWTK AuthSRV for authentication" >&5 +echo "configure:946: checking whether to use FWTK AuthSRV for authentication" >&5 echo "$ac_t""yes" 1>&6 SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" @@ -962,7 +959,7 @@ if test "${with_kerb4+set}" = set; then withval="$with_kerb4" case $with_kerb4 in yes) echo $ac_n "checking whether to try Kerberos 4 authentication""... $ac_c" 1>&6 -echo "configure:966: checking whether to try Kerberos 4 authentication" >&5 +echo "configure:963: checking whether to try Kerberos 4 authentication" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -977,7 +974,7 @@ if test "${with_kerb5+set}" = set; then withval="$with_kerb5" case $with_kerb5 in yes) echo $ac_n "checking whether to try Kerberos 5 authentication""... $ac_c" 1>&6 -echo "configure:981: checking whether to try Kerberos 5 authentication" >&5 +echo "configure:978: checking whether to try Kerberos 5 authentication" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -996,7 +993,7 @@ if test "${with_authenticate+set}" = set; then EOF echo $ac_n "checking whether to use AIX general authentication""... $ac_c" 1>&6 -echo "configure:1000: checking whether to use AIX general authentication" >&5 +echo "configure:997: checking whether to use AIX general authentication" >&5 echo "$ac_t""yes" 1>&6 with_passwd=no AUTH_OBJS="aix_auth.o" @@ -1017,7 +1014,7 @@ if test "${with_pam+set}" = set; then EOF echo $ac_n "checking whether to use PAM authentication""... $ac_c" 1>&6 -echo "configure:1021: checking whether to use PAM authentication" >&5 +echo "configure:1018: checking whether to use PAM authentication" >&5 echo "$ac_t""yes" 1>&6 with_passwd=no AUTH_OBJS="pam.o" @@ -1038,7 +1035,7 @@ if test "${with_AFS+set}" = set; then EOF echo $ac_n "checking whether to try AFS (kerberos) authentication""... $ac_c" 1>&6 -echo "configure:1042: checking whether to try AFS (kerberos) authentication" >&5 +echo "configure:1039: checking whether to try AFS (kerberos) authentication" >&5 echo "$ac_t""yes" 1>&6 AUTH_OBJS="${AUTH_OBJS} afs.o" ;; @@ -1058,7 +1055,7 @@ if test "${with_DCE+set}" = set; then EOF echo $ac_n "checking whether to try DCE (kerberos) authentication""... $ac_c" 1>&6 -echo "configure:1062: checking whether to try DCE (kerberos) authentication" >&5 +echo "configure:1059: checking whether to try DCE (kerberos) authentication" >&5 echo "$ac_t""yes" 1>&6 AUTH_OBJS="${AUTH_OBJS} dce.o" ;; @@ -1069,8 +1066,27 @@ esac fi +# Check whether --with-logincap or --without-logincap was given. +if test "${with_logincap+set}" = set; then + withval="$with_logincap" + case $with_logincap in + yes) cat >> confdefs.h <<\EOF +#define HAVE_LOGINCAP 1 +EOF + + echo $ac_n "checking whether to try BSD login capabilities database""... $ac_c" 1>&6 +echo "configure:1079: checking whether to try BSD login capabilities database" >&5 + echo "$ac_t""yes" 1>&6 + ;; + no) ;; + *) { echo "configure: error: "--with-logincap does not take an argument."" 1>&2; exit 1; } + ;; +esac +fi + + echo $ac_n "checking whether to lecture users the first time they run sudo""... $ac_c" 1>&6 -echo "configure:1074: checking whether to lecture users the first time they run sudo" >&5 +echo "configure:1090: checking whether to lecture users the first time they run sudo" >&5 # Check whether --with-lecture or --without-lecture was given. if test "${with_lecture+set}" = set; then withval="$with_lecture" @@ -1092,7 +1108,7 @@ fi echo $ac_n "checking whether sudo should log via syslog or to a file by default""... $ac_c" 1>&6 -echo "configure:1096: checking whether sudo should log via syslog or to a file by default" >&5 +echo "configure:1112: checking whether sudo should log via syslog or to a file by default" >&5 # Check whether --with-logging or --without-logging was given. if test "${with_logging+set}" = set; then withval="$with_logging" @@ -1131,7 +1147,7 @@ fi echo $ac_n "checking which syslog facility sudo should log with""... $ac_c" 1>&6 -echo "configure:1135: checking which syslog facility sudo should log with" >&5 +echo "configure:1151: checking which syslog facility sudo should log with" >&5 # Check whether --with-logfac or --without-logfac was given. if test "${with_logfac+set}" = set; then withval="$with_logfac" @@ -1158,7 +1174,7 @@ fi echo $ac_n "checking at which syslog priority to log commands""... $ac_c" 1>&6 -echo "configure:1162: checking at which syslog priority to log commands" >&5 +echo "configure:1178: checking at which syslog priority to log commands" >&5 # Check whether --with-goodpri or --without-goodpri was given. if test "${with_goodpri+set}" = set; then withval="$with_goodpri" @@ -1185,7 +1201,7 @@ fi echo $ac_n "checking at which syslog priority to log failures""... $ac_c" 1>&6 -echo "configure:1189: checking at which syslog priority to log failures" >&5 +echo "configure:1205: checking at which syslog priority to log failures" >&5 # Check whether --with-badpri or --without-badpri was given. if test "${with_badpri+set}" = set; then withval="$with_badpri" @@ -1224,7 +1240,7 @@ fi echo $ac_n "checking how long a line in the log file should be""... $ac_c" 1>&6 -echo "configure:1228: checking how long a line in the log file should be" >&5 +echo "configure:1244: checking how long a line in the log file should be" >&5 # Check whether --with-loglen or --without-loglen was given. if test "${with_loglen+set}" = set; then withval="$with_loglen" @@ -1251,7 +1267,7 @@ fi echo $ac_n "checking whether sudo should ignore '.' or '' in \$PATH""... $ac_c" 1>&6 -echo "configure:1255: checking whether sudo should ignore '.' or '' in \$PATH" >&5 +echo "configure:1271: checking whether sudo should ignore '.' or '' in \$PATH" >&5 # Check whether --with-ignore-dot or --without-ignore-dot was given. if test "${with_ignore_dot+set}" = set; then withval="$with_ignore_dot" @@ -1273,7 +1289,7 @@ fi echo $ac_n "checking who should get the mail that sudo sends""... $ac_c" 1>&6 -echo "configure:1277: checking who should get the mail that sudo sends" >&5 +echo "configure:1293: checking who should get the mail that sudo sends" >&5 # Check whether --with-mailto or --without-mailto was given. if test "${with_mailto+set}" = set; then withval="$with_mailto" @@ -1310,7 +1326,7 @@ if test "${with_mailsubject+set}" = set; then EOF echo $ac_n "checking sudo mail subject""... $ac_c" 1>&6 -echo "configure:1314: checking sudo mail subject" >&5 +echo "configure:1330: checking sudo mail subject" >&5 echo "$ac_t""Using alert mail subject: $with_mailsubject" 1>&6 ;; esac @@ -1323,7 +1339,7 @@ fi echo $ac_n "checking whether to send mail when a user is not in sudoers""... $ac_c" 1>&6 -echo "configure:1327: checking whether to send mail when a user is not in sudoers" >&5 +echo "configure:1343: checking whether to send mail when a user is not in sudoers" >&5 # Check whether --with-mail-if-no-user or --without-mail-if-no-user was given. if test "${with_mail_if_no_user+set}" = set; then withval="$with_mail_if_no_user" @@ -1348,7 +1364,7 @@ fi echo $ac_n "checking whether to send mail when user listed but not for this host""... $ac_c" 1>&6 -echo "configure:1352: checking whether to send mail when user listed but not for this host" >&5 +echo "configure:1368: checking whether to send mail when user listed but not for this host" >&5 # Check whether --with-mail-if-no-host or --without-mail-if-no-host was given. if test "${with_mail_if_no_host+set}" = set; then withval="$with_mail_if_no_host" @@ -1370,7 +1386,7 @@ fi echo $ac_n "checking whether to send mail when a user tries a disallowed command""... $ac_c" 1>&6 -echo "configure:1374: checking whether to send mail when a user tries a disallowed command" >&5 +echo "configure:1390: checking whether to send mail when a user tries a disallowed command" >&5 # Check whether --with-mail-if-noperms or --without-mail-if-noperms was given. if test "${with_mail_if_noperms+set}" = set; then withval="$with_mail_if_noperms" @@ -1392,7 +1408,7 @@ fi echo $ac_n "checking for bad password prompt""... $ac_c" 1>&6 -echo "configure:1396: checking for bad password prompt" >&5 +echo "configure:1412: checking for bad password prompt" >&5 # Check whether --with-passprompt or --without-passprompt was given. if test "${with_passprompt+set}" = set; then withval="$with_passprompt" @@ -1417,7 +1433,7 @@ fi echo $ac_n "checking for bad password message""... $ac_c" 1>&6 -echo "configure:1421: checking for bad password message" >&5 +echo "configure:1437: checking for bad password message" >&5 # Check whether --with-badpass-message or --without-badpass-message was given. if test "${with_badpass_message+set}" = set; then withval="$with_badpass_message" @@ -1442,7 +1458,7 @@ fi echo $ac_n "checking whether to expect fully qualified hosts in sudoers""... $ac_c" 1>&6 -echo "configure:1446: checking whether to expect fully qualified hosts in sudoers" >&5 +echo "configure:1462: checking whether to expect fully qualified hosts in sudoers" >&5 # Check whether --with-fqdn or --without-fqdn was given. if test "${with_fqdn+set}" = set; then withval="$with_fqdn" @@ -1542,7 +1558,7 @@ fi echo $ac_n "checking for umask programs should be run with""... $ac_c" 1>&6 -echo "configure:1546: checking for umask programs should be run with" >&5 +echo "configure:1562: checking for umask programs should be run with" >&5 # Check whether --with-umask or --without-umask was given. if test "${with_umask+set}" = set; then withval="$with_umask" @@ -1569,7 +1585,7 @@ fi echo $ac_n "checking for default user to run commands as""... $ac_c" 1>&6 -echo "configure:1573: checking for default user to run commands as" >&5 +echo "configure:1589: checking for default user to run commands as" >&5 # Check whether --with-runas-default or --without-runas-default was given. if test "${with_runas_default+set}" = set; then withval="$with_runas_default" @@ -1606,7 +1622,7 @@ if test "${with_exempt+set}" = set; then EOF echo $ac_n "checking for group to be exempt from password""... $ac_c" 1>&6 -echo "configure:1610: checking for group to be exempt from password" >&5 +echo "configure:1626: checking for group to be exempt from password" >&5 echo "$ac_t""$with_exempt" 1>&6 ;; esac @@ -1614,7 +1630,7 @@ fi echo $ac_n "checking for editor that visudo should use""... $ac_c" 1>&6 -echo "configure:1618: checking for editor that visudo should use" >&5 +echo "configure:1634: checking for editor that visudo should use" >&5 # Check whether --with-editor or --without-editor was given. if test "${with_editor+set}" = set; then withval="$with_editor" @@ -1639,7 +1655,7 @@ fi echo $ac_n "checking whether to obey EDITOR and VISUAL environment variables""... $ac_c" 1>&6 -echo "configure:1643: checking whether to obey EDITOR and VISUAL environment variables" >&5 +echo "configure:1659: checking whether to obey EDITOR and VISUAL environment variables" >&5 # Check whether --with-env-editor or --without-env-editor was given. if test "${with_env_editor+set}" = set; then withval="$with_env_editor" @@ -1661,7 +1677,7 @@ fi echo $ac_n "checking number of tries a user gets to enter their password""... $ac_c" 1>&6 -echo "configure:1665: checking number of tries a user gets to enter their password" >&5 +echo "configure:1681: checking number of tries a user gets to enter their password" >&5 # Check whether --with-passwd-tries or --without-passwd-tries was given. if test "${with_passwd_tries+set}" = set; then withval="$with_passwd_tries" @@ -1692,7 +1708,7 @@ fi echo $ac_n "checking time in minutes after which sudo will ask for a password again""... $ac_c" 1>&6 -echo "configure:1696: checking time in minutes after which sudo will ask for a password again" >&5 +echo "configure:1712: checking time in minutes after which sudo will ask for a password again" >&5 # Check whether --with-timeout or --without-timeout was given. if test "${with_timeout+set}" = set; then withval="$with_timeout" @@ -1727,7 +1743,7 @@ fi echo $ac_n "checking time in minutes after the password prompt will time out""... $ac_c" 1>&6 -echo "configure:1731: checking time in minutes after the password prompt will time out" >&5 +echo "configure:1747: checking time in minutes after the password prompt will time out" >&5 # Check whether --with-password-timeout or --without-password-timeout was given. if test "${with_password_timeout+set}" = set; then withval="$with_password_timeout" @@ -1762,7 +1778,7 @@ fi echo $ac_n "checking whether to use execvp or execv""... $ac_c" 1>&6 -echo "configure:1766: checking whether to use execvp or execv" >&5 +echo "configure:1782: checking whether to use execvp or execv" >&5 # Check whether --with-execv or --without-execv was given. if test "${with_execv+set}" = set; then withval="$with_execv" @@ -1784,7 +1800,7 @@ fi echo $ac_n "checking whether to use per-tty ticket files""... $ac_c" 1>&6 -echo "configure:1788: checking whether to use per-tty ticket files" >&5 +echo "configure:1804: checking whether to use per-tty ticket files" >&5 # Check whether --with-tty-tickets or --without-tty-tickets was given. if test "${with_tty_tickets+set}" = set; then withval="$with_tty_tickets" @@ -1806,7 +1822,7 @@ fi echo $ac_n "checking whether to include insults""... $ac_c" 1>&6 -echo "configure:1810: checking whether to include insults" >&5 +echo "configure:1826: checking whether to include insults" >&5 # Check whether --with-insults or --without-insults was given. if test "${with_insults+set}" = set; then withval="$with_insults" @@ -1911,7 +1927,7 @@ fi if test "$with_insults" = "yes"; then echo $ac_n "checking which insult sets to include""... $ac_c" 1>&6 -echo "configure:1915: checking which insult sets to include" >&5 +echo "configure:1931: checking which insult sets to include" >&5 i="" test "$with_goons_insults" = "yes" && i="goons ${i}" test "$with_hal_insults" = "yes" && i="hal ${i}" @@ -1921,7 +1937,7 @@ echo "configure:1915: checking which insult sets to include" >&5 fi echo $ac_n "checking whether to override the user's path""... $ac_c" 1>&6 -echo "configure:1925: checking whether to override the user's path" >&5 +echo "configure:1941: checking whether to override the user's path" >&5 # Check whether --with-secure-path or --without-secure-path was given. if test "${with_secure_path+set}" = set; then withval="$with_secure_path" @@ -1947,7 +1963,7 @@ fi echo $ac_n "checking whether to get ip addresses from the network interfaces""... $ac_c" 1>&6 -echo "configure:1951: checking whether to get ip addresses from the network interfaces" >&5 +echo "configure:1967: checking whether to get ip addresses from the network interfaces" >&5 # Check whether --with-interfaces or --without-interfaces was given. if test "${with_interfaces+set}" = set; then withval="$with_interfaces" @@ -1970,7 +1986,7 @@ fi echo $ac_n "checking whether to do user authentication by default""... $ac_c" 1>&6 -echo "configure:1974: checking whether to do user authentication by default" >&5 +echo "configure:1990: checking whether to do user authentication by default" >&5 # Check whether --enable-authentication or --disable-authentication was given. if test "${enable_authentication+set}" = set; then enableval="$enable_authentication" @@ -1994,7 +2010,7 @@ fi echo $ac_n "checking whether to disable shadow password support""... $ac_c" 1>&6 -echo "configure:1998: checking whether to disable shadow password support" >&5 +echo "configure:2014: checking whether to disable shadow password support" >&5 # Check whether --enable-shadow or --disable-shadow was given. if test "${enable_shadow+set}" = set; then enableval="$enable_shadow" @@ -2015,7 +2031,7 @@ fi echo $ac_n "checking whether root should be allowed to use sudo""... $ac_c" 1>&6 -echo "configure:2019: checking whether root should be allowed to use sudo" >&5 +echo "configure:2035: checking whether root should be allowed to use sudo" >&5 # Check whether --enable-root-sudo or --disable-root-sudo was given. if test "${enable_root_sudo+set}" = set; then enableval="$enable_root_sudo" @@ -2038,7 +2054,7 @@ fi echo $ac_n "checking whether to log the hostname in the log file""... $ac_c" 1>&6 -echo "configure:2042: checking whether to log the hostname in the log file" >&5 +echo "configure:2058: checking whether to log the hostname in the log file" >&5 # Check whether --enable-log-host or --disable-log-host was given. if test "${enable_log_host+set}" = set; then enableval="$enable_log_host" @@ -2062,7 +2078,7 @@ fi echo $ac_n "checking whether to invoke a shell if sudo is given no arguments""... $ac_c" 1>&6 -echo "configure:2066: checking whether to invoke a shell if sudo is given no arguments" >&5 +echo "configure:2082: checking whether to invoke a shell if sudo is given no arguments" >&5 # Check whether --enable-noargs-shell or --disable-noargs-shell was given. if test "${enable_noargs_shell+set}" = set; then enableval="$enable_noargs_shell" @@ -2086,7 +2102,7 @@ fi echo $ac_n "checking whether to set \$HOME to target user in shell mode""... $ac_c" 1>&6 -echo "configure:2090: checking whether to set \$HOME to target user in shell mode" >&5 +echo "configure:2106: checking whether to set \$HOME to target user in shell mode" >&5 # Check whether --enable-shell-sets-home or --disable-shell-sets-home was given. if test "${enable_shell_sets_home+set}" = set; then enableval="$enable_shell_sets_home" @@ -2110,7 +2126,7 @@ fi echo $ac_n "checking whether to disable 'command not found' messages""... $ac_c" 1>&6 -echo "configure:2114: checking whether to disable 'command not found' messages" >&5 +echo "configure:2130: checking whether to disable 'command not found' messages" >&5 # Check whether --enable-path_info or --disable-path_info was given. if test "${enable_path_info+set}" = set; then enableval="$enable_path_info" @@ -2136,7 +2152,7 @@ fi # Extract the first word of "egrep", so it can be a program name with args. set dummy egrep; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2140: checking for $ac_word" >&5 +echo "configure:2156: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_EGREPPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2171,7 +2187,7 @@ cross_compiling="no" # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2175: checking for $ac_word" >&5 +echo "configure:2191: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2200,7 +2216,7 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2204: checking for $ac_word" >&5 +echo "configure:2220: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2248,7 +2264,7 @@ fi fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:2252: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:2268: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -2258,11 +2274,11 @@ ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2282: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -2282,12 +2298,12 @@ if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:2286: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:2302: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:2291: checking whether we are using GNU C" >&5 +echo "configure:2307: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2296,7 +2312,7 @@ else yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:2300: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:2316: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -2311,7 +2327,7 @@ if test $ac_cv_prog_gcc = yes; then ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:2315: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:2331: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2341,7 +2357,7 @@ fi ac_cv_prog_cc_cross="no" cross_compiling="no" echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:2345: checking how to run the C preprocessor" >&5 +echo "configure:2361: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -2356,13 +2372,13 @@ else # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2366: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2382: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : @@ -2373,13 +2389,13 @@ else rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2383: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2399: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : @@ -2402,7 +2418,7 @@ fi echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 -echo "configure:2406: checking for POSIXized ISC" >&5 +echo "configure:2422: checking for POSIXized ISC" >&5 if test -d /etc/conf/kconfig.d && grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 then @@ -2430,7 +2446,7 @@ fi # Extract the first word of "uname", so it can be a program name with args. set dummy uname; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2434: checking for $ac_word" >&5 +echo "configure:2450: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_UNAMEPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2458,7 +2474,7 @@ fi # Extract the first word of "tr", so it can be a program name with args. set dummy tr; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2462: checking for $ac_word" >&5 +echo "configure:2478: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_TRPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2486,7 +2502,7 @@ fi # Extract the first word of "sed", so it can be a program name with args. set dummy sed; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2490: checking for $ac_word" >&5 +echo "configure:2506: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_SEDPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2514,7 +2530,7 @@ fi # Extract the first word of "nroff", so it can be a program name with args. set dummy nroff; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2518: checking for $ac_word" >&5 +echo "configure:2534: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_NROFFPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2541,6 +2557,7 @@ fi if test -z "$NROFFPROG"; then MANTYPE="cat" + mansrcdir='$(srcdir)' fi ac_aux_dir= @@ -2569,7 +2586,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:2573: checking host system type" >&5 +echo "configure:2590: checking host system type" >&5 host_alias=$host case "$host_alias" in @@ -2598,7 +2615,7 @@ if test -n "$sudo_cv_prev_host"; then exit 1 else echo $ac_n "checking previous host type""... $ac_c" 1>&6 -echo "configure:2602: checking previous host type" >&5 +echo "configure:2619: checking previous host type" >&5 if eval "test \"`echo '$''{'sudo_cv_prev_host'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2638,12 +2655,12 @@ case "$host" in # check for password adjunct functions (shadow passwords) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getpwanam""... $ac_c" 1>&6 -echo "configure:2642: checking for getpwanam" >&5 +echo "configure:2659: checking for getpwanam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getpwanam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2687: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getpwanam=yes" else @@ -2686,12 +2703,12 @@ EOF for ac_func in issecure do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2690: checking for $ac_func" >&5 +echo "configure:2707: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2735: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2752,6 +2769,8 @@ fi if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lucb" fi + mansectsu=1m + mansectform=4 ;; *-*-aix*) # To get all prototypes (so we pass -Wall) @@ -2765,7 +2784,7 @@ EOF *-*-hiuxmpp*) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:2769: checking for getprpwnam in -lsec" >&5 +echo "configure:2788: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -2777,7 +2796,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2811: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2810,7 +2829,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:2814: checking for getprpwnam in -lsecurity" >&5 +echo "configure:2833: checking for getprpwnam in -lsecurity" >&5 if test -n ""; then ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -2822,7 +2841,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2856: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2860,6 +2879,8 @@ fi CHECKSHADOW="false" fi + mansectsu=1m + mansectform=4 ;; *-*-hpux1[0-9]*) # uncomment this for a statically linked sudo @@ -2880,7 +2901,7 @@ fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:2884: checking for getprpwnam in -lsec" >&5 +echo "configure:2905: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -2892,7 +2913,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2928: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2922,7 +2943,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then #define HAVE_GETPRPWNAM 1 EOF echo $ac_n "checking for iscomsec in -lsec""... $ac_c" 1>&6 -echo "configure:2926: checking for iscomsec in -lsec" >&5 +echo "configure:2947: checking for iscomsec in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'iscomsec | sed 'y% ./+-%___p_%'` else @@ -2934,7 +2955,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2970: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2987,6 +3008,8 @@ fi if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi + mansectsu=1m + mansectform=4 ;; *-*-hpux9*) # uncomment this for a statically linked sudo @@ -3014,12 +3037,12 @@ EOF for ac_func in getspwuid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3018: checking for $ac_func" >&5 +echo "configure:3041: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3069: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3089,6 +3112,8 @@ done if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi + mansectsu=1m + mansectform=4 ;; *-*-hpux*) @@ -3108,13 +3133,15 @@ EOF if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi + mansectsu=1m + mansectform=4 ;; *-dec-osf*) # ignore envariables wrt dynamic lib path SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement" echo $ac_n "checking whether to disable sia support on Digital UNIX""... $ac_c" 1>&6 -echo "configure:3118: checking whether to disable sia support on Digital UNIX" >&5 +echo "configure:3145: checking whether to disable sia support on Digital UNIX" >&5 # Check whether --enable-sia or --disable-sia was given. if test "${enable_sia+set}" = set; then enableval="$enable_sia" @@ -3138,12 +3165,12 @@ fi # unless overridden on the command line if test "$CHECKSIA" = "true"; then echo $ac_n "checking for sia_ses_init""... $ac_c" 1>&6 -echo "configure:3142: checking for sia_ses_init" >&5 +echo "configure:3169: checking for sia_ses_init" >&5 if eval "test \"`echo '$''{'ac_cv_func_sia_ses_init'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3197: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_sia_ses_init=yes" else @@ -3194,7 +3221,7 @@ fi fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:3198: checking for getprpwnam in -lsecurity" >&5 +echo "configure:3225: checking for getprpwnam in -lsecurity" >&5 if test -n ""; then ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3206,7 +3233,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3248: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3247,12 +3274,12 @@ EOF # -ldb includes bogus versions of snprintf/vsnprintf echo $ac_n "checking for snprintf""... $ac_c" 1>&6 -echo "configure:3251: checking for snprintf" >&5 +echo "configure:3278: checking for snprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_snprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3306: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_snprintf=yes" else @@ -3299,12 +3326,12 @@ NEED_SNPRINTF=1 fi echo $ac_n "checking for vsnprintf""... $ac_c" 1>&6 -echo "configure:3303: checking for vsnprintf" >&5 +echo "configure:3330: checking for vsnprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_vsnprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_vsnprintf=yes" else @@ -3352,7 +3379,7 @@ fi # 4.x and higher need -ldb too... echo $ac_n "checking for dbopen in -ldb""... $ac_c" 1>&6 -echo "configure:3356: checking for dbopen in -ldb" >&5 +echo "configure:3383: checking for dbopen in -ldb" >&5 if test -n ""; then ac_lib_var=`echo db'_'dbopen | sed 'y% ./+-%___p_%'` else @@ -3364,7 +3391,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldb $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3406: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3399,12 +3426,12 @@ fi for ac_func in dispcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3403: checking for $ac_func" >&5 +echo "configure:3430: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3458: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3452,9 +3479,9 @@ fi done echo $ac_n "checking for broken /usr/include/prot.h""... $ac_c" 1>&6 -echo "configure:3456: checking for broken /usr/include/prot.h" >&5 +echo "configure:3483: checking for broken /usr/include/prot.h" >&5 cat > conftest.$ac_ext < @@ -3465,7 +3492,7 @@ int main() { exit(0); ; return 0; } EOF -if { (eval echo configure:3469: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3496: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* echo "$ac_t""no" 1>&6 else @@ -3481,6 +3508,8 @@ rm -f conftest* with_passwd=no AUTH_OBJS="sia.o" fi + mansectsu=8 + mansectform=4 ;; *-*-irix*) # configure may not think irix has stdc headers @@ -3511,7 +3540,7 @@ EOF # IRIX <= 4 needs -lsun if test "$OSREV" -le 4; then echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6 -echo "configure:3515: checking for getpwnam in -lsun" >&5 +echo "configure:3544: checking for getpwnam in -lsun" >&5 if test -n ""; then ac_lib_var=`echo sun'_'getpwnam | sed 'y% ./+-%___p_%'` else @@ -3523,7 +3552,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsun $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3567: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3555,6 +3584,8 @@ else fi fi + mansectsu=1m + mansectform=4 ;; *-*-linux*) # To get crypt(3) and vasprintf() prototypes (so we pass -Wall) @@ -3566,12 +3597,12 @@ EOF # Some Linux versions need to link with -lshadow if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:3570: checking for getspnam" >&5 +echo "configure:3601: checking for getspnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3629: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getspnam=yes" else @@ -3615,7 +3646,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6 -echo "configure:3619: checking for getspnam in -lshadow" >&5 +echo "configure:3650: checking for getspnam in -lshadow" >&5 if test -n ""; then ac_lib_var=`echo shadow'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3627,7 +3658,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lshadow $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3673: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3677,7 +3708,7 @@ EOF if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:3681: checking for getprpwnam in -lsec" >&5 +echo "configure:3712: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3689,7 +3720,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3735: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3730,7 +3761,7 @@ fi OS="ultrix" if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getauthuid in -lauth""... $ac_c" 1>&6 -echo "configure:3734: checking for getauthuid in -lauth" >&5 +echo "configure:3765: checking for getauthuid in -lauth" >&5 if test -n ""; then ac_lib_var=`echo auth'_'getauthuid | sed 'y% ./+-%___p_%'` else @@ -3742,7 +3773,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lauth $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3788: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3783,6 +3814,8 @@ fi LIBS="${LIBS} -lsun -lbsd" CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" OSDEFS="${OSDEFS} -D_MIPS" + mansectsu=1m + mansectform=4 ;; *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" @@ -3792,7 +3825,7 @@ fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3796: checking for getspnam in -lsec" >&5 +echo "configure:3829: checking for getspnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3804,7 +3837,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3852: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3840,11 +3873,13 @@ fi CHECKSHADOW="false" fi + mansectsu=1m + mansectform=4 ;; *-*-sco*) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lprot""... $ac_c" 1>&6 -echo "configure:3848: checking for getprpwnam in -lprot" >&5 +echo "configure:3883: checking for getprpwnam in -lprot" >&5 if test -n "-lx"; then ac_lib_var=`echo prot'_'getprpwnam-lx | sed 'y% ./+-%___p_%'` else @@ -3856,7 +3891,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lprot -lx $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3906: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3891,7 +3926,7 @@ else fi echo $ac_n "checking for getspnam in -lgen""... $ac_c" 1>&6 -echo "configure:3895: checking for getspnam in -lgen" >&5 +echo "configure:3930: checking for getspnam in -lgen" >&5 if test -n ""; then ac_lib_var=`echo gen'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3903,7 +3938,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lgen $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3953: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3939,11 +3974,13 @@ fi CHECKSHADOW="false" fi + mansectsu=1m + mansectform=4 ;; *-sequent-sysv*) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3947: checking for getspnam in -lsec" >&5 +echo "configure:3984: checking for getspnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3955,7 +3992,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4007: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3991,18 +4028,32 @@ fi CHECKSHADOW="false" fi + mansectsu=1m + mansectform=4 ;; *-ccur-sysv4|*-ccur-sysvr4) LIBS="${LIBS} -lgen" SUDO_LIBS="${SUDO_LIBS} -lgen" + mansectsu=1m + mansectform=4 ;; *-*-bsdi*) - # Use shlicc for BSD/OS 2.x unless asked to do otherwise - if test "$OSREV" -ge 2 -a "${with_CC+set}" != set -a \ - "$ac_cv_prog_CC" = "gcc"; then - echo 'using shlicc as CC' - ac_cv_prog_CC=shlicc - CC="$ac_cv_prog_CC" + # Use shlicc for BSD/OS [23].x unless asked to do otherwise + if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then + case "$OSREV" in + 2|3) echo 'using shlicc as CC' + ac_cv_prog_CC=shlicc + CC="$ac_cv_prog_CC" + ;; + esac + fi + ;; + *-*-freebsd*) + if test "$with_skey" = "yes"; then + SUDO_LIBS="${SUDO_LIBS} -lmd" + fi + if test "$CHECKSHADOW" = "true"; then + CHECKSHADOW="false" fi ;; *-*-*bsd*) @@ -4010,16 +4061,23 @@ fi CHECKSHADOW="false" fi ;; + *-*-sysv*) + mansectsu=1m + mansectform=4 + ;; esac +test -n "$mansectsu" || mansectsu=8 +test -n "$mansectform" || mansectform=5 + if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:4018: checking for getspnam" >&5 +echo "configure:4076: checking for getspnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4104: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getspnam=yes" else @@ -4067,12 +4125,12 @@ fi fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam""... $ac_c" 1>&6 -echo "configure:4071: checking for getprpwnam" >&5 +echo "configure:4129: checking for getprpwnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getprpwnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4157: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getprpwnam=yes" else @@ -4116,7 +4174,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:4120: checking for getprpwnam in -lsec" >&5 +echo "configure:4178: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -4128,7 +4186,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4161,7 +4219,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:4165: checking for getprpwnam in -lsecurity" >&5 +echo "configure:4223: checking for getprpwnam in -lsecurity" >&5 if test -n ""; then ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -4173,7 +4231,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4206,7 +4264,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lprot""... $ac_c" 1>&6 -echo "configure:4210: checking for getprpwnam in -lprot" >&5 +echo "configure:4268: checking for getprpwnam in -lprot" >&5 if test -n ""; then ac_lib_var=`echo prot'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -4218,7 +4276,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lprot $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4291: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4262,13 +4320,13 @@ fi if test $ac_cv_prog_gcc = yes; then echo $ac_n "checking whether ${CC-cc} needs -traditional""... $ac_c" 1>&6 -echo "configure:4266: checking whether ${CC-cc} needs -traditional" >&5 +echo "configure:4324: checking whether ${CC-cc} needs -traditional" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc_traditional'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_pattern="Autoconf.*'x'" cat > conftest.$ac_ext < Autoconf TIOCGETP @@ -4286,7 +4344,7 @@ rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then cat > conftest.$ac_ext < Autoconf TCGETA @@ -4308,12 +4366,12 @@ echo "$ac_t""$ac_cv_prog_gcc_traditional" 1>&6 fi echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:4312: checking for working const" >&5 +echo "configure:4370: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4424: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -4387,7 +4445,7 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4391: checking for $ac_word" >&5 +echo "configure:4449: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4418,7 +4476,7 @@ test -n "$YACC" || YACC="yacc" if test -z "$with_sendmail"; then echo $ac_n "checking for sendmail""... $ac_c" 1>&6 -echo "configure:4422: checking for sendmail" >&5 +echo "configure:4480: checking for sendmail" >&5 if test -f "/usr/sbin/sendmail"; then echo "$ac_t""/usr/sbin/sendmail" 1>&6 cat >> confdefs.h <<\EOF @@ -4461,7 +4519,7 @@ fi fi echo $ac_n "checking for mv""... $ac_c" 1>&6 -echo "configure:4465: checking for mv" >&5 +echo "configure:4523: checking for mv" >&5 if test -f "/usr/bin/mv"; then echo "$ac_t""/usr/bin/mv" 1>&6 cat >> confdefs.h <<\EOF @@ -4491,7 +4549,7 @@ else fi echo $ac_n "checking for bourne shell""... $ac_c" 1>&6 -echo "configure:4495: checking for bourne shell" >&5 +echo "configure:4553: checking for bourne shell" >&5 if test -f "/bin/sh"; then echo "$ac_t""/bin/sh" 1>&6 cat >> confdefs.h <<\EOF @@ -4545,7 +4603,7 @@ else fi echo $ac_n "checking for vi""... $ac_c" 1>&6 -echo "configure:4549: checking for vi" >&5 +echo "configure:4607: checking for vi" >&5 if test -f "/usr/bin/vi"; then echo "$ac_t""/usr/bin/vi" 1>&6 cat >> confdefs.h <<\EOF @@ -4581,12 +4639,12 @@ else fi echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:4585: checking for ANSI C header files" >&5 +echo "configure:4643: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -4594,7 +4652,7 @@ else #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4598: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4656: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4611,7 +4669,7 @@ rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -4629,7 +4687,7 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -4650,7 +4708,7 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -4661,7 +4719,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } EOF -if { (eval echo configure:4665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4723: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then : else @@ -4689,12 +4747,12 @@ for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:4693: checking for $ac_hdr that defines DIR" >&5 +echo "configure:4751: checking for $ac_hdr that defines DIR" >&5 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include <$ac_hdr> @@ -4702,7 +4760,7 @@ int main() { DIR *dirp = 0; ; return 0; } EOF -if { (eval echo configure:4706: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4764: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=yes" else @@ -4727,7 +4785,7 @@ done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:4731: checking for opendir in -ldir" >&5 +echo "configure:4789: checking for opendir in -ldir" >&5 if test -n ""; then ac_lib_var=`echo dir'_'opendir | sed 'y% ./+-%___p_%'` else @@ -4739,7 +4797,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldir $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4812: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4772,7 +4830,7 @@ fi else echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:4776: checking for opendir in -lx" >&5 +echo "configure:4834: checking for opendir in -lx" >&5 if test -n ""; then ac_lib_var=`echo x'_'opendir | sed 'y% ./+-%___p_%'` else @@ -4784,7 +4842,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lx $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4857: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4821,17 +4879,17 @@ for ac_hdr in string.h strings.h unistd.h malloc.h paths.h utime.h netgroup.h sy do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4825: checking for $ac_hdr" >&5 +echo "configure:4883: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4835: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4893: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4862,17 +4920,17 @@ if test "$OS" != "ultrix"; then do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4866: checking for $ac_hdr" >&5 +echo "configure:4924: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4876: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4934: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4902,17 +4960,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4906: checking for $ac_hdr" >&5 +echo "configure:4964: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4916: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4974: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4935,12 +4993,12 @@ EOF for ac_func in tcgetattr do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4939: checking for $ac_func" >&5 +echo "configure:4997: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5025: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4994,12 +5052,12 @@ done fi echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:4998: checking for mode_t" >&5 +echo "configure:5056: checking for mode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5027,12 +5085,12 @@ EOF fi echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:5031: checking for uid_t in sys/types.h" >&5 +echo "configure:5089: checking for uid_t in sys/types.h" >&5 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF @@ -5061,12 +5119,12 @@ EOF fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:5065: checking for size_t" >&5 +echo "configure:5123: checking for size_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5096,12 +5154,12 @@ EOF fi echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 -echo "configure:5100: checking for ssize_t" >&5 +echo "configure:5158: checking for ssize_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_ssize_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5131,12 +5189,12 @@ EOF fi echo $ac_n "checking for dev_t""... $ac_c" 1>&6 -echo "configure:5135: checking for dev_t" >&5 +echo "configure:5193: checking for dev_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_dev_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5166,12 +5224,12 @@ EOF fi echo $ac_n "checking for ino_t""... $ac_c" 1>&6 -echo "configure:5170: checking for ino_t" >&5 +echo "configure:5228: checking for ino_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_ino_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5201,9 +5259,9 @@ EOF fi echo $ac_n "checking for full void implementation""... $ac_c" 1>&6 -echo "configure:5205: checking for full void implementation" >&5 +echo "configure:5263: checking for full void implementation" >&5 cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:5273: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define VOID void @@ -5231,7 +5289,7 @@ fi rm -f conftest* echo $ac_n "checking max length of uid_t""... $ac_c" 1>&6 -echo "configure:5235: checking max length of uid_t" >&5 +echo "configure:5293: checking max length of uid_t" >&5 if eval "test \"`echo '$''{'sudo_cv_uid_t_len'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5240,7 +5298,7 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < #include @@ -5261,7 +5319,7 @@ main() { exit(0); } EOF -if { (eval echo configure:5265: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_uid_t_len=`cat conftestdata` else @@ -5284,16 +5342,16 @@ EOF echo $ac_n "checking for long long support""... $ac_c" 1>&6 -echo "configure:5288: checking for long long support" >&5 +echo "configure:5346: checking for long long support" >&5 cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5355: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_LONG_LONG 1 @@ -5303,11 +5361,11 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5369: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then cat >> confdefs.h <<\EOF #define LONG_IS_QUAD 1 @@ -5329,7 +5387,7 @@ else fi rm -f conftest* echo $ac_n "checking for sa_len field in struct sockaddr""... $ac_c" 1>&6 -echo "configure:5333: checking for sa_len field in struct sockaddr" >&5 +echo "configure:5391: checking for sa_len field in struct sockaddr" >&5 if eval "test \"`echo '$''{'sudo_cv_sock_sa_len'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5337,7 +5395,7 @@ else sudo_cv_sock_sa_len=no else cat > conftest.$ac_ext < #include @@ -5347,7 +5405,7 @@ s.sa_len = 0; exit(0); } EOF -if { (eval echo configure:5351: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5409: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_sock_sa_len=yes else @@ -5372,12 +5430,12 @@ fi case "$DEFS" in *"RETSIGTYPE"*) ;; *) echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:5376: checking return type of signal handlers" >&5 +echo "configure:5434: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -5394,7 +5452,7 @@ int main() { int i; ; return 0; } EOF -if { (eval echo configure:5398: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:5456: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else @@ -5416,12 +5474,12 @@ esac for ac_func in strchr strrchr memchr memcpy memset sysconf sigaction tzset seteuid strftime setrlimit initgroups fstat do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5420: checking for $ac_func" >&5 +echo "configure:5478: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5506: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5472,12 +5530,12 @@ if test -n "$SECUREWARE"; then for ac_func in bigcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5476: checking for $ac_func" >&5 +echo "configure:5534: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5562: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5527,12 +5585,12 @@ done for ac_func in set_auth_parameters do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5531: checking for $ac_func" >&5 +echo "configure:5589: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5617: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5582,12 +5640,12 @@ done for ac_func in initprivs do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5586: checking for $ac_func" >&5 +echo "configure:5644: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5637,12 +5695,12 @@ done fi if test -z "$BROKEN_GETCWD"; then echo $ac_n "checking for getcwd""... $ac_c" 1>&6 -echo "configure:5641: checking for getcwd" >&5 +echo "configure:5699: checking for getcwd" >&5 if eval "test \"`echo '$''{'ac_cv_func_getcwd'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5727: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getcwd=yes" else @@ -5690,12 +5748,12 @@ fi fi echo $ac_n "checking for lockf""... $ac_c" 1>&6 -echo "configure:5694: checking for lockf" >&5 +echo "configure:5752: checking for lockf" >&5 if eval "test \"`echo '$''{'ac_cv_func_lockf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5780: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_lockf=yes" else @@ -5741,12 +5799,12 @@ else for ac_func in flock do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5745: checking for $ac_func" >&5 +echo "configure:5803: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5831: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5796,12 +5854,12 @@ done fi echo $ac_n "checking for waitpid""... $ac_c" 1>&6 -echo "configure:5800: checking for waitpid" >&5 +echo "configure:5858: checking for waitpid" >&5 if eval "test \"`echo '$''{'ac_cv_func_waitpid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5886: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_waitpid=yes" else @@ -5847,12 +5905,12 @@ else for ac_func in wait3 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5851: checking for $ac_func" >&5 +echo "configure:5909: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5937: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5902,12 +5960,12 @@ done fi echo $ac_n "checking for innetgr""... $ac_c" 1>&6 -echo "configure:5906: checking for innetgr" >&5 +echo "configure:5964: checking for innetgr" >&5 if eval "test \"`echo '$''{'ac_cv_func_innetgr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5992: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_innetgr=yes" else @@ -5950,12 +6008,12 @@ EOF for ac_func in getdomainname do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5954: checking for $ac_func" >&5 +echo "configure:6012: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6040: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6007,12 +6065,12 @@ else fi echo $ac_n "checking for lsearch""... $ac_c" 1>&6 -echo "configure:6011: checking for lsearch" >&5 +echo "configure:6069: checking for lsearch" >&5 if eval "test \"`echo '$''{'ac_cv_func_lsearch'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6097: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_lsearch=yes" else @@ -6056,7 +6114,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for lsearch in -lcompat""... $ac_c" 1>&6 -echo "configure:6060: checking for lsearch in -lcompat" >&5 +echo "configure:6118: checking for lsearch in -lcompat" >&5 if test -n ""; then ac_lib_var=`echo compat'_'lsearch | sed 'y% ./+-%___p_%'` else @@ -6068,7 +6126,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcompat $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6141: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6096,17 +6154,17 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_safe=`echo "search.h" | sed 'y%./+-%__p_%'` echo $ac_n "checking for search.h""... $ac_c" 1>&6 -echo "configure:6100: checking for search.h" >&5 +echo "configure:6158: checking for search.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:6110: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:6168: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -6139,12 +6197,12 @@ fi fi echo $ac_n "checking for setenv""... $ac_c" 1>&6 -echo "configure:6143: checking for setenv" >&5 +echo "configure:6201: checking for setenv" >&5 if eval "test \"`echo '$''{'ac_cv_func_setenv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6229: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_setenv=yes" else @@ -6188,12 +6246,12 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for putenv""... $ac_c" 1>&6 -echo "configure:6192: checking for putenv" >&5 +echo "configure:6250: checking for putenv" >&5 if eval "test \"`echo '$''{'ac_cv_func_putenv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_putenv=yes" else @@ -6242,12 +6300,12 @@ fi fi echo $ac_n "checking for utime""... $ac_c" 1>&6 -echo "configure:6246: checking for utime" >&5 +echo "configure:6304: checking for utime" >&5 if eval "test \"`echo '$''{'ac_cv_func_utime'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6332: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_utime=yes" else @@ -6289,7 +6347,7 @@ if eval "test \"`echo '$ac_cv_func_'utime`\" = yes"; then EOF echo $ac_n "checking for POSIX utime""... $ac_c" 1>&6 -echo "configure:6293: checking for POSIX utime" >&5 +echo "configure:6351: checking for POSIX utime" >&5 if eval "test \"`echo '$''{'sudo_cv_func_utime_posix'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6298,7 +6356,7 @@ if test "$cross_compiling" = yes; then sudo_cv_func_utime_posix=no else cat > conftest.$ac_ext < #include @@ -6310,7 +6368,7 @@ utime("conftestdata", &ut); exit(0); } EOF -if { (eval echo configure:6314: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6372: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_func_utime_posix=yes else @@ -6337,8 +6395,8 @@ else LIBOBJS="$LIBOBJS utime.o" fi -echo $ac_n "checking for working fnmatch""... $ac_c" 1>&6 -echo "configure:6342: checking for working fnmatch" >&5 +echo $ac_n "checking for working fnmatch with FNM_CASEFOLD""... $ac_c" 1>&6 +echo "configure:6400: checking for working fnmatch with FNM_CASEFOLD" >&5 if eval "test \"`echo '$''{'sudo_cv_func_fnmatch'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6347,13 +6405,13 @@ if test "$cross_compiling" = yes; then sudo_cv_func_fnmatch=no else cat > conftest.$ac_ext < -main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", 0)); } +main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); } EOF -if { (eval echo configure:6357: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6415: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_func_fnmatch=yes else @@ -6380,12 +6438,12 @@ fi for ac_func in strerror strcasecmp do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6384: checking for $ac_func" >&5 +echo "configure:6442: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6470: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6435,12 +6493,12 @@ done echo $ac_n "checking for snprintf""... $ac_c" 1>&6 -echo "configure:6439: checking for snprintf" >&5 +echo "configure:6497: checking for snprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_snprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6525: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_snprintf=yes" else @@ -6487,12 +6545,12 @@ NEED_SNPRINTF=1 fi echo $ac_n "checking for vsnprintf""... $ac_c" 1>&6 -echo "configure:6491: checking for vsnprintf" >&5 +echo "configure:6549: checking for vsnprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_vsnprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6577: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_vsnprintf=yes" else @@ -6539,12 +6597,12 @@ NEED_SNPRINTF=1 fi echo $ac_n "checking for asprintf""... $ac_c" 1>&6 -echo "configure:6543: checking for asprintf" >&5 +echo "configure:6601: checking for asprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_asprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6629: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_asprintf=yes" else @@ -6591,12 +6649,12 @@ NEED_SNPRINTF=1 fi echo $ac_n "checking for vasprintf""... $ac_c" 1>&6 -echo "configure:6595: checking for vasprintf" >&5 +echo "configure:6653: checking for vasprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_vasprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6681: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_vasprintf=yes" else @@ -6647,12 +6705,12 @@ if test -n "$NEED_SNPRINTF"; then fi if test -z "$LIB_CRYPT"; then echo $ac_n "checking for crypt""... $ac_c" 1>&6 -echo "configure:6651: checking for crypt" >&5 +echo "configure:6709: checking for crypt" >&5 if eval "test \"`echo '$''{'ac_cv_func_crypt'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6737: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_crypt=yes" else @@ -6693,7 +6751,7 @@ if eval "test \"`echo '$ac_cv_func_'crypt`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:6697: checking for crypt in -lcrypt" >&5 +echo "configure:6755: checking for crypt in -lcrypt" >&5 if test -n ""; then ac_lib_var=`echo crypt'_'crypt | sed 'y% ./+-%___p_%'` else @@ -6705,7 +6763,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6778: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6735,7 +6793,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lcrypt_d""... $ac_c" 1>&6 -echo "configure:6739: checking for crypt in -lcrypt_d" >&5 +echo "configure:6797: checking for crypt in -lcrypt_d" >&5 if test -n ""; then ac_lib_var=`echo crypt_d'_'crypt | sed 'y% ./+-%___p_%'` else @@ -6747,7 +6805,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt_d $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6777,7 +6835,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lufc""... $ac_c" 1>&6 -echo "configure:6781: checking for crypt in -lufc" >&5 +echo "configure:6839: checking for crypt in -lufc" >&5 if test -n ""; then ac_lib_var=`echo ufc'_'crypt | sed 'y% ./+-%___p_%'` else @@ -6789,7 +6847,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lufc $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6862: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6828,12 +6886,12 @@ fi fi echo $ac_n "checking for socket""... $ac_c" 1>&6 -echo "configure:6832: checking for socket" >&5 +echo "configure:6890: checking for socket" >&5 if eval "test \"`echo '$''{'ac_cv_func_socket'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6918: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_socket=yes" else @@ -6874,7 +6932,7 @@ if eval "test \"`echo '$ac_cv_func_'socket`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:6878: checking for socket in -lsocket" >&5 +echo "configure:6936: checking for socket in -lsocket" >&5 if test -n ""; then ac_lib_var=`echo socket'_'socket | sed 'y% ./+-%___p_%'` else @@ -6886,7 +6944,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6959: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6916,7 +6974,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for socket in -linet""... $ac_c" 1>&6 -echo "configure:6920: checking for socket in -linet" >&5 +echo "configure:6978: checking for socket in -linet" >&5 if test -n ""; then ac_lib_var=`echo inet'_'socket | sed 'y% ./+-%___p_%'` else @@ -6928,7 +6986,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7001: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6959,7 +7017,7 @@ else echo "$ac_t""no" 1>&6 echo "configure: warning: unable to find socket() trying -lsocket -lnsl" 1>&2 echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:6963: checking for socket in -lsocket" >&5 +echo "configure:7021: checking for socket in -lsocket" >&5 if test -n "-lnsl"; then ac_lib_var=`echo socket'_'socket-lnsl | sed 'y% ./+-%___p_%'` else @@ -6971,7 +7029,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket -lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7044: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7009,12 +7067,12 @@ fi fi echo $ac_n "checking for inet_addr""... $ac_c" 1>&6 -echo "configure:7013: checking for inet_addr" >&5 +echo "configure:7071: checking for inet_addr" >&5 if eval "test \"`echo '$''{'ac_cv_func_inet_addr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7099: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_inet_addr=yes" else @@ -7054,8 +7112,54 @@ if eval "test \"`echo '$ac_cv_func_'inet_addr`\" = yes"; then : else echo "$ac_t""no" 1>&6 +echo $ac_n "checking for __inet_addr""... $ac_c" 1>&6 +echo "configure:7117: checking for __inet_addr" >&5 +if eval "test \"`echo '$''{'ac_cv_func___inet_addr'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char __inet_addr(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub___inet_addr) || defined (__stub_____inet_addr) +choke me +#else +__inet_addr(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7145: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func___inet_addr=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func___inet_addr=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'__inet_addr`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 echo $ac_n "checking for inet_addr in -lnsl""... $ac_c" 1>&6 -echo "configure:7059: checking for inet_addr in -lnsl" >&5 +echo "configure:7163: checking for inet_addr in -lnsl" >&5 if test -n ""; then ac_lib_var=`echo nsl'_'inet_addr | sed 'y% ./+-%___p_%'` else @@ -7067,7 +7171,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7186: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7097,7 +7201,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for inet_addr in -linet""... $ac_c" 1>&6 -echo "configure:7101: checking for inet_addr in -linet" >&5 +echo "configure:7205: checking for inet_addr in -linet" >&5 if test -n ""; then ac_lib_var=`echo inet'_'inet_addr | sed 'y% ./+-%___p_%'` else @@ -7109,7 +7213,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7228: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7138,9 +7242,9 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet" else echo "$ac_t""no" 1>&6 -echo "configure: warning: unable to find socket() trying -lsocket -lnsl" 1>&2 +echo "configure: warning: unable to find inet_addr() trying -lsocket -lnsl" 1>&2 echo $ac_n "checking for inet_addr in -lsocket""... $ac_c" 1>&6 -echo "configure:7144: checking for inet_addr in -lsocket" >&5 +echo "configure:7248: checking for inet_addr in -lsocket" >&5 if test -n "-lnsl"; then ac_lib_var=`echo socket'_'inet_addr-lnsl | sed 'y% ./+-%___p_%'` else @@ -7152,7 +7256,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket -lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7271: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7189,13 +7293,15 @@ fi fi +fi + echo $ac_n "checking for syslog""... $ac_c" 1>&6 -echo "configure:7194: checking for syslog" >&5 +echo "configure:7300: checking for syslog" >&5 if eval "test \"`echo '$''{'ac_cv_func_syslog'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7328: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_syslog=yes" else @@ -7236,7 +7342,7 @@ if eval "test \"`echo '$ac_cv_func_'syslog`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for syslog in -lsocket""... $ac_c" 1>&6 -echo "configure:7240: checking for syslog in -lsocket" >&5 +echo "configure:7346: checking for syslog in -lsocket" >&5 if test -n ""; then ac_lib_var=`echo socket'_'syslog | sed 'y% ./+-%___p_%'` else @@ -7248,7 +7354,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7369: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7278,7 +7384,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for syslog in -lnsl""... $ac_c" 1>&6 -echo "configure:7282: checking for syslog in -lnsl" >&5 +echo "configure:7388: checking for syslog in -lnsl" >&5 if test -n ""; then ac_lib_var=`echo nsl'_'syslog | sed 'y% ./+-%___p_%'` else @@ -7290,7 +7396,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7411: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7320,7 +7426,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for syslog in -linet""... $ac_c" 1>&6 -echo "configure:7324: checking for syslog in -linet" >&5 +echo "configure:7430: checking for syslog in -linet" >&5 if test -n ""; then ac_lib_var=`echo inet'_'syslog | sed 'y% ./+-%___p_%'` else @@ -7332,7 +7438,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7453: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7373,19 +7479,19 @@ if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works # for constant arguments. Useless! echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 -echo "configure:7377: checking for working alloca.h" >&5 +echo "configure:7483: checking for working alloca.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { char *p = alloca(2 * sizeof(int)); ; return 0; } EOF -if { (eval echo configure:7389: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7495: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_header_alloca_h=yes else @@ -7406,12 +7512,12 @@ EOF fi echo $ac_n "checking for alloca""... $ac_c" 1>&6 -echo "configure:7410: checking for alloca" >&5 +echo "configure:7516: checking for alloca" >&5 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7544: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_func_alloca_works=yes else @@ -7466,12 +7572,12 @@ EOF echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 -echo "configure:7470: checking whether alloca needs Cray hooks" >&5 +echo "configure:7576: checking whether alloca needs Cray hooks" >&5 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7500: checking for $ac_func" >&5 +echo "configure:7606: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7634: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7551,7 +7657,7 @@ done fi echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 -echo "configure:7555: checking stack direction for C alloca" >&5 +echo "configure:7661: checking stack direction for C alloca" >&5 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -7559,7 +7665,7 @@ else ac_cv_c_stack_direction=0 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:7688: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_c_stack_direction=1 else @@ -7632,21 +7738,21 @@ fi if test "$with_pam" = "yes"; then echo $ac_n "checking for -ldl""... $ac_c" 1>&6 -echo "configure:7636: checking for -ldl" >&5 +echo "configure:7742: checking for -ldl" >&5 if eval "test \"`echo '$''{'ac_cv_lib_dl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7756: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_lib_dl=yes else @@ -7696,21 +7802,21 @@ EOF fi echo $ac_n "checking for -ldes""... $ac_c" 1>&6 -echo "configure:7700: checking for -ldes" >&5 +echo "configure:7806: checking for -ldes" >&5 if eval "test \"`echo '$''{'ac_cv_lib_des'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldes $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_lib_des=yes else @@ -7780,6 +7886,15 @@ if test "$with_DCE" = "yes"; then SUDO_LIBS="${SUDO_LIBS} -ldce" fi +if test "$with_logincap" = "yes"; then + SUDO_LIBS="${SUDO_LIBS} -lutil" + if test -f /usr/include/login_cap.h -a -f /usr/include/sys/types.h -a -f /usr/lib/libutil.a; then + : + else + echo 'Unable to locate libutil.a and/or login_cap.h, you will have to edit the Makefile and add -L/path/to/libutil to SUDO_LDFLAGS and/or -I/path/to/login_cap.h to CPPFLAGS' + fi +fi + if test "$with_skey" = "yes"; then SUDO_LIBS="${SUDO_LIBS} -lskey" if test -f /usr/include/skey.h -a -f /usr/lib/libskey.a; then @@ -7829,7 +7944,7 @@ if test "$with_authenticate" = "yes"; then fi echo $ac_n "checking for log file location""... $ac_c" 1>&6 -echo "configure:7833: checking for log file location" >&5 +echo "configure:7948: checking for log file location" >&5 if test -n "$with_logpath"; then echo "$ac_t""$with_logpath" 1>&6 cat >> confdefs.h <&6 -echo "configure:7863: checking for timestamp file location" >&5 +echo "configure:7978: checking for timestamp file location" >&5 if test -n "$with_timedir"; then echo "$ac_t""$with_timedir" 1>&6 cat >> confdefs.h <&6 cat >> confdefs.h <<\EOF #define _PATH_SUDO_TIMEDIR "/var/run/sudo" EOF -elif test -d "/tmp"; then + TIMEDIR="/var/run/sudo" +else echo "$ac_t""/tmp/.odus" 1>&6 cat >> confdefs.h <<\EOF #define _PATH_SUDO_TIMEDIR "/tmp/.odus" EOF -else - echo "$ac_t""unknown" 1>&6 + TIMEDIR="/tmp/.odus" fi @@ -8013,7 +8129,7 @@ done ac_given_srcdir=$srcdir -trap 'rm -fr `echo "Makefile config.h pathnames.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +trap 'rm -fr `echo "Makefile sudo.man visudo.man sudoers.man config.h pathnames.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then diff --git a/usr.bin/sudo/configure.in b/usr.bin/sudo/configure.in index aab9a996685..e0f7c8481f8 100644 --- a/usr.bin/sudo/configure.in +++ b/usr.bin/sudo/configure.in @@ -1,6 +1,6 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.300 2000/01/27 20:01:37 millert Exp $ +dnl $Sudo: configure.in,v 1.310 2000/03/24 20:14:04 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-1999 Todd C. Miller dnl @@ -9,45 +9,47 @@ AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT() dnl -echo "Configuring Sudo version 1.6.2" +echo "Configuring Sudo version 1.6.3" dnl dnl Variables that get substituted in the Makefile dnl -AC_SUBST(CFLAGS)dnl must not initialize CFLAGS, it is magic -PROGS="sudo visudo" +AC_SUBST(CFLAGS)dnl AC_SUBST(PROGS)dnl -CPPFLAGS="" AC_SUBST(CPPFLAGS)dnl -LDFLAGS="" AC_SUBST(LDFLAGS)dnl -SUDO_LDFLAGS="" AC_SUBST(SUDO_LDFLAGS)dnl -LIBS="" AC_SUBST(LIBS)dnl -SUDO_LIBS="" AC_SUBST(SUDO_LIBS)dnl -NET_LIBS="" AC_SUBST(NET_LIBS)dnl -AFS_LIBS="" AC_SUBST(AFS_LIBS)dnl -OSDEFS="" AC_SUBST(OSDEFS)dnl -AUTH_OBJS="" AC_SUBST(AUTH_OBJS)dnl -LIBOBJS="" AC_SUBST(LIBOBJS)dnl -MANTYPE="man" AC_SUBST(MANTYPE)dnl -MAN_POSTINSTALL="" AC_SUBST(MAN_POSTINSTALL)dnl -SUDOERS_MODE=0440 AC_SUBST(SUDOERS_MODE)dnl -SUDOERS_UID=0 AC_SUBST(SUDOERS_UID)dnl -SUDOERS_GID=0 AC_SUBST(SUDOERS_GID)dnl -DEV="#" +AC_SUBST(TIMEDIR) AC_SUBST(DEV) +AC_SUBST(mansectsu) +AC_SUBST(mansectform) +AC_SUBST(mansrcdir) +dnl +dnl Initial values for Makefile variables listed above +dnl Some may be overridden by environment variables.. +dnl +PROGS="sudo visudo" +test -n "$MANTYPE" || MANTYPE="man" +test -n "$mansrcdir" || mansrcdir="." +test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440 +test -n "$SUDOERS_UID" || SUDOERS_UID=0 +test -n "$SUDOERS_GID" || SUDOERS_GID=0 +DEV="#" + +dnl +dnl Other vaiables +dnl CHECKSHADOW=true CHECKSIA=true @@ -146,7 +148,7 @@ AC_ARG_WITH(devel, [ --with-devel add developement options], DEV="" ;; no) ;; - *) echo "Ignoring unknown argument to --with-devel: $with_csops" + *) echo "Ignoring unknown argument to --with-devel: $with_devel" ;; esac]) @@ -318,6 +320,17 @@ AC_ARG_WITH(DCE, [ --with-DCE enable DCE support], ;; esac]) +AC_ARG_WITH(logincap, [ --with-logincap enable login class support], +[case $with_logincap in + yes) AC_DEFINE(HAVE_LOGINCAP) + AC_MSG_CHECKING(whether to try BSD login capabilities database) + AC_MSG_RESULT(yes) + ;; + no) ;; + *) AC_MSG_ERROR(["--with-logincap does not take an argument."]) + ;; +esac]) + AC_MSG_CHECKING(whether to lecture users the first time they run sudo) AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer], [case $with_lecture in @@ -957,6 +970,7 @@ AC_CHECK_PROG(SEDPROG, sed, sed, ) AC_CHECK_PROG(NROFFPROG, nroff, nroff, ) if test -z "$NROFFPROG"; then MANTYPE="cat" + mansrcdir='$(srcdir)' fi dnl @@ -1015,6 +1029,8 @@ case "$host" in if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lucb" fi + mansectsu=1m + mansectform=4 ;; *-*-aix*) # To get all prototypes (so we pass -Wall) @@ -1027,6 +1043,8 @@ case "$host" in AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"; SECUREWARE=1])) CHECKSHADOW="false" fi + mansectsu=1m + mansectform=4 ;; *-*-hpux1[[0-9]]*) # uncomment this for a statically linked sudo @@ -1062,6 +1080,8 @@ case "$host" in if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi + mansectsu=1m + mansectform=4 ;; *-*-hpux9*) # uncomment this for a statically linked sudo @@ -1107,6 +1127,8 @@ case "$host" in if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi + mansectsu=1m + mansectform=4 ;; *-*-hpux*) @@ -1123,6 +1145,8 @@ case "$host" in if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi + mansectsu=1m + mansectform=4 ;; *-dec-osf*) # ignore envariables wrt dynamic lib path @@ -1177,6 +1201,8 @@ case "$host" in with_passwd=no AUTH_OBJS="sia.o" fi + mansectsu=8 + mansectform=4 ;; *-*-irix*) # configure may not think irix has stdc headers @@ -1205,6 +1231,8 @@ case "$host" in if test "$OSREV" -le 4; then AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) fi + mansectsu=1m + mansectform=4 ;; *-*-linux*) # To get crypt(3) and vasprintf() prototypes (so we pass -Wall) @@ -1238,6 +1266,8 @@ case "$host" in LIBS="${LIBS} -lsun -lbsd" CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" OSDEFS="${OSDEFS} -D_MIPS" + mansectsu=1m + mansectform=4 ;; *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" @@ -1249,6 +1279,8 @@ case "$host" in AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) CHECKSHADOW="false" fi + mansectsu=1m + mansectform=4 ;; *-*-sco*) if test "$CHECKSHADOW" = "true"; then @@ -1256,24 +1288,40 @@ case "$host" in AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"]) CHECKSHADOW="false" fi + mansectsu=1m + mansectform=4 ;; *-sequent-sysv*) if test "$CHECKSHADOW" = "true"; then AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) CHECKSHADOW="false" fi + mansectsu=1m + mansectform=4 ;; *-ccur-sysv4|*-ccur-sysvr4) LIBS="${LIBS} -lgen" SUDO_LIBS="${SUDO_LIBS} -lgen" + mansectsu=1m + mansectform=4 ;; *-*-bsdi*) - # Use shlicc for BSD/OS 2.x unless asked to do otherwise - if test "$OSREV" -ge 2 -a "${with_CC+set}" != set -a \ - "$ac_cv_prog_CC" = "gcc"; then - echo 'using shlicc as CC' - ac_cv_prog_CC=shlicc - CC="$ac_cv_prog_CC" + # Use shlicc for BSD/OS [23].x unless asked to do otherwise + if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then + case "$OSREV" in + 2|3) echo 'using shlicc as CC' + ac_cv_prog_CC=shlicc + CC="$ac_cv_prog_CC" + ;; + esac + fi + ;; + *-*-freebsd*) + if test "$with_skey" = "yes"; then + SUDO_LIBS="${SUDO_LIBS} -lmd" + fi + if test "$CHECKSHADOW" = "true"; then + CHECKSHADOW="false" fi ;; *-*-*bsd*) @@ -1281,8 +1329,18 @@ case "$host" in CHECKSHADOW="false" fi ;; + *-*-sysv*) + mansectsu=1m + mansectform=4 + ;; esac +dnl +dnl Use BSD-style man sections by default +dnl +test -n "$mansectsu" || mansectsu=8 +test -n "$mansectform" || mansectform=5 + dnl dnl Check for shadow password routines if we have not already done so. dnl We check for SVR4-style first and then SecureWare-style. @@ -1389,8 +1447,8 @@ dnl dnl If inet_addr(3) not in libc, check -lnsl and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl -AC_CHECK_FUNC(inet_addr, ,AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) -AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))) +AC_CHECK_FUNC(inet_addr, , AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) +AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))) dnl dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet dnl @@ -1524,6 +1582,18 @@ if test "$with_DCE" = "yes"; then SUDO_LIBS="${SUDO_LIBS} -ldce" fi +dnl +dnl extra login capabilities libs and includes +dnl +if test "$with_logincap" = "yes"; then + SUDO_LIBS="${SUDO_LIBS} -lutil" + if test -f /usr/include/login_cap.h -a -f /usr/include/sys/types.h -a -f /usr/lib/libutil.a; then + : + else + echo 'Unable to locate libutil.a and/or login_cap.h, you will have to edit the Makefile and add -L/path/to/libutil to SUDO_LDFLAGS and/or -I/path/to/login_cap.h to CPPFLAGS' + fi +fi + dnl dnl extra S/Key lib and includes dnl @@ -1630,9 +1700,9 @@ dnl test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' dnl -dnl Substitute into the Makefiles +dnl Substitute into the Makefile and man pages dnl -AC_OUTPUT(Makefile) +AC_OUTPUT([Makefile sudo.man visudo.man sudoers.man]) dnl dnl Spew any text the user needs to know about diff --git a/usr.bin/sudo/defaults.c b/usr.bin/sudo/defaults.c index c2b9ffd766d..c6af8f53275 100644 --- a/usr.bin/sudo/defaults.c +++ b/usr.bin/sudo/defaults.c @@ -53,7 +53,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: defaults.c,v 1.17 2000/01/17 23:46:24 millert Exp $"; +static const char rcsid[] = "$Sudo: defaults.c,v 1.23 2000/03/22 23:40:09 millert Exp $"; #endif /* lint */ /* @@ -181,6 +181,24 @@ struct sudo_defs_types sudo_defs_table[] = { }, { "requiretty", T_FLAG, "Only allow the user to run sudo if they have a tty" + }, { + "env_editor", T_FLAG, + "Visudo will honor the EDITOR environment variable" + }, { + "rootpw", T_FLAG, + "Prompt for root's password, not the users's" + }, { + "runaspw", T_FLAG, + "Prompt for the runas_default user's password, not the users's" + }, { + "targetpw", T_FLAG, + "Prompt for the target user's password, not the users's" + }, { + "use_loginclass", T_FLAG, + "Apply defaults in the target user's login class if there is one" + }, { + "set_logname", T_FLAG, + "Set the LOGNAME and USER environment variables" }, { "loglinelen", T_INT|T_BOOL, "Length at which to wrap log file lines (0 for no wrap): %d" @@ -229,6 +247,9 @@ struct sudo_defs_types sudo_defs_table[] = { }, { "secure_path", T_STR|T_BOOL, "Value to override user's $PATH with: %s" + }, { + "editor", T_STR|T_PATH, + "Path to the editor for use by visudo: %s" }, { "listpw_i", T_INT, NULL }, { @@ -279,12 +300,6 @@ dump_defaults() } } } - -#ifdef ENV_EDITOR - (void) printf("Default editor for visudo: %s\n", EDITOR); -#else - (void) printf("Editor for visudo: %s\n", EDITOR); -#endif } /* @@ -533,6 +548,10 @@ init_defaults() #ifdef USE_INSULTS def_flag(I_INSULTS) = TRUE; #endif +#ifdef ENV_EDITOR + def_flag(I_ENV_EDITOR) = TRUE; +#endif + def_flag(I_LOGNAME) = TRUE; /* Syslog options need special care since they both strings and ints */ #if (LOGGING & SLOG_SYSLOG) @@ -576,6 +595,7 @@ init_defaults() #ifdef SECURE_PATH def_str(I_SECURE_PATH) = estrdup(SECURE_PATH); #endif + def_str(I_EDITOR) = estrdup(EDITOR); /* * The following depend on the above values. @@ -653,7 +673,7 @@ store_syslogfac(val, def, op) free(def->sd_un.str); closelog(); } - openlog("sudo", 0, fac->num); + openlog(Argv[0], 0, fac->num); def->sd_un.str = estrdup(fac->name); sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num; #else @@ -661,7 +681,7 @@ store_syslogfac(val, def, op) free(def->sd_un.str); closelog(); } - openlog("sudo", 0); + openlog(Argv[0], 0); def->sd_un.str = estrdup("default"); #endif /* LOG_NFACILITIES */ return(TRUE); diff --git a/usr.bin/sudo/defaults.h b/usr.bin/sudo/defaults.h index ca159604f11..3a27ec07c51 100644 --- a/usr.bin/sudo/defaults.h +++ b/usr.bin/sudo/defaults.h @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: defaults.h,v 1.12 2000/01/17 23:46:25 millert Exp $ + * $Sudo: defaults.h,v 1.16 2000/03/22 23:40:09 millert Exp $ */ #ifndef _SUDO_DEFAULTS_H @@ -111,34 +111,41 @@ struct sudo_defs_types { #define I_FQDN 21 #define I_INSULTS 22 #define I_REQUIRETTY 23 +#define I_ENV_EDITOR 24 +#define I_ROOTPW 25 +#define I_RUNASPW 26 +#define I_TARGETPW 27 +#define I_LOGINCLASS 28 +#define I_LOGNAME 29 /* Integer values */ -#define I_LOGLEN 24 /* wrap log file line after N chars */ -#define I_TS_TIMEOUT 25 /* timestamp stale after N minutes */ -#define I_PW_TIMEOUT 26 /* exit if pass not entered in N minutes */ -#define I_PW_TRIES 27 /* exit after N bad password tries */ -#define I_UMASK 28 /* umask to use or 0777 to use user's */ +#define I_LOGLEN 30 /* wrap log file line after N chars */ +#define I_TS_TIMEOUT 31 /* timestamp stale after N minutes */ +#define I_PW_TIMEOUT 32 /* exit if pass not entered in N minutes */ +#define I_PW_TRIES 33 /* exit after N bad password tries */ +#define I_UMASK 34 /* umask to use or 0777 to use user's */ /* Strings */ -#define I_LOGFILE 29 /* path to logfile (or NULL for none) */ -#define I_MAILERPATH 30 /* path to sendmail or other mailer */ -#define I_MAILERFLAGS 31 /* flags to pass to the mailer */ -#define I_MAILTO 32 /* who to send bitch mail to */ -#define I_MAILSUB 33 /* subject line of mail msg */ -#define I_BADPASS_MSG 34 /* what to say when passwd is wrong */ -#define I_TIMESTAMPDIR 35 /* path to timestamp dir */ -#define I_EXEMPT_GRP 36 /* no password or PATH override for these */ -#define I_PASSPROMPT 37 /* password prompt */ -#define I_RUNAS_DEF 38 /* default user to run commands as */ -#define I_SECURE_PATH 39 /* set $PATH to this if not NULL */ +#define I_LOGFILE 35 /* path to logfile (or NULL for none) */ +#define I_MAILERPATH 36 /* path to sendmail or other mailer */ +#define I_MAILERFLAGS 37 /* flags to pass to the mailer */ +#define I_MAILTO 38 /* who to send bitch mail to */ +#define I_MAILSUB 39 /* subject line of mail msg */ +#define I_BADPASS_MSG 40 /* what to say when passwd is wrong */ +#define I_TIMESTAMPDIR 41 /* path to timestamp dir */ +#define I_EXEMPT_GRP 42 /* no password or PATH override for these */ +#define I_PASSPROMPT 43 /* password prompt */ +#define I_RUNAS_DEF 44 /* default user to run commands as */ +#define I_SECURE_PATH 45 /* set $PATH to this if not NULL */ +#define I_EDITOR 46 /* path to editor used by visudo */ /* Integer versions of list/verify options */ -#define I_LISTPW 40 -#define I_VERIFYPW 41 +#define I_LISTPW 47 +#define I_VERIFYPW 48 /* String versions of list/verify options */ -#define I_LISTPWSTR 42 -#define I_VERIFYPWSTR 43 +#define I_LISTPWSTR 49 +#define I_VERIFYPWSTR 50 /* * Macros for accessing sudo_defs_table. diff --git a/usr.bin/sudo/getspwuid.c b/usr.bin/sudo/getspwuid.c index 6205aea1412..f9056c6bf05 100644 --- a/usr.bin/sudo/getspwuid.c +++ b/usr.bin/sudo/getspwuid.c @@ -75,7 +75,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: getspwuid.c,v 1.55 1999/10/07 21:20:57 millert Exp $"; +static const char rcsid[] = "$Sudo: getspwuid.c,v 1.56 2000/02/18 17:56:26 millert Exp $"; #endif /* lint */ #ifndef STDC_HEADERS @@ -94,7 +94,6 @@ int crypt_type = INT_MAX; * Local functions not visible outside getspwuid.c */ static char *sudo_getshell __P((struct passwd *)); -static char *sudo_getepw __P((struct passwd *)); /* @@ -123,7 +122,7 @@ sudo_getshell(pw) * Return the encrypted password for the user described by pw. If shadow * passwords are in use, look in the shadow file. */ -static char * +char * sudo_getepw(pw) struct passwd *pw; { diff --git a/usr.bin/sudo/logging.c b/usr.bin/sudo/logging.c index 2addc043562..f735d1f22e9 100644 --- a/usr.bin/sudo/logging.c +++ b/usr.bin/sudo/logging.c @@ -59,7 +59,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: logging.c,v 1.139 1999/10/09 05:01:48 millert Exp $"; +static const char rcsid[] = "$Sudo: logging.c,v 1.140 2000/03/13 16:05:05 millert Exp $"; #endif /* lint */ static void do_syslog __P((int, char *)); @@ -403,103 +403,109 @@ send_mail(line) { FILE *mail; char *p; - int pfd[2], pid; + int pfd[2], pid, status; +#ifdef POSIX_SIGNALS + sigset_t set, oset; +#else + int omask; +#endif /* POSIX_SIGNALS */ /* Just return if mailer is disabled. */ if (!def_str(I_MAILERPATH) || !def_str(I_MAILTO)) return; - if ((pid = fork()) > 0) { /* Child. */ +#ifdef POSIX_SIGNALS + (void) sigemptyset(&set); + (void) sigaddset(&set, SIGCHLD); + (void) sigprocmask(SIG_BLOCK, &set, &oset); +#else + omask = sigblock(sigmask(SIGCHLD)); +#endif /* POSIX_SIGNALS */ - /* We do an explicit wait() later on... */ - (void) signal(SIGCHLD, SIG_IGN); + if (pipe(pfd) == -1) { + (void) fprintf(stderr, "%s: cannot open pipe: %s\n", + Argv[0], strerror(errno)); + exit(1); + } - if (pipe(pfd) == -1) { - (void) fprintf(stderr, "%s: cannot open pipe: %s\n", + switch (pid = fork()) { + case -1: + /* Error. */ + (void) fprintf(stderr, "%s: cannot fork: %s\n", Argv[0], strerror(errno)); exit(1); - } - - switch (pid = fork()) { - case -1: - /* Error. */ - /* XXX - parent will continue, return an exit val to - let parent know and abort? */ - (void) fprintf(stderr, "%s: cannot fork: %s\n", - Argv[0], strerror(errno)); - exit(1); - break; - case 0: - { - char *argv[MAX_MAILFLAGS + 1]; - char *mpath, *mflags; - int i; - - /* Grandchild. */ - (void) close(pfd[1]); - (void) dup2(pfd[0], STDIN_FILENO); - (void) close(pfd[0]); - - /* Build up an argv based the mailer path and flags */ - mflags = estrdup(def_str(I_MAILERFLAGS)); - mpath = estrdup(def_str(I_MAILERPATH)); - if ((argv[0] = strrchr(mpath, ' '))) - argv[0]++; - else - argv[0] = mpath; - - i = 1; - if ((p = strtok(mflags, " \t"))) { - do { - argv[i] = p; - } while (++i < MAX_MAILFLAGS && (p = strtok(NULL, " \t"))); - } - argv[i] = NULL; - - /* Run mailer as root so user cannot kill it. */ - set_perms(PERM_ROOT, 0); - execv(mpath, argv); - _exit(127); + break; + case 0: + { + char *argv[MAX_MAILFLAGS + 1]; + char *mpath, *mflags; + int i; + + /* Child. */ + (void) close(pfd[1]); + (void) dup2(pfd[0], STDIN_FILENO); + (void) close(pfd[0]); + + /* Build up an argv based the mailer path and flags */ + mflags = estrdup(def_str(I_MAILERFLAGS)); + mpath = estrdup(def_str(I_MAILERPATH)); + if ((argv[0] = strrchr(mpath, ' '))) + argv[0]++; + else + argv[0] = mpath; + + i = 1; + if ((p = strtok(mflags, " \t"))) { + do { + argv[i] = p; + } while (++i < MAX_MAILFLAGS && (p = strtok(NULL, " \t"))); } - break; - } + argv[i] = NULL; - mail = fdopen(pfd[1], "w"); - (void) close(pfd[0]); - - /* Pipes are all setup, send message via sendmail. */ - (void) fprintf(mail, "To: %s\nFrom: %s\nSubject: ", - def_str(I_MAILTO), user_name); - for (p = def_str(I_MAILSUB); *p; p++) { - /* Expand escapes in the subject */ - if (*p == '%' && *(p+1) != '%') { - switch (*(++p)) { - case 'h': - (void) fputs(user_host, mail); - break; - case 'u': - (void) fputs(user_name, mail); - break; - default: - p--; - break; - } - } else - (void) fputc(*p, mail); - } - (void) fprintf(mail, "\n\n%s : %s : %s : %s\n\n", user_host, - get_timestr(), user_name, line); - fclose(mail); - reapchild(0); - _exit(0); - } else { - /* Parent, just return unless there is an error. */ - if (pid == -1) { - (void) fprintf(stderr, "%s: cannot fork: %s\n", - Argv[0], strerror(errno)); - exit(1); - } + /* Run mailer as root so user cannot kill it. */ + set_perms(PERM_ROOT, 0); + execv(mpath, argv); + _exit(127); + } + break; } + + mail = fdopen(pfd[1], "w"); + (void) close(pfd[0]); + + /* Pipes are all setup, send message via sendmail. */ + (void) fprintf(mail, "To: %s\nFrom: %s\nSubject: ", + def_str(I_MAILTO), user_name); + for (p = def_str(I_MAILSUB); *p; p++) { + /* Expand escapes in the subject */ + if (*p == '%' && *(p+1) != '%') { + switch (*(++p)) { + case 'h': + (void) fputs(user_host, mail); + break; + case 'u': + (void) fputs(user_name, mail); + break; + default: + p--; + break; + } + } else + (void) fputc(*p, mail); + } + (void) fprintf(mail, "\n\n%s : %s : %s : %s\n\n", user_host, + get_timestr(), user_name, line); + fclose(mail); + + /* If mailer is done, wait for it now. If not reapchild will get it. */ +#ifdef sudo_waitpid + (void) sudo_waitpid(pid, &status, WNOHANG); +#endif +#ifdef POSIX_SIGNALS + (void) sigprocmask(SIG_SETMASK, &oset, NULL); +#else + (void) sigsetmask(omask); +#endif /* POSIX_SIGNALS */ } /* @@ -540,7 +546,7 @@ reapchild(sig) int status, serrno = errno; #ifdef sudo_waitpid - while (sudo_waitpid(-1, &status, WNOHANG) != -1) + while (sudo_waitpid(-1, &status, WNOHANG) != -1 && errno == EINTR) ; #else (void) wait(&status); diff --git a/usr.bin/sudo/parse.c b/usr.bin/sudo/parse.c index 1924403e153..b56d61d8e71 100644 --- a/usr.bin/sudo/parse.c +++ b/usr.bin/sudo/parse.c @@ -91,7 +91,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -static const char rcsid[] = "$Sudo: parse.c,v 1.127 2000/01/17 23:46:25 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.c,v 1.130 2000/03/23 04:38:19 millert Exp $"; #endif /* lint */ /* @@ -385,6 +385,28 @@ addr_matches(n) return(FALSE); } +/* + * Returns 0 if the hostname matches the pattern and non-zero otherwise. + */ +int +hostname_matches(shost, lhost, pattern) + char *shost; + char *lhost; + char *pattern; +{ + if (has_meta(pattern)) { + if (strchr(pattern, '.')) + return(fnmatch(pattern, lhost, FNM_CASEFOLD)); + else + return(fnmatch(pattern, shost, FNM_CASEFOLD)); + } else { + if (strchr(pattern, '.')) + return(strcasecmp(lhost, pattern)); + else + return(strcasecmp(shost, pattern)); + } +} + /* * Returns TRUE if the given user belongs to the named group, * else returns FALSE. @@ -473,7 +495,7 @@ static int has_meta(s) char *s; { - register char *t; + char *t; for (t = s; *t; t++) { if (*t == '\\' || *t == '?' || *t == '*' || *t == '[' || *t == ']') diff --git a/usr.bin/sudo/parse.h b/usr.bin/sudo/parse.h index 20d31811209..939f403838d 100644 --- a/usr.bin/sudo/parse.h +++ b/usr.bin/sudo/parse.h @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: parse.h,v 1.7 2000/01/17 23:46:25 millert Exp $ + * $Sudo: parse.h,v 1.9 2000/03/23 04:38:20 millert Exp $ */ #ifndef _SUDO_PARSE_H @@ -109,6 +109,7 @@ extern int top; */ int addr_matches __P((char *)); int command_matches __P((char *, char *, char *, char *)); +int hostname_matches __P((char *, char *, char *)); int netgr_matches __P((char *, char *, char *, char *)); int usergr_matches __P((char *, char *)); diff --git a/usr.bin/sudo/parse.lex b/usr.bin/sudo/parse.lex index e9ed49b3a19..4d78b5569ad 100644 --- a/usr.bin/sudo/parse.lex +++ b/usr.bin/sudo/parse.lex @@ -62,7 +62,7 @@ #include "sudo.tab.h" #ifndef lint -static const char rcsid[] = "$Sudo: parse.lex,v 1.110 1999/12/06 00:05:53 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.lex,v 1.111 2000/03/23 04:38:20 millert Exp $"; #endif /* lint */ #undef yywrap /* guard against a yywrap macro */ @@ -212,12 +212,6 @@ PASSWD[[:blank:]]*: { return(NTWKADDR); } -[[:alpha:]][[:alnum:]_-]*(\.{HOSTNAME})+ { - fill(yytext, yyleng); - LEXTRACE("FQHOST "); - return(FQHOST); - } - \( { BEGIN GOTRUNAS; LEXTRACE("RUNAS "); diff --git a/usr.bin/sudo/parse.yacc b/usr.bin/sudo/parse.yacc index 7c43255c391..5f4ff9562b5 100644 --- a/usr.bin/sudo/parse.yacc +++ b/usr.bin/sudo/parse.yacc @@ -79,7 +79,7 @@ #endif /* HAVE_LSEARCH */ #ifndef lint -static const char rcsid[] = "$Sudo: parse.yacc,v 1.170 2000/01/17 23:46:25 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.yacc,v 1.173 2000/03/24 23:58:58 millert Exp $"; #endif /* lint */ /* @@ -215,7 +215,6 @@ yyerror(s) %token COMMAND /* absolute pathname w/ optional args */ %token ALIAS /* an UPPERCASE alias name */ %token NTWKADDR /* w.x.y.z */ -%token FQHOST /* foo.bar.com */ %token NETGROUP /* a netgroup (+NAME) */ %token USERGROUP /* a usergroup (%NAME) */ %token WORD /* a word */ @@ -292,14 +291,16 @@ defaults_list : defaults_entry | defaults_entry ',' defaults_list defaults_entry : WORD { - if (defaults_matches && !set_default($1, NULL, 1)) { + if (defaults_matches == TRUE && + !set_default($1, NULL, 1)) { yyerror(NULL); YYERROR; } free($1); } | '!' WORD { - if (defaults_matches && !set_default($2, NULL, 0)) { + if (defaults_matches == TRUE && + !set_default($2, NULL, 0)) { yyerror(NULL); YYERROR; } @@ -307,7 +308,8 @@ defaults_entry : WORD { } | WORD '=' WORD { /* XXX - need to support quoted values */ - if (defaults_matches && !set_default($1, $3, 1)) { + if (defaults_matches == TRUE && + !set_default($1, $3, 1)) { yyerror(NULL); YYERROR; } @@ -361,14 +363,7 @@ host : ALL { free($1); } | WORD { - if (strcasecmp(user_shost, $1) == 0) - $$ = TRUE; - else - $$ = -1; - free($1); - } - | FQHOST { - if (strcasecmp(user_host, $1) == 0) + if (hostname_matches(user_shost, user_host, $1) == 0) $$ = TRUE; else $$ = -1; diff --git a/usr.bin/sudo/sudo.8 b/usr.bin/sudo/sudo.8 index 06f25f27fd7..96493296002 100644 --- a/usr.bin/sudo/sudo.8 +++ b/usr.bin/sudo/sudo.8 @@ -1,12 +1,13 @@ .rn '' }` -''' $RCSfile: sudo.8,v $$Revision: 1.2 $$Date: 2000/01/24 04:22:53 $ +''' $RCSfile: sudo.8,v $$Revision: 1.3 $$Date: 2000/03/27 03:44:38 $ ''' ''' $Log: sudo.8,v $ -''' Revision 1.2 2000/01/24 04:22:53 millert -''' sudo 1.6.2 +''' Revision 1.3 2000/03/27 03:44:38 millert +''' sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list +''' of changes. ''' -''' Revision 1.43 2000/01/17 17:28:41 millert -''' Crank version to 1.6.2 +''' Revision 1.3 2000/03/27 03:26:23 millert +''' Use 8 and 5 in the man page bodies as well. ''' ''' .de Sh @@ -99,7 +100,7 @@ .nr % 0 .rr F .\} -.TH sudo 8 "1.6.2" "4/Dec/1999" "MAINTENANCE COMMANDS" +.TH sudo 8 "1.6.3" "26/Mar/2000" "MAINTENANCE COMMANDS" .UC .if n .hy 0 .if n .na @@ -196,8 +197,9 @@ .SH "NAME" sudo \- execute a command as another user .SH "SYNOPSIS" -\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR | -[ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR +\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | +[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] +[ \fB\-u\fR username/#uid ] \fIcommand\fR .SH "DESCRIPTION" \fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the superuser or another user, as specified in the sudoers file. The @@ -267,7 +269,7 @@ contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced with the user's login name. Similarly, \f(CW%h\fR will be replaced with the local hostname. .Ip "-u" 4 -The \f(CW-u\fR (\fIuser\fR) option causes sudo to run the specified command +The \f(CW-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a \fIusername\fR, use \*(L"#uid\*(R". .Ip "-s" 4 @@ -278,6 +280,9 @@ in \fIpasswd\fR\|(5). The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable to the homedir of the target user (root by default) as specified in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR. +.Ip "-S" 4 +The \f(CW-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from +standard input instead of the terminal device. .Ip "--" 4 The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command line arguments. It is most useful in conjunction with the \f(CW-s\fR flag. @@ -316,21 +321,21 @@ not disable user-defined library search paths for setuid programs behavior or link \fBsudo\fR statically. .PP \fBsudo\fR will check the ownership of its timestamp directory -(\fI/var/run/sudo\fR or \fI/tmp/.odus\fR by default) and ignore the -directory's contents if it is not owned by root and only writable -by root. On systems that allow non-root users to give away files -via \fIchown\fR\|(2), if the timestamp directory is located in a directory -writable by anyone (ie: \fI/tmp\fR), it is possible for a user to -create the timestamp directory before \fBsudo\fR is run. However, -because \fBsudo\fR checks the ownership and mode of the directory and -its contents, the only damage that can be done is to \*(L"hide\*(R" files -by putting them in the timestamp dir. This is unlikely to happen -since once the timestamp dir is owned by root and inaccessible by -any other user the user placing files there would be unable to get -them back out. To get around this issue you can use a directory -that is not world-writable for the timestamps (\fI/var/adm/sudo\fR for -instance) or create /tmp/.odus with the appropriate owner (root) -and permissions (0700) in the system startup files. +(\fI/var/run/sudo\fR by default) and ignore the directory's contents if +it is not owned by root and only writable by root. On systems that +allow non-root users to give away files via \fIchown\fR\|(2), if the timestamp +directory is located in a directory writable by anyone (eg: \fI/tmp\fR), +it is possible for a user to create the timestamp directory before +\fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and +mode of the directory and its contents, the only damage that can +be done is to \*(L"hide\*(R" files by putting them in the timestamp dir. +This is unlikely to happen since once the timestamp dir is owned +by root and inaccessible by any other user the user placing files +there would be unable to get them back out. To get around this +issue you can use a directory that is not world-writable for the +timestamps (\fI/var/adm/sudo\fR for instance) or create \fI/var/run/sudo\fR +with the appropriate owner (root) and permissions (0700) in the +system startup files. .PP \fBsudo\fR will not honor timestamps set far in the future. Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR @@ -390,31 +395,7 @@ to make the \f(CWcd\fR and file redirection work. .PP .Vb 2 \& /etc/sudoers List of who can run what -\& /var/run/sudo Directory containing timestamps -.Ve -\fBsudo\fR utilizes the following environment variables: -.PP -.Vb 13 -\& PATH Set to a sane value if SECURE_PATH is set -\& SHELL Used to determine shell to run with -s option -\& USER Set to the target user (root unless the -u option -\& is specified) -\& HOME In -s or -H mode (or if sudo was configured with -\& the --enable-shell-sets-home option), set to -\& homedir of the target user. -\& SUDO_PROMPT Used as the default password prompt -\& SUDO_COMMAND Set to the command run by sudo -\& SUDO_USER Set to the login of the user who invoked sudo -\& SUDO_UID Set to the uid of the user who invoked sudo -\& SUDO_GID Set to the gid of the user who invoked sudo -\& SUDO_PS1 If set, PS1 will be set to its value -.Ve -.SH "FILES" -.PP -.Vb 3 -\& /etc/sudoers List of who can run what -\& /var/run/sudo Directory containing timestamps -\& /tmp/.odus Same as above if no /var/run exists +\& /var/run/sudo Directory containing timestamps .Ve .SH "AUTHORS" Many people have worked on \fBsudo\fR over the years, this @@ -447,7 +428,7 @@ that make setuid shell scripts unsafe on some operating systems (if your OS supports the /dev/fd/ directory, setuid shell scripts are generally safe). .SH "SEE ALSO" -\fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1). +\\fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1). .rn }` '' .IX Title "sudo 8" @@ -485,6 +466,8 @@ are generally safe). .IX Item "-H" +.IX Item "-S" + .IX Item "--" .IX Header "RETURN VALUES" @@ -497,8 +480,6 @@ are generally safe). .IX Header "FILES" -.IX Header "FILES" - .IX Header "AUTHORS" .IX Header "BUGS" diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c index 546b951049b..4c6d3e34026 100644 --- a/usr.bin/sudo/sudo.c +++ b/usr.bin/sudo/sudo.c @@ -76,6 +76,12 @@ # endif /* __hpux */ # include #endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ +#ifdef HAVE_LOGINCAP +# include +# ifndef LOGIN_DEFROOTCLASS +# define LOGIN_DEFROOTCLASS "daemon" +# endif +#endif #include "sudo.h" #include "interfaces.h" @@ -86,7 +92,7 @@ extern char *getenv __P((char *)); #endif /* STDC_HEADERS */ #ifndef lint -static const char rcsid[] = "$Sudo: sudo.c,v 1.268 2000/01/17 23:46:25 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo.c,v 1.278 2000/03/24 20:13:12 millert Exp $"; #endif /* lint */ /* @@ -105,10 +111,11 @@ static void usage __P((int)); static void usage_excl __P((int)); static void check_sudoers __P((void)); static int init_vars __P((int)); +static int set_loginclass __P((struct passwd *)); static void add_env __P((int)); static void clean_env __P((char **, struct env_table *)); static void initial_setup __P((void)); -extern int user_is_exempt __P((void)); +static void update_epasswd __P((void)); extern struct passwd *sudo_getpwuid __P((uid_t)); extern void list_matches __P((void)); @@ -121,10 +128,14 @@ int NewArgc = 0; char **NewArgv = NULL; struct sudo_user sudo_user; FILE *sudoers_fp = NULL; -static char *runas_homedir = NULL; /* XXX */ struct interface *interfaces; int num_interfaces; +int tgetpass_flags; extern int errorlineno; +static char *runas_homedir = NULL; /* XXX */ +#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) +static struct rlimit corelimit; +#endif /* RLIMIT_CORE */ /* * Table of "bad" envariables to remove and len for strncmp() @@ -305,6 +316,9 @@ main(argc, argv) (void) close(fd); } + /* Update encrypted password in user_password if sudoers said to. */ + update_epasswd(); + /* Require a password unless the NOPASS tag was set. */ if (!(validated & FLAG_NOPASS)) check_user(); @@ -328,9 +342,6 @@ main(argc, argv) exit(0); } - /* Become specified user or root. */ - set_perms(PERM_RUNAS, sudo_mode); - /* Set $HOME for `sudo -H' */ if ((sudo_mode & MODE_RESET_HOME) && runas_homedir) (void) sudo_setenv("HOME", runas_homedir); @@ -365,6 +376,14 @@ main(argc, argv) exit(1); } + /* Restore coredumpsize resource limit. */ +#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) + (void) setrlimit(RLIMIT_CORE, &corelimit); +#endif /* RLIMIT_CORE */ + + /* Become specified user or root. */ + set_perms(PERM_RUNAS, sudo_mode); + #ifndef PROFILING if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) exit(0); @@ -582,6 +601,20 @@ parse_args() NewArgc--; NewArgv++; break; +#ifdef HAVE_LOGINCAP + case 'c': + /* Must have an associated login class. */ + if (NewArgv[1] == NULL) + usage(1); + + login_class = NewArgv[1]; + def_flag(I_LOGINCLASS) = TRUE; + + /* Shift Argv over and adjust Argc. */ + NewArgc--; + NewArgv++; + break; +#endif case 'b': rval |= MODE_BACKGROUND; break; @@ -636,6 +669,9 @@ parse_args() case 'H': rval |= MODE_RESET_HOME; break; + case 'S': + tgetpass_flags |= TGP_STDIN; + break; case '-': NewArgc--; NewArgv++; @@ -910,17 +946,28 @@ set_perms(perm, sudo_mode) } /* Set $USER and $LOGNAME to target user */ - if (sudo_setenv("USER", pw->pw_name)) { - (void) fprintf(stderr, - "%s: cannot allocate memory!\n", - Argv[0]); - exit(1); + if (def_flag(I_LOGNAME)) { + if (sudo_setenv("USER", pw->pw_name)) { + (void) fprintf(stderr, + "%s: cannot allocate memory!\n", + Argv[0]); + exit(1); + } + if (sudo_setenv("LOGNAME", pw->pw_name)) { + (void) fprintf(stderr, + "%s: cannot allocate memory!\n", + Argv[0]); + exit(1); + } } - if (sudo_setenv("LOGNAME", pw->pw_name)) { - (void) fprintf(stderr, - "%s: cannot allocate memory!\n", - Argv[0]); - exit(1); + + if (def_flag(I_LOGINCLASS)) { + /* + * setusercontext() will set uid/gid/etc + * for us so no need to do it below. + */ + if (set_loginclass(pw) > 0) + break; } if (setgid(pw->pw_gid)) { @@ -1002,6 +1049,7 @@ initial_setup() /* * Turn off core dumps. */ + (void) getrlimit(RLIMIT_CORE, &corelimit); rl.rlim_cur = rl.rlim_max = 0; (void) setrlimit(RLIMIT_CORE, &rl); #endif /* RLIMIT_CORE */ @@ -1034,6 +1082,61 @@ initial_setup() #endif /* POSIX_SIGNALS */ } +#ifdef HAVE_LOGINCAP +static int +set_loginclass(pw) + struct passwd *pw; +{ + login_cap_t *lc; + int errflags; + + /* + * Don't make it a fatal error if the user didn't specify the login + * class themselves. We do this because if login.conf gets + * corrupted we want the admin to be able to use sudo to fix it. + */ + if (login_class) + errflags = NO_MAIL|MSG_ONLY; + else + errflags = NO_MAIL|MSG_ONLY|NO_EXIT; + + if (login_class && strcmp(login_class, "-") != 0) { + if (strcmp(*user_runas, "root") != 0 && user_uid != 0) { + (void) fprintf(stderr, "%s: only root can use -c %s\n", + Argv[0], login_class); + exit(1); + } + } else { + login_class = pw->pw_class; + if (!login_class || !*login_class) + login_class = + (pw->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS; + } + + lc = login_getclass(login_class); + if (!lc || !lc->lc_class || strcmp(lc->lc_class, login_class) != 0) { + log_error(errflags, "unknown login class: %s", login_class); + return(0); + } + + /* Set everything except the environment and umask. */ + if (setusercontext(lc, pw, pw->pw_uid, + LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY) < 0) + log_error(NO_MAIL|USE_ERRNO|MSG_ONLY, + "setusercontext() failed for login class %s", login_class); + + login_close(lc); + return(1); +} +#else +static int +set_loginclass(pw) + struct passwd *pw; +{ + return(0); +} +#endif /* HAVE_LOGINCAP */ + /* * Look up the fully qualified domain name and set user_host and user_shost. */ @@ -1063,6 +1166,42 @@ set_fqdn() } } +/* + * If the sudoers file says to prompt for a different user's password, + * update the encrypted password in user_passwd accordingly. + */ +static void +update_epasswd() +{ + struct passwd *pw; + + /* We may be configured to prompt for a password other than the user's */ + if (def_ival(I_ROOTPW)) { + if ((pw = getpwuid(0)) == NULL) + log_error(0, "uid 0 does not exist in the passwd file!"); + free(user_passwd); + user_passwd = estrdup(sudo_getepw(pw)); + } else if (def_ival(I_RUNASPW)) { + if ((pw = getpwnam(def_str(I_RUNAS_DEF))) == NULL) + log_error(0, "user %s does not exist in the passwd file!", + def_str(I_RUNAS_DEF)); + free(user_passwd); + user_passwd = estrdup(sudo_getepw(pw)); + } else if (def_ival(I_TARGETPW)) { + if (**user_runas == '#') { + if ((pw = getpwuid(atoi(*user_runas + 1))) == NULL) + log_error(0, "uid %s does not exist in the passwd file!", + user_runas); + } else { + if ((pw = getpwnam(*user_runas)) == NULL) + log_error(0, "user %s does not exist in the passwd file!", + user_runas); + } + free(user_passwd); + user_passwd = estrdup(sudo_getepw(pw)); + } +} + /* * Tell which options are mutually exclusive and exit. */ @@ -1083,8 +1222,12 @@ usage(exit_val) int exit_val; { (void) fprintf(stderr, - "usage: %s -V | -h | -L | -l | -v | -k | -K | -H | [-b] [-p prompt]\n%*s", + "usage: %s -V | -h | -L | -l | -v | -k | -K | [-H] [-S] [-b]\n%*s", Argv[0], (int) strlen(Argv[0]) + 8, " "); - (void) fprintf(stderr, "[-u username/#uid] -s | \n"); +#ifdef HAVE_LOGINCAP + (void) fprintf(stderr, "[-p prompt] [-u username/#uid] [-c class] -s | \n"); +#else + (void) fprintf(stderr, "[-p prompt] [-u username/#uid] -s | \n"); +#endif exit(exit_val); } diff --git a/usr.bin/sudo/sudo.h b/usr.bin/sudo/sudo.h index 8def3aadf76..eb30390623e 100644 --- a/usr.bin/sudo/sudo.h +++ b/usr.bin/sudo/sudo.h @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: sudo.h,v 1.168 2000/01/17 23:46:26 millert Exp $ + * $Sudo: sudo.h,v 1.172 2000/03/07 04:29:46 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -56,6 +56,7 @@ struct sudo_user { char *cmnd_safe; char *cmnd; char *cmnd_args; + char *class_name; }; /* @@ -129,6 +130,7 @@ struct sudo_user { #define user_host (sudo_user.host) #define user_shost (sudo_user.shost) #define safe_cmnd (sudo_user.cmnd_safe) +#define login_class (sudo_user.class_name) /* * We used to use the system definition of PASS_MAX or _PASSWD_LEN, @@ -157,6 +159,12 @@ struct sudo_user { #define PWCHECK_ANY 0x04 #define PWCHECK_ALWAYS 0x08 +/* + * Flags for tgetpass() + */ +#define TGP_ECHO 0x01 /* leave echo on when reading passwd */ +#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ + /* * Function prototypes */ @@ -206,7 +214,9 @@ void dump_defaults __P((void)); void dump_auth_methods __P((void)); int lock_file __P((int, int)); int touch __P((char *, time_t)); +int user_is_exempt __P((void)); void set_fqdn __P((void)); +char *sudo_getepw __P((struct passwd *)); YY_DECL; /* Only provide extern declarations outside of sudo.c. */ @@ -216,6 +226,7 @@ extern struct sudo_user sudo_user; extern int Argc; extern char **Argv; extern FILE *sudoers_fp; +extern int tgetpass_flags; #endif extern int errno; diff --git a/usr.bin/sudo/sudoers.5 b/usr.bin/sudo/sudoers.5 index 0ba2eebcba8..66fbe0f5b71 100644 --- a/usr.bin/sudo/sudoers.5 +++ b/usr.bin/sudo/sudoers.5 @@ -1,12 +1,13 @@ .rn '' }` -''' $RCSfile: sudoers.5,v $$Revision: 1.4 $$Date: 2000/01/28 01:10:20 $ +''' $RCSfile: sudoers.5,v $$Revision: 1.5 $$Date: 2000/03/27 03:44:39 $ ''' ''' $Log: sudoers.5,v $ -''' Revision 1.4 2000/01/28 01:10:20 millert -''' 1.6.2p1 +''' Revision 1.5 2000/03/27 03:44:39 millert +''' sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list +''' of changes. ''' -''' Revision 1.23 2000/01/26 21:21:28 millert -''' Expanded docs on sudoers 'defaults' options based on INSTALL file info. +''' Revision 1.5 2000/03/27 03:26:23 millert +''' Use 8 and 5 in the man page bodies as well. ''' ''' .de Sh @@ -99,7 +100,7 @@ .nr % 0 .rr F .\} -.TH sudoers 5 "1.6.2" "26/Jan/2000" "FILE FORMATS" +.TH sudoers 5 "1.6.3" "26/Mar/2000" "FILE FORMATS" .UC .if n .hy 0 .if n .na @@ -318,7 +319,11 @@ Again, the value of an item may be negated with the \*(L'!\*(R' operator. If you do not specify a netmask with a network number, the netmask of the host's ethernet \fIinterface\fR\|(s) will be used when matching. The netmask may be specified either in dotted quad notation (eg. -255.255.255.0) or \s-1CIDR\s0 notation (number of bits, eg. 24). +255.255.255.0) or \s-1CIDR\s0 notation (number of bits, eg. 24). A hostname +may include shell-style wildcards (see `Wildcards\*(R' section below), +but unless the \f(CWhostname\fR command on your machine returns the fully +qualified hostname, you'll need to use the \fIfqdn\fR option for wildcards +to be useful. .PP .Vb 2 \& Cmnd_List ::= Cmnd | @@ -335,7 +340,7 @@ The netmask may be specified either in dotted quad notation (eg. \& '!'* Cmnd_Alias .Ve A \f(CWCmnd_List\fR is a list of one or more commandnames, directories, and other -aliases. A commandname is a fully-qualified filename which may include +aliases. A commandname is a fully qualified filename which may include shell-style wildcards (see `Wildcards\*(R' section below). A simple filename allows the user to run the command with any arguments he/she wishes. However, you may also command line arguments (including wildcards). @@ -387,7 +392,7 @@ some people find it more convenient. This flag is off by default. If set, \fBsudo\fR will ignore \*(L'.\*(R' or \*(L'\*(R' (current dir) in \f(CW$PATH\fR; the \f(CW$PATH\fR itself is not modified. This flag is off by default. .Ip "mail_always" 12 -Send mail to the \fImailto\fR user every time a users runs sudo. +Send mail to the \fImailto\fR user every time a users runs \fBsudo\fR. This flag is off by default. .Ip "mail_no_user" 12 If set, mail will be sent to the \fImailto\fR user if the invoking @@ -398,7 +403,7 @@ user exists in the \fIsudoers\fR file, but is not allowed to run commands on the current host. This flag is off by default. .Ip "mail_no_perms" 12 If set, mail will be sent to the \fImailto\fR user if the invoking -user allowed to use sudo but the command they are trying is not +user allowed to use \fBsudo\fR but the command they are trying is not listed in their \fIsudoers\fR file entry. This flag is off by default. .Ip "tty_tickets" 12 If set, users must authenticate on a per-tty basis. Normally, @@ -415,8 +420,8 @@ means of authentication) before they may run commands. This default may be overridden via the \f(CWPASSWD\fR and \f(CWNOPASSWD\fR tags. This flag is on by default. .Ip "root_sudo" 12 -If set, root is allowed to run sudo too. Disabling this prevents users -from \*(L"chaining\*(R" sudo commands to get a root shell by doing something +If set, root is allowed to run \fBsudo\fR too. Disabling this prevents users +from \*(L"chaining\*(R" \fBsudo\fR commands to get a root shell by doing something like \f(CW"sudo sudo /bin/sh"\fR. This flag is on by default. .Ip "log_host" 12 @@ -448,7 +453,7 @@ be confusing. This flag is off by default. Set this flag if you want to put fully qualified hostnames in the \fIsudoers\fR file. Ie: instead of myhost you would use myhost.mydomain.edu. You may still use the short form if you wish (and even mix the two). -Beware that turning on \fIfqdn\fR requires sudo to make \s-1DNS\s0 lookups +Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example if the machine is not plugged into the network). Also note that you must use the host's official name as \s-1DNS\s0 knows it. That is, @@ -458,20 +463,42 @@ issues and the fact that there is no way to get all aliases from command) is already fully qualified you shouldn't need to set \fIfqfn\fR. This flag is off by default. .Ip "insults" 12 -If set, sudo will insult users when they enter an incorrect +If set, \fBsudo\fR will insult users when they enter an incorrect password. This flag is off by default. .Ip "requiretty" 12 -If set, sudo will only run when the user is logged in to a real +If set, \fBsudo\fR will only run when the user is logged in to a real tty. This will disallow things like \f(CW"rsh somehost sudo ls"\fR since \fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn of echo when there is no tty present, some sites may with to set this flag to prevent a user from entering a visible password. This flag is off by default. +.Ip "env_editor" 12 +If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 environment +falling back on the default editor. Note that this may create a +security hole as most editors allow a user to get a shell (which +would be a root shell and not be logged). +.Ip "rootpw" 12 +If set, \fBsudo\fR will prompt for the root password instead of the password +of the invoking user. +.Ip "runaspw" 12 +If set, \fBsudo\fR will prompt for the password of the user defined by the +\fIrunas_default\fR option (defaults to root) instead of the password +of the invoking user. +.Ip "targetpw" 12 +If set, \fBsudo\fR will prompt for the password of the user specified by +the \f(CW-u\fR flag (defaults to root) instead of the password of the +invoking user. +.Ip "set_logname" 12 +Normally, \fBsudo\fR will set the \f(CWLOGNAME\fR and \f(CWUSER\fR environment variables +to the name of the target user (usually root unless the \f(CW-u\fR flag is given). +However, since some programs (including the \s-1RCS\s0 revision control system) +use \f(CWLOGNAME\fR to determine the real identity of the user, it may be desirable +to change this behavior. This can be done by negating the set_logname option. .PP \fBIntegers\fR: .Ip "passwd_tries" 12 The number of tries a user gets to enter his/her password before -sudo logs the failure and exits. The default is 3. +\fBsudo\fR logs the failure and exits. The default is 3. .PP \fBIntegers that can be used in a boolean context\fR: .Ip "loglinelen" 12 @@ -483,7 +510,7 @@ effect on the syslog log file, only the file log. The default is Number of minutes that can elapse before \fBsudo\fR will ask for a passwd again. The default is 5, set this to 0 to always prompt for a password. .Ip "passwd_timeout" 12 -Number of minutes before the sudo password prompt times out. +Number of minutes before the \fBsudo\fR password prompt times out. The default is 5, set this to 0 for no password timeout. .Ip "umask" 12 Umask to use when running the root command. Set this to 0777 to @@ -499,7 +526,7 @@ Message that is displayed if a user enters an incorrect password. The default is \*(L"Sorry, try again.\*(R" unless insults are enabled. .Ip "timestampdir" 12 The directory in which \fBsudo\fR stores its timestamp files. -The default is either \f(CW/var/run/sudo\fR or \f(CW/tmp/sudo\fR. +The default is \fI@\s-1TIMEDIR\s0@\fR. .Ip "passprompt" 12 The default prompt to use when asking for a password; can be overridden via the \f(CW-p\fR option or the \f(CWSUDO_PROMPT\fR environment variable. Supports @@ -514,8 +541,14 @@ Defaults to \*(L"notice\*(R". .Ip "syslog_badpri" 12 Syslog priority to use when user authenticates unsuccessfully. Defaults to \*(L"alert\*(R". +.Ip "editor" 12 +Path to the editor to be used by \fBvisudo\fR. The default is the path +to vi on your system. .PP \fBStrings that can be used in a boolean context\fR: +.Ip "logfile" 12 +Path to the \fBsudo\fR log file (not the syslog log file). Setting a path +turns on logging to a file, negating this option turns it off. .Ip "syslog" 12 Syslog facility if syslog is being used for logging (negate to disable syslog logging). Defaults to \*(L"local2\*(R". @@ -531,12 +564,12 @@ Users in this group are exempt from password and \s-1PATH\s0 requirements. This is not set by default. .Ip "secure_path" 12 Path used for every command run from \fBsudo\fR. If you don't trust the -people running sudo to have a sane \f(CWPATH\fR environment variable you may +people running \fBsudo\fR to have a sane \f(CWPATH\fR environment variable you may want to use this. Another use is if you want to have the \*(L"root path\*(R" be separate from the \*(L"user path.\*(R" This is not set by default. .Ip "verifypw" 12 This option controls when a password will be required when a -user runs sudo with the \fB\-v\fR. It has the following possible values: +user runs \fBsudo\fR with the \fB\-v\fR. It has the following possible values: .Sp .Vb 3 \& all All the user's I entries for the @@ -560,7 +593,7 @@ user runs sudo with the \fB\-v\fR. It has the following possible values: The default value is `all\*(R'. .Ip "listpw" 12 This option controls when a password will be required when a -user runs sudo with the \fB\-l\fR. It has the following possible values: +user runs \fBsudo\fR with the \fB\-l\fR. It has the following possible values: .Sp .Vb 3 \& all All the user's I entries for the @@ -583,7 +616,7 @@ user runs sudo with the \fB\-l\fR. It has the following possible values: .Ve The default value is `any\*(R'. .PP -When logging via \fIsyslog\fR\|(3), sudo accepts the following values for the syslog +When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values for the syslog facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0 supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, \fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following @@ -766,7 +799,7 @@ these are a bit contrived. First, we define our \fIaliases\fR: \& Cmnd_Alias SU = /usr/bin/su .Ve Here we override some of the compiled in default values. We want -sudo to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases. +\fBsudo\fR to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases. We don't want to subject the full time staff to the \fBsudo\fR lecture, and user \fBmillert\fR need not give a password. In addition, on the machines in the \fISERVERS\fR \f(CWHost_Alias\fR, we keep an additional @@ -932,8 +965,8 @@ imperative that \fIsudoers\fR be free of syntax errors since \fBsudo\fR will not run with a syntactically incorrect \fIsudoers\fR file. .PP When using netgroups of machines (as opposed to users), if you -store fully-qualified hostnames in the netgroup (as is usually the -case), you either need to have the machine's hostname be fully-qualified +store fully qualified hostnames in the netgroup (as is usually the +case), you either need to have the machine's hostname be fully qualified as returned by the \f(CWhostname\fR command or use the \fIfqdn\fR option in \fIsudoers\fR. .SH "FILES" @@ -1002,6 +1035,16 @@ as returned by the \f(CWhostname\fR command or use the \fIfqdn\fR option in .IX Item "requiretty" +.IX Item "env_editor" + +.IX Item "rootpw" + +.IX Item "runaspw" + +.IX Item "targetpw" + +.IX Item "set_logname" + .IX Item "passwd_tries" .IX Item "loglinelen" @@ -1026,6 +1069,10 @@ as returned by the \f(CWhostname\fR command or use the \fIfqdn\fR option in .IX Item "syslog_badpri" +.IX Item "editor" + +.IX Item "logfile" + .IX Item "syslog" .IX Item "mailerpath" diff --git a/usr.bin/sudo/testsudoers.c b/usr.bin/sudo/testsudoers.c index 0e32a2a542b..3e8110d0434 100644 --- a/usr.bin/sudo/testsudoers.c +++ b/usr.bin/sudo/testsudoers.c @@ -77,7 +77,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -static const char rcsid[] = "$Sudo: testsudoers.c,v 1.68 2000/01/17 23:46:26 millert Exp $"; +static const char rcsid[] = "$Sudo: testsudoers.c,v 1.71 2000/03/23 04:38:22 millert Exp $"; #endif /* lint */ /* @@ -106,7 +106,7 @@ int has_meta(s) char *s; { - register char *t; + char *t; for (t = s; *t; t++) { if (*t == '\\' || *t == '?' || *t == '*' || *t == '[' || *t == ']') @@ -210,6 +210,25 @@ addr_matches(n) return(FALSE); } +int +hostname_matches(shost, lhost, pattern) + char *shost; + char *lhost; + char *pattern; +{ + if (has_meta(pattern)) { + if (strchr(pattern, '.')) + return(fnmatch(pattern, lhost, FNM_CASEFOLD)); + else + return(fnmatch(pattern, shost, FNM_CASEFOLD)); + } else { + if (strchr(pattern, '.')) + return(strcasecmp(lhost, pattern)); + else + return(strcasecmp(shost, pattern)); + } +} + int usergr_matches(group, user) char *group; diff --git a/usr.bin/sudo/tgetpass.c b/usr.bin/sudo/tgetpass.c index db5bc4014eb..d8d2080d9ee 100644 --- a/usr.bin/sudo/tgetpass.c +++ b/usr.bin/sudo/tgetpass.c @@ -73,13 +73,37 @@ #include "sudo.h" +#ifndef lint +static const char rcsid[] = "$Sudo: tgetpass.c,v 1.95 2000/02/27 03:48:56 millert Exp $"; +#endif /* lint */ + #ifndef TCSASOFT #define TCSASOFT 0 #endif /* TCSASOFT */ -#ifndef lint -static const char rcsid[] = "$Sudo: tgetpass.c,v 1.93 2000/01/17 23:46:26 millert Exp $"; -#endif /* lint */ +/* + * Abstract method of getting at the term flags. + */ +#undef TERM +#undef tflags +#ifdef HAVE_TERMIOS_H +# define TERM termios +# define tflags c_lflag +# define term_getattr(f, t) tcgetattr(f, t) +# define term_setattr(f, t) tcsetattr(f, TCSAFLUSH|TCSASOFT, t) +#else +# ifdef HAVE_TERMIO_H +# define TERM termio +# define tflags c_lflag +# define term_getattr(f, t) ioctl(f, TCGETA, t) +# define term_setattr(f, t) ioctl(f, TCSETA, t) +# else +# define TERM sgttyb +# define tflags sg_flags +# define term_getattr(f, t) ioctl(f, TIOCGETP, t) +# define term_setattr(f, t) ioctl(f, TIOCSETP, t) +# endif /* HAVE_TERMIO_H */ +#endif /* HAVE_TERMIOS_H */ static char *tgetline __P((int, char *, size_t, int)); @@ -87,25 +111,18 @@ static char *tgetline __P((int, char *, size_t, int)); * Like getpass(3) but with timeout and echo flags. */ char * -tgetpass(prompt, timeout, echo_off) +tgetpass(prompt, timeout, flags) const char *prompt; int timeout; - int echo_off; + int flags; { -#ifdef HAVE_TERMIOS_H - struct termios term; -#else -#ifdef HAVE_TERMIO_H - struct termio term; -#else - struct sgttyb ttyb; -#endif /* HAVE_TERMIO_H */ -#endif /* HAVE_TERMIOS_H */ + struct TERM term, oterm; int input, output; static char buf[SUDO_PASS_MAX + 1]; /* Open /dev/tty for reading/writing if possible else use stdin/stderr. */ - if ((input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) { + if ((flags & TGP_STDIN) || + (input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) { input = STDIN_FILENO; output = STDERR_FILENO; } @@ -113,53 +130,22 @@ tgetpass(prompt, timeout, echo_off) if (prompt) (void) write(output, prompt, strlen(prompt) + 1); - if (echo_off) { -#ifdef HAVE_TERMIOS_H - (void) tcgetattr(input, &term); - if ((echo_off = (term.c_lflag & ECHO))) { - term.c_lflag &= ~ECHO; - (void) tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); - } -#else -#ifdef HAVE_TERMIO_H - (void) ioctl(input, TCGETA, &term); - if ((echo_off = (term.c_lflag & ECHO))) { - term.c_lflag &= ~ECHO; - (void) ioctl(input, TCSETA, &term); - } -#else - (void) ioctl(input, TIOCGETP, &ttyb); - if ((echo_off = (ttyb.sg_flags & ECHO))) { - ttyb.sg_flags &= ~ECHO; - (void) ioctl(input, TIOCSETP, &ttyb); - } -#endif /* HAVE_TERMIO_H */ -#endif /* HAVE_TERMIOS_H */ - } + /* Turn echo off/on as specified by flags. */ + (void) term_getattr(input, &oterm); + (void) memcpy(&term, &oterm, sizeof(term)); + if ((flags & TGP_ECHO) && !(term.tflags & ECHO)) + term.tflags |= ECHO; + else if (!(flags & TGP_ECHO) && (term.tflags & ECHO)) + term.tflags &= ~ECHO; + (void) term_setattr(input, &term); buf[0] = '\0'; tgetline(input, buf, sizeof(buf), timeout); -#ifdef HAVE_TERMIOS_H - if (echo_off) { - term.c_lflag |= ECHO; - (void) tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); - } -#else -#ifdef HAVE_TERMIO_H - if (echo_off) { - term.c_lflag |= ECHO; - (void) ioctl(input, TCSETA, &term); - } -#else - if (echo_off) { - ttyb.sg_flags |= ECHO; - (void) ioctl(input, TIOCSETP, &ttyb); - } -#endif /* HAVE_TERMIO_H */ -#endif /* HAVE_TERMIOS_H */ + /* Restore old tty flags. */ + (void) term_setattr(input, &oterm); - if (echo_off) + if (!(flags & TGP_ECHO)) (void) write(output, "\n", 1); if (input != STDIN_FILENO) diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h index 62a49d56210..5021306ea85 100644 --- a/usr.bin/sudo/version.h +++ b/usr.bin/sudo/version.h @@ -31,12 +31,12 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: version.h,v 1.57 2000/01/17 23:46:26 millert Exp $ + * $Sudo: version.h,v 1.58 2000/02/16 00:07:28 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.2p2"; +static const char version[] = "1.6.3"; #endif /* _SUDO_VERSION_H */ diff --git a/usr.bin/sudo/visudo.8 b/usr.bin/sudo/visudo.8 index 6aa0d92e6c8..40cc57c258b 100644 --- a/usr.bin/sudo/visudo.8 +++ b/usr.bin/sudo/visudo.8 @@ -1,12 +1,13 @@ .rn '' }` -''' $RCSfile: visudo.8,v $$Revision: 1.2 $$Date: 2000/01/24 04:22:53 $ +''' $RCSfile: visudo.8,v $$Revision: 1.3 $$Date: 2000/03/27 03:44:39 $ ''' ''' $Log: visudo.8,v $ -''' Revision 1.2 2000/01/24 04:22:53 millert -''' sudo 1.6.2 +''' Revision 1.3 2000/03/27 03:44:39 millert +''' sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list +''' of changes. ''' -''' Revision 1.15 2000/01/17 17:28:41 millert -''' Crank version to 1.6.2 +''' Revision 1.4 2000/03/27 03:26:24 millert +''' Use 8 and 5 in the man page bodies as well. ''' ''' .de Sh @@ -99,7 +100,7 @@ .nr % 0 .rr F .\} -.TH visudo 8 "1.6.2" "4/Dec/1999" "MAINTENANCE COMMANDS" +.TH visudo 8 "1.6.3" "26/Mar/2000" "MAINTENANCE COMMANDS" .UC .if n .hy 0 .if n .na diff --git a/usr.bin/sudo/visudo.c b/usr.bin/sudo/visudo.c index ca2c3792cd7..7982fcfb4c1 100644 --- a/usr.bin/sudo/visudo.c +++ b/usr.bin/sudo/visudo.c @@ -81,7 +81,7 @@ extern int stat __P((const char *, struct stat *)); #endif /* POSIX_SIGNALS && !SA_RESETHAND */ #ifndef lint -static const char rcsid[] = "$Sudo: visudo.c,v 1.121 2000/01/19 19:07:24 millert Exp $"; +static const char rcsid[] = "$Sudo: visudo.c,v 1.126 2000/03/23 04:38:22 millert Exp $"; #endif /* lint */ /* @@ -93,6 +93,7 @@ static RETSIGTYPE Exit __P((int)); static void setup_signals __P((void)); int command_matches __P((char *, char *, char *, char *)); int addr_matches __P((char *)); +int hostname_matches __P((char *, char *, char *)); int netgr_matches __P((char *, char *, char *, char *)); int usergr_matches __P((char *, char *)); void init_parser __P((void)); @@ -121,7 +122,7 @@ main(argc, argv) char **argv; { char buf[MAXPATHLEN*2]; /* buffer used for copying files */ - char *Editor = EDITOR; /* editor to use (default is EDITOR */ + char *Editor; /* editor to use */ int sudoers_fd; /* sudoers file descriptor */ int stmp_fd; /* stmp file descriptor */ int n; /* length parameter */ @@ -158,15 +159,8 @@ main(argc, argv) exit(1); } -#ifdef ENV_EDITOR - /* - * If we are allowing EDITOR and VISUAL envariables set Editor - * base on whichever exists... - */ - if (!(Editor = getenv("EDITOR"))) - if (!(Editor = getenv("VISUAL"))) - Editor = EDITOR; -#endif /* ENV_EDITOR */ + /* Setup defaults data structures. */ + init_defaults(); /* * Open sudoers, lock it and stat it. @@ -216,9 +210,28 @@ main(argc, argv) (void) close(stmp_fd); (void) touch(stmp, sudoers_sb.st_mtime); + + /* Parse sudoers to pull in editor and env_editor conf values. */ + if ((yyin = fopen(stmp, "r"))) { + yyout = stdout; + init_defaults(); + init_parser(); + yyparse(); + parse_error = FALSE; + yyrestart(yyin); + fclose(yyin); + } } else (void) close(stmp_fd); + /* + * If we are allowing EDITOR and VISUAL envariables set Editor + * base on whichever exists... + */ + if (!def_flag(I_ENV_EDITOR) || + (!(Editor = getenv("EDITOR")) && !(Editor = getenv("VISUAL")))) + Editor = def_str(I_EDITOR); + /* * Edit the temp file and parse it (for sanity checking) */ @@ -393,6 +406,13 @@ addr_matches(n) return(TRUE); } +int +hostname_matches(s, l, p) + char *s, *l, *p; +{ + return(TRUE); +} + int usergr_matches(g, u) char *g, *u;