Apply by doing: cd /usr/src patch -p0 < 011_sudo.patch And then rebuild and install sudo: cd usr.bin/sudo make -f Makefile.bsd-wrapper obj make -f Makefile.bsd-wrapper cleandir make -f Makefile.bsd-wrapper make -f Makefile.bsd-wrapper install Index: usr.bin/sudo/BUGS =================================================================== RCS file: /cvs/src/usr.bin/sudo/BUGS,v retrieving revision 1.4 diff -u -r1.4 BUGS --- usr.bin/sudo/BUGS 27 Mar 2000 03:44:37 -0000 1.4 +++ usr.bin/sudo/BUGS 17 Jan 2002 01:05:34 -0000 @@ -1,17 +1,25 @@ -Known bugs in sudo version 1.6.3 +Known bugs in sudo version 1.6.5 ================================ -1) "make install-man" should substitute correct paths into the - man pages themselves. +1) Sudo should have an option to log when removing "dangerous" + environment variables. -2) Sudo should log when removing "dangerous" envariables. +2) On DUNIX in sia mode, hitting return at the prompt does not quit. -3) configure variables that have been cached cannot be overridden - in subsequent configure runs, even if other --with-* options are - given. This is a flaw in GNU autoconf. +3) In parse.lex, '@' should not need to be a special character. + However, because lex does greedy matching, {WORD} will match + instead of the "^Defaults[:@]?" line. -4) On DUNIX in sia mode, hitting return at the prompt does not quit. +4) In list mode (sudo -l), characters escaped with a backslash + are shown verbatim with the backslash. -5) In parse.lex, '@" should not need to be a special character. - For some reason, if it is not excluded from WORD, Defaults@ doesn't - match. +5) Because the parser only does a single pass it is possible to + make a sudoers file where the "defaults" options are set after + a user's entry has been validated, changing the permissions for + the user. The work-around is to put all 'defaults' entries + before the "User privilege specification" section but after all + the "alias specifications". In the future the parser will + converted to a two-pass parser. + +For a list of things that are not bugs but that I would like to +add / fix, please see the TODO file. Index: usr.bin/sudo/CHANGES =================================================================== RCS file: /cvs/src/usr.bin/sudo/CHANGES,v retrieving revision 1.9 diff -u -r1.9 CHANGES --- usr.bin/sudo/CHANGES 2 Mar 2001 14:39:43 -0000 1.9 +++ usr.bin/sudo/CHANGES 17 Jan 2002 16:54:46 -0000 @@ -1322,48 +1322,182 @@ Sudo 1.6.3p5 released. -415) Visudo now checks for the existence of an editor and gives a sensible +415) Fix word splitting bug that caused a segv for very long command line args. + +Sudo 1.6.3p6 released. + +416) Fix negation of path-type Defaults entries in a boolean context. + +Sudo 1.6.3p7 released. + +417) Visudo now checks for the existence of an editor and gives a sensible error if it does not exist. -416) The path to the editor for visudo is now a colon-separated list of +418) The path to the editor for visudo is now a colon-separated list of allowable editors. If the user has $EDITOR set and it matches one of the allowed editors that editor will be used. If not, the first editor that actually exists is used. -417) Visudo now does its own fork/exec instead of calling system(3). +419) Visudo now does its own fork/exec instead of calling system(3). -418) Call clean_env very early in main() for paranoia's sake. Idea from - Marc Esipovich. - -419) Allow special characters (including '#') to be embedded in pathnames +420) Allow special characters (including '#') to be embedded in pathnames if quoted by a '\\'. The quoted chars will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'. -420) Added always_set_home option. +421) Added the always_set_home option. -421) Strip NLSPATH and PATH_LOCALE out from the environment to prevent - reading of protected files by a less priviledged user. +422) Strip NLSPATH and PATH_LOCALE out from the environment to prevent + reading of protected files by a less privileged user. -422) Add support for BSD authentication and associated -a flag. +423) Added support for BSD authentication and associated -a flag. -423) Added check for _innetgr(3) since NCR systems have this instead +424) Added check for _innetgr(3) since NCR systems have this instead of innetgr(3). -424) Added stay_setuid option for systems that have libraries that perform +425) Added stay_setuid option for systems that have libraries that perform extra paranoia checks in system libraries for setuid programs. -425) Environment munging is now done by hand. We build up a new environment - and assign it to "environ". This means we don't rely on getenv(3), - putenv(3), or setenv(3). - -426) Added env_reset and env_keep options. This allows the sysadmin to - force commands to run with a clean environment. Any variable in - the env_keep list will not get cleared when the environment is reset - *or* purged of dangerous vars (e.g. LD_*). +426) Environment munging is now done by hand. The environment is zeroed + upon sudo startup and a new environment is built before the command + is executed. This means we don't rely on getenv(3), putenv(3), + or setenv(3). 427) Added a class of environment variables that are only cleared if they contain '/' or '%' characters. -428) Fix word splitting bug that caused a segv for very long command line args. +428) Use stashed user_gid when checking against exempt gid since sudo + sets its gid to SUDOERS_GID, making getgid() return that, not the + real gid. Fixes problem with setting exempt group == SUDOERS_GID. + Fix from Paul Kranenburg. + +429) Fixed file locking in visudo on NeXT which has a broken lockf(). + Patch from twetzel@gwdg.de. + +430) Regenerated configure script with autoconf-2.52 (required some + tweaking of configure.in and friends). + +431) Added mail_badpass option to send mail when the user does not + authenticate successfully. + +432) Added env_reset Defaults option to reset the environment to + a clean slate. Also implemented env_keep Defaults option + to specify variables to be preserved when resetting the + environment. + +433) Added env_check and env_delete Defaults options to allow the admin + to modify the builtin list of environment variables to remove. + +434) If timestamp_timeout < 0 then the timestamp never expires. This + allows users to manage their own timestamps and create or delete + them via 'sudo -v' and 'sudo -k' respectively. + +435) Authentication routines that use sudo's tgetpass() now accept + ^C or ^Z at the password prompt and sudo will act appropriately. + +436) Added a check-only mode to visudo to check an existing sudoers + file for sanity. + +437) Visudo can now edit an alternate sudoers file. + +438) If sudo is configured with S/Key support and the system has + skeyaccess(3) use that to determine whether or not to allow + a normal Unix password or just S/Key. + +439) Fixed CIDR handling in sudoers. + +440) Fixed a segv if the local hostname is not resolvable and + the 'fqdn' option is set. + +441) "listpw=never" was not having an effect for users who did not + appear in sudoers--now it does. + +442) The --without-sendmail option now works on systems with + a /usr/include/paths.h file that defines _PATH_SENDMAIL. + +443) Removed the "secure_path" Defaults option as it does not work and + cannot work until the parser is overhauled. + +444) Added new -P flag and "preserve_groups" sudoers option to cause + sudo to preserve the group vector instead of setting it to that + of the target user. Previously, if the target user was root + the group vector was not changed. Now it is always changed unless + the -P flag or "preserve_groups" option was given. + +445) If find_path() fails as root, try again as the invoking user (useful + for NFS). Idea from Chip Capelik. + +446) Use setpwent()/endpwent() and its shadow equivalents to be sure + the passwd/shadow file gets closed. + +447) Use getifaddrs(3) to get the list of network interfaces if it is + available. + +448) Dump list of local IP addresses and environment variables to clear + when 'sudo -V' is run as root. + +449) Reorganized the lexer a bit and added more states. Sudo now does a + better job of parsing command arguments in the sudoers file. + +450) Wrap each call to syslog() with openlog()/closelog() since some + things (such as PAM) may call closelog(3) behind sudo's back. + +451) The LOGNAME and USER environment variables are now set if the user + specified a target uid and that uid exists in the password database. + +452) configure will no longer add the -g flag to CFLAGS by default. + +453) Now call pam_setcreds() to setup creds for the target user when + PAM is in use. On Linux this often sets resource limits. + +454) If "make install" is run by non-root and the destination dir + is writable, install things normally but don't set owner and mode. + +455) The Makefile now supports installing in a shadow hierarchy + specified via the DESTDIR variable. + +456) config.h.in is now generated by autoheader. + +Sudo 1.6.4 released. + +457) Move the call to rebuild_env() until after MODE_RESET_HOME is set. + Otherwise, the set_home option has no effect. + +458) Fix use of freed memory when the "fqdn" flag is set. This was + introduced by the fix for the "segv when gethostbynam() fails" bug. + +459) Add 'continue' statements to optimize the switch statement. + From Solar Designer. + +Sudo 1.6.4p1 released. + +460) Some special characters were not being escaped properly (e..g '\,') + in command line arguments and would cause a syntax error instead. + +461) "sudo -l" would not work if the always_set_home option was set. + +462) Added a configure option to disable use of POSIX saved IDs for + operating systems where these are broken. + +463) The SHELL environment variable was preserved from the user's environment + instead of being reset based on the passwd database even when the + "env_reset" option was set. + +Sudo 1.6.4p2 released. + +464) Added a configure option to cause mail sent by sudo to be run as + the invoking user instead of root. Some people consider this to + be safer. + +465) If the mailer is being run as root, use a hard-coded environment + that is not influenced in any way by the invoking user's environment. + +466) Fixed the call to skeyaccess(). Patch from Phillip E. Lobbes. + +Sudo 1.6.5 released. + +467) Visudo could access memory that was already freed. + +468) If the skey.access file denied use of plaintext passwords sudo + would exit instead of allowing the user to enter an S/Key. -429) Fix negation of path-type Defaults entries in a boolean context. +Sudo 1.6.5p1 released. Index: usr.bin/sudo/HISTORY =================================================================== RCS file: /cvs/src/usr.bin/sudo/HISTORY,v retrieving revision 1.2 diff -u -r1.2 HISTORY --- usr.bin/sudo/HISTORY 10 Dec 1999 06:45:10 -0000 1.2 +++ usr.bin/sudo/HISTORY 16 Jan 2002 19:09:13 -0000 @@ -7,9 +7,9 @@ Manchek, and Trent Hein. In 1991, Dave Hieb and Jeff Nieusma wrote a new version of sudo -with an enhanced sudoers format. This version was bought by a -consulting firm called "The Root Group" and released under the GNU -public license. +with an enhanced sudoers format under contract to a consulting firm +called "The Root Group". This version was later released under the +GNU public license. In 1994, after maintaining sudo informally within CU-Boulder for some time, Todd Miller made a public release of "CU sudo" (version Index: usr.bin/sudo/INSTALL =================================================================== RCS file: /cvs/src/usr.bin/sudo/INSTALL,v retrieving revision 1.6 diff -u -r1.6 INSTALL --- usr.bin/sudo/INSTALL 21 Nov 2000 17:58:43 -0000 1.6 +++ usr.bin/sudo/INSTALL 17 Jan 2002 01:05:34 -0000 @@ -1,4 +1,4 @@ -Installation instructions for Sudo 1.6.3 +Installation instructions for Sudo 1.6.5 ======================================== Sudo uses a `configure' script to probe the capabilities and type @@ -29,8 +29,7 @@ building sudo. Before you actually run configure you should read the `Available configure options' section to see if there are any special options you may want - or need. Also of interest may be the section on - `Mixing password authentication schemes'. + or need. 4) Edit the configure-generated Makefile if you wish to change any of the default paths (alternately you could @@ -69,13 +68,16 @@ --cache-file=FILE Cache test results in FILE - --help + --config-cache, -C + Alias for `--cache-file=config.cache' + + --help, -h Print the usage/help info - --no-create + --no-create, -n Do not create output files - --quiet, --silent + --quiet, --silent, -q Do not print `checking...' messages Directory and file names: @@ -194,12 +196,26 @@ command line. --with-bsdauth - Enable support for BSD authentication on BSD/OS. This option - assumes --with-logincap as well. It is not possible to mix - BSD authentication with other authentication methods (and there - really should be no need to do so). Note that only the newer - BSD authentication API is supported. If you don't have - /usr/include/bsd_auth.h then you cannot use this. + Enable support for BSD authentication on BSD/OS and OpenBSD. + This option assumes --with-logincap as well. It is not + possible to mix BSD authentication with other authentication + methods (and there really should be no need to do so). Note + that only the newer BSD authentication API is supported. + If you don't have /usr/include/bsd_auth.h then you cannot + use this. + + --disable-root-mailer + By default sudo will run the mailer as root when tattling + on a user so as to prevent that user from killing the mailer. + With this option, sudo will run the mailer as the invoking + user which some people consider to be safer. + + --disable-saved-ids + Disable use of POSIX saved IDs. Normally, sudo will try to + use POSIX saved IDs if they are supported. However, some + implementations are broken. If sudo aborts with an error like: + "seteuid(0): Operation not permitted" + you probably need to disable POSIX saved ID support. --disable-sia Disable SIA support. This is the "Security Integration Architecture" @@ -240,7 +256,7 @@ on some SysV-based OS's using STREAMS. --without-passwd - This option authentication via the passwd (or shadow) file. + This option excludes authentication via the passwd (or shadow) file. It should only be used when another, alternate, authentication scheme is in use. @@ -258,7 +274,8 @@ --with-logging=TYPE How you want to do your logging. You may choose "syslog", "file", or "both". Setting this to "syslog" is nice because you can keep all - of your sudo logs in one place (see the FAQ). The default is "syslog". + of your sudo logs in one place (see the sample.syslog.conf file). + The default is "syslog". --with-logfac=FACILITY Determines which syslog facility to log to. This requires a 4.3BSD @@ -385,7 +402,9 @@ just like the original sudo(8). This is off by default. --with-all-insults - Include all the insult sets listed below. + Include all the insult sets listed below. You must either specify + --with-insults or enable insults in the sudoers file for this to + have any effect. --with-classic-insults Uses insults from sudo "classic." If you just specify --with-insults @@ -400,12 +419,13 @@ --with-hal-insults Uses 2001-like insults when an incorrect password is entered. - You must specify --with-insults as well for this to have any effect. + You must either specify --with-insults or enable insults in the + sudoers file for this to have any effect. --with-goons-insults Insults the user with lines from the "Goon Show" when an incorrect - password is entered. You must specify --with-insults as well for - this to have any effect. + password is entered. You must either specify --with-insults or + enable insults in the sudoers file for this to have any effect. --with-secure-path[=path] Path used for every command run from sudo(8). If you don't trust the @@ -420,15 +440,20 @@ Don't print the lecture the first time a user runs sudo. --with-editor=path - Specify the default editor used by visudo (and the only editor used - unless --with-env-editor is specified). The default is the path - to vi on your system. + Specify the default editor path for use by visudo. This may be + a single pathname or a colon-separated list of editors. In + the latter case, visudo will choose the editor that matches + the user's USER environment variable or the first editor in + the list that exists. The default is the path to vi on your system. --with-env-editor Makes visudo consult the EDITOR and VISUAL environment variables before - falling back on the default editor. Note that this may create a - security hole as most editors allow a user to get a shell (which would - be a root shell and hence, no logging). + falling back on the default editor list (as specified by --with-editor). + Note that this may create a security hole as it allows the user to + run any arbitrary command as root without logging. A safer alternative + is to use a colon-separated list of editors with the --with-env-editor + option. visudo will then only use the EDITOR or VISUAL if they match + a value specified via --with-editor. --disable-authentication By default, sudo requires the user to authenticate via a @@ -575,12 +600,11 @@ the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o to the LIBOBJS line in the Makefile. - It is not possible to access the sudoers file via NFS on Linux. - This is due to a bug in the Linux client-side NFS implementation. - It has been fixed in the developement kernel but, as of Aug 27, - 1999, the fixes have not made it into the mainstream kernel. - There is a workaround on the sudo ftp site, linux_nfs.patch, - if you need to NFS-mount sudoers on Linux. + If you are using a Linux kernel older than 2.4 it is not possible + to access the sudoers file via NFS. This is due to a bug in + the Linux client-side NFS implementation that has since been + fixed. There is a workaround on the sudo ftp site, linux_nfs.patch, + if you need to NFS-mount sudoers on older Linux kernels. Mac OS X: It has been reported that for sudo to work on Mac OS X it must Index: usr.bin/sudo/LICENSE =================================================================== RCS file: /cvs/src/usr.bin/sudo/LICENSE,v retrieving revision 1.3 diff -u -r1.3 LICENSE --- usr.bin/sudo/LICENSE 24 Jan 2000 04:22:52 -0000 1.3 +++ usr.bin/sudo/LICENSE 16 Jan 2002 19:09:13 -0000 @@ -1,6 +1,6 @@ Sudo is distributed under the following BSD-style license: - Copyright (c) 1994-1996,1998-2000 Todd C. Miller + Copyright (c) 1994-1996,1998-2002 Todd C. Miller All rights reserved. Redistribution and use in source and binary forms, with or without Index: usr.bin/sudo/Makefile.bsd-wrapper =================================================================== RCS file: /cvs/src/usr.bin/sudo/Makefile.bsd-wrapper,v retrieving revision 1.10 diff -u -r1.10 Makefile.bsd-wrapper --- usr.bin/sudo/Makefile.bsd-wrapper 29 May 2001 21:40:49 -0000 1.10 +++ usr.bin/sudo/Makefile.bsd-wrapper 16 Jan 2002 19:09:13 -0000 @@ -1,6 +1,7 @@ -# $OpenBSD: Makefile.bsd-wrapper,v 1.10 2001/05/29 21:40:49 millert Exp $ +# $OpenBSD: Makefile.bsd-wrapper,v 1.14 2002/01/16 18:09:13 millert Exp $ MAN= sudo.8 sudoers.5 visudo.8 +BINOWN= root XCFLAGS= CC="${CC}" CFLAGS="${CFLAGS} ${COPTS}" LDFLAGS="${LDFLAGS}" CONFIGURE_OPTS= --prefix=/usr --with-devel --with-insults --with-bsdauth \ --with-env-editor --disable-path-info --with-logfac=authpriv @@ -36,16 +37,12 @@ .endif PATH="/bin:/usr/bin:/sbin:/usr/sbin" \ CONFIG_FILES="Makefile config.h pathnames.h" \ - ${XCFLAGS} \ - INSTALL_PROGRAM="${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP}" \ - sh ${.CURDIR}/configure ${CONFIGURE_OPTS} ${CF} + ${XCFLAGS} sh ${.CURDIR}/configure ${CONFIGURE_OPTS} ${CF} config.status: PATH="/bin:/usr/bin:/sbin:/usr/sbin" \ CONFIG_FILES="Makefile config.h pathnames.h" \ - ${XCFLAGS} \ - INSTALL_PROGRAM="${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP}" \ - sh ${.CURDIR}/configure ${CONFIGURE_OPTS} ${CF} + ${XCFLAGS} sh ${.CURDIR}/configure ${CONFIGURE_OPTS} ${CF} .ifdef NOMAN maninstall: @@ -53,12 +50,14 @@ .endif install: maninstall - ${MAKE} ${XCFLAGS} prefix=${DESTDIR}/usr sysconfdir=${DESTDIR}/etc \ - bindir=${DESTDIR}/usr/bin INSTALL="${INSTALL} ${INSTALL_COPY}" \ - install-binaries + ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 4555 \ + sudo ${DESTDIR}/usr/bin/sudo + ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \ + visudo ${DESTDIR}/usr/sbin/visudo clean cleandir: - @test ! -e Makefile || ${MAKE} distclean + @test ! -e Makefile || ${MAKE} distclean + rm -f def_data.c def_data.h depend: # Nothing here so far... Index: usr.bin/sudo/Makefile.in =================================================================== RCS file: /cvs/src/usr.bin/sudo/Makefile.in,v retrieving revision 1.7 diff -u -r1.7 Makefile.in --- usr.bin/sudo/Makefile.in 21 Nov 2000 17:58:43 -0000 1.7 +++ usr.bin/sudo/Makefile.in 17 Jan 2002 01:05:34 -0000 @@ -1,5 +1,5 @@ # -# Copyright (c) 1996, 1998-2000 Todd C. Miller +# Copyright (c) 1996, 1998-2002 Todd C. Miller # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -34,7 +34,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.200 2000/03/27 02:57:52 millert Exp $ +# $Sudo: Makefile.in,v 1.223 2002/01/16 23:37:33 millert Exp $ # #### Start of system configuration section. #### @@ -49,7 +49,7 @@ YACC = @YACC@ NROFF = nroff -# Which install program? +# Our install program supports extra flags... INSTALL = $(SHELL) $(srcdir)/install-sh -c # Libraries @@ -109,44 +109,45 @@ PROGS = @PROGS@ -SRCS = alloc.c alloca.c check.c defaults.c fileops.c find_path.c fnmatch.c \ - getcwd.c getspwuid.c goodpath.c interfaces.c lex.yy.c lsearch.c \ - logging.c parse.c parse.lex parse.yacc putenv.c snprintf.c strcasecmp.c \ - strerror.c sudo.c sudo.tab.c sudo_setenv.c testsudoers.c tgetpass.c \ - utime.c visudo.c $(AUTH_SRCS) +SRCS = alloc.c alloca.c check.c def_data.c defaults.c env.c fileops.c \ + find_path.c fnmatch.c getcwd.c getspwuid.c goodpath.c \ + interfaces.c lex.yy.c lsearch.c logging.c parse.c parse.lex \ + parse.yacc set_perms.c sigaction.c snprintf.c strcasecmp.c strerror.c \ + sudo.c sudo.tab.c testsudoers.c tgetpass.c utime.c visudo.c \ + $(AUTH_SRCS) AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \ auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \ auth/secureware.c auth/securid.c auth/sia.c auth/sudo_auth.c -HDRS = compat.h defaults.h ins_2001.h ins_classic.h ins_csops.h ins_goons.h \ - insults.h interfaces.h logging.h parse.h sudo.h sudo.tab.h version.h \ - auth/sudo_auth.h emul/fnmatch.h emul/search.h emul/utime.h +HDRS = compat.h def_data.h defaults.h ins_2001.h ins_classic.h ins_csops.h \ + ins_goons.h insults.h interfaces.h logging.h parse.h sudo.h sudo.tab.h \ + version.h auth/sudo_auth.h emul/fnmatch.h emul/search.h emul/utime.h AUTH_OBJS = sudo_auth.o @AUTH_OBJS@ PARSEOBJS = sudo.tab.o lex.yy.o alloc.o defaults.o -SUDOBJS = check.o getspwuid.o goodpath.o fileops.o find_path.o interfaces.o \ - logging.o parse.o sudo.o sudo_setenv.o tgetpass.o \ +SUDOBJS = check.o env.o getspwuid.o goodpath.o fileops.o find_path.o \ + interfaces.o logging.o parse.o set_perms.o sudo.o tgetpass.o \ $(AUTH_OBJS) $(PARSEOBJS) -VISUDOBJS = visudo.o fileops.o $(PARSEOBJS) +VISUDOBJS = visudo.o fileops.o goodpath.o find_path.o $(PARSEOBJS) TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.3 +VERSION = 1.6.5 -DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES FAQ HISTORY INSTALL INSTALL.configure \ +DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README RUNSON TODO TROUBLESHOOTING \ - UPGRADE acsite.m4 aixcrypt.exp config.guess config.h.in config.sub \ - configure configure.in fnmatch.3 indent.pro install-sh \ - mkinstalldirs pathnames.h.in sample.pam sample.syslog.conf \ - sample.sudoers sudo.cat sudo.man.in sudo.pod sudoers sudoers.cat \ - sudoers.man.in sudoers.pod visudo.cat visudo.man.in visudo.pod \ - auth/API + UPGRADE aclocal.m4 aixcrypt.exp config.guess config.h.in \ + config.sub configure configure.in def_data.in fnmatch.3 indent.pro \ + install-sh mkdefaults mkinstalldirs pathnames.h.in sample.pam \ + sample.syslog.conf sample.sudoers sudo.cat sudo.man.in sudo.pod \ + sudoers sudoers.cat sudoers.man.in sudoers.pod visudo.cat \ + visudo.man.in visudo.pod auth/API BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \ UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \ @@ -156,7 +157,7 @@ BINSPECIAL= INSTALL.binary Makefile.binary SUDODEP = $(srcdir)/sudo.h $(srcdir)/compat.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h config.h pathnames.h + $(srcdir)/logging.h config.h def_data.h pathnames.h AUTHDEP = $(SUDODEP) $(authdir)/sudo_auth.h @@ -196,15 +197,20 @@ @DEV@ rm -f lex.yy.c @DEV@ $(LEX) $(srcdir)/parse.lex +# Uncomment the following if you intend to modify def_data.in +@DEV@def_data.h def_data.c: def_data.in +@DEV@ perl $(srcdir)/mkdefaults -o def_data $(srcdir)/def_data.in + # Dependencies (not counting auth functions) alloc.o: alloc.c $(SUDODEP) check.o: check.c $(SUDODEP) +env.o: env.c $(SUDODEP) fileops.o: fileops.c $(SUDODEP) find_path.o: find_path.c $(SUDODEP) getspwuid.o: getspwuid.c $(SUDODEP) goodpath.o: goodpath.c $(SUDODEP) logging.o: logging.c $(SUDODEP) -sudo_setenv.o: sudo_setenv.c $(SUDODEP) +set_perms.o: set_perms.c $(SUDODEP) tgetpass.o: tgetpass.c $(SUDODEP) visudo.o: visudo.c $(SUDODEP) version.h sudo.o: sudo.c $(SUDODEP) interfaces.h version.h @@ -212,12 +218,11 @@ testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h parse.o: parse.c $(SUDODEP) parse.h interfaces.h lex.yy.o: lex.yy.c $(SUDODEP) parse.h sudo.tab.h -sudo.tab.o: sudo.tab.c $(SUDODEP) parse.h -defaults.o: defaults.c $(SUDODEP) auth/sudo_auth.h +sudo.tab.o: sudo.tab.c $(SUDODEP) parse.h sudo.tab.c sudo.tab.h +defaults.o: defaults.c $(SUDODEP) def_data.c auth/sudo_auth.h fnmatch.o: fnmatch.c config.h compat.h emul/fnmatch.h getcwd.o: getcwd.c config.h compat.h lsearch.o: lsearch.c config.h compat.h emul/search.h -putenv.o: putenv.c config.h compat.h snprintf.o: snprintf.c config.h compat.h strcasecmp.o: strcasecmp.c config.h strerror.o: strerror.c config.h @@ -255,7 +260,7 @@ sudo.man.in: $(srcdir)/sudo.pod @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2man --section=`echo @MANSECTSU@|tr A-Z a-z` --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod > $(srcdir)/$@) + ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" > $@ ) sudo.man: sudo.man.in CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status @@ -264,7 +269,7 @@ visudo.man.in: $(srcdir)/visudo.pod @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2man --section=`echo @MANSECTSU@|tr A-Z a-z` --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod > $(srcdir)/$@) + ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" > $@ ) visudo.man: visudo.man.in CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status @@ -273,7 +278,7 @@ sudoers.man.in: $(srcdir)/sudoers.pod @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2man --section=`echo @MANSECTFORM@|tr A-Z a-z` --release=$(VERSION) --center="FILE FORMATS" sudoers.pod | sed 's/"\\f(CW""\\fR"/\\f(CW""\\fR/' > $(srcdir)/$@) + ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectform --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudoers.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" > $@ ) sudoers.man:: sudoers.man.in CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status @@ -283,27 +288,23 @@ install: install-dirs install-binaries install-sudoers install-man install-dirs: - $(SHELL) $(srcdir)/mkinstalldirs $(sudodir) $(visudodir) $(sudoersdir) $(mandirsu) $(mandirform) + $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)/$(sudodir) \ + $(DESTDIR)/$(visudodir) $(DESTDIR)/$(sudoersdir) \ + $(DESTDIR)/$(mandirsu) $(DESTDIR)/$(mandirform) install-binaries: $(PROGS) - $(INSTALL) -o $(install_uid) -g $(install_gid) -m 4111 -s sudo $(sudodir)/sudo - $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0111 -s visudo $(visudodir)/visudo + $(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)/$(sudodir)/sudo + $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)/$(visudodir)/visudo install-sudoers: - @if [ -f $(sudoersdir)/sudoers ]; then \ - echo "Setting user/group and mode on existing $(sudoersdir)/sudoers file."; \ - chown $(sudoers_uid) $(sudoersdir)/sudoers; \ - chgrp $(sudoers_gid) $(sudoersdir)/sudoers; \ - chmod $(sudoers_mode) $(sudoersdir)/sudoers; \ - else \ - $(INSTALL) -o $(sudoers_uid) -g $(sudoers_gid) -m $(sudoers_mode) \ - $(srcdir)/sudoers $(sudoersdir)/sudoers; \ - fi + test -f $(DESTDIR)/$(sudoersdir)/sudoers || \ + $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \ + $(srcdir)/sudoers $(DESTDIR)/$(sudoersdir)/sudoers install-man: - $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudo.$(mantype) $(mandirsu)/sudo.$(mansectsu) - $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/visudo.$(mantype) $(mandirsu)/visudo.$(mansectsu) - $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 @mansrcdir@/sudoers.$(mantype) $(mandirform)/sudoers.$(mansectform) + $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)/$(mandirsu)/sudo.$(mansectsu) + $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)/$(mandirsu)/visudo.$(mansectsu) + $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)/$(mandirform)/sudoers.$(mansectform) @MAN_POSTINSTALL@ check: @@ -343,27 +344,25 @@ bindist: @mkdir tmp.`arch -l` @mkdir tmp.`arch -l`/sudo-$(VERSION) - ( cd tmp.`arch -l`/sudo-$(VERSION) ; \ + ( \ + tdir=tmp.`arch -l`/sudo-$(VERSION) ; \ for i in $(BINFILES) ; do \ - if [ -f ../../$$i ]; then \ - cp ../../$$i . ; \ - elif [ -f $(srcdir)/$$i ]; then \ - cp $(srcdir)/$$i . ; \ - else \ - cp ../../$(srcdir)/$$i . ; \ - fi ; \ - done ; \ - ln -s TROUBLESHOOTING FAQ ; \ - for i in $(BINSPECIAL) ; do \ - if [ -f ../../$$i ]; then \ - cp ../../$$i `basename $$i .binary` ; \ + if [ -f $$i ]; then \ + cp $$i $$tdir ; \ elif [ -f $(srcdir)/$$i ]; then \ - cp $(srcdir)/$$i `basename $$i .binary` ; \ + cp $(srcdir)/$$i $$tdir ; \ else \ - cp ../../$(srcdir)/$$i `basename $$i .binary` ; \ + echo cannot find $$i ; \ + exit 1 ; \ fi ; \ done ; \ - cd .. ; tar Ocf ../sudo-$(VERSION)-`arch -l`.tar sudo-$(VERSION) ; \ + cp $(srcdir)/INSTALL.binary $$tdir/INSTALL ; \ + sed -e 's/@_MANTYPE@/$(mantype)/g' -e 's/@_mansectsu@/$(mansectsu)/g' \ + -e 's/@_mansectform@/$(mansectform)/g' $(srcdir)/Makefile.binary \ + > $$tdir/Makefile ; \ ) + strip sudo + strip visudo + ( cd tmp.`arch -l` && tar Ocf ../sudo-$(VERSION)-`arch -l`.tar sudo-$(VERSION) ) gzip --best sudo-$(VERSION)-`arch -l`.tar rm -rf tmp.`arch -l` Index: usr.bin/sudo/PORTING =================================================================== RCS file: /cvs/src/usr.bin/sudo/PORTING,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 PORTING --- usr.bin/sudo/PORTING 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/PORTING 16 Jan 2002 19:09:13 -0000 @@ -4,8 +4,11 @@ Before trying to port sudo to a new architecture, please join the sudo-workers mailing list (see the README file) and ask if anyone has a port working or in-progress. Sudo should be fairly easy to -port. Since it uses a configure script, most of the work should -be done for you. +port. Since it uses a configure script, most of the work is often +done for you. As long as your operating system is reasonably POSIX +compliant porting should be easy. If your operating system has a +separate library for POSIX compatibility you may need to add it by +using configure's --with-libraries option. If your OS is an SVR4 derivative (or some approximation thereof), it may be sufficient to tell configure you are runnng SVR4, something like: @@ -18,11 +21,18 @@ ulimit(2) or getrlimit(2) can also be used on some OS's. If all else fails you can use the value of NOFILE in . -Sudo tries to clear the environment of dangerous envariables like -LD_* to prevent shared library spoofing. If you are porting sudo -to a new OS that has shared libraries you'll want to mask out the -variables that allow one to change the shared library path. See -badenv_table() in sudo.c to see how this is done for various OS's. +Also, some operating systems have a broken implementation of POSIX +saved IDs. If sudo prints the error message "seteuid(0): Operation +not permitted" this means saved IDs are not implemented properly. +You should run configure with the "--disable-saved-ids" option and +rebuild sudo. + +Sudo tries to clear the environment of dangerous environment variables +such as LD_* to prevent shared library spoofing. If you are porting +sudo to a new OS that has shared libraries you'll want to mask out +the variables that allow one to change the shared library path. +See initial_badenv_table() in env.c to see how this is done for +various operating systems. It is possible that on a really weird system, tgetpass() may not compile. (The most common cause for this is that the "fd_set" type @@ -34,15 +44,43 @@ contains a broken or unusable crypt() function--try linking with -lcrypt if that exists. Another possibility is that select() is not fully functional; running configure with --with-password-timeout=0 -will disable the use of select(). +will disable the use of select(). If sudo prompts you for a +password but never accepts it, see below. + +Sudo detects and recognizes most common shadow password schemes +automatically. If you find that sudo is not accepting your password +and you are sure that it has been typed in correctly there are two +likely problems. One possibility is that your C library has a +broken crypt() function (see above). The other is that your operating +system is using shadow passwords and sudo has not detected that +fact. Look in config.h to see what, if any, shadow password scheme +was detected. The most common are SVR4 (HAVE_GETSPNAM will be +defined) and SecureWare (HAVE_GETPRPWNAM will be defined). Check +the manual pages on your system for "getspnam" and "getprpwnam". +If one of those exist but the appropriate define does not exist in +config.h then the problem is most likely that those routines live +in a library that sudo does not know to link against. The manual +page should tell you what library this is. You can then use the +--with-libraries option to configure to tell sudo to link with the +library in question. For example: + --with-libraries='-lgen' +would cause sudo to link in libgen which contains "getspnam" on SCO +systems. If you are trying to port to a system without standard Berkeley networking you may find that interfaces.c will not compile. This -is most likely on OS's with STREAMS-based networking. It should be -possible to make it work by modifying the ISC streams support +is most likely on OS's with STREAMS-based networking. It should +be possible to make it work by modifying the ISC streams support (see the _ISC #ifdef's). However, if you don't care about ip address and network address support, you can just run configure with the ---without-interfaces flag to get a do-nothing load_interfaces() stub function. +--without-interfaces flag to get a do-nothing load_interfaces() +stub function. + +Sudo wants POSIX signals (sigaction and friends). If your system +lacks sigaction but has the 4.3BSD sigvec() function, sigvec() will +be used instead via the wrapper functions in sigaction.c. It is +not currently possible to use the old SVR3 and 4.2BSD signals, but +this is due more to my lack of a test machine than anything else. If you port sudo to a new architecture, please send the output of "configure", the config.log file and your changes to: Index: usr.bin/sudo/README =================================================================== RCS file: /cvs/src/usr.bin/sudo/README,v retrieving revision 1.4 diff -u -r1.4 README --- usr.bin/sudo/README 27 Mar 2000 03:44:37 -0000 1.4 +++ usr.bin/sudo/README 17 Jan 2002 01:05:35 -0000 @@ -1,4 +1,4 @@ -This is Sudo version 1.6.3 +This is Sudo version 1.6.5 The sudo philosophy =================== @@ -10,7 +10,7 @@ ================== Before you try and build sudo, *please* make sure you have the current version. The latest sudo may always be gotten via anonymous ftp -from ftp.courtesan.com in the directory /pub/sudo/. +from ftp.sudo.ws in the directory /pub/sudo/. The distribution is sudo-M.m.tar.gz where `M' is the major version number and `m' is the minor version number. BETA versions of sudo may also be available. If you join @@ -23,7 +23,7 @@ release. For a complete list of changes, see the CHANGES file. For a summary, -see the web page, http://www.courtesan.com/sudo/. +see the web page, http://www.sudo.ws/sudo/. If you are upgrading from an earlier version of Sudo, please see the UPGRADE file. @@ -40,20 +40,21 @@ compiler, and the make utility. If you wish to modify the parser then you will need flex version -2.5.2 or later and either bison or byacc (sudo comes with a -pre-flex'd tokenizer and pre-yacc'd grammar parser). You'll also -have to uncomment a few lines from the Makefile. You can get flex -via anonymous ftp from ftp://ftp.ee.lbl.gov/pub/flex* as well as -any GNU mirror. You can get GNU bison from -ftp://prep.ai.mit.edu/pub/gnu/bison* or any GNU mirror. +2.5.2 or later and either bison or byacc (sudo comes with a pre-flex'd +tokenizer and pre-yacc'd grammar parser). You'll also have to +uncomment a few lines from the Makefile or run configure with the +--with-devel option. You can get flex via anonymous ftp from +ftp://ftp.ee.lbl.gov/pub/flex* as well as any GNU mirror. You can +get GNU bison from ftp://prep.ai.mit.edu/pub/gnu/bison* or any GNU +mirror. Building the release ==================== Please read the installation guide in the `INSTALL' file before trying to build sudo. The `RUNSON' file contains a list of of platforms that this version of sudo is known to work on. If you -can add to this list, please send mail to sudo@courtesan.com. -If something goes wrong you may want to refer to the `TROUBLESHOOTING' +can add to this list, please send mail to sudo@sudo.ws. If +something goes wrong you may want to refer to the `TROUBLESHOOTING' file. Copyright @@ -65,21 +66,25 @@ ============= sudo-announce This list receives announcements whenever a new version of sudo is released. + http://www.sudo.ws/mailman/listinfo/sudo-announce sudo-users This list is for questions and general discussion about sudo. + http://www.sudo.ws/mailman/listinfo/sudo-users sudo-workers This list is for people working on and porting sudo. + http://www.sudo.ws/mailman/listinfo/sudo-workers -To subscribe to a list, send a mail message to "majordomo@courtesan.com" -with a line in the message body (_not_ the subject) of "subscribe listname" -where "listname" is one of sudo-announce, sudo-users, or sudo-workers. +To subscribe to a list, visit its url (as listed above) and enter +your email address to subscribe. Digest versions are available but +these are fairly low traffic lists so the digest versions are not +a significant win. -Currently all the lists are fairly low-volume so there hasn't been a -need for digest versions. +Mailing list archives are also available. See the mailing list web sites +for the appropriate links. Web page ======== -There is a sudo `web page' at http://www.courtesan.com/sudo/ +There is a sudo `web page' at http://www.sudo.ws/sudo/ that contains an overview of sudo as well as pointers to BETA versions and other useful info. @@ -87,7 +92,7 @@ =========== A list of known bugs may be found in the `BUGS' file. If you have found what you believe to be a bug, you can file a bug report with -the sudo bug database, on at web at http://www.courtesan.com/sudo/bugs/. +the sudo bug database, on at web at http://www.sudo.ws/bugs/. Please read over the `TROUBLESHOOTING' file *before* submitting a bug report. When reporting bugs, please be sure to include the Index: usr.bin/sudo/RUNSON =================================================================== RCS file: /cvs/src/usr.bin/sudo/RUNSON,v retrieving revision 1.6 diff -u -r1.6 RUNSON --- usr.bin/sudo/RUNSON 27 Mar 2000 03:44:37 -0000 1.6 +++ usr.bin/sudo/RUNSON 17 Jan 2002 16:54:46 -0000 @@ -6,10 +6,10 @@ Name Rev Arch Used Version By Options ======= ======= ======= =============== ======= =============== =============== Auspex 1.6.1 sun4 bundled cc 1.3.4 Alek Komarnitsky none -SunOS 4.1.3 sun4 bundled cc 1.6.3 Todd Miller none -SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.3 Todd Miller none +SunOS 4.1.3 sun4 bundled cc 1.6.5p1 Todd Miller none +SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.5p1 Todd Miller none SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 -SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.3 Todd Miller --with-skey +SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.5p1 Todd Miller --with-skey Solaris 2.5.1 sparc SC4.0 1.5.6p1 Brian Jackson none Solaris 2.5.1 sun4u gcc2.7.2.3 1.5.4 Leon von Stauber none Solaris 2.5.1 i386 gcc2.7.2 1.5.4 Leon von Stauber none @@ -17,25 +17,32 @@ Solaris 2.6 sparc gcc2.9.5.2 1.6.3 Todd Miller --with-pam Solaris 2.6 i386 gcc2.9.5.2 1.6.3 Todd Miller none Solaris 2.6 i386 gcc2.9.5.2 1.6.3 Todd Miller --with-pam -Solaris 2.6 sparc unbundled cc 1.5.7 Giff Hammar none +Solaris 2.6 sun4u Workshop 6.2 1.6.3p7 Donna Dickerson none Solaris 2.6 i386 unbundled cc 1.5.8p2 Udo Keller none Solaris 7 i386 gcc 2.8.1 1.6.1 Ido Dubrawsky none Solaris 7 i386 Workshop 5.0 1.6 Brian Jackson none Solaris 7 sun4u egcs 1.1.2 1.5.9p4 Scott Kinnane none -Solaris 5.6 sun4u egcs 1.1.2 1.5.9p4 Scott Kinnane none +Solaris 7 sparc SC4.2 1.6.5p1 Todd Miller none +Solaris 7 sun4u Workshop 6.2 1.6.3p7 Donna Dickerson none +Solaris 7 sparc 2.95.2 1.6.5p1 Todd Miller --with-skey +Solaris 2.6 sun4u egcs 1.1.2 1.5.9p4 Scott Kinnane none +Solaris 8 sparc 2.95.2 1.6.5p1 Todd Miller --with-skey +Solaris 8 sparc SC4.2 1.6.5p1 Todd Miller none +Solaris 8 sun4u Workshop 6.2 1.6.3p7 Donna Dickerson none ISC 4.0 i386 bundled cc 1.4 Andy Smith none ISC 4.0 i386 gcc2.7.0 1.4 Andy Smith none ISC 4.1 i386 bundled cc 1.4 Andy Smith none ISC 4.1 i386 gcc2.7.0 1.4 Andy Smith none RISCos 4_52 mips bundled cc 1.3.7 Andy Smith --with-getpass SCO 3.2.2 i386 bundled cc 1.3.4 David Meleedy --with-getpass +SCO 5.0.5 i386 gcc 98q2 1.6.3p7 Alan Pittman none HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller none HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 HP-UX 9.07 hp700 unbundled cc 1.5 Alek Komarnitsky --with-C2 HP-UX 9.05 hp700 unbundled cc 1.4 Todd Miller none -HP-UX 10.10 hp700 unbundled cc 1.6.3 Todd Miller --with-skey -HP-UX 10.20 hp700 gcc2.9.5.2 1.6.3 Todd Miller --with-skey -HP-UX 10.20 hp700 bundled cc 1.6.3 Todd Miller none +HP-UX 10.10 hp700 unbundled cc 1.6.5p1 Todd Miller --with-skey +HP-UX 10.20 hp700 gcc2.9.5.2 1.6.5p1 Todd Miller --with-skey +HP-UX 10.20 hp700 bundled cc 1.6.5p1 Todd Miller none HP-UX 11.00 hp700 ansi-c 1.5.5b1 Alek Komarnitsky --with-C2 HP-UX 11.00 hp700 bundled cc 1.5.5p5 Lynn Osburn none HP-UX 11.00 hp700 HP C compiler 1.6.2 Jeff Earickson --with-pam @@ -48,8 +55,8 @@ IRIX 5.3 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 6.2 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 6.5 mips MipsPro C 1.5.6p1 Brian Jackson none -IRIX 5.3 mips unbundled cc 1.6.3 Todd Miller none -IRIX 5.3 mips gcc2.9.5.2 1.6.3 Todd Miller --with-skey +IRIX 5.3 mips unbundled cc 1.6.5p1 Todd Miller none +IRIX 5.3 mips gcc2.9.5.2 1.6.5p1 Todd Miller --with-skey IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 IRIX 5.3 mips unbundled cc 1.4 Wallace Winfrey --with-C2 IRIX 6.2 mips unbundled cc 1.5 Alek Komarnitsky --with-C2 @@ -67,10 +74,11 @@ NEXTSTEP 3.3 i386 bundled cc 1.4 Jonathan Adams none NEXTSTEP 3.3 sparc bundled cc 1.5.3 Mike Kienenberger none DEC UNIX 3.2c alpha bundled cc 1.5.3 Todd Miller none -DEC UNIX 4.0D alpha gcc-2.9.5.2 1.6.3 Todd Miller --with-skey +DEC UNIX 4.0D alpha bundled cc 1.6.5p1 Todd Miller --with-skey DEC UNIX 4.0 alpha gcc-2.7.2.1 1.5.3 Todd Miller --with-kerb4 DEC UNIX 4.0D alpha bundled cc 1.5.3 Randall R. Cable --with-C2 DEC UNIX 4.0E alpha bundled cc 1.5.9p2 Vangelis Haniotakis none +Tru64 5.1 alpha bundled cc 1.6.5p1 Todd Miller none AIX 3.2.X rs6000 bundled cc 1.4 Todd Miller none AIX 4.1.3 PowerPC gcc-2.7.0 1.4 Bob Shair none AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p2 Todd Miller none @@ -85,10 +93,8 @@ ConvexOS 9.1 convex bundled cc 1.3.6 Todd Miller none ConvexOS 9.1 convex gcc2.4.5 1.3.6 Todd Miller none BSD/OS 4.1 i386 cc 1.6.3 Todd Miller --with-skey -OpenBSD 2.X i586 gcc-2.95.2 1.6.3 Todd Miller none -OpenBSD 2.X alpha gcc-2.95.2 1.6.3 Todd Miller none -OpenBSD 2.X m68k gcc-2.95.2 1.6.3 Todd Miller none -OpenBSD 2.X mvme88k gcc-2.8.1 1.5.9 Steve Murphree none +OpenBSD 2.X all gcc-2.95.2 1.6.5p1 Todd Miller none +OpenBSD 3.0 all gcc-2.95.3 1.6.5p1 Todd Miller none FreeBSD 1.1 i386 gcc 1.3.2 Dworkin Muller none FreeBSD 2.0.5 i386 gcc 1.3.4 Dworkin Muller none FreeBSD 3.2 i386 gcc 2.7.2.1 1.6 Brian Jackson none @@ -99,6 +105,7 @@ Linux 2.0.36 i586 gcc-2.7.2.3 1.5.7p4 Nathan Haney none Linux 2.0.33pl1 m68k gcc 2.7.2.3 1.5.6 James Troup none Linux 2.2.12 i586 gcc-2.95.2 1.6.3 Todd Miller --with-pam +Linux 2.4.9 i686 gcc-2.96 1.6.5p1 Todd Miller --with-pam Linux 2.2.13 alpha egcs-2.91.66 1.6.3 Todd Miller --with-pam Linux 2.2.6-15 ppc egcs-1.1.2 1.5.9p4 Barbara Schelkle none Linux 2.0.34 mips gcc-2.7.2 1.6 Tristan Roddis none @@ -119,6 +126,7 @@ Unicos 10.0.0.1 J90 bundled cc 1.5.4 Mike Kienenberger none DG/UX R4.11MU03 i686 gcc 1.5.3 Ramesh Vasudevan none DG/UX R4.20MU02 x86 cc v1.5.6p5 Jared Crapo none +DG/UX R4.20MU07 x86 gcc 1.6.3p7 Rob Tocher none NetBSD 1.2[A-G] x86 gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none NetBSD 1.2[A-G] m68k gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none NetBSD 1.2[A-G] sparc gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none @@ -134,6 +142,7 @@ HI-UX/MPP 02-03 sr2201 bundled cc 1.5.4 Ben Edgington none SVR4 4.4 m88k bundled gcc 1.6rc1 Gerry Belanger CFLAGS= NonStop-UX B32 CO-1475 cc 1.5.9p3 Andrei Panfilenko none +MacOS X ppc bundled cc 1.6.3p7 Gary Danko none Systems on which Sudo is expected to run on but hasn't been tested. If you can verify any of these, please send mail to sudo@courtesan.com Index: usr.bin/sudo/TODO =================================================================== RCS file: /cvs/src/usr.bin/sudo/TODO,v retrieving revision 1.2 diff -u -r1.2 TODO --- usr.bin/sudo/TODO 27 Mar 2000 03:44:37 -0000 1.2 +++ usr.bin/sudo/TODO 17 Jan 2002 01:05:35 -0000 @@ -3,84 +3,110 @@ 01) Redo parsing to be more like op(8) with true command aliases where can specify uid, gid(s) and part/all of the environment. -02) Add default options to sudoers file (umask, def uid, def gids, dir, PATH). - Defaults = option1, option2, ... - Defaults@host = option1, option2, ... - Defaults!user = option1, option2, ... - Defaults%group = option1, option2, ... - Defaults+netgroup = option1, option2, ... +02) Add a SHELLS reserved word that checks against /etc/shells. -03) Add a SHELLS reserved word that checks against /etc/shells. +03) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo. -04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo. +04) Add a -h (?) flag to sudo for a history mechanism. -05) Add a -h (?) flag to sudo for a history mechanism. +05) Add an option to set LD_LIBRARY_PATH? -06) Add an option to hard-code LD_LIBRARY_PATH? +06) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). -07) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). +07) check for in configure and include it in sudo.c if it exists. -08) check for in configure and include it in sudo.c if it exists. +08) Add generic STREAMS support for getting interfaces and netmasks. -09) Add generic STREAMS support for getting interfaces and netmasks. - -10) Add support for "safe scripts" by checking for shell script +09) Add support for "safe scripts" by checking for shell script cookie (first two bytes are "#!") and execing the shell outselves after doing the stat to guard against spoofing. This should avoid the race condition caused by going through namei() twice... -11) Overhaul testsudoers to use things from parse.o so we don't reimplement +10) Overhaul testsudoers to use things from parse.o so we don't reimplement things. -12) Make runas_user a struct "runas" with user and group components. +11) Make runas_user a struct "runas" with user and group components. (maybe uid and gid too???) -13) Add -g group/gid option. +12) Add -g group/gid option. -14) Should be able to mix Cmnd_Alias's and command args. Ie: +13) Should be able to mix Cmnd_Alias's and command args. Ie: pete ALL=PASSWD [A-z]*,!PASSWD root where PASSWD was defined to be /usr/bin/passwd. This requires the arg parsing to happen in the yacc grammer. At the very least, commands and args have to become separate tokens in the lexer. -15) Add a per-tty restriction? Ie: only can run foo from /dev/console. - -16) Add test for how to read ether interfaces in configure script +14) Add a per-tty restriction? Ie: only can run foo from /dev/console. -17) Add configure check for $(CC) -R and use it in addition to -L +15) Add test for how to read ether interfaces in configure script -18) An option to make "sudo -s" use the target user's shell might be nice - (and more like su). +16) Add configure check for $(CC) -R and use it in addition to -L -19) Use getrlimit() in preference to getconf()/getdtablesize(). +17) An option to make "sudo -s" use the target user's shell might be nice + (and more like su). Overlaps with the upcoming -i option. -20) Add configure option to enable old behavior of visudo (O_EXCL)? +18) Add configure option to enable old behavior of visudo (O_EXCL)? --without-sudoers-lock? -21) Profile sudo again (is the yacc grammar optimal?) +19) Profile sudo again (is the yacc grammar optimal?) -22) Zero out encrypted passwords after use. Use an Exit function or +20) Zero out encrypted passwords after use. Use an Exit function or some such (have to hook in to emalloc() and friends). Hard (impossible?) to be thorough w/ atexit/on_exit. -23) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified +21) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified user. -24) Use strtol() and strtoul(), not atoi() +22) Use strtol() and strtoul(), not atoi() + +23) In parse.yacc get rid of unneeded '{ ; }' + +24) Look into %e, %p, %k in parse.lex + +25) Make syslog stuff work on vanilla ultrix + +26) Implement date_format and log_format options. + +27) Add support for: Default:user@host + +28) Do login-style -sh hack for sudo -s? (new option or do it always?) + +29) Make visudo rcs-aware + +30) Add support for parsing multiple sudoers files. Basically make + _PATH_SUDOERS be a colon-separated list of pathname like EDITOR. + Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp"). + +31) Add -i (simulate initial login) option as per 946 +sudo + (requires two-pass parser). Also add "default_path" Defaults option + to go with it. (See MINUS_I.patch) + +32) Some people want to be able to specify a special password in sudoers + in addition or instead of the normal one. -25) In parse.yacc get rid on unneeded '{ ; }' +33) Add support for trusted users. E.g. allow user to run a certain + command regardless of what dir it is in if it is owned by the + trusted user. -26) Look into %e, %p, %k in parse.lex +34) Add mechanism to choose logfile based on RunasUser -27) Document Defaults stuff in sudoers.pod +35) Split the parser into two stages. The first parse checks for + syntax and sets the Defaults options and sets up the + data structures to check a user. The second stage does + the actual user check. -28) Make syslog stuff work on vanilla ultrix +36) Add a flag similar to '-l' but that spits out sudo commands in + a format suitable for cut & paste (requires parser overhaul first). -29) Implement date_format and log_format options. +37) Someone wants a recursive version of the dir specifier. Ie: + SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run. -30) Add support for: Default:user@host +38) An option to set the shell to the target user would make sense. + See other target user-related issues above. -31) Do login-style -sh hack for sudo -s? +39) Add an option (-D) to dump the defaults after the sudoers file + has been parsed. Should only be available to root and should + allow a -u user modifier. -32) Make visudo rcs-aware +40) For sudo 1.7 wipe out the environment by default. Index: usr.bin/sudo/TROUBLESHOOTING =================================================================== RCS file: /cvs/src/usr.bin/sudo/TROUBLESHOOTING,v retrieving revision 1.2 diff -u -r1.2 TROUBLESHOOTING --- usr.bin/sudo/TROUBLESHOOTING 24 Jan 2000 04:22:52 -0000 1.2 +++ usr.bin/sudo/TROUBLESHOOTING 16 Jan 2002 19:09:13 -0000 @@ -1,6 +1,13 @@ -FAQ and troubleshooting tips for Sudo +Troubleshooting tips and FAQ for Sudo ===================================== +Q) When I run configure, it says "C compiler cannot create executables". +A) This usually means you either don't have a working compiler. This + could be due to the lack of a license or that some component of the + compiler suite could not be found. Check config.log for clues as + to why this is happening. On many systems, compiler components live + in /usr/ccs/bin which may not be in your PATH environment variable. + Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root." and sudo quits. A) Sudo must be setuid root to do its work. You need to do something like @@ -10,6 +17,12 @@ your $PATH before the directory containing sudo. If you are going to have '.' in your path you should make sure it is at the end. +Q) Sudo compiles but when I run it I get "seteuid(0): Operation not permitted" + and sudo quits. +A) The operating system you are running probably has broken support for + POSIX saved IDs. You should run configure with the "--disable-saved-ids" + option and rebuild sudo. + Q) Sudo never gives me a chance to enter a password using PAM, it just says 'Sorry, try again.' three times and quits. A) You didn't setup PAM to work with sudo. On Linux this generally @@ -70,14 +83,28 @@ LOCALDOMAIN RES_OPTIONS HOSTALIASES + NLSPATH + PATH_LOCALE + TERMINFO + TERMINFO_DIRS + TERMPATH + TERMCAP ENV BASH_ENV + LC_ (if it contains a '/' or '%') + LANG (if it contains a '/' or '%') + LANGUAGE (if it contains a '/' or '%') LD_* _RLD_* SHLIB_PATH (HP-UX only) - LIB_PATH (AIX only) + LIBPATH (AIX only) KRB_CONF (kerb4 only) + KRBCONFDIR (kerb4 only) + KRBTKFILE (kerb4 only) KRB5_CONFIG (kerb5 only) + VAR_ACE (SecurID only) + USR_ACE (SecurID only) + DLC_ACE (SecurID only) Q) How can I keep sudo from asking for a password? A) To specify this on a per-user (and per-command) basis, use the 'NOPASSWD' @@ -130,6 +157,18 @@ A) Some SVR4-derived OS's include a /usr/bin/cd command for reasons unfathomable. A "cd" command is totally useless since a child process cannot affect the current working directory of the parent (your shell). + +Q) When I run sudo it says I am not alllowed to run the command as root + but I don't want to run it as root, I want to run it as another user. + My sudoers file entry looks like: + bob ALL=(oracle) ALL +A) The default user sudo tries to run things as is always root, even if + the invoking user can only run commands as a single, specific user. + This may change in the future but at the present time you have to + work around this using the 'runas_default' option in sudoers. + For example: + Defaults:bob runas_default=oracle + would achieve the desired result ofr the preceding sudoers fragment. Q) How do you pronounce `sudo'? A) soo-doo (for superuser do). Index: usr.bin/sudo/aclocal.m4 =================================================================== RCS file: usr.bin/sudo/aclocal.m4 diff -N usr.bin/sudo/aclocal.m4 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ usr.bin/sudo/aclocal.m4 16 Jan 2002 19:09:13 -0000 @@ -0,0 +1,346 @@ +dnl Local m4 macors for autoconf (used by sudo) +dnl +dnl Copyright (c) 1994-1996,1998-2002 Todd C. Miller +dnl +dnl XXX - should cache values in all cases!!! +dnl +dnl checks for programs + +dnl +dnl check for sendmail +dnl +AC_DEFUN(SUDO_PROG_SENDMAIL, [AC_MSG_CHECKING(for sendmail) +if test -f "/usr/sbin/sendmail"; then + AC_MSG_RESULT(/usr/sbin/sendmail) + SUDO_DEFINE(_PATH_SUDO_SENDMAIL, "/usr/sbin/sendmail") +elif test -f "/usr/lib/sendmail"; then + AC_MSG_RESULT(/usr/lib/sendmail) + SUDO_DEFINE(_PATH_SUDO_SENDMAIL, "/usr/lib/sendmail") +elif test -f "/usr/etc/sendmail"; then + AC_MSG_RESULT(/usr/etc/sendmail) + SUDO_DEFINE(_PATH_SUDO_SENDMAIL, "/usr/etc/sendmail") +elif test -f "/usr/ucblib/sendmail"; then + AC_MSG_RESULT(/usr/ucblib/sendmail) + SUDO_DEFINE(_PATH_SUDO_SENDMAIL, "/usr/ucblib/sendmail") +elif test -f "/usr/local/lib/sendmail"; then + AC_MSG_RESULT(/usr/local/lib/sendmail) + SUDO_DEFINE(_PATH_SUDO_SENDMAIL, "/usr/local/lib/sendmail") +elif test -f "/usr/local/bin/sendmail"; then + AC_MSG_RESULT(/usr/local/bin/sendmail) + SUDO_DEFINE(_PATH_SUDO_SENDMAIL, "/usr/local/bin/sendmail") +else + AC_MSG_RESULT(not found) +fi +])dnl + +dnl +dnl check for vi +dnl +AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING(for vi) +if test -f "/usr/bin/vi"; then + AC_MSG_RESULT(/usr/bin/vi) + SUDO_DEFINE(_PATH_VI, "/usr/bin/vi") +elif test -f "/usr/ucb/vi"; then + AC_MSG_RESULT(/usr/ucb/vi) + SUDO_DEFINE(_PATH_VI, "/usr/ucb/vi") +elif test -f "/usr/bsd/vi"; then + AC_MSG_RESULT(/usr/bsd/vi) + SUDO_DEFINE(_PATH_VI, "/usr/bsd/vi") +elif test -f "/bin/vi"; then + AC_MSG_RESULT(/bin/vi) + SUDO_DEFINE(_PATH_VI, "/bin/vi") +elif test -f "/usr/local/bin/vi"; then + AC_MSG_RESULT(/usr/local/bin/vi) + SUDO_DEFINE(_PATH_VI, "/usr/local/bin/vi") +else + AC_MSG_RESULT(not found) +fi +])dnl + +dnl +dnl check for mv +dnl +AC_DEFUN(SUDO_PROG_MV, [AC_MSG_CHECKING(for mv) +if test -f "/usr/bin/mv"; then + AC_MSG_RESULT(/usr/bin/mv) + SUDO_DEFINE(_PATH_MV, "/usr/bin/mv") +elif test -f "/bin/mv"; then + AC_MSG_RESULT(/bin/mv) + SUDO_DEFINE(_PATH_MV, "/bin/mv") +elif test -f "/usr/ucb/mv"; then + AC_MSG_RESULT(/usr/ucb/mv) + SUDO_DEFINE(_PATH_MV, "/usr/ucb/mv") +elif test -f "/usr/sbin/mv"; then + AC_MSG_RESULT(/usr/sbin/mv) + SUDO_DEFINE(_PATH_MV, "/usr/sbin/mv") +else + AC_MSG_RESULT(not found) +fi +])dnl + +dnl +dnl check for bourne shell +dnl +AC_DEFUN(SUDO_PROG_BSHELL, [AC_MSG_CHECKING(for bourne shell) +if test -f "/bin/sh"; then + AC_MSG_RESULT(/bin/sh) + SUDO_DEFINE(_PATH_BSHELL, "/bin/sh") +elif test -f "/usr/bin/sh"; then + AC_MSG_RESULT(/usr/bin/sh) + SUDO_DEFINE(_PATH_BSHELL, "/usr/bin/sh") +elif test -f "/sbin/sh"; then + AC_MSG_RESULT(/sbin/sh) + SUDO_DEFINE(_PATH_BSHELL, "/sbin/sh") +elif test -f "/usr/sbin/sh"; then + AC_MSG_RESULT(/usr/sbin/sh) + SUDO_DEFINE(_PATH_BSHELL, "/usr/sbin/sh") +elif test -f "/bin/ksh"; then + AC_MSG_RESULT(/bin/ksh) + SUDO_DEFINE(_PATH_BSHELL, "/bin/ksh") +elif test -f "/usr/bin/ksh"; then + AC_MSG_RESULT(/usr/bin/ksh) + SUDO_DEFINE(_PATH_BSHELL, "/usr/bin/ksh") +elif test -f "/bin/bash"; then + AC_MSG_RESULT(/bin/bash) + SUDO_DEFINE(_PATH_BSHELL, "/bin/bash") +elif test -f "/usr/bin/bash"; then + AC_MSG_RESULT(/usr/bin/bash) + SUDO_DEFINE(_PATH_BSHELL, "/usr/bin/bash") +else + AC_MSG_RESULT(not found) +fi +])dnl + +dnl +dnl Where the log file goes, use /var/log if it exists, else /{var,usr}/adm +dnl +AC_DEFUN(SUDO_LOGFILE, [AC_MSG_CHECKING(for log file location) +if test -n "$with_logpath"; then + AC_MSG_RESULT($with_logpath) + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGFILE, "$with_logpath") +elif test -d "/var/log"; then + AC_MSG_RESULT(/var/log/sudo.log) + SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/log/sudo.log") +elif test -d "/var/adm"; then + AC_MSG_RESULT(/var/adm/sudo.log) + SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/adm/sudo.log") +elif test -d "/usr/adm"; then + AC_MSG_RESULT(/usr/adm/sudo.log) + SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/usr/adm/sudo.log") +else + AC_MSG_RESULT(unknown, you will have to set _PATH_SUDO_LOGFILE by hand) +fi +])dnl + +dnl +dnl Where the log file goes, use /var/log if it exists, else /{var,usr}/adm +dnl +AC_DEFUN(SUDO_TIMEDIR, [AC_MSG_CHECKING(for timestamp file location) +if test -n "$with_timedir"; then + AC_MSG_RESULT($with_timedir) + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$with_timedir") + timedir="$with_timedir" +elif test -d "/var/run"; then + AC_MSG_RESULT(/var/run/sudo) + SUDO_DEFINE(_PATH_SUDO_TIMEDIR, "/var/run/sudo") + timedir="/var/run/sudo" +else + AC_MSG_RESULT(/tmp/.odus) + SUDO_DEFINE(_PATH_SUDO_TIMEDIR, "/tmp/.odus") + timedir="/tmp/.odus" +fi +])dnl + +dnl +dnl check for fullly working void +dnl +AC_DEFUN(SUDO_FULL_VOID, [AC_MSG_CHECKING(for full void implementation) +AC_TRY_COMPILE(, [void *foo; +foo = (void *)0; (void *)"test";], AC_DEFINE(VOID, void, [Define to "void" if your compiler supports void pointers, else use "char"].) +AC_MSG_RESULT(yes), AC_DEFINE(VOID, char) +AC_MSG_RESULT(no))]) + +dnl +dnl SUDO_CHECK_TYPE(TYPE, DEFAULT) +dnl XXX - should require the check for unistd.h... +dnl +AC_DEFUN(SUDO_CHECK_TYPE, +[AC_REQUIRE([AC_HEADER_STDC])dnl +AC_MSG_CHECKING(for $1) +AC_CACHE_VAL(sudo_cv_type_$1, +[AC_EGREP_CPP($1, [#include +#include +#if STDC_HEADERS +#include +#endif +#if HAVE_UNISTD_H +#include +#endif], sudo_cv_type_$1=yes, sudo_cv_type_$1=no)])dnl +AC_MSG_RESULT($sudo_cv_type_$1) +if test $sudo_cv_type_$1 = no; then + AC_DEFINE($1, $2, [Define if your system lacks the $1 type.]) +fi +]) + +dnl +dnl Check for size_t declation +dnl +AC_DEFUN(SUDO_TYPE_SIZE_T, +[SUDO_CHECK_TYPE(size_t, int)]) + +dnl +dnl Check for ssize_t declation +dnl +AC_DEFUN(SUDO_TYPE_SSIZE_T, +[SUDO_CHECK_TYPE(ssize_t, int)]) + +dnl +dnl Check for dev_t declation +dnl +AC_DEFUN(SUDO_TYPE_DEV_T, +[SUDO_CHECK_TYPE(dev_t, int)]) + +dnl +dnl Check for ino_t declation +dnl +AC_DEFUN(SUDO_TYPE_INO_T, +[SUDO_CHECK_TYPE(ino_t, unsigned int)]) + +dnl +dnl check for POSIX utime() using struct utimbuf +dnl +AC_DEFUN(SUDO_FUNC_UTIME_POSIX, +[AC_MSG_CHECKING(for POSIX utime) +AC_CACHE_VAL(sudo_cv_func_utime_posix, +[rm -f conftestdata; > conftestdata +AC_TRY_RUN([#include +#include +#include +main() { +struct utimbuf ut; +ut.actime = ut.modtime = time(0); +utime("conftestdata", &ut); +exit(0); +}], sudo_cv_func_utime_posix=yes, sudo_cv_func_utime_posix=no, + sudo_cv_func_utime_posix=no) +rm -f core core.* *.core])dnl +AC_MSG_RESULT($sudo_cv_func_utime_posix) +if test $sudo_cv_func_utime_posix = yes; then + AC_DEFINE(HAVE_UTIME_POSIX, 1, [Define if you have a POSIX utime() (uses struct utimbuf).]) +fi +]) + +dnl +dnl check for working fnmatch(3) +dnl +AC_DEFUN(SUDO_FUNC_FNMATCH, +[AC_MSG_CHECKING(for working fnmatch with FNM_CASEFOLD) +AC_CACHE_VAL(sudo_cv_func_fnmatch, +[rm -f conftestdata; > conftestdata +AC_TRY_RUN([#include +main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); } +], sudo_cv_func_fnmatch=yes, sudo_cv_func_fnmatch=no, + sudo_cv_func_fnmatch=no) +rm -f core core.* *.core])dnl +AC_MSG_RESULT($sudo_cv_func_fnmatch) +if test $sudo_cv_func_fnmatch = yes; then + [$1] +else + [$2] +fi +]) + +dnl +dnl check for isblank(3) +dnl +AC_DEFUN([SUDO_FUNC_ISBLANK], + [AC_CACHE_CHECK([for isblank], sudo_cv_func_isblank, + [AC_TRY_LINK([#include ], [(void)isblank(1);], + sudo_cv_func_isblank=yes, sudo_cv_func_isblank=no)]) +] [ + if test "$sudo_cv_func_isblank" = "yes"; then + AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3).]) + fi +]) + +dnl +dnl check for sa_len field in struct sockaddr +dnl +AC_DEFUN(SUDO_SOCK_SA_LEN, +[AC_MSG_CHECKING(for sa_len field in struct sockaddr) +AC_CACHE_VAL(sudo_cv_sock_sa_len, +[AC_TRY_RUN([#include +#include +main() { +struct sockaddr s; +s.sa_len = 0; +exit(0); +}], sudo_cv_sock_sa_len=yes, sudo_cv_sock_sa_len=no, + sudo_cv_sock_sa_len=no) +rm -f core core.* *.core])dnl +AC_MSG_RESULT($sudo_cv_sock_sa_len) +if test $sudo_cv_sock_sa_len = yes; then + AC_DEFINE(HAVE_SA_LEN, 1, [Define if your struct sockadr has an sa_len field.]) +fi +]) + +dnl +dnl check for max length of uid_t in string representation. +dnl we can't really trust UID_MAX or MAXUID since they may exist +dnl only for backwards compatibility. +dnl +AC_DEFUN(SUDO_UID_T_LEN, +[AC_REQUIRE([AC_TYPE_UID_T]) +AC_MSG_CHECKING(max length of uid_t) +AC_CACHE_VAL(sudo_cv_uid_t_len, +[rm -f conftestdata +AC_TRY_RUN( +[#include +#include +#include +#include +#include +main() { + FILE *f; + char b[1024]; + uid_t u = (uid_t) -1; + + if ((f = fopen("conftestdata", "w")) == NULL) + exit(1); + + (void) sprintf(b, "%u", u); + (void) fprintf(f, "%d\n", strlen(b)); + (void) fclose(f); + exit(0); +}], sudo_cv_uid_t_len=`cat conftestdata`, sudo_cv_uid_t_len=10) +]) +rm -f conftestdata +AC_MSG_RESULT($sudo_cv_uid_t_len) +AC_DEFINE_UNQUOTED(MAX_UID_T_LEN, $sudo_cv_uid_t_len, [Define to the max length of a uid_t in string context (excluding the NUL).]) +]) + +dnl +dnl check for "long long" +dnl XXX hard to cache since it includes 2 tests +dnl +AC_DEFUN(SUDO_LONG_LONG, [AC_MSG_CHECKING(for long long support) +AC_TRY_LINK(, [long long foo = 1000; foo /= 10;], AC_DEFINE(HAVE_LONG_LONG, 1, [Define if your compiler supports the "long long" type.]) +[AC_TRY_RUN([main() {if (sizeof(long long) == sizeof(long)) exit(0); else exit(1);}], AC_DEFINE(LONG_IS_QUAD, 1, [Define if sizeof(long) == sizeof(long long).]))] +AC_MSG_RESULT(yes), AC_MSG_RESULT(no))]) + +dnl +dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support +dnl tracing that we use to define paths for pathnames.h so autoheader doesn't +dnl put them in config.h.in. An awful hack. +dnl +m4_define([SUDO_DEFINE], +[cat >>confdefs.h <<\EOF +[@%:@define] $1 m4_if($#, 2, [$2], $#, 3, [$2], 1) +EOF +]) + +m4_define([SUDO_DEFINE_UNQUOTED], +[cat >>confdefs.h < -dnl -dnl XXX - should cache values in all cases!!! -dnl -dnl checks for programs - -dnl -dnl check for sendmail -dnl -AC_DEFUN(SUDO_PROG_SENDMAIL, [AC_MSG_CHECKING(for sendmail) -if test -f "/usr/sbin/sendmail"; then - AC_MSG_RESULT(/usr/sbin/sendmail) - AC_DEFINE(_PATH_SENDMAIL, "/usr/sbin/sendmail") -elif test -f "/usr/lib/sendmail"; then - AC_MSG_RESULT(/usr/lib/sendmail) - AC_DEFINE(_PATH_SENDMAIL, "/usr/lib/sendmail") -elif test -f "/usr/etc/sendmail"; then - AC_MSG_RESULT(/usr/etc/sendmail) - AC_DEFINE(_PATH_SENDMAIL, "/usr/etc/sendmail") -elif test -f "/usr/ucblib/sendmail"; then - AC_MSG_RESULT(/usr/ucblib/sendmail) - AC_DEFINE(_PATH_SENDMAIL, "/usr/ucblib/sendmail") -elif test -f "/usr/local/lib/sendmail"; then - AC_MSG_RESULT(/usr/local/lib/sendmail) - AC_DEFINE(_PATH_SENDMAIL, "/usr/local/lib/sendmail") -elif test -f "/usr/local/bin/sendmail"; then - AC_MSG_RESULT(/usr/local/bin/sendmail) - AC_DEFINE(_PATH_SENDMAIL, "/usr/local/bin/sendmail") -else - AC_MSG_RESULT(not found) -fi -])dnl - -dnl -dnl check for vi -dnl -AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING(for vi) -if test -f "/usr/bin/vi"; then - AC_MSG_RESULT(/usr/bin/vi) - AC_DEFINE(_PATH_VI, "/usr/bin/vi") -elif test -f "/usr/ucb/vi"; then - AC_MSG_RESULT(/usr/ucb/vi) - AC_DEFINE(_PATH_VI, "/usr/ucb/vi") -elif test -f "/usr/bsd/vi"; then - AC_MSG_RESULT(/usr/bsd/vi) - AC_DEFINE(_PATH_VI, "/usr/bsd/vi") -elif test -f "/bin/vi"; then - AC_MSG_RESULT(/bin/vi) - AC_DEFINE(_PATH_VI, "/bin/vi") -elif test -f "/usr/local/bin/vi"; then - AC_MSG_RESULT(/usr/local/bin/vi) - AC_DEFINE(_PATH_VI, "/usr/local/bin/vi") -else - AC_MSG_RESULT(not found) -fi -])dnl - -dnl -dnl check for mv -dnl -AC_DEFUN(SUDO_PROG_MV, [AC_MSG_CHECKING(for mv) -if test -f "/usr/bin/mv"; then - AC_MSG_RESULT(/usr/bin/mv) - AC_DEFINE(_PATH_MV, "/usr/bin/mv") -elif test -f "/bin/mv"; then - AC_MSG_RESULT(/bin/mv) - AC_DEFINE(_PATH_MV, "/bin/mv") -elif test -f "/usr/ucb/mv"; then - AC_MSG_RESULT(/usr/ucb/mv) - AC_DEFINE(_PATH_MV, "/usr/ucb/mv") -elif test -f "/usr/sbin/mv"; then - AC_MSG_RESULT(/usr/sbin/mv) - AC_DEFINE(_PATH_MV, "/usr/sbin/mv") -else - AC_MSG_RESULT(not found) -fi -])dnl - -dnl -dnl check for bourne shell -dnl -AC_DEFUN(SUDO_PROG_BSHELL, [AC_MSG_CHECKING(for bourne shell) -if test -f "/bin/sh"; then - AC_MSG_RESULT(/bin/sh) - AC_DEFINE(_PATH_BSHELL, "/bin/sh") -elif test -f "/usr/bin/sh"; then - AC_MSG_RESULT(/usr/bin/sh) - AC_DEFINE(_PATH_BSHELL, "/usr/bin/sh") -elif test -f "/sbin/sh"; then - AC_MSG_RESULT(/sbin/sh) - AC_DEFINE(_PATH_BSHELL, "/sbin/sh") -elif test -f "/usr/sbin/sh"; then - AC_MSG_RESULT(/usr/sbin/sh) - AC_DEFINE(_PATH_BSHELL, "/usr/sbin/sh") -elif test -f "/bin/ksh"; then - AC_MSG_RESULT(/bin/ksh) - AC_DEFINE(_PATH_BSHELL, "/bin/ksh") -elif test -f "/usr/bin/ksh"; then - AC_MSG_RESULT(/usr/bin/ksh) - AC_DEFINE(_PATH_BSHELL, "/usr/bin/ksh") -elif test -f "/bin/bash"; then - AC_MSG_RESULT(/bin/bash) - AC_DEFINE(_PATH_BSHELL, "/bin/bash") -elif test -f "/usr/bin/bash"; then - AC_MSG_RESULT(/usr/bin/bash) - AC_DEFINE(_PATH_BSHELL, "/usr/bin/bash") -else - AC_MSG_RESULT(not found) -fi -])dnl - -dnl -dnl Where the log file goes, use /var/log if it exists, else /{var,usr}/adm -dnl -AC_DEFUN(SUDO_LOGFILE, [AC_MSG_CHECKING(for log file location) -if test -n "$with_logpath"; then - AC_MSG_RESULT($with_logpath) - AC_DEFINE_UNQUOTED(_PATH_SUDO_LOGFILE, "$with_logpath") -elif test -d "/var/log"; then - AC_MSG_RESULT(/var/log/sudo.log) - AC_DEFINE(_PATH_SUDO_LOGFILE, "/var/log/sudo.log") -elif test -d "/var/adm"; then - AC_MSG_RESULT(/var/adm/sudo.log) - AC_DEFINE(_PATH_SUDO_LOGFILE, "/var/adm/sudo.log") -elif test -d "/usr/adm"; then - AC_MSG_RESULT(/usr/adm/sudo.log) - AC_DEFINE(_PATH_SUDO_LOGFILE, "/usr/adm/sudo.log") -else - AC_MSG_RESULT(unknown, you will have to set _PATH_SUDO_LOGFILE by hand) -fi -])dnl - -dnl -dnl Where the log file goes, use /var/log if it exists, else /{var,usr}/adm -dnl -AC_DEFUN(SUDO_TIMEDIR, [AC_MSG_CHECKING(for timestamp file location) -if test -n "$with_timedir"; then - AC_MSG_RESULT($with_timedir) - AC_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$with_timedir") - TIMEDIR="$with_timedir" -elif test -d "/var/run"; then - AC_MSG_RESULT(/var/run/sudo) - AC_DEFINE(_PATH_SUDO_TIMEDIR, "/var/run/sudo") - TIMEDIR="/var/run/sudo" -else - AC_MSG_RESULT(/tmp/.odus) - AC_DEFINE(_PATH_SUDO_TIMEDIR, "/tmp/.odus") - TIMEDIR="/tmp/.odus" -fi -])dnl - -dnl -dnl check for fullly working void -dnl -AC_DEFUN(SUDO_FULL_VOID, [AC_MSG_CHECKING(for full void implementation) -AC_TRY_COMPILE(, [void *foo; -foo = (void *)0; (void *)"test";], AC_DEFINE(VOID, void) -AC_MSG_RESULT(yes), AC_DEFINE(VOID, char) -AC_MSG_RESULT(no))]) - -dnl -dnl SUDO_CHECK_TYPE(TYPE, DEFAULT) -dnl XXX - should require the check for unistd.h... -dnl -AC_DEFUN(SUDO_CHECK_TYPE, -[AC_REQUIRE([AC_HEADER_STDC])dnl -AC_MSG_CHECKING(for $1) -AC_CACHE_VAL(sudo_cv_type_$1, -[AC_EGREP_CPP($1, [#include -#if STDC_HEADERS -#include -#endif -#if HAVE_UNISTD_H -#include -#endif], sudo_cv_type_$1=yes, sudo_cv_type_$1=no)])dnl -AC_MSG_RESULT($sudo_cv_type_$1) -if test $sudo_cv_type_$1 = no; then - AC_DEFINE($1, $2) -fi -]) - -dnl -dnl Check for size_t declation -dnl -AC_DEFUN(SUDO_TYPE_SIZE_T, -[SUDO_CHECK_TYPE(size_t, int)]) - -dnl -dnl Check for ssize_t declation -dnl -AC_DEFUN(SUDO_TYPE_SSIZE_T, -[SUDO_CHECK_TYPE(ssize_t, int)]) - -dnl -dnl Check for dev_t declation -dnl -AC_DEFUN(SUDO_TYPE_DEV_T, -[SUDO_CHECK_TYPE(dev_t, int)]) - -dnl -dnl Check for ino_t declation -dnl -AC_DEFUN(SUDO_TYPE_INO_T, -[SUDO_CHECK_TYPE(ino_t, unsigned int)]) - -dnl -dnl check for POSIX utime() using struct utimbuf -dnl -AC_DEFUN(SUDO_FUNC_UTIME_POSIX, -[AC_MSG_CHECKING(for POSIX utime) -AC_CACHE_VAL(sudo_cv_func_utime_posix, -[rm -f conftestdata; > conftestdata -AC_TRY_RUN([#include -#include -#include -main() { -struct utimbuf ut; -ut.actime = ut.modtime = time(0); -utime("conftestdata", &ut); -exit(0); -}], sudo_cv_func_utime_posix=yes, sudo_cv_func_utime_posix=no, - sudo_cv_func_utime_posix=no) -rm -f core core.* *.core])dnl -AC_MSG_RESULT($sudo_cv_func_utime_posix) -if test $sudo_cv_func_utime_posix = yes; then - AC_DEFINE(HAVE_UTIME_POSIX) -fi -]) - -dnl -dnl check for working fnmatch(3) -dnl -AC_DEFUN(SUDO_FUNC_FNMATCH, -[AC_MSG_CHECKING(for working fnmatch with FNM_CASEFOLD) -AC_CACHE_VAL(sudo_cv_func_fnmatch, -[rm -f conftestdata; > conftestdata -AC_TRY_RUN([#include -main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); } -], sudo_cv_func_fnmatch=yes, sudo_cv_func_fnmatch=no, - sudo_cv_func_fnmatch=no) -rm -f core core.* *.core])dnl -AC_MSG_RESULT($sudo_cv_func_fnmatch) -if test $sudo_cv_func_fnmatch = yes; then - [$1] -else - [$2] -fi -]) - -dnl -dnl check for sa_len field in struct sockaddr -dnl -AC_DEFUN(SUDO_SOCK_SA_LEN, -[AC_MSG_CHECKING(for sa_len field in struct sockaddr) -AC_CACHE_VAL(sudo_cv_sock_sa_len, -[AC_TRY_RUN([#include -#include -main() { -struct sockaddr s; -s.sa_len = 0; -exit(0); -}], sudo_cv_sock_sa_len=yes, sudo_cv_sock_sa_len=no, - sudo_cv_sock_sa_len=no) -rm -f core core.* *.core])dnl -AC_MSG_RESULT($sudo_cv_sock_sa_len) -if test $sudo_cv_sock_sa_len = yes; then - AC_DEFINE(HAVE_SA_LEN) -fi -]) - -dnl -dnl check for max length of uid_t in string representation. -dnl we can't really trust UID_MAX or MAXUID since they may exist -dnl only for backwards compatibility. -dnl -AC_DEFUN(SUDO_UID_T_LEN, -[AC_REQUIRE([AC_TYPE_UID_T]) -AC_MSG_CHECKING(max length of uid_t) -AC_CACHE_VAL(sudo_cv_uid_t_len, -[rm -f conftestdata -AC_TRY_RUN( -[#include -#include -#include -#include -#include -main() { - FILE *f; - char b[1024]; - uid_t u = (uid_t) -1; - - if ((f = fopen("conftestdata", "w")) == NULL) - exit(1); - - (void) sprintf(b, "%u", u); - (void) fprintf(f, "%d\n", strlen(b)); - (void) fclose(f); - exit(0); -}], sudo_cv_uid_t_len=`cat conftestdata`, sudo_cv_uid_t_len=10) -]) -rm -f conftestdata -AC_MSG_RESULT($sudo_cv_uid_t_len) -AC_DEFINE_UNQUOTED(MAX_UID_T_LEN, $sudo_cv_uid_t_len) -]) - -dnl -dnl check for "long long" -dnl XXX hard to cache since it includes 2 tests -dnl -AC_DEFUN(SUDO_LONG_LONG, [AC_MSG_CHECKING(for long long support) -AC_TRY_LINK(, [long long foo = 1000; foo /= 10;], AC_DEFINE(HAVE_LONG_LONG) -[AC_TRY_RUN([main() {if (sizeof(long long) == sizeof(long)) exit(0); else exit(1);}], AC_DEFINE(LONG_IS_QUAD))] -AC_MSG_RESULT(yes), AC_MSG_RESULT(no))]) Index: usr.bin/sudo/alloc.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/alloc.c,v retrieving revision 1.2 diff -u -r1.2 alloc.c --- usr.bin/sudo/alloc.c 5 Jun 2000 14:01:15 -0000 1.2 +++ usr.bin/sudo/alloc.c 16 Jan 2002 19:09:13 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999-2002 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,36 +34,35 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) -#include +# include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ -#include -#include #include "sudo.h" -#ifndef STDC_HEADERS -#if !defined(__GNUC__) && !defined(HAVE_MALLOC_H) -extern VOID *malloc __P((size_t)); -#endif /* !__GNUC__ && !HAVE_MALLOC_H */ -#endif /* !STDC_HEADERS */ - -extern char **Argv; /* from sudo.c */ - #ifndef lint -static const char rcsid[] = "$Sudo: alloc.c,v 1.8 1999/07/31 16:19:44 millert Exp $"; +static const char rcsid[] = "$Sudo: alloc.c,v 1.11 2002/01/09 16:56:04 millert Exp $"; #endif /* lint */ +extern char **Argv; /* from sudo.c */ /* * emalloc() calls the system malloc(3) and exits with an error if @@ -75,7 +74,7 @@ { VOID *ptr; - if ((ptr = malloc(size)) == NULL) { + if ((ptr = (VOID *) malloc(size)) == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -93,7 +92,8 @@ size_t size; { - if ((ptr = ptr ? realloc(ptr, size) : malloc(size)) == NULL) { + ptr = ptr ? (VOID *) realloc(ptr, size) : (VOID *) malloc(size); + if (ptr == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } Index: usr.bin/sudo/check.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/check.c,v retrieving revision 1.5 diff -u -r1.5 check.c --- usr.bin/sudo/check.c 30 Mar 2001 13:56:57 -0000 1.5 +++ usr.bin/sudo/check.c 16 Jan 2002 19:09:13 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994-1996,1998-1999 Todd C. Miller + * Copyright (c) 1993-1996,1998-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,34 +34,40 @@ #include "config.h" +#include +#include +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include #include #include -#include -#include -#include -#include #include #include #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: check.c,v 1.194 2000/02/15 23:36:03 millert Exp $"; +static const char rcsid[] = "$Sudo: check.c,v 1.202 2001/12/14 19:52:47 millert Exp $"; #endif /* lint */ /* Status codes for timestamp_status() */ @@ -226,10 +232,10 @@ struct group *grp; char **gr_mem; - if (!def_str(I_EXEMPT_GRP)) + if (!def_str(I_EXEMPT_GROUP)) return(FALSE); - if (!(grp = getgrnam(def_str(I_EXEMPT_GRP)))) + if (!(grp = getgrnam(def_str(I_EXEMPT_GROUP)))) return(FALSE); if (user_gid == grp->gr_gid) @@ -424,24 +430,29 @@ * If the file/dir exists, check its mtime. */ if (status == TS_OLD) { - now = time(NULL); - if (def_ival(I_TS_TIMEOUT) && - now - sb.st_mtime < 60 * def_ival(I_TS_TIMEOUT)) { - /* - * Check for bogus time on the stampfile. The clock may - * have been set back or someone could be trying to spoof us. - */ - if (sb.st_mtime > now + 60 * def_ival(I_TS_TIMEOUT) * 2) { - log_error(NO_EXIT, - "timestamp too far in the future: %20.20s", - 4 + ctime(&sb.st_mtime)); - if (timestampfile) - (void) unlink(timestampfile); - else - (void) rmdir(timestampdir); - status = TS_MISSING; - } else - status = TS_CURRENT; + /* Negative timeouts only expire manually (sudo -k). */ + if (def_ival(I_TIMESTAMP_TIMEOUT) < 0 && sb.st_mtime != 0) + status = TS_CURRENT; + else { + now = time(NULL); + if (def_ival(I_TIMESTAMP_TIMEOUT) && + now - sb.st_mtime < 60 * def_ival(I_TIMESTAMP_TIMEOUT)) { + /* + * Check for bogus time on the stampfile. The clock may + * have been set back or someone could be trying to spoof us. + */ + if (sb.st_mtime > now + 60 * def_ival(I_TIMESTAMP_TIMEOUT) * 2) { + log_error(NO_EXIT, + "timestamp too far in the future: %20.20s", + 4 + ctime(&sb.st_mtime)); + if (timestampfile) + (void) unlink(timestampfile); + else + (void) rmdir(timestampdir); + status = TS_MISSING; + } else + status = TS_CURRENT; + } } } Index: usr.bin/sudo/compat.h =================================================================== RCS file: /cvs/src/usr.bin/sudo/compat.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 compat.h --- usr.bin/sudo/compat.h 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/compat.h 16 Jan 2002 19:09:13 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller + * Copyright (c) 1996, 1998-2002 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: compat.h,v 1.54 1999/10/08 01:12:49 millert Exp $ + * $Sudo: compat.h,v 1.62 2002/01/08 15:00:18 millert Exp $ */ #ifndef _SUDO_COMPAT_H @@ -145,7 +145,30 @@ #endif /* - * Emulate seteuid() for HP-UX via setresuid(2) and seteuid(2) for others. + * Simple isblank() macro for systems without it. + */ +#ifndef HAVE_ISBLANK +# define isblank(_x) ((_x) == ' ' || (_x) == '\t') +#endif + +/* + * Old BSD systems lack strchr(), strrchr(), memset() and memcpy() + */ +#if !defined(HAVE_STRCHR) && !defined(strchr) +# define strchr(_s, _c) index(_s, _c) +#endif +#if !defined(HAVE_STRRCHR) && !defined(strrchr) +# define strrchr(_s, _c) rindex(_s, _c) +#endif +#if !defined(HAVE_MEMCPY) && !defined(memcpy) +# define memcpy(_d, _s, _n) (bcopy(_s, _d, _n)) +#endif +#if !defined(HAVE_MEMSET) && !defined(memset) +# define memset(_s, _x, _n) (bzero(_s, _n)) +#endif + +/* + * Emulate sete[ug]id() via setres[ug]id(2) or setre[ug]id(2) */ #ifndef HAVE_SETEUID # ifdef __hpux @@ -154,6 +177,29 @@ # define seteuid(_EUID) (setreuid((uid_t) -1, _EUID)) # endif /* __hpux */ #endif /* HAVE_SETEUID */ +#ifndef HAVE_SETEGID +# ifdef __hpux +# define setegid(_EGID) (setresgid((gid_t) -1, _EGID, (gid_t) -1)) +# else +# define setegid(_EGID) (setregid((gid_t) -1, _EGID)) +# endif /* __hpux */ +#endif /* HAVE_SETEGID */ + +/* + * Emulate setreuid() for HP-UX via setresuid(2) + */ +#if !defined(HAVE_SETREUID) && defined(__hpux) +# define setreuid(_RUID, _EUID) (setresuid(_RUID, _EUID, (uid_t) -1)) +# define HAVE_SETREUID +#endif /* !HAVE_SETEUID && __hpux */ + +/* + * NCR's SVr4 has _innetgr(3) instead of innetgr(3) for some reason. + */ +#ifdef HAVE__INNETGR +# define innetgr(n, h, u, d) (_innetgr(n, h, u, d)) +# define HAVE_INNETGR 1 +#endif /* HAVE__INNETGR */ /* * On POSIX systems, O_NOCTTY is the default so some OS's may lack this define. @@ -161,5 +207,42 @@ #ifndef O_NOCTTY # define O_NOCTTY 0 #endif /* O_NOCTTY */ + +/* + * Emulate POSIX signals via sigvec(2) + */ +#ifndef HAVE_SIGACTION +# define SA_ONSTACK SV_ONSTACK +# define SA_RESTART SV_INTERRUPT /* opposite effect */ +# define SA_RESETHAND SV_RESETHAND +# define sa_handler sv_handler +# define sa_mask sv_mask +# define sa_flags sv_flags +typedef struct sigvec sigaction_t; +typedef int sigset_t; +int sigaction __P((int sig, const sigaction_t *act, sigaction_t *oact)); +int sigemptyset __P((sigset_t *)); +int sigfillset __P((sigset_t *)); +int sigaddset __P((sigset_t *, int)); +int sigdelset __P((sigset_t *, int)); +int sigismember __P((sigset_t *, int)); +int sigprocmask __P((int, const sigset_t *, sigset_t *)); +#endif + +/* + * Extra sugar for POSIX signals to deal with the above emulation + * as well as the fact that SunOS has a SA_INTERRUPT flag. + */ +#ifdef HAVE_SIGACTION +# ifndef HAVE_SIGACTION_T +typedef struct sigaction sigaction_t; +# endif +# ifndef SA_INTERRUPT +# define SA_INTERRUPT 0 +# endif +# ifndef SA_RESTART +# define SA_RESTART 0 +# endif +#endif #endif /* _SUDO_COMPAT_H */ Index: usr.bin/sudo/config.guess =================================================================== RCS file: /cvs/src/usr.bin/sudo/config.guess,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 config.guess --- usr.bin/sudo/config.guess 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/config.guess 16 Jan 2002 19:09:13 -0000 @@ -1,7 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. -# +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +# Free Software Foundation, Inc. + +timestamp='2001-07-12' + # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or @@ -22,58 +25,259 @@ # the same distribution terms that you use for the rest of that program. # Written by Per Bothner . -# The master version of this file is at the FSF in /home/gd/gnu/lib. +# Please send patches to . # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # The plan is that this can be called by configure scripts if you -# don't specify an explicit system type (host/target name). -# -# Only a few systems have been added to this list; please add others -# (but try to keep the structure clean). -# +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + + +dummy=dummy-$$ +trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int dummy(){}" > $dummy.c ; + for c in cc gcc c89 ; do + ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; + if test $? = 0 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + rm -f $dummy.c $dummy.o $dummy.rel ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. -# (ghazi@noc.rutgers.edu 8/24/94.) +# (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 - # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # Netbsd (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # Determine the machine/vendor (is the vendor relevant). + case "${UNAME_MACHINE}" in + amiga) machine=m68k-unknown ;; + arm32) machine=arm-unknown ;; + atari*) machine=m68k-atari ;; + sun3*) machine=m68k-sun ;; + mac68k) machine=m68k-apple ;; + macppc) machine=powerpc-apple ;; + hp3[0-9][05]) machine=m68k-hp ;; + ibmrt|romp-ibm) machine=romp-ibm ;; + *) machine=${UNAME_MACHINE}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE}" in + i386|sparc|amiga|arm*|hp300|mvme68k|vax|atari|luna68k|mac68k|news68k|next68k|pc532|sun3*|x68k) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit 0 ;; alpha:OSF1:*:*) + if test $UNAME_RELEASE = "V4.0"; then + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + fi # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` + cat <$dummy.s + .data +\$Lformat: + .byte 37,100,45,37,120,10,0 # "%d-%x\n" + + .text + .globl main + .align 4 + .ent main +main: + .frame \$30,16,\$26,0 + ldgp \$29,0(\$27) + .prologue 1 + .long 0x47e03d80 # implver \$0 + lda \$2,-1 + .long 0x47e20c21 # amask \$2,\$1 + lda \$16,\$Lformat + mov \$0,\$17 + not \$1,\$18 + jsr \$26,printf + ldgp \$29,0(\$26) + mov 0,\$16 + jsr \$26,exit + .end main +EOF + eval $set_cc_for_build + $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null + if test "$?" = 0 ; then + case `./$dummy` in + 0-0) + UNAME_MACHINE="alpha" + ;; + 1-0) + UNAME_MACHINE="alphaev5" + ;; + 1-1) + UNAME_MACHINE="alphaev56" + ;; + 1-101) + UNAME_MACHINE="alphapca56" + ;; + 2-303) + UNAME_MACHINE="alphaev6" + ;; + 2-307) + UNAME_MACHINE="alphaev67" + ;; + esac + fi + rm -f $dummy.s $dummy + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit 0 ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix exit 0 ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit 0 ;; Amiga*:UNIX_System_V:4.0:*) - echo m68k-cbm-sysv4 + echo m68k-unknown-sysv4 exit 0;; - amiga:NetBSD:*:*) - echo m68k-cbm-netbsd${UNAME_RELEASE} - exit 0 ;; amiga:OpenBSD:*:*) - echo m68k-cbm-openbsd${UNAME_RELEASE} - exit 0 ;; + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit 0 ;; + arc64:OpenBSD:*:*) + echo mips64el-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + arc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hkmips:OpenBSD:*:*) + echo mips-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + pmax:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mips-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + wgrisc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit 0 ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit 0;; - Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 @@ -81,9 +285,12 @@ echo pyramid-pyramid-bsd fi exit 0 ;; - NILE:*:*:dcosx) + NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit 0 ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; @@ -108,26 +315,61 @@ sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit 0 ;; - atari*:NetBSD:*:*) - echo m68k-atari-netbsd${UNAME_RELEASE} - exit 0 ;; atari*:OpenBSD:*:*) - echo m68k-atari-openbsd${UNAME_RELEASE} + echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; - sun3*:NetBSD:*:*) - echo m68k-sun-netbsd${UNAME_RELEASE} + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; - sun3*:OpenBSD:*:*) - echo m68k-sun-openbsd${UNAME_RELEASE} + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; - mac68k:NetBSD:*:*) - echo m68k-apple-netbsd${UNAME_RELEASE} + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; + sun3*:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; mac68k:OpenBSD:*:*) - echo m68k-apple-openbsd${UNAME_RELEASE} + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} @@ -141,9 +383,17 @@ VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit 0 ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; mips:*:*:UMIPS | mips:*:*:RISCos) - sed 's/^ //' << EOF >dummy.c - int main (argc, argv) int argc; char **argv; { + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); @@ -158,12 +408,16 @@ exit (-1); } EOF - ${CC-cc} dummy.c -o dummy \ - && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ - && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy + eval $set_cc_for_build + $CC_FOR_BUILD $dummy.c -o $dummy \ + && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && rm -f $dummy.c $dummy && exit 0 + rm -f $dummy.c $dummy echo mips-mips-riscos${UNAME_RELEASE} exit 0 ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit 0 ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit 0 ;; @@ -179,15 +433,18 @@ AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ - -o ${TARGET_BINARY_INTERFACE}x = x ] ; then + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then echo m88k-dg-dgux${UNAME_RELEASE} - else + else echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} fi - else echo i586-dg-dgux${UNAME_RELEASE} - fi exit 0 ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 @@ -208,12 +465,20 @@ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i?86:AIX:*:*) + i*86:AIX:*:*) echo i386-ibm-aix exit 0 ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit 0 ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - sed 's/^ //' << EOF >dummy.c + sed 's/^ //' << EOF >$dummy.c #include main() @@ -224,8 +489,9 @@ exit(0); } EOF - ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy + eval $set_cc_for_build + $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0 + rm -f $dummy.c $dummy echo rs6000-ibm-aix3.2.5 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 @@ -233,8 +499,9 @@ echo rs6000-ibm-aix3.2 fi exit 0 ;; - *:AIX:*:4) - if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc @@ -242,7 +509,7 @@ if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else - IBM_REV=4.${UNAME_RELEASE} + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit 0 ;; @@ -252,7 +519,7 @@ ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit 0 ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit 0 ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) @@ -267,18 +534,76 @@ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit 0 ;; - 9000/[3478]??:HP-UX:*:*) + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; - 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; - 9000/8?? ) HP_ARCH=hppa1.0 ;; + 9000/[678][0-9][0-9]) + case "${HPUX_REV}" in + 11.[0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + esac ;; + esac + fi ;; + esac + if [ "${HP_ARCH}" = "" ]; then + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + eval $set_cc_for_build + (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null ) && HP_ARCH=`./$dummy` + if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi + rm -f $dummy.c $dummy + fi ;; esac - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit 0 ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit 0 ;; 3050*:HI-UX:*:*) - sed 's/^ //' << EOF >dummy.c + sed 's/^ //' << EOF >$dummy.c #include int main () @@ -303,8 +628,9 @@ exit (0); } EOF - ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy + eval $set_cc_for_build + $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0 + rm -f $dummy.c $dummy echo unknown-hitachi-hiuxwe2 exit 0 ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) @@ -313,13 +639,16 @@ 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit 0 ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit 0 ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit 0 ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit 0 ;; - i?86:OSF1:*:*) + i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else @@ -329,6 +658,9 @@ parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit 0 ;; + hppa*:OpenBSD:*:*) + echo hppa-unknown-openbsd + exit 0 ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit 0 ;; @@ -351,112 +683,225 @@ echo xmp-cray-unicos exit 0 ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3D:*:*:*) + echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; CRAY-2:*:*:*) echo cray2-cray-unicos exit 0 ;; - F300:UNIX_System_V:*:*) - FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit 0 ;; - F301:UNIX_System_V:*:*) - echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` - exit 0 ;; - hp3[0-9][05]:NetBSD:*:*) - echo m68k-hp-netbsd${UNAME_RELEASE} - exit 0 ;; - hp3[0-9][05]:OpenBSD:*:*) - echo m68k-hp-openbsd${UNAME_RELEASE} + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} exit 0 ;; - i?86:BSD/386:*:* | *:BSD/OS:*:*) + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit 0 ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; *:FreeBSD:*:*) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit 0 ;; - *:NetBSD:*:*) - echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - exit 0 ;; *:OpenBSD:*:*) echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` exit 0 ;; i*:CYGWIN*:*) - echo i386-pc-cygwin32 + echo ${UNAME_MACHINE}-pc-cygwin + exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit 0 ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i386-pc-interix + exit 0 ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin exit 0 ;; p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin32 + echo powerpcle-unknown-cygwin exit 0 ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; *:GNU:*:*) - echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit 0 ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux + exit 0 ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + mips:Linux:*:*) + case `sed -n '/^byte/s/^.*: \(.*\) endian/\1/p' < /proc/cpuinfo` in + big) echo mips-unknown-linux-gnu && exit 0 ;; + little) echo mipsel-unknown-linux-gnu && exit 0 ;; + esac + ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit 0 ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev67 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit 0 ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit 0 ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit 0 ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit 0 ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu exit 0 ;; - *:Linux:*:*) + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit 0 ;; + i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so - # first see if it will tell us. - ld_help_string=`ld --help 2>&1` - if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then - echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then - echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then - echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then - echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then - echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 - elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then - echo "powerpc-unknown-linux-gnu" ; exit 0 - elif test "${UNAME_MACHINE}" = "alpha" ; then - echo alpha-unknown-linux-gnu ; exit 0 - elif test "${UNAME_MACHINE}" = "sparc" ; then - echo sparc-unknown-linux-gnu ; exit 0 - else - # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us - # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. - test ! -d /usr/lib/ldscripts/. \ - && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 - # Determine whether the default compiler is a.out or elf - cat >dummy.c <&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit 0 ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit 0 ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit 0 ;; + esac + # Determine whether the default compiler is a.out or elf + cat >$dummy.c < +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif #ifdef __ELF__ - printf ("%s-pc-linux-gnu\n", argv[1]); +# ifdef __GLIBC__ +# if __GLIBC__ >= 2 + printf ("%s-pc-linux-gnu\n", argv[1]); +# else + printf ("%s-pc-linux-gnulibc1\n", argv[1]); +# endif +# else + printf ("%s-pc-linux-gnulibc1\n", argv[1]); +# endif #else printf ("%s-pc-linux-gnuaout\n", argv[1]); #endif return 0; } EOF - ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 - rm -f dummy.c dummy - fi ;; -# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions -# are messed up and put the nodename in both sysname and nodename. - i?86:DYNIX/ptx:4*:*) + eval $set_cc_for_build + $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm -f $dummy.c $dummy && exit 0 + rm -f $dummy.c $dummy + test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. echo i386-sequent-sysv4 exit 0 ;; - i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit 0 ;; - i?86:*:3.2:*) + i*86:*:5:[78]*) + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit 0 ;; + i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 + (/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit 0 ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit 0 ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit 0 ;; @@ -489,7 +947,7 @@ exit 0 ;; M68*:*:R3V[567]*:*) test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; - 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) + 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` @@ -500,25 +958,31 @@ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4 && exit 0 ;; - m68*:LynxOS:2.*:*) + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit 0 ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit 0 ;; - i?86:LynxOS:2.*:*) + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit 0 ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit 0 ;; - rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) + rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit 0 ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit 0 ;; - RM*:SINIX-*:*:* | RM*:ReliantUNIX-*:*:*) + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; *:SINIX-*:*:*) @@ -529,6 +993,10 @@ echo ns32k-sni-sysv fi exit 0 ;; + PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm @@ -541,23 +1009,101 @@ mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit 0 ;; - R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit 0 ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit 0 ;; - PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit 0 ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit 0 ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit 0 ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit 0 ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit 0 ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Darwin:*:*) + echo `uname -p`-apple-darwin${UNAME_RELEASE} + exit 0 ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + if test "${UNAME_MACHINE}" = "x86pc"; then + UNAME_MACHINE=pc + fi + echo `uname -p`-${UNAME_MACHINE}-nto-qnx + exit 0 ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit 0 ;; + NSR-[KW]:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit 0 ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit 0 ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit 0 ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit 0 ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit 0 ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit 0 ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit 0 ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit 0 ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit 0 ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit 0 ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit 0 ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit 0 ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 -cat >dummy.c <$dummy.c < # include @@ -595,7 +1141,10 @@ #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif @@ -640,11 +1189,24 @@ #endif #if defined (vax) -#if !defined (ultrix) - printf ("vax-dec-bsd\n"); exit (0); -#else - printf ("vax-dec-ultrix\n"); exit (0); -#endif +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif #endif #if defined (alliant) && defined (i860) @@ -655,8 +1217,9 @@ } EOF -${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 -rm -f dummy.c dummy +eval $set_cc_for_build +$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0 +rm -f $dummy.c $dummy # Apollos put the system type in the environment. @@ -688,6 +1251,48 @@ esac fi -#echo '(Unable to guess system type)' 1>&2 +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: Index: usr.bin/sudo/config.h.in =================================================================== RCS file: /cvs/src/usr.bin/sudo/config.h.in,v retrieving revision 1.5 diff -u -r1.5 config.h.in --- usr.bin/sudo/config.h.in 21 Nov 2000 17:58:43 -0000 1.5 +++ usr.bin/sudo/config.h.in 17 Jan 2002 01:05:35 -0000 @@ -1,527 +1,532 @@ -/* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * 4. Products derived from this software may not be called "Sudo" nor - * may "Sudo" appear in their names without specific prior written - * permission from the author. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Sudo: config.h.in,v 1.144 2000/03/07 04:29:42 millert Exp $ - */ - -/* - * config.h -- You shouldn't edit this by hand unless you are - * NOT using configure. - */ +/* config.h.in. Generated automatically from configure.in by autoheader. */ #ifndef _SUDO_CONFIG_H #define _SUDO_CONFIG_H -/* New ANSI-style OS defs. */ -#if defined(hpux) && !defined(__hpux) -# define __hpux 1 -#endif /* hpux */ +/* Define if the `syslog' function returns a non-zero int to denote failure. + */ +#undef BROKEN_SYSLOG -#if defined(convex) && !defined(__convex__) -# define __convex__ 1 -#endif /* convex */ +/* Define if you want the insults from the "classic" version sudo. */ +#undef CLASSIC_INSULTS -/* Define if on AIX 3. - System headers sometimes define this. - We just want to avoid a redefinition error message. */ -#ifndef _ALL_SOURCE -#undef _ALL_SOURCE -#endif +/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP + systems. This function is required for `alloca.c' support on those systems. + */ +#undef CRAY_STACKSEG_END -/* Define if on ConvexOs. - System headers sometimes define this. - We just want to avoid a redefinition error message. */ -#ifndef _CONVEX_SOURCE -#undef _CONVEX_SOURCE -#endif +/* Define if you want insults culled from the twisted minds of CSOps. */ +#undef CSOPS_INSULTS -/* Define if needed to get POSIX functionality. - System headers sometimes define this. - We just want to avoid a redefinition error message. */ -#ifndef _POSIX_SOURCE -#undef _POSIX_SOURCE -#endif +/* Define if using `alloca.c'. */ +#undef C_ALLOCA -/* Define if needed to get GNU extensions on Linux. - System headers sometimes define this. - We just want to avoid a redefinition error message. */ -#ifndef _GNU_SOURCE -#undef _GNU_SOURCE -#endif +/* Define if you want sudo to display "command not allowed" instead of + "command not found" when a command cannot be found. */ +#undef DONT_LEAK_PATH_INFO -/* Define to `int' if doesn't define. */ -#undef uid_t +/* A colon-separated list of pathnames to be used as the editor for visudo. */ +#undef EDITOR -/* Define to `int' if doesn't define. */ -#undef gid_t +/* Define if you want visudo to honor the EDITOR and VISUAL env variables. */ +#undef ENV_EDITOR -/* Define to `int' if doesn't define. */ -#undef mode_t +/* If defined, users in this group need not enter a passwd (ie "sudo"). */ +#undef EXEMPTGROUP -/* Define to `unsigned' if doesn't define. */ -#undef size_t +/* Define if you want to require fully qualified hosts in sudoers. */ +#undef FQDN -/* Define to `int' if doesn't define. */ -#undef ssize_t +/* Define if you want insults from the "Goon Show". */ +#undef GOONS_INSULTS -/* Define to `int' if doesn't define. */ -#undef dev_t +/* Define if you want 2001-like insults. */ +#undef HAL_INSULTS -/* Define to `unsigned int' if doesn't define. */ -#undef ino_t +/* Define if you use AFS. */ +#undef HAVE_AFS -/* Define to be nil if C compiler doesn't support "const." */ -#undef const +/* Define if you have `alloca', as a function or macro. */ +#undef HAVE_ALLOCA -/* Define if your compiler supports the "long long" type. */ -#undef HAVE_LONG_LONG +/* Define if you have and it should be used (not on Ultrix). */ +#undef HAVE_ALLOCA_H -/* Define if sizeof(long) == sizeof(long long). */ -#undef LONG_IS_QUAD +/* Define if you have the `asprintf' function. */ +#undef HAVE_ASPRINTF -/* Solaris doesn't use const qualifiers in PAM. */ -#ifdef sun -#define PAM_CONST -#else -#define PAM_CONST const -#endif +/* Define if you use AIX general authentication. */ +#undef HAVE_AUTHENTICATE -/* Define as the return type of signal handlers (int or void). */ -#undef RETSIGTYPE +/* Define if you have the `bigcrypt' function. */ +#undef HAVE_BIGCRYPT -/* Define if you have the ANSI C header files. */ -#undef STDC_HEADERS +/* Define if you use BSD authentication. */ +#undef HAVE_BSD_AUTH_H -/* Define if you want to use execv() instead of execvp(). */ -#undef USE_EXECV +/* Define if you use OSF DCE. */ +#undef HAVE_DCE -/* Define if you have POSIX signals. */ -#undef HAVE_SIGACTION -#ifdef HAVE_SIGACTION -# define POSIX_SIGNALS -#endif /* HAVE_SIGACTION */ +/* Define if you have the header file, and it defines `DIR'. */ +#undef HAVE_DIRENT_H -/* Define if you have tzset(3). */ -#undef HAVE_TZSET +/* Define if you have the `dispcrypt' function. */ +#undef HAVE_DISPCRYPT -/* Define if you have getcwd(3). */ -#undef HAVE_GETCWD +/* Define if you have the `flock' function. */ +#undef HAVE_FLOCK -/* Define if you have fnmatch(3). */ +/* Define if you have the `fnmatch' function. */ #undef HAVE_FNMATCH -/* Define if you have lsearch(3). */ -#undef HAVE_LSEARCH +/* Define if you have the `fstat' function. */ +#undef HAVE_FSTAT -/* Define if you have strchr(3). */ -#undef HAVE_STRCHR -#if !defined(HAVE_STRCHR) && !defined(strchr) -# define strchr index -#endif +/* Define if you use the FWTK authsrv daemon. */ +#undef HAVE_FWTK -/* Define if you have strrchr(3). */ -#undef HAVE_STRRCHR -#if !defined(HAVE_STRRCHR) && !defined(strrchr) -# define strrchr rindex -#endif +/* Define if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords) + */ +#undef HAVE_GETAUTHUID -/* Define if you have memchr(3). */ -#undef HAVE_MEMCHR +/* Define if you have the `getcwd' function. */ +#undef HAVE_GETCWD -/* Define if you have memcpy(3). */ -#undef HAVE_MEMCPY -#if !defined(HAVE_MEMCPY) && !defined(memcpy) -# define memcpy(D, S, L) (bcopy(S, D, L)) -#endif +/* Define if you have the `getdomainname' function. */ +#undef HAVE_GETDOMAINNAME -/* Define if you have memset(3). */ -#undef HAVE_MEMSET -#if !defined(HAVE_MEMSET) && !defined(memset) -# define memset(S, X, N) (bzero(S, N)) -#endif +/* Define if you have the `getifaddrs' function. */ +#undef HAVE_GETIFADDRS -/* Define if you have sysconf(3c). */ -#undef HAVE_SYSCONF +/* Define if you have the `getprpwnam' function. (SecureWare-style shadow + passwords) */ +#undef HAVE_GETPRPWNAM -/* Define if you have putenv(3). */ -#undef HAVE_PUTENV +/* Define if you have the `getpwanam' function. (SunOS 4.x shadow passwords) + */ +#undef HAVE_GETPWANAM -/* Define if you have setenv(3). */ -#undef HAVE_SETENV +/* Define if you have the `getspnam' function (SVR4-style shadow passwords) */ +#undef HAVE_GETSPNAM -/* Define if you have strcasecmp(3). */ -#undef HAVE_STRCASECMP +/* Define if you have the `getspwuid' function. (HP-UX <= 9.X shadow + passwords) */ +#undef HAVE_GETSPWUID + +/* Define if you have the `initgroups' function. */ +#undef HAVE_INITGROUPS -/* Define if you have tcgetattr(3). */ -#undef HAVE_TCGETATTR +/* Define if you have the `initprivs' function. */ +#undef HAVE_INITPRIVS -/* Define if you have innetgr(3). */ +/* Define if you have the `innetgr' function. */ #undef HAVE_INNETGR -/* Define if you have initgroups(3). */ -#undef HAVE_INITGROUPS +/* Define if you have the header file. */ +#undef HAVE_INTTYPES_H -/* Define if you have getdomainname(2). */ -#undef HAVE_GETDOMAINNAME +/* Define if you have isblank(3). */ +#undef HAVE_ISBLANK -/* Define if you have utime(2). */ -#undef HAVE_UTIME +/* Define if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow + enabled) */ +#undef HAVE_ISCOMSEC -/* Define if you have a POSIX utime() (uses struct utimbuf) */ -#undef HAVE_UTIME_POSIX +/* Define if you have the `issecure' function. (SunOS 4.x check for shadow + enabled) */ +#undef HAVE_ISSECURE -/* Define if you have bigcrypt(3). */ -#undef HAVE_BIGCRYPT +/* Define if you use Kerberos IV. */ +#undef HAVE_KERB4 -/* Define if you have set_auth_parameters(3). */ -#undef HAVE_SET_AUTH_PARAMETERS +/* Define if you use Kerberos V. */ +#undef HAVE_KERB5 -/* Define if you have initprivs(3). */ -#undef HAVE_INITPRIVS +/* Define if you have the `lockf' function. */ +#undef HAVE_LOCKF -/* Define if you have dispcrypt(3). */ -#undef HAVE_DISPCRYPT +/* Define if you have the header file. */ +#undef HAVE_LOGIN_CAP_H -/* Define if you have getspnam(3). [SVR4-style shadow passwords] */ -#undef HAVE_GETSPNAM +/* Define if your compiler supports the "long long" type. */ +#undef HAVE_LONG_LONG -/* Define if you have getprpwnam(3). [SecureWare-style shadow passwords] */ -#undef HAVE_GETPRPWNAM +/* Define if you have the `lsearch' function. */ +#undef HAVE_LSEARCH -/* Define if you have iscomsec(3). [HP-UX >= 10.x check for shadow enabled] */ -#undef HAVE_ISCOMSEC +/* Define if you have the header file. */ +#undef HAVE_MALLOC_H -/* Define if you have getspwuid(3). [HP-UX <= 9.X shadow passwords] */ -#undef HAVE_GETSPWUID +/* Define if you have the `memchr' function. */ +#undef HAVE_MEMCHR -/* Define if you have getpwanam(3). [SunOS 4.x shadow passwords] */ -#undef HAVE_GETPWANAM +/* Define if you have the `memcpy' function. */ +#undef HAVE_MEMCPY -/* Define if you have issecure(3). [SunOS 4.x check for shadow enabled] */ -#undef HAVE_ISSECURE +/* Define if you have the header file. */ +#undef HAVE_MEMORY_H -/* Define if you have getauthuid(3). [ULTRIX 4.x shadow passwords] */ -#undef HAVE_GETAUTHUID +/* Define if you have the `memset' function. */ +#undef HAVE_MEMSET -/* Define if you have seteuid(3). */ -#undef HAVE_SETEUID +/* Define if you have the header file, and it defines `DIR'. */ +#undef HAVE_NDIR_H -/* Define if you have waitpid(2). */ -#undef HAVE_WAITPID +/* Define if you have the header file. */ +#undef HAVE_NETGROUP_H -/* Define if you have wait3(2). */ -#undef HAVE_WAIT3 +/* Define if you use NRL OPIE. */ +#undef HAVE_OPIE -/* Define if you have strerror(3). */ -#undef HAVE_STRERROR +/* Define if you use PAM. */ +#undef HAVE_PAM -/* Define if you have lockf(3). */ -#undef HAVE_LOCKF +/* Define if you have the header file. */ +#undef HAVE_PATHS_H -/* Define if you have flock(2). */ -#undef HAVE_FLOCK +/* Define if your struct sockadr has an sa_len field. */ +#undef HAVE_SA_LEN -/* Define if you have fstat(2). */ -#undef HAVE_FSTAT +/* Define if you use SecurID. */ +#undef HAVE_SECURID -/* Define if you have setrlimit(2). */ +/* Define if you have the `setegid' function. */ +#undef HAVE_SETEGID + +/* Define if you have the `seteuid' function. */ +#undef HAVE_SETEUID + +/* Define if you have the `setreuid' function. */ +#undef HAVE_SETREUID + +/* Define if you have the `setrlimit' function. */ #undef HAVE_SETRLIMIT -/* Define if you have strftime(2). */ -#undef HAVE_STRFTIME +/* Define if you have the `set_auth_parameters' function. */ +#undef HAVE_SET_AUTH_PARAMETERS -/* Define if you have snprintf(3). */ -#undef HAVE_SNPRINTF +/* Define if you use SIA. */ +#undef HAVE_SIA -/* Define if you have vsnprintf(3). */ -#undef HAVE_VSNPRINTF +/* Define if you have the `sigaction' function. */ +#undef HAVE_SIGACTION -/* Define if you have asprintf(3). */ -#undef HAVE_ASPRINTF +/* Define if has the sigaction_t typedef. */ +#undef HAVE_SIGACTION_T -/* Define if you have vasprintf(3). */ -#undef HAVE_VASPRINTF +/* Define if the system has the type `sig_atomic_t'. */ +#undef HAVE_SIG_ATOMIC_T -/* Define if you have the header file. */ -#undef HAVE_MALLOC_H +/* Define if you use S/Key. */ +#undef HAVE_SKEY -/* Define if you have the header file. */ -#undef HAVE_ALLOCA_H +/* Define if your S/Key library has skeyaccess(). */ +#undef HAVE_SKEYACCESS -/* Define if you have the header file. */ -#undef HAVE_PATHS_H +/* Define if you have the `snprintf' function. */ +#undef HAVE_SNPRINTF -/* Define if you have the header file. */ -#undef HAVE_STRING_H +/* Define if you have the header file. */ +#undef HAVE_STDINT_H -/* Define if you have the header file but no . */ -#ifndef HAVE_STRING_H -#undef HAVE_STRINGS_H -#endif /* !HAVE_STRING_H */ +/* Define if you have the header file. */ +#undef HAVE_STDLIB_H -/* Define your flavor of dir entry header file. */ -#undef HAVE_DIRENT_H -#undef HAVE_SYS_NDIR_H -#undef HAVE_SYS_DIR_H -#undef HAVE_NDIR_H +/* Define if you have the `strcasecmp' function. */ +#undef HAVE_STRCASECMP -/* Define if you have the header file. */ -#undef HAVE_UTIME_H +/* Define if you have the `strchr' function. */ +#undef HAVE_STRCHR -/* Define if you have the header file. */ -#undef HAVE_UNISTD_H +/* Define if you have the `strerror' function. */ +#undef HAVE_STRERROR -/* Define if you have the header file. */ -#undef HAVE_NETGROUP_H +/* Define if you have the `strftime' function. */ +#undef HAVE_STRFTIME -/* Define if you have the header file. */ -#undef HAVE_TERMIO_H +/* Define if you have the header file. */ +#undef HAVE_STRINGS_H -/* Define if you have the header file and tcgetattr(3). */ -#ifdef HAVE_TCGETATTR -#undef HAVE_TERMIOS_H -#endif /* HAVE_TCGETATTR */ +/* Define if you have the header file. */ +#undef HAVE_STRING_H -/* Define if you have the header file. */ -#undef HAVE_SYS_SOCKIO_H +/* Define if you have the `strrchr' function. */ +#undef HAVE_STRRCHR -/* Define if you have the header file. */ +/* Define if you have the `sysconf' function. */ +#undef HAVE_SYSCONF + +/* Define if you have the header file. */ #undef HAVE_SYS_BSDTYPES_H -/* Define if you have the header file. */ -#undef HAVE_SYS_SELECT_H +/* Define if you have the header file, and it defines `DIR'. */ +#undef HAVE_SYS_DIR_H -/* Define if your struct sockadr has an sa_len field. */ -#undef HAVE_SA_LEN +/* Define if you have the header file, and it defines `DIR'. */ +#undef HAVE_SYS_NDIR_H -/* Define if you want visudo to honor EDITOR and VISUAL env variables. */ -#undef ENV_EDITOR +/* Define if you have the header file. */ +#undef HAVE_SYS_SELECT_H -/* Define to avoid using the passwd/shadow file for authentication. */ -#undef WITHOUT_PASSWD +/* Define if you have the header file. */ +#undef HAVE_SYS_SOCKIO_H -/* Define to void if your C compiler fully groks void, else char */ -#undef VOID +/* Define if you have the header file. */ +#undef HAVE_SYS_STAT_H -/* Define to the max length of a uid_t in string context (excluding the NUL) */ -#undef MAX_UID_T_LEN +/* Define if you have the header file. */ +#undef HAVE_SYS_TYPES_H -/* Define if your syslog(3) does not guarantee the message will be logged */ -/* and syslog(3) returns non-zero to denote failure */ -#undef BROKEN_SYSLOG +/* Define if you have the header file and the `tcgetattr' + function. */ +#undef HAVE_TERMIOS_H -/* Define if the code in interfaces.c does not compile for you. */ -#undef STUB_LOAD_INTERFACES +/* Define if you have the header file. */ +#undef HAVE_TERMIO_H -/* - * Defaults for options. These may be overridden via a "Defaults" line - * in the sudoers file. - */ +/* Define if you have the `tzset' function. */ +#undef HAVE_TZSET -/* Define if you a different ticket file for each tty. */ -#undef USE_TTY_TICKETS +/* Define if you have the header file. */ +#undef HAVE_UNISTD_H -/* Define if you want to insult the user for entering an incorrect password. */ -#undef USE_INSULTS +/* Define if you have the `utime' function. */ +#undef HAVE_UTIME -/* Define if you want the insults from the "classic" version sudo. */ -#undef CLASSIC_INSULTS +/* Define if you have the header file. */ +#undef HAVE_UTIME_H -/* Define if you want 2001-like insults. */ -#undef HAL_INSULTS +/* Define if you have a POSIX utime() (uses struct utimbuf). */ +#undef HAVE_UTIME_POSIX -/* Define if you want insults from the "Goon Show" */ -#undef GOONS_INSULTS +/* Define if you have the `vasprintf' function. */ +#undef HAVE_VASPRINTF -/* Define if you want insults culled from the twisted minds of CSOps. */ -#undef CSOPS_INSULTS +/* Define if you have the `vsnprintf' function. */ +#undef HAVE_VSNPRINTF -/* Define to override the user's path with a builtin one. */ -#undef SECURE_PATH +/* Define if you have the `wait3' function. */ +#undef HAVE_WAIT3 -/* Define if you want a two line OTP (skey/opie) prompt. */ -#undef LONG_OTP_PROMPT +/* Define if you have the `waitpid' function. */ +#undef HAVE_WAITPID -/* The umask that the root-run prog should use */ -#undef SUDO_UMASK +/* Define if you have the `_innetgr' function. */ +#undef HAVE__INNETGR -/* Define if you want the hostname to be entered into the log file */ +/* Define if you want the hostname to be entered into the log file. */ #undef HOST_IN_LOG -/* Define to be the number of minutes before sudo asks for passwd again. */ -#undef TIMEOUT - -/* Define to be the passwd prompt timeout (in minutes). */ -#undef PASSWORD_TIMEOUT +/* Define if you want to ignore '.' and empty $PATH elements */ +#undef IGNORE_DOT_PATH -/* Define to be the number of tries the user gets to enter the passwd. */ -#undef TRIES_FOR_PASSWORD +/* The message given when a bad password is entered. */ +#undef INCORRECT_PASSWORD -/* Define to be the user sudo should run commands as by default. */ -#undef RUNAS_DEFAULT +/* The syslog facility sudo will use. */ +#undef LOGFAC -/* Define if you want to require fully qualified hosts in sudoers. */ -#undef FQDN +/* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH. */ +#undef LOGGING -/* If defined, users in this group need not enter a passwd (ie "sudo"). */ -#undef EXEMPTGROUP +/* Define if sizeof(long) == sizeof(long long). */ +#undef LONG_IS_QUAD -/* Define to the path of the editor visudo should use. */ -#undef EDITOR +/* Define if you want a two line OTP (S/Key or OPIE) prompt. */ +#undef LONG_OTP_PROMPT -/* Define if root should not be allowed to use sudo. */ -#undef NO_ROOT_SUDO +/* The subject of the mail sent by sudo to the MAILTO user/address. */ +#undef MAILSUBJECT -/* Define to be the user that gets sudo mail. */ +/* The user or email address that sudo mail is sent to. */ #undef MAILTO -/* Define to be the subject of the mail sent to MAILTO by sudo. */ -#undef MAILSUBJECT +/* The max number of chars per log file line (for line wrapping). */ +#undef MAXLOGFILELEN -/* Define to be the message given for a bad password. */ -#undef INCORRECT_PASSWORD +/* Define to the max length of a uid_t in string context (excluding the NUL). + */ +#undef MAX_UID_T_LEN -/* Define to be the password prompt. */ -#undef PASSPROMPT +/* Define if you don't want sudo to prompt for a password by default. */ +#undef NO_AUTHENTICATION -/* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH */ -#undef LOGGING +/* Define if you don't want users to get the lecture the first they user sudo. + */ +#undef NO_LECTURE -/* Define to be the syslog facility to use. */ -#undef LOGFAC +/* Define to avoid runing the mailer as root. */ +#undef NO_ROOT_MAILER -/* Define to be the syslog priority to use for successful attemps. */ -#undef PRI_SUCCESS +/* Define if root should not be allowed to use sudo. */ +#undef NO_ROOT_SUDO + +/* Define to avoid using POSIX saved ids. */ +#undef NO_SAVED_IDS + +/* The default password prompt. */ +#undef PASSPROMPT -/* Define to be the syslog priority to use for unsuccessful attemps/errors. */ +/* The passwd prompt timeout (in minutes). */ +#undef PASSWORD_TIMEOUT + +/* The syslog priority sudo will use for unsuccessful attempts/errors. */ #undef PRI_FAILURE -/* Define to be the max chars per log line (for line wrapping). */ -#undef MAXLOGFILELEN +/* The syslog priority sudo will use for successful attempts. */ +#undef PRI_SUCCESS -/* Define if you want to ignore '.' and '' in $PATH */ -#undef IGNORE_DOT_PATH +/* Define as the return type of signal handlers (`int' or `void'). */ +#undef RETSIGTYPE -/* Define if you want "command not allowed" instead of "command not found" */ -#undef DONT_LEAK_PATH_INFO +/* The user sudo should run commands as by default. */ +#undef RUNAS_DEFAULT -/* Define if you don't want users to get the lecture the first they user sudo */ -#undef NO_LECTURE +/* Define to override the user's path with a builtin one. */ +#undef SECURE_PATH -/* Define SEND_MAIL_WHEN_NO_USER to send mail when user not in sudoers file */ -#undef SEND_MAIL_WHEN_NO_USER +/* Define to send mail when the user is not not allowed to run a command. */ +#undef SEND_MAIL_WHEN_NOT_OK -/* Define SEND_MAIL_WHEN_NO_HOST to send mail when not allowed on this host */ +/* Define to send mail when the user is not not allowed to run sudo on this + host. */ #undef SEND_MAIL_WHEN_NO_HOST -/* Define SEND_MAIL_WHEN_NOT_OK to send mail when not allowed to run command */ -#undef SEND_MAIL_WHEN_NOT_OK +/* Define to send mail when the user is not in the sudoers file. */ +#undef SEND_MAIL_WHEN_NO_USER -/* Define if you want sudo to start a shell if given no arguments. */ +/* Define if you want sudo to start a shell if given no arguments. */ #undef SHELL_IF_NO_ARGS -/* Define if you want sudo to set $HOME in shell mode. */ +/* Define if you want sudo to set /home/millert in shell mode. */ #undef SHELL_SETS_HOME -/* Define if you don't want sudo to prompt for a password by default. */ -#undef NO_AUTHENTICATION +/* If using the C implementation of alloca, define if you know the + direction of stack growth for your system; otherwise it will be + automatically deduced at run-time. + STACK_DIRECTION > 0 => grows toward higher addresses + STACK_DIRECTION < 0 => grows toward lower addresses + STACK_DIRECTION = 0 => direction of growth unknown */ +#undef STACK_DIRECTION +/* Define if you have the ANSI C header files. */ +#undef STDC_HEADERS -/* - * Authentication methods. - */ +/* Define if the code in interfaces.c does not compile for you. */ +#undef STUB_LOAD_INTERFACES -/* Define if you use S/Key. */ -#undef HAVE_SKEY +/* The umask that the root-run prog should use. */ +#undef SUDO_UMASK -/* Define if you use NRL OPIE. */ -#undef HAVE_OPIE +/* The number of minutes before sudo asks for a password again. */ +#undef TIMEOUT -/* Define if you use SecurID. */ -#undef HAVE_SECURID +/* The number of tries a user gets to enter their password. */ +#undef TRIES_FOR_PASSWORD -/* Define if you use AIX general authentication. */ -#undef HAVE_AUTHENTICATE +/* Define if you wish to use execv() instead of execvp() when running + programs. */ +#undef USE_EXECV -/* Define if you use Kerberos IV or Kerberos V < 1.1. */ -#undef HAVE_KERB4 - -/* Define if you use Kerberos V version 1.1 or higher. */ -#undef HAVE_KERB5 +/* Define if you want to insult the user for entering an incorrect password. + */ +#undef USE_INSULTS -/* Define if you use SIA. */ -#undef HAVE_SIA +/* Define if you want a different ticket file for each tty. */ +#undef USE_TTY_TICKETS -/* Define if you use PAM. */ -#undef HAVE_PAM +/* Define to "void" if your compiler supports void pointers, else use "char". + */ +#undef VOID -/* Define if you use AFS. */ -#undef HAVE_AFS +/* Define to avoid using the passwd/shadow file for authentication. */ +#undef WITHOUT_PASSWD -/* Define if you use OSF DCE. */ -#undef HAVE_DCE +/* Enable non-POSIX extensions on AIX. */ +#ifndef _ALL_SOURCE +# undef _ALL_SOURCE +#endif -/* Define if you use the BSD login capabilities database. */ -#undef HAVE_LOGIN_CAP_H +/* Enable non-POSIX extensions on ConvexOS. */ +#ifndef _CONVEX_SOURCE +# undef _CONVEX_SOURCE +#endif -/* Define if you use BSD authentication. */ -#undef HAVE_BSD_AUTH_H +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE 1 +#endif -/* Define if you use the FWTK authsrv daemon. */ -#undef HAVE_FWTK +/* Define if you need to in order for stat and other things to work. */ +#undef _POSIX_SOURCE +/* Define to empty if `const' does not conform to ANSI C. */ +#undef const + +/* Define if your system lacks the dev_t type. */ +#undef dev_t + +/* Define to `int' if doesn't define. */ +#undef gid_t + +/* Define if your system lacks the ino_t type. */ +#undef ino_t + +/* Define to `int' if does not define. */ +#undef mode_t -/********** You probably don't want to modify anything below here ***********/ +/* Define to `int' if does not define. */ +#undef sig_atomic_t + +/* Define if your system lacks the size_t type. */ +#undef size_t + +/* Define if your system lacks the ssize_t type. */ +#undef ssize_t + +/* Define to `int' if doesn't define. */ +#undef uid_t + +/* Define to empty if the keyword `volatile' does not work. Warning: valid + code using `volatile' can become incorrect without. Disable with care. */ +#undef volatile /* * Emulate a subset of waitpid() if we don't have it. */ #ifdef HAVE_WAITPID -# define sudo_waitpid(p, s, o) waitpid(p, s, o) +# define sudo_waitpid(p, s, o) waitpid(p, s, o) +#else +# ifdef HAVE_WAIT3 +# define sudo_waitpid(p, s, o) wait3(s, o, NULL) +# endif +#endif + +/* Solaris doesn't use const qualifiers in PAM. */ +#ifdef sun +# define PAM_CONST #else -# ifdef HAVE_WAIT3 -# define sudo_waitpid(p, s, o) wait3(s, o, NULL) -# endif +# define PAM_CONST const #endif #ifdef USE_EXECV -# define EXEC execv +# define EXEC execv #else -# define EXEC execvp +# define EXEC execvp #endif /* USE_EXECV */ +/* New ANSI-style OS defs for HP-UX and ConvexOS. */ +#if defined(hpux) && !defined(__hpux) +# define __hpux 1 +#endif /* hpux */ + +#if defined(convex) && !defined(__convex__) +# define __convex__ 1 +#endif /* convex */ + +/* BSD compatibility on some SVR4 systems. */ #ifdef __svr4__ -# define BSD_COMP +# define BSD_COMP #endif /* __svr4__ */ #endif /* _SUDO_CONFIG_H */ Index: usr.bin/sudo/config.sub =================================================================== RCS file: /cvs/src/usr.bin/sudo/config.sub,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 config.sub --- usr.bin/sudo/config.sub 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/config.sub 16 Jan 2002 19:09:13 -0000 @@ -1,6 +1,10 @@ #! /bin/sh -# Configuration validation subroutine script, version 1.1. -# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +# Free Software Foundation, Inc. + +timestamp='2001-06-08' + # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. @@ -25,6 +29,8 @@ # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. +# Please send patches to . +# # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. @@ -45,30 +51,73 @@ # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. -if [ x$1 = x ] -then - echo Configuration name missing. 1>&2 - echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 - echo "or $0 ALIAS" 1>&2 - echo where ALIAS is a recognized configuration type. 1>&2 - exit 1 -fi +me=`echo "$0" | sed -e 's,.*/,,'` -# First pass through any local machine types. -case $1 in - *local*) - echo $1 - exit 0 - ;; - *) - ;; +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit 0;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - linux-gnu*) + nto-qnx* | linux-gnu* | storm-chaos* | os2-emx* | windows32-*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; @@ -94,15 +143,33 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple) + -apple | -axis | -sr2201*) + os= + basic_machine=$1 + ;; + -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; -hiux*) os=-hiuxwe2 ;; -sco5) - os=sco3.2v5 + os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) @@ -121,6 +188,9 @@ os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` @@ -143,25 +213,50 @@ -psos*) os=-psos ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. - tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ - | arme[lb] | pyramid \ - | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ - | alpha | we32k | ns16k | clipper | i370 | sh \ - | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ - | pdp11 | mips64el | mips64orion | mips64orionel \ - | sparc | sparclet | sparclite | sparc64) + tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc \ + | arm | arme[lb] | arm[bl]e | armv[2345] | armv[345][lb] | strongarm | xscale \ + | pyramid | mn10200 | mn10300 | tron | a29k \ + | 580 | i960 | h8300 \ + | x86 | ppcbe | mipsbe | mipsle | shbe | shle \ + | hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \ + | hppa64 \ + | alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \ + | alphaev6[78] \ + | we32k | ns16k | clipper | i370 | sh | sh[34] \ + | powerpc | powerpcle \ + | 1750a | dsp16xx | pdp10 | pdp11 \ + | mips16 | mips64 | mipsel | mips64el \ + | mips64orion | mips64orionel | mipstx39 | mipstx39el \ + | mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \ + | mips64vr5000 | mips64vr5000el | mcore | s390 | s390x \ + | sparc | sparclet | sparclite | sparc64 | sparcv9 | sparcv9b \ + | v850 | c4x \ + | thumb | d10v | d30v | fr30 | avr | openrisc | tic80 \ + | pj | pjl | h8500 | z8k) + basic_machine=$basic_machine-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; + # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. - i[3456]86) + i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. @@ -170,23 +265,52 @@ exit 1 ;; # Recognize the basic CPU types with company name. - vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ - | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ - | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ - | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ - | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ - | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ - | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ - | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) + # FIXME: clean up the formatting here. + vax-* | tahoe-* | i*86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \ + | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | c[123]* \ + | arm-* | armbe-* | armle-* | armv*-* | strongarm-* | xscale-* \ + | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \ + | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \ + | xmp-* | ymp-* \ + | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* \ + | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \ + | hppa2.0n-* | hppa64-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \ + | alphaev6[78]-* \ + | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \ + | clipper-* | orion-* \ + | sparclite-* | pdp10-* | pdp11-* | sh-* | sh[34]-* | sh[34]eb-* \ + | powerpc-* | powerpcle-* | sparc64-* | sparcv9-* | sparcv9b-* | sparc86x-* \ + | mips16-* | mips64-* | mipsel-* \ + | mips64el-* | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \ + | mipstx39-* | mipstx39el-* | mcore-* \ + | f30[01]-* | f700-* | s390-* | s390x-* | sv1-* | t3e-* \ + | [cjt]90-* \ + | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \ + | thumb-* | v850-* | d30v-* | tic30-* | tic80-* | c30-* | fr30-* \ + | bs2000-* | tic54x-* | c54x-* | x86_64-* | pj-* | pjl-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; alliant | fx80) basic_machine=fx80-alliant ;; @@ -202,20 +326,24 @@ os=-sysv ;; amiga | amiga-*) - basic_machine=m68k-cbm + basic_machine=m68k-unknown ;; - amigados) - basic_machine=m68k-cbm - os=-amigados + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos ;; amigaunix | amix) - basic_machine=m68k-cbm + basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; aux) basic_machine=m68k-apple os=-aux @@ -252,13 +380,16 @@ basic_machine=cray2-cray os=-unicos ;; - [ctj]90-cray) - basic_machine=c90-cray + [cjt]90) + basic_machine=${basic_machine}-cray os=-unicos ;; crds | unos) basic_machine=m68k-crds ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; da30 | da30-*) basic_machine=m68k-da30 ;; @@ -292,6 +423,10 @@ encore | umax | mmax) basic_machine=ns32k-encore ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; fx2800) basic_machine=i860-alliant ;; @@ -302,6 +437,10 @@ basic_machine=tron-gmicro os=-sysv ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 @@ -310,6 +449,14 @@ basic_machine=h8300-hitachi os=-hms ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; sr2201*) basic_machine=harp1e-hitachi os=-hiuxmpp @@ -329,13 +476,30 @@ basic_machine=m68k-hp os=-hpux ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; - hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) @@ -344,27 +508,42 @@ hppa-next) os=-nextstep3 ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; i370-ibm* | ibm*) basic_machine=i370-ibm - os=-mvs ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? - i[3456]86v32) + i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; - i[3456]86v4*) + i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; - i[3456]86v) + i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; - i[3456]86sol2) + i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; iris | iris4d) basic_machine=mips-sgi case $os in @@ -390,19 +569,59 @@ basic_machine=ns32k-utek os=-sysv ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; miniframe) basic_machine=m68000-convergent ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mipsel*-linux*) + basic_machine=mipsel-unknown + os=-linux-gnu + ;; + mips*-linux*) + basic_machine=mips-unknown + os=-linux-gnu + ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; + mmix*) + basic_machine=mmix-knuth + os=-mmixware + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos @@ -415,6 +634,10 @@ basic_machine=mips-sony os=-newsos ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; next | m*-next ) basic_machine=m68k-next case $os in @@ -440,9 +663,32 @@ basic_machine=i960-intel os=-nindy ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; np1) basic_machine=np1-gould ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 @@ -460,30 +706,28 @@ pc532 | pc532-*) basic_machine=ns32k-pc532 ;; - pentium | p5) - basic_machine=i586-intel + pentium | p5 | k5 | k6 | nexgen) + basic_machine=i586-pc ;; - pentiumpro | p6) - basic_machine=i686-intel + pentiumpro | p6 | 6x86 | athlon) + basic_machine=i686-pc ;; - pentium-* | p5-*) + pentiumii | pentium2) + basic_machine=i686-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - pentiumpro-* | p6-*) + pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - k5) - # We don't have specific support for AMD's K5 yet, so just call it a Pentium - basic_machine=i586-amd - ;; - nexen) - # We don't have specific support for Nexgen yet, so just call it a Pentium - basic_machine=i586-nexgen + pentiumii-* | pentium2-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; - power) basic_machine=rs6000-ibm + power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown ;; @@ -498,12 +742,24 @@ ps2) basic_machine=i386-ibm ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; sequent) basic_machine=i386-sequent ;; @@ -511,6 +767,10 @@ basic_machine=sh-hitachi os=-hms ;; + sparclite-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; sps7) basic_machine=m68k-bull os=-sysv2 @@ -518,6 +778,13 @@ spur) basic_machine=spur-unknown ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; sun2) basic_machine=m68000-sun ;; @@ -558,10 +825,28 @@ sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; symmetry) basic_machine=i386-sequent os=-dynix ;; + t3e) + basic_machine=t3e-cray + os=-unicos + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; tower | tower-32) basic_machine=m68k-ncr ;; @@ -573,6 +858,10 @@ basic_machine=a29k-nyu os=-sym1 ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; vaxv) basic_machine=vax-dec os=-sysv @@ -581,7 +870,7 @@ basic_machine=vax-dec os=-vms ;; - vpp*|vx|vx-*) + vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) @@ -596,6 +885,18 @@ basic_machine=a29k-wrs os=-vxworks ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + windows32) + basic_machine=i386-pc + os=-windows32-msvcrt + ;; xmp) basic_machine=xmp-cray os=-unicos @@ -603,6 +904,10 @@ xps | xps100) basic_machine=xps100-honeywell ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -610,8 +915,21 @@ # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; mips) - basic_machine=mips-mips + if [ x$os = x-linux-gnu ]; then + basic_machine=mips-unknown + else + basic_machine=mips-mips + fi ;; romp) basic_machine=romp-ibm @@ -622,13 +940,20 @@ vax) basic_machine=vax-dec ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; - sparc) + sh3 | sh4) + basic_machine=sh-unknown + ;; + sparc | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; cydra) @@ -640,6 +965,19 @@ orion105) basic_machine=clipper-highlevel ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + c4x*) + basic_machine=c4x-none + os=-coff + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 @@ -672,9 +1010,12 @@ -solaris) os=-solaris2 ;; - -unixware* | svr4*) + -svr4*) os=-sysv4 ;; + -unixware*) + os=-sysv4.2uw + ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; @@ -685,17 +1026,41 @@ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ - | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -linux-gnu* | -uxpv*) + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* | -os2*) # Remember, each alternative MUST END IN *, to match a version number. ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto*) + os=-nto-qnx + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; @@ -705,6 +1070,12 @@ -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; + -opened*) + os=-openedition + ;; + -wince*) + os=-wince + ;; -osfrose*) os=-osfrose ;; @@ -720,12 +1091,18 @@ -acis*) os=-aos ;; + -386bsd) + os=-bsd + ;; -ctix* | -uts*) os=-sysv ;; -ns2 ) os=-nextstep2 ;; + -nsk*) + os=-nsk + ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` @@ -751,9 +1128,18 @@ # This must come after -sysvr4. -sysv*) ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; -xenix) os=-xenix ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; -none) ;; *) @@ -779,9 +1165,15 @@ *-acorn) os=-riscix1.2 ;; + arm*-rebel) + os=-linux + ;; arm*-semi) os=-aout ;; + pdp10-*) + os=-tops20 + ;; pdp11-*) os=-none ;; @@ -800,15 +1192,36 @@ # default. # os=-sunos4 ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; + *-be) + os=-beos + ;; *-ibm) os=-aix ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; *-hp) os=-hpux ;; @@ -819,7 +1232,7 @@ os=-sysv ;; *-cbm) - os=-amigados + os=-amigaos ;; *-dg) os=-dgux @@ -869,9 +1282,21 @@ *-masscomp) os=-rtu ;; - f301-fujitsu) + f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; *) os=-none ;; @@ -893,9 +1318,15 @@ -aix*) vendor=ibm ;; + -beos*) + vendor=be + ;; -hpux*) vendor=hp ;; + -mpeix*) + vendor=hp + ;; -hiux*) vendor=hitachi ;; @@ -911,7 +1342,7 @@ -genix*) vendor=ns ;; - -mvs*) + -mvs* | -opened*) vendor=ibm ;; -ptx*) @@ -923,9 +1354,26 @@ -aux*) vendor=apple ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: Index: usr.bin/sudo/configure =================================================================== RCS file: /cvs/src/usr.bin/sudo/configure,v retrieving revision 1.8 diff -u -r1.8 configure --- usr.bin/sudo/configure 25 Sep 2001 09:50:20 -0000 1.8 +++ usr.bin/sudo/configure 17 Jan 2002 01:05:35 -0000 @@ -1,168 +1,154 @@ #! /bin/sh - # Guess values for system-dependent variables and create Makefiles. -# Generated automatically using autoconf version 2.12 -# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# Generated by Autoconf 2.52 for sudo 1.6.5. # +# Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001 +# Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. -# Defaults: -ac_help= +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +# Name of the executable. +as_me=`echo "$0" |sed 's,.*[\\/],,'` + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +as_executable_p="test -f" + +# Support unset when possible. +if (FOO=FOO; unset FOO) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + +# NLS nuisances. +$as_unset LANG || test "${LANG+set}" != set || { LANG=C; export LANG; } +$as_unset LC_ALL || test "${LC_ALL+set}" != set || { LC_ALL=C; export LC_ALL; } +$as_unset LC_TIME || test "${LC_TIME+set}" != set || { LC_TIME=C; export LC_TIME; } +$as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set || { LC_CTYPE=C; export LC_CTYPE; } +$as_unset LANGUAGE || test "${LANGUAGE+set}" != set || { LANGUAGE=C; export LANGUAGE; } +$as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set || { LC_COLLATE=C; export LC_COLLATE; } +$as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set || { LC_NUMERIC=C; export LC_NUMERIC; } +$as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set || { LC_MESSAGES=C; export LC_MESSAGES; } + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=:; export CDPATH; } + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +exec 6>&1 + +# +# Initializations. +# ac_default_prefix=/usr/local -# Any additions from configure.in: -ac_help="$ac_help - --with-otp-only deprecated" -ac_help="$ac_help - --with-alertmail deprecated" -ac_help="$ac_help - --with-CC C compiler to use" -ac_help="$ac_help - --with-incpath additional places to look for include files" -ac_help="$ac_help - --with-libpath additional places to look for libraries" -ac_help="$ac_help - --with-libraries additional libraries to link with" -ac_help="$ac_help - --with-devel add developement options" -ac_help="$ac_help - --with-csops add CSOps standard options" -ac_help="$ac_help - --without-passwd don't use passwd/shadow file for authentication" -ac_help="$ac_help - --with-skey enable S/Key support " -ac_help="$ac_help - --with-opie enable OPIE support " -ac_help="$ac_help - --with-long-otp-prompt use a two line OTP (skey/opie) prompt" -ac_help="$ac_help - --with-SecurID enable SecurID support" -ac_help="$ac_help - --with-fwtk enable FWTK AuthSRV support" -ac_help="$ac_help - --with-kerb4 enable kerberos v4 support" -ac_help="$ac_help - --with-kerb5 enable kerberos v5 support" -ac_help="$ac_help - --with-authenticate enable AIX general authentication support" -ac_help="$ac_help - --with-pam enable PAM support" -ac_help="$ac_help - --with-AFS enable AFS support" -ac_help="$ac_help - --with-DCE enable DCE support" -ac_help="$ac_help - --with-logincap enable BSD login class support" -ac_help="$ac_help - --with-bsdauth enable BSD authentication support" -ac_help="$ac_help - --without-lecture don't print lecture for first-time sudoer" -ac_help="$ac_help - --with-logging log via syslog, file, or both" -ac_help="$ac_help - --with-logfac syslog facility to log with (default is local2)" -ac_help="$ac_help - --with-goodpri syslog priority for commands (def is notice)" -ac_help="$ac_help - --with-badpri syslog priority for failures (def is LOG_ALERT)" -ac_help="$ac_help - --with-logpath path to the sudo log file" -ac_help="$ac_help - --with-loglen maximum length of a log file line (default is 80)" -ac_help="$ac_help - --with-ignore-dot ignore '.' in the PATH" -ac_help="$ac_help - --with-mailto who should get sudo mail (default is "root")" -ac_help="$ac_help - --with-mailsubject subject of sudo mail" -ac_help="$ac_help - --without-mail-if-no-user do not send mail if user not in sudoers" -ac_help="$ac_help - --with-mail-if-no-host send mail if user in sudoers but not for this host" -ac_help="$ac_help - --with-mail-if-noperms send mail if user not allowed to run command" -ac_help="$ac_help - --with-passprompt default password prompt" -ac_help="$ac_help - --with-badpass-message message the user sees when the password is wrong" -ac_help="$ac_help - --with-fqdn expect fully qualified hosts in sudoers" -ac_help="$ac_help - --with-timedir path to the sudo timestamp dir" -ac_help="$ac_help - --with-sendmail=path set path to sendmail - --without-sendmail do not send mail at all" -ac_help="$ac_help - --with-sudoers-mode mode of sudoers file (defaults to 0440)" -ac_help="$ac_help - --with-sudoers-uid uid that owns sudoers file (defaults to 0)" -ac_help="$ac_help - --with-sudoers-gid gid that owns sudoers file (defaults to 0)" -ac_help="$ac_help - --with-umask umask with which the prog should run (default is 0022) - --without-umask Preserves the umask of the user invoking sudo." -ac_help="$ac_help - --with-runas-default User to run commands as (default is "root"" -ac_help="$ac_help - --with-exempt=group no passwd needed for users in this group" -ac_help="$ac_help - --with-editor=path Default editor for visudo (defaults to vi)" -ac_help="$ac_help - --with-env-editor Use the environment variable EDITOR for visudo" -ac_help="$ac_help - --with-passwd-tries number of tries to enter password (default is 3)" -ac_help="$ac_help - --with-timeout minutes before sudo asks for passwd again (def is 5)" -ac_help="$ac_help - --with-password-timeout passwd prompt timeout in minutes (default is 5)" -ac_help="$ac_help - --with-execv use execv() instead of execvp()" -ac_help="$ac_help - --with-tty-tickets use a different ticket file for each tty" -ac_help="$ac_help - --with-insults insult the user for entering an incorrect password" -ac_help="$ac_help - --with-all-insults include all the sudo insult sets" -ac_help="$ac_help - --with-classic-insults include the insults from the "classic" sudo" -ac_help="$ac_help - --with-csops-insults include CSOps insults" -ac_help="$ac_help - --with-hal-insults include 2001-like insults" -ac_help="$ac_help - --with-goons-insults include the insults from the \"Goon Show\"" -ac_help="$ac_help - --with-secure-path override the user's path with a builtin one" -ac_help="$ac_help - --without-interfaces don't try to read the ip addr of ether interfaces" -ac_help="$ac_help - --disable-authentication - Do not require authentication by default" -ac_help="$ac_help - --disable-shadow Never use shadow passwords" -ac_help="$ac_help - --disable-root-sudo don't allow root to run sudo" -ac_help="$ac_help - --enable-log-host Log the hostname in the log file" -ac_help="$ac_help - --enable-noargs-shell If sudo is given no arguments run a shell" -ac_help="$ac_help - --enable-shell-sets-home - set \$HOME to target user in shell mode" -ac_help="$ac_help - --disable-path-info Print 'command not allowed' not 'command not found'" -ac_help="$ac_help - --disable-sia Never use SIA on Digital UNIX" +cross_compiling=no +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Maximum number of lines to put in a shell here document. +# This variable seems obsolete. It should probably be removed, and +# only ac_max_sed_lines should be used. +: ${ac_max_here_lines=38} + +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#if HAVE_SYS_STAT_H +# include +#endif +#if STDC_HEADERS +# include +# include +#else +# if HAVE_STDLIB_H +# include +# endif +#endif +#if HAVE_STRING_H +# if !STDC_HEADERS && HAVE_MEMORY_H +# include +# endif +# include +#endif +#if HAVE_STRINGS_H +# include +#endif +#if HAVE_INTTYPES_H +# include +#else +# if HAVE_STDINT_H +# include +# endif +#endif +#if HAVE_UNISTD_H +# include +#endif" # Initialize some variables set by options. +ac_init_help= +ac_init_version=false # The variables have the same names as the options, with # dashes changed to underlines. -build=NONE -cache_file=./config.cache +cache_file=/dev/null exec_prefix=NONE -host=NONE no_create= -nonopt=NONE no_recursion= prefix=NONE program_prefix=NONE @@ -171,10 +157,15 @@ silent= site= srcdir= -target=NONE verbose= x_includes=NONE x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' @@ -188,16 +179,16 @@ infodir='${prefix}/info' mandir='${prefix}/man' -# Initialize some other variables. -subdirs= -MFLAGS= MAKEFLAGS= -# Maximum number of lines to put in a shell here document. -ac_max_here_lines=12 +# Identity of this package. +PACKAGE_NAME='sudo' +PACKAGE_TARNAME='sudo' +PACKAGE_VERSION='1.6.5' +PACKAGE_STRING='sudo 1.6.5' +PACKAGE_BUGREPORT='' ac_prev= for ac_option do - # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" @@ -205,59 +196,59 @@ continue fi - case "$ac_option" in - -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) ac_optarg= ;; - esac + ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` # Accept the important Cygnus configure options, so we can diagnose typos. - case "$ac_option" in + case $ac_option in -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) - bindir="$ac_optarg" ;; + bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) - ac_prev=build ;; + ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) - build="$ac_optarg" ;; + build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) - cache_file="$ac_optarg" ;; + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad | --data | --dat | --da) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ | --da=*) - datadir="$ac_optarg" ;; + datadir=$ac_optarg ;; -disable-* | --disable-*) - ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - eval "enable_${ac_feature}=no" ;; + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + eval "enable_$ac_feature=no" ;; -enable-* | --enable-*) - ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac - eval enable_${ac_feature}='$ac_optarg' ;; + eval enable_$ac_feature='$ac_optarg' ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ @@ -266,95 +257,47 @@ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) - exec_prefix="$ac_optarg" ;; + exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; - -help | --help | --hel | --he) - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat << EOF -Usage: configure [options] [host] -Options: [defaults in brackets after descriptions] -Configuration: - --cache-file=FILE cache test results in FILE - --help print this message - --no-create do not create output files - --quiet, --silent do not print \`checking...' messages - --version print the version of autoconf that created configure -Directory and file names: - --prefix=PREFIX install architecture-independent files in PREFIX - [$ac_default_prefix] - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - [same as prefix] - --bindir=DIR user executables in DIR [EPREFIX/bin] - --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] - --libexecdir=DIR program executables in DIR [EPREFIX/libexec] - --datadir=DIR read-only architecture-independent data in DIR - [PREFIX/share] - --sysconfdir=DIR read-only single-machine data in DIR [/etc] - --sharedstatedir=DIR modifiable architecture-independent data in DIR - [PREFIX/com] - --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] - --libdir=DIR object code libraries in DIR [EPREFIX/lib] - --includedir=DIR C header files in DIR [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] - --infodir=DIR info documentation in DIR [PREFIX/info] - --mandir=DIR man documentation in DIR [PREFIX/man] - --srcdir=DIR find the sources in DIR [configure dir or ..] - --program-prefix=PREFIX prepend PREFIX to installed program names - --program-suffix=SUFFIX append SUFFIX to installed program names - --program-transform-name=PROGRAM - run sed PROGRAM on installed program names -EOF - cat << EOF -Host type: - --build=BUILD configure for building on BUILD [BUILD=HOST] - --host=HOST configure for HOST [guessed] - --target=TARGET configure for TARGET [TARGET=HOST] -Features and packages: - --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) - --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] - --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --x-includes=DIR X include files are in DIR - --x-libraries=DIR X library files are in DIR -EOF - if test -n "$ac_help"; then - echo "--enable and --with options recognized:$ac_help" - fi - exit 0 ;; + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; -host | --host | --hos | --ho) - ac_prev=host ;; + ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) - host="$ac_optarg" ;; + host_alias=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) - includedir="$ac_optarg" ;; + includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) - infodir="$ac_optarg" ;; + infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) - libdir="$ac_optarg" ;; + libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) - libexecdir="$ac_optarg" ;; + libexecdir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ @@ -363,12 +306,12 @@ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) - localstatedir="$ac_optarg" ;; + localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) - mandir="$ac_optarg" ;; + mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. @@ -389,26 +332,26 @@ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) - oldincludedir="$ac_optarg" ;; + oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) - prefix="$ac_optarg" ;; + prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) - program_prefix="$ac_optarg" ;; + program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) - program_suffix="$ac_optarg" ;; + program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ @@ -425,7 +368,7 @@ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) - program_transform_name="$ac_optarg" ;; + program_transform_name=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) @@ -435,7 +378,7 @@ ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) - sbindir="$ac_optarg" ;; + sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ @@ -446,58 +389,57 @@ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) - sharedstatedir="$ac_optarg" ;; + sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) - site="$ac_optarg" ;; + site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) - srcdir="$ac_optarg" ;; + srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) - sysconfdir="$ac_optarg" ;; + sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) - ac_prev=target ;; + ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) - target="$ac_optarg" ;; + target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; - -version | --version | --versio | --versi | --vers) - echo "configure generated by autoconf version 2.12" - exit 0 ;; + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; -with-* | --with-*) - ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } ac_package=`echo $ac_package| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac - eval with_${ac_package}='$ac_optarg' ;; + eval with_$ac_package='$ac_optarg' ;; -without-* | --without-*) - ac_package=`echo $ac_option|sed -e 's/-*without-//'` + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi - ac_package=`echo $ac_package| sed 's/-/_/g'` - eval "with_${ac_package}=no" ;; + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/-/_/g'` + eval "with_$ac_package=no" ;; --x) # Obsolete; use --with-x. @@ -508,98 +450,98 @@ ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) - x_includes="$ac_optarg" ;; + x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries="$ac_optarg" ;; + x_libraries=$ac_optarg ;; - -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } ;; + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + *) - if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then - echo "configure: warning: $ac_option: invalid host type" 1>&2 - fi - if test "x$nonopt" != xNONE; then - { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } - fi - nonopt="$ac_option" + # FIXME: should be removed in autoconf 3.0. + echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then - { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } -fi - -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - -# File descriptor usage: -# 0 standard input -# 1 file creation -# 2 errors and warnings -# 3 some systems may open it to /dev/tty -# 4 used on the Kubota Titan -# 6 checking for... messages and results -# 5 compiler messages saved in config.log -if test "$silent" = yes; then - exec 6>/dev/null -else - exec 6>&1 + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } fi -exec 5>./config.log -echo "\ -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. -" 1>&5 +# Be sure to have absolute paths. +for ac_var in exec_prefix prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* | NONE | '' ) ;; + *) { echo "$as_me: error: expected an absolute path for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done -# Strip out --no-create and --no-recursion so they do not pile up. -# Also quote any args containing shell metacharacters. -ac_configure_args= -for ac_arg +# Be sure to have absolute paths. +for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ + localstatedir libdir includedir oldincludedir infodir mandir do - case "$ac_arg" in - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c) ;; - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; - *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) - ac_configure_args="$ac_configure_args \"$ac_arg\"" ;; - *) ac_configure_args="$ac_configure_args $ac_arg" ;; + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* ) ;; + *) { echo "$as_me: error: expected an absolute path for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; esac done -# NLS nuisances. -# Only set these to C if already set. These must not be set unconditionally -# because not all systems understand e.g. LANG=C (notably SCO). -# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! -# Non-C LC_CTYPE values break the ctype check. -if test "${LANG+set}" = set; then LANG=C; export LANG; fi -if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi -if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi -if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: should be removed in autoconf 3.0. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi -# confdefs.h avoids OS command line length limits that DEFS can exceed. -rm -rf conftest* confdefs.h -# AIX cpp loses on an empty file, so make sure it contains at least a newline. -echo > confdefs.h +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- -# A filename unique to this package, relative to the directory that -# configure is in, which we can look for to find out if srcdir is correct. -ac_unique_file=sudo.h +test "$silent" = yes && exec 6>/dev/null # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then its parent. ac_prog=$0 - ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` + ac_confdir=`echo "$ac_prog" | sed 's%[\\/][^\\/][^\\/]*$%%'` test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. srcdir=$ac_confdir if test ! -r $srcdir/$ac_unique_file; then @@ -610,13 +552,387 @@ fi if test ! -r $srcdir/$ac_unique_file; then if test "$ac_srcdir_defaulted" = yes; then - { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + { echo "$as_me: error: cannot find sources in $ac_confdir or .." >&2 + { (exit 1); exit 1; }; } else - { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + { echo "$as_me: error: cannot find sources in $srcdir" >&2 + { (exit 1); exit 1; }; } fi fi -srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` +srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` +ac_env_build_alias_set=${build_alias+set} +ac_env_build_alias_value=$build_alias +ac_cv_env_build_alias_set=${build_alias+set} +ac_cv_env_build_alias_value=$build_alias +ac_env_host_alias_set=${host_alias+set} +ac_env_host_alias_value=$host_alias +ac_cv_env_host_alias_set=${host_alias+set} +ac_cv_env_host_alias_value=$host_alias +ac_env_target_alias_set=${target_alias+set} +ac_env_target_alias_value=$target_alias +ac_cv_env_target_alias_set=${target_alias+set} +ac_cv_env_target_alias_value=$target_alias +ac_env_CC_set=${CC+set} +ac_env_CC_value=$CC +ac_cv_env_CC_set=${CC+set} +ac_cv_env_CC_value=$CC +ac_env_CFLAGS_set=${CFLAGS+set} +ac_env_CFLAGS_value=$CFLAGS +ac_cv_env_CFLAGS_set=${CFLAGS+set} +ac_cv_env_CFLAGS_value=$CFLAGS +ac_env_LDFLAGS_set=${LDFLAGS+set} +ac_env_LDFLAGS_value=$LDFLAGS +ac_cv_env_LDFLAGS_set=${LDFLAGS+set} +ac_cv_env_LDFLAGS_value=$LDFLAGS +ac_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_env_CPPFLAGS_value=$CPPFLAGS +ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_cv_env_CPPFLAGS_value=$CPPFLAGS +ac_env_CPP_set=${CPP+set} +ac_env_CPP_value=$CPP +ac_cv_env_CPP_set=${CPP+set} +ac_cv_env_CPP_value=$CPP + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat < if you have libraries in a + nonstandard directory + CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have + headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +EOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_subdir in : $ac_subdirs_all; do test "x$ac_subdir" = x: && continue + cd $ac_subdir + # A "../" for each directory in /$ac_subdir. + ac_dots=`echo $ac_subdir | + sed 's,^\./,,;s,[^/]$,&/,;s,[^/]*/,../,g'` + + case $srcdir in + .) # No --srcdir option. We are building in place. + ac_sub_srcdir=$srcdir ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_sub_srcdir=$srcdir/$ac_subdir ;; + *) # Relative path. + ac_sub_srcdir=$ac_dots$srcdir/$ac_subdir ;; + esac + + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_sub_srcdir/configure.gnu; then + echo + $SHELL $ac_sub_srcdir/configure.gnu --help=recursive + elif test -f $ac_sub_srcdir/configure; then + echo + $SHELL $ac_sub_srcdir/configure --help=recursive + elif test -f $ac_sub_srcdir/configure.ac || + test -f $ac_sub_srcdir/configure.in; then + echo + $ac_configure --help + else + echo "$as_me: WARNING: no configuration information is in $ac_subdir" >&2 + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +if $ac_init_version; then + cat <<\EOF +sudo configure 1.6.5 +generated by GNU Autoconf 2.52 + +Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +EOF + exit 0 +fi +exec 5>config.log +cat >&5 </dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +hostinfo = `(hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +PATH = $PATH + +_ASUNAME +} >&5 + +cat >&5 <\?\"\']*) + ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` + ac_configure_args="$ac_configure_args$ac_sep\"$ac_arg\"" + ac_sep=" " ;; + *) ac_configure_args="$ac_configure_args$ac_sep$ac_arg" + ac_sep=" " ;; + esac + # Get rid of the leading space. +done + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + echo >&5 + echo "## ----------------- ##" >&5 + echo "## Cache variables. ##" >&5 + echo "## ----------------- ##" >&5 + echo >&5 + # The following way of writing the cache mishandles newlines in values, +{ + (set) 2>&1 | + case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in + *ac_space=\ *) + sed -n \ + "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" + ;; + *) + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} >&5 + sed "/^$/d" confdefs.h >conftest.log + if test -s conftest.log; then + echo >&5 + echo "## ------------ ##" >&5 + echo "## confdefs.h. ##" >&5 + echo "## ------------ ##" >&5 + echo >&5 + cat conftest.log >&5 + fi + (echo; echo) >&5 + test "$ac_signal" != 0 && + echo "$as_me: caught signal $ac_signal" >&5 + echo "$as_me: exit $exit_status" >&5 + rm -rf conftest* confdefs* core core.* *.core conf$$* $ac_clean_files && + exit $exit_status + ' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo >confdefs.h + +# Let the site file select an alternate cache file if it wants to. # Prefer explicitly selected file to automatically selected ones. if test -z "$CONFIG_SITE"; then if test "x$prefix" != xNONE; then @@ -627,46 +943,135 @@ fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then - echo "loading site script $ac_site_file" + { echo "$as_me:946: loading site script $ac_site_file" >&5 +echo "$as_me: loading site script $ac_site_file" >&6;} + cat "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then - echo "loading cache $cache_file" - . $cache_file + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { echo "$as_me:957: loading cache $cache_file" >&5 +echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . $cache_file;; + *) . ./$cache_file;; + esac + fi else - echo "creating cache $cache_file" - > $cache_file + { echo "$as_me:965: creating cache $cache_file" >&5 +echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in `(set) 2>&1 | + sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val="\$ac_cv_env_${ac_var}_value" + eval ac_new_val="\$ac_env_${ac_var}_value" + case $ac_old_set,$ac_new_set in + set,) + { echo "$as_me:981: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { echo "$as_me:985: error: \`$ac_var' was not set in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + { echo "$as_me:991: error: \`$ac_var' has changed since the previous run:" >&5 +echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { echo "$as_me:993: former value: $ac_old_val" >&5 +echo "$as_me: former value: $ac_old_val" >&2;} + { echo "$as_me:995: current value: $ac_new_val" >&5 +echo "$as_me: current value: $ac_new_val" >&2;} + ac_cache_corrupted=: + fi;; + esac + # Pass precious variables to config.status. It doesn't matter if + # we pass some twice (in addition to the command line arguments). + if test "$ac_new_set" = set; then + case $ac_new_val in + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` + ac_configure_args="$ac_configure_args '$ac_arg'" + ;; + *) ac_configure_args="$ac_configure_args $ac_var=$ac_new_val" + ;; + esac + fi +done +if $ac_cache_corrupted; then + { echo "$as_me:1014: error: changes in the environment can compromise the build" >&5 +echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { echo "$as_me:1016: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } fi ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then - # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. - if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then - ac_n= ac_c=' -' ac_t=' ' - else - ac_n=-n ac_c= ac_t= - fi -else - ac_n= ac_c='\c' ac_t= -fi - - - -echo "Configuring Sudo version 1.6.3" - - - - - +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac +echo "#! $SHELL" >conftest.sh +echo "exit 0" >>conftest.sh +chmod +x conftest.sh +if { (echo "$as_me:1036: PATH=\".;.\"; conftest.sh") >&5 + (PATH=".;."; conftest.sh) 2>&5 + ac_status=$? + echo "$as_me:1039: \$? = $ac_status" >&5 + (exit $ac_status); }; then + ac_path_separator=';' +else + ac_path_separator=: +fi +PATH_SEPARATOR="$ac_path_separator" +rm -f conftest.sh + +ac_config_headers="$ac_config_headers config.h pathnames.h" + +echo "Configuring Sudo version 1.6.5" + +timeout=5 +password_timeout=5 +sudo_umask=0022 +passprompt="Password:" +long_otp_prompt=off +lecture=on +logfac=local2 +goodpri=notice +badpri=alert +loglen=80 +ignore_dot=off +mail_no_user=on +mail_no_host=off +mail_no_perms=off +mailto=root +mailsub='*** SECURITY information for %h ***' +badpass_message='Sorry, try again.' +fqdn=off +runas_default=root +env_editor=off +passwd_tries=3 +tty_tickets=off +insults=off PROGS="sudo visudo" test -n "$MANTYPE" || MANTYPE="man" test -n "$mansrcdir" || mansrcdir="." @@ -683,59 +1088,61 @@ test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' - # Check whether --with-otp-only or --without-otp-only was given. if test "${with_otp_only+set}" = set; then withval="$with_otp_only" case $with_otp_only in yes) with_passwd=no - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define WITHOUT_PASSWD 1 EOF - echo "configure: warning: --with-otp-only option deprecated, treating as --without-passwd" 1>&2 + { echo "$as_me:1101: WARNING: --with-otp-only option deprecated, treating as --without-passwd" >&5 +echo "$as_me: WARNING: --with-otp-only option deprecated, treating as --without-passwd" >&2;} ;; esac -fi - +fi; # Check whether --with-alertmail or --without-alertmail was given. if test "${with_alertmail+set}" = set; then withval="$with_alertmail" case $with_alertmail in *) with_mailto="$with_alertmail" - cat >> confdefs.h <<\EOF -#define WITHOUT_PASSWD 1 -EOF - - echo "configure: warning: --with-alertmail option deprecated, treating as --mailto" 1>&2 + { echo "$as_me:1112: WARNING: --with-alertmail option deprecated, treating as --mailto" >&5 +echo "$as_me: WARNING: --with-alertmail option deprecated, treating as --mailto" >&2;} ;; esac -fi - - +fi; # Check whether --with-CC or --without-CC was given. if test "${with_CC+set}" = set; then withval="$with_CC" case $with_CC in - yes) { echo "configure: error: "must give --with-CC an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "illegal argument: --without-CC."" 1>&2; exit 1; } + yes) { { echo "$as_me:1122: error: \"must give --with-CC an argument.\"" >&5 +echo "$as_me: error: \"must give --with-CC an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:1126: error: \"illegal argument: --without-CC.\"" >&5 +echo "$as_me: error: \"illegal argument: --without-CC.\"" >&2;} + { (exit 1); exit 1; }; } ;; *) CC=$with_CC ;; esac -fi - +fi; # Check whether --with-incpath or --without-incpath was given. if test "${with_incpath+set}" = set; then withval="$with_incpath" - case $with_incpath in - yes) { echo "configure: error: "must give --with-incpath an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-incpath not supported."" 1>&2; exit 1; } + case $with_incpath in + yes) { { echo "$as_me:1139: error: \"must give --with-incpath an argument.\"" >&5 +echo "$as_me: error: \"must give --with-incpath an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:1143: error: \"--without-incpath not supported.\"" >&5 +echo "$as_me: error: \"--without-incpath not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; *) echo "Adding ${with_incpath} to CPPFLAGS" for i in ${with_incpath}; do @@ -743,16 +1150,19 @@ done ;; esac -fi - +fi; # Check whether --with-libpath or --without-libpath was given. if test "${with_libpath+set}" = set; then withval="$with_libpath" - case $with_libpath in - yes) { echo "configure: error: "must give --with-libpath an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-libpath not supported."" 1>&2; exit 1; } + case $with_libpath in + yes) { { echo "$as_me:1159: error: \"must give --with-libpath an argument.\"" >&5 +echo "$as_me: error: \"must give --with-libpath an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:1163: error: \"--without-libpath not supported.\"" >&5 +echo "$as_me: error: \"--without-libpath not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; *) echo "Adding ${with_libpath} to LDFLAGS" for i in ${with_libpath}; do @@ -760,16 +1170,19 @@ done ;; esac -fi - +fi; # Check whether --with-libraries or --without-libraries was given. if test "${with_libraries+set}" = set; then withval="$with_libraries" - case $with_libraries in - yes) { echo "configure: error: "must give --with-libraries an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-libraries not supported."" 1>&2; exit 1; } + case $with_libraries in + yes) { { echo "$as_me:1179: error: \"must give --with-libraries an argument.\"" >&5 +echo "$as_me: error: \"must give --with-libraries an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:1183: error: \"--without-libraries not supported.\"" >&5 +echo "$as_me: error: \"--without-libraries not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; *) echo "Adding ${with_libraries} to LIBS" for i in ${with_libraries}; do @@ -783,13 +1196,12 @@ done ;; esac -fi - +fi; # Check whether --with-devel or --without-devel was given. if test "${with_devel+set}" = set; then withval="$with_devel" - case $with_devel in + case $with_devel in yes) echo 'Setting up for developement: -Wall, flex, yacc' PROGS="${PROGS} testsudoers" OSDEFS="${OSDEFS} -DSUDO_DEVEL" @@ -799,17 +1211,32 @@ *) echo "Ignoring unknown argument to --with-devel: $with_devel" ;; esac -fi +fi; +# Check whether --with-efence or --without-efence was given. +if test "${with_efence+set}" = set; then + withval="$with_efence" + case $with_efence in + yes) echo 'Sudo will link with -lefence (Electric Fence)' + LIBS="${LIBS} -lefence" + if test -f /usr/local/lib/libefence.a; then + LDFLAGS="${LDFLAGS} -L/usr/local/lib" + fi + ;; + no) ;; + *) echo "Ignoring unknown argument to --with-efence: $with_efence" + ;; +esac +fi; # Check whether --with-csops or --without-csops was given. if test "${with_csops+set}" = set; then withval="$with_csops" - case $with_csops in + case $with_csops in yes) echo 'Adding CSOps standard options' CHECKSIA=false with_ignore_dot=yes - with_insults=yes + insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes @@ -818,266 +1245,289 @@ *) echo "Ignoring unknown argument to --with-csops: $with_csops" ;; esac -fi - +fi; # Check whether --with-passwd or --without-passwd was given. if test "${with_passwd+set}" = set; then withval="$with_passwd" case $with_passwd in yes) ;; - no) cat >> confdefs.h <<\EOF + no) cat >>confdefs.h <<\EOF #define WITHOUT_PASSWD 1 EOF - echo $ac_n "checking whether to use shadow/passwd file authentication""... $ac_c" 1>&6 -echo "configure:835: checking whether to use shadow/passwd file authentication" >&5 - echo "$ac_t""no" 1>&6 + echo "$as_me:1259: checking whether to use shadow/passwd file authentication" >&5 +echo $ECHO_N "checking whether to use shadow/passwd file authentication... $ECHO_C" >&6 + echo "$as_me:1261: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - *) { echo "configure: error: "Sorry, --with-passwd does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1264: error: \"Sorry, --with-passwd does not take an argument.\"" >&5 +echo "$as_me: error: \"Sorry, --with-passwd does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-skey or --without-skey was given. if test "${with_skey+set}" = set; then withval="$with_skey" case $with_skey in yes) if test -n "$with_opie"; then - { echo "configure: error: "cannot use both S/Key and OPIE"" 1>&2; exit 1; } + { { echo "$as_me:1276: error: \"cannot use both S/Key and OPIE\"" >&5 +echo "$as_me: error: \"cannot use both S/Key and OPIE\"" >&2;} + { (exit 1); exit 1; }; } fi - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define HAVE_SKEY 1 EOF - echo $ac_n "checking whether to try S/Key authentication""... $ac_c" 1>&6 -echo "configure:856: checking whether to try S/Key authentication" >&5 - echo "$ac_t""yes" 1>&6 + echo "$as_me:1285: checking whether to try S/Key authentication" >&5 +echo $ECHO_N "checking whether to try S/Key authentication... $ECHO_C" >&6 + echo "$as_me:1287: result: yes" >&5 +echo "${ECHO_T}yes" >&6 AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; no) ;; *) echo "Ignoring unknown argument to --with-skey: $with_skey" ;; esac -fi - +fi; # Check whether --with-opie or --without-opie was given. if test "${with_opie+set}" = set; then withval="$with_opie" case $with_opie in yes) if test -n "$with_skey"; then - { echo "configure: error: "cannot use both S/Key and OPIE"" 1>&2; exit 1; } + { { echo "$as_me:1302: error: \"cannot use both S/Key and OPIE\"" >&5 +echo "$as_me: error: \"cannot use both S/Key and OPIE\"" >&2;} + { (exit 1); exit 1; }; } fi - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define HAVE_OPIE 1 EOF - echo $ac_n "checking whether to try NRL OPIE authentication""... $ac_c" 1>&6 -echo "configure:879: checking whether to try NRL OPIE authentication" >&5 - echo "$ac_t""yes" 1>&6 + echo "$as_me:1311: checking whether to try NRL OPIE authentication" >&5 +echo $ECHO_N "checking whether to try NRL OPIE authentication... $ECHO_C" >&6 + echo "$as_me:1313: result: yes" >&5 +echo "${ECHO_T}yes" >&6 AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; no) ;; *) echo "Ignoring unknown argument to --with-opie: $with_opie" ;; esac -fi - +fi; # Check whether --with-long-otp-prompt or --without-long-otp-prompt was given. if test "${with_long_otp_prompt+set}" = set; then withval="$with_long_otp_prompt" case $with_long_otp_prompt in - yes) cat >> confdefs.h <<\EOF + yes) +cat >>confdefs.h <<\EOF #define LONG_OTP_PROMPT 1 EOF - echo $ac_n "checking whether to use a two line prompt for OTP authentication""... $ac_c" 1>&6 -echo "configure:899: checking whether to use a two line prompt for OTP authentication" >&5 - echo "$ac_t""yes" 1>&6 + echo "$as_me:1332: checking whether to use a two line prompt for OTP authentication" >&5 +echo $ECHO_N "checking whether to use a two line prompt for OTP authentication... $ECHO_C" >&6 + echo "$as_me:1334: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + long_otp_prompt=on ;; - no) ;; - *) { echo "configure: error: "--with-long-otp-prompt does not take an argument."" 1>&2; exit 1; } + no) long_otp_prompt=off + ;; + *) { { echo "$as_me:1340: error: \"--with-long-otp-prompt does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-long-otp-prompt does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-SecurID or --without-SecurID was given. if test "${with_SecurID+set}" = set; then withval="$with_SecurID" case $with_SecurID in no) ;; - *) cat >> confdefs.h <<\EOF + *) +cat >>confdefs.h <<\EOF #define HAVE_SECURID 1 EOF - echo $ac_n "checking whether to use SecurID for authentication""... $ac_c" 1>&6 -echo "configure:919: checking whether to use SecurID for authentication" >&5 - echo "$ac_t""yes" 1>&6 + echo "$as_me:1357: checking whether to use SecurID for authentication" >&5 +echo $ECHO_N "checking whether to use SecurID for authentication... $ECHO_C" >&6 + echo "$as_me:1359: result: yes" >&5 +echo "${ECHO_T}yes" >&6 with_passwd=no AUTH_OBJS="securid.o" ;; esac -fi - +fi; # Check whether --with-fwtk or --without-fwtk was given. if test "${with_fwtk+set}" = set; then withval="$with_fwtk" case $with_fwtk in - yes) cat >> confdefs.h <<\EOF -#define HAVE_FWTK 1 -EOF - - echo $ac_n "checking whether to use FWTK AuthSRV for authentication""... $ac_c" 1>&6 -echo "configure:937: checking whether to use FWTK AuthSRV for authentication" >&5 - echo "$ac_t""yes" 1>&6 - with_passwd=no - AUTH_OBJS="fwtk.o" - ;; no) ;; - *) cat >> confdefs.h <<\EOF + *) +cat >>confdefs.h <<\EOF #define HAVE_FWTK 1 EOF - echo $ac_n "checking whether to use FWTK AuthSRV for authentication""... $ac_c" 1>&6 -echo "configure:948: checking whether to use FWTK AuthSRV for authentication" >&5 - echo "$ac_t""yes" 1>&6 - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" - CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" + echo "$as_me:1377: checking whether to use FWTK AuthSRV for authentication" >&5 +echo $ECHO_N "checking whether to use FWTK AuthSRV for authentication... $ECHO_C" >&6 + echo "$as_me:1379: result: yes" >&5 +echo "${ECHO_T}yes" >&6 with_passwd=no AUTH_OBJS="fwtk.o" - with_fwtk=yes + if test "$with_fwtk" != "yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" + CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" + with_fwtk=yes + fi ;; esac -fi - +fi; # Check whether --with-kerb4 or --without-kerb4 was given. if test "${with_kerb4+set}" = set; then withval="$with_kerb4" case $with_kerb4 in - yes) echo $ac_n "checking whether to try Kerberos 4 authentication""... $ac_c" 1>&6 -echo "configure:965: checking whether to try Kerberos 4 authentication" >&5 - echo "$ac_t""yes" 1>&6 + yes) echo "$as_me:1396: checking whether to try Kerberos 4 authentication" >&5 +echo $ECHO_N "checking whether to try Kerberos 4 authentication... $ECHO_C" >&6 + echo "$as_me:1398: result: yes" >&5 +echo "${ECHO_T}yes" >&6 ;; no) ;; - *) { echo "configure: error: "--with-kerb4 does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1402: error: \"--with-kerb4 does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-kerb4 does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-kerb5 or --without-kerb5 was given. if test "${with_kerb5+set}" = set; then withval="$with_kerb5" case $with_kerb5 in - yes) echo $ac_n "checking whether to try Kerberos 5 authentication""... $ac_c" 1>&6 -echo "configure:980: checking whether to try Kerberos 5 authentication" >&5 - echo "$ac_t""yes" 1>&6 + yes) echo "$as_me:1413: checking whether to try Kerberos 5 authentication" >&5 +echo $ECHO_N "checking whether to try Kerberos 5 authentication... $ECHO_C" >&6 + echo "$as_me:1415: result: yes" >&5 +echo "${ECHO_T}yes" >&6 ;; no) ;; - *) { echo "configure: error: "--with-kerb5 does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1419: error: \"--with-kerb5 does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-kerb5 does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-authenticate or --without-authenticate was given. if test "${with_authenticate+set}" = set; then withval="$with_authenticate" case $with_authenticate in - yes) cat >> confdefs.h <<\EOF + yes) +cat >>confdefs.h <<\EOF #define HAVE_AUTHENTICATE 1 EOF - echo $ac_n "checking whether to use AIX general authentication""... $ac_c" 1>&6 -echo "configure:999: checking whether to use AIX general authentication" >&5 - echo "$ac_t""yes" 1>&6 + echo "$as_me:1435: checking whether to use AIX general authentication" >&5 +echo $ECHO_N "checking whether to use AIX general authentication... $ECHO_C" >&6 + echo "$as_me:1437: result: yes" >&5 +echo "${ECHO_T}yes" >&6 with_passwd=no AUTH_OBJS="aix_auth.o" ;; no) ;; - *) { echo "configure: error: "--with-authenticate does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1443: error: \"--with-authenticate does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-authenticate does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-pam or --without-pam was given. if test "${with_pam+set}" = set; then withval="$with_pam" case $with_pam in - yes) cat >> confdefs.h <<\EOF + yes) +cat >>confdefs.h <<\EOF #define HAVE_PAM 1 EOF - echo $ac_n "checking whether to use PAM authentication""... $ac_c" 1>&6 -echo "configure:1020: checking whether to use PAM authentication" >&5 - echo "$ac_t""yes" 1>&6 + echo "$as_me:1459: checking whether to use PAM authentication" >&5 +echo $ECHO_N "checking whether to use PAM authentication... $ECHO_C" >&6 + echo "$as_me:1461: result: yes" >&5 +echo "${ECHO_T}yes" >&6 with_passwd=no AUTH_OBJS="pam.o" ;; no) ;; - *) { echo "configure: error: "--with-pam does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1467: error: \"--with-pam does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-pam does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-AFS or --without-AFS was given. if test "${with_AFS+set}" = set; then withval="$with_AFS" case $with_AFS in - yes) cat >> confdefs.h <<\EOF + yes) +cat >>confdefs.h <<\EOF #define HAVE_AFS 1 EOF - echo $ac_n "checking whether to try AFS (kerberos) authentication""... $ac_c" 1>&6 -echo "configure:1041: checking whether to try AFS (kerberos) authentication" >&5 - echo "$ac_t""yes" 1>&6 + echo "$as_me:1483: checking whether to try AFS (kerberos) authentication" >&5 +echo $ECHO_N "checking whether to try AFS (kerberos) authentication... $ECHO_C" >&6 + echo "$as_me:1485: result: yes" >&5 +echo "${ECHO_T}yes" >&6 AUTH_OBJS="${AUTH_OBJS} afs.o" ;; no) ;; - *) { echo "configure: error: "--with-AFS does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1490: error: \"--with-AFS does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-AFS does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-DCE or --without-DCE was given. if test "${with_DCE+set}" = set; then withval="$with_DCE" case $with_DCE in - yes) cat >> confdefs.h <<\EOF + yes) +cat >>confdefs.h <<\EOF #define HAVE_DCE 1 EOF - echo $ac_n "checking whether to try DCE (kerberos) authentication""... $ac_c" 1>&6 -echo "configure:1061: checking whether to try DCE (kerberos) authentication" >&5 - echo "$ac_t""yes" 1>&6 + echo "$as_me:1506: checking whether to try DCE (kerberos) authentication" >&5 +echo $ECHO_N "checking whether to try DCE (kerberos) authentication... $ECHO_C" >&6 + echo "$as_me:1508: result: yes" >&5 +echo "${ECHO_T}yes" >&6 AUTH_OBJS="${AUTH_OBJS} dce.o" ;; no) ;; - *) { echo "configure: error: "--with-DCE does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1513: error: \"--with-DCE does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-DCE does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-logincap or --without-logincap was given. if test "${with_logincap+set}" = set; then withval="$with_logincap" case $with_logincap in yes|no) ;; - *) { echo "configure: error: "--with-logincap does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1525: error: \"--with-logincap does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-logincap does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-bsdauth or --without-bsdauth was given. if test "${with_bsdauth+set}" = set; then @@ -1086,1102 +1536,1327 @@ yes) with_logincap=yes ;; no) ;; - *) { echo "configure: error: "--with-bsdauth does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1539: error: \"--with-bsdauth does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-bsdauth does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi +fi; +echo "$as_me:1546: checking whether to lecture users the first time they run sudo" >&5 +echo $ECHO_N "checking whether to lecture users the first time they run sudo... $ECHO_C" >&6 -echo $ac_n "checking whether to lecture users the first time they run sudo""... $ac_c" 1>&6 -echo "configure:1097: checking whether to lecture users the first time they run sudo" >&5 # Check whether --with-lecture or --without-lecture was given. if test "${with_lecture+set}" = set; then withval="$with_lecture" - case $with_lecture in - yes|short) echo "$ac_t""yes" 1>&6 + case $with_lecture in + yes|short) lecture=on ;; - no|none) cat >> confdefs.h <<\EOF -#define NO_LECTURE 1 -EOF - - echo "$ac_t""no" 1>&6 + no|none) lecture=off ;; - *) { echo "configure: error: "unknown argument to --with-lecture: $with_lecture"" 1>&2; exit 1; } + *) { { echo "$as_me:1557: error: \"unknown argument to --with-lecture: $with_lecture\"" >&5 +echo "$as_me: error: \"unknown argument to --with-lecture: $with_lecture\"" >&2;} + { (exit 1); exit 1; }; } ;; esac +fi; +if test "$lecture" = "on"; then + echo "$as_me:1564: result: yes" >&5 +echo "${ECHO_T}yes" >&6 else - echo "$ac_t""yes" 1>&6 -fi +cat >>confdefs.h <<\EOF +#define NO_LECTURE 1 +EOF + + echo "$as_me:1572: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +echo "$as_me:1576: checking whether sudo should log via syslog or to a file by default" >&5 +echo $ECHO_N "checking whether sudo should log via syslog or to a file by default... $ECHO_C" >&6 -echo $ac_n "checking whether sudo should log via syslog or to a file by default""... $ac_c" 1>&6 -echo "configure:1119: checking whether sudo should log via syslog or to a file by default" >&5 # Check whether --with-logging or --without-logging was given. if test "${with_logging+set}" = set; then withval="$with_logging" - case $with_logging in - yes) { echo "configure: error: "must give --with-logging an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-logging not supported."" 1>&2; exit 1; } + case $with_logging in + yes) { { echo "$as_me:1583: error: \"must give --with-logging an argument.\"" >&5 +echo "$as_me: error: \"must give --with-logging an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:1587: error: \"--without-logging not supported.\"" >&5 +echo "$as_me: error: \"--without-logging not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - syslog) cat >> confdefs.h <<\EOF + syslog) +cat >>confdefs.h <<\EOF #define LOGGING SLOG_SYSLOG EOF - echo "$ac_t""syslog" 1>&6 + echo "$as_me:1596: result: syslog" >&5 +echo "${ECHO_T}syslog" >&6 ;; - file) cat >> confdefs.h <<\EOF + file) cat >>confdefs.h <<\EOF #define LOGGING SLOG_FILE EOF - echo "$ac_t""file" 1>&6 + echo "$as_me:1603: result: file" >&5 +echo "${ECHO_T}file" >&6 ;; - both) cat >> confdefs.h <<\EOF + both) cat >>confdefs.h <<\EOF #define LOGGING SLOG_BOTH EOF - echo "$ac_t""both" 1>&6 + echo "$as_me:1610: result: both" >&5 +echo "${ECHO_T}both" >&6 ;; - *) { echo "configure: error: "unknown argument to --with-logging: $with_logging"" 1>&2; exit 1; } + *) { { echo "$as_me:1613: error: \"unknown argument to --with-logging: $with_logging\"" >&5 +echo "$as_me: error: \"unknown argument to --with-logging: $with_logging\"" >&2;} + { (exit 1); exit 1; }; } ;; esac else - cat >> confdefs.h <<\EOF + cat >>confdefs.h <<\EOF #define LOGGING SLOG_SYSLOG EOF - echo "$ac_t""syslog" 1>&6 -fi + echo "$as_me:1622: result: syslog" >&5 +echo "${ECHO_T}syslog" >&6 +fi; +echo "$as_me:1626: checking which syslog facility sudo should log with" >&5 +echo $ECHO_N "checking which syslog facility sudo should log with... $ECHO_C" >&6 -echo $ac_n "checking which syslog facility sudo should log with""... $ac_c" 1>&6 -echo "configure:1158: checking which syslog facility sudo should log with" >&5 # Check whether --with-logfac or --without-logfac was given. if test "${with_logfac+set}" = set; then withval="$with_logfac" - case $with_logfac in - yes) { echo "configure: error: "must give --with-logfac an argument."" 1>&2; exit 1; } + case $with_logfac in + yes) { { echo "$as_me:1633: error: \"must give --with-logfac an argument.\"" >&5 +echo "$as_me: error: \"must give --with-logfac an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; - no) { echo "configure: error: "--without-logfac not supported."" 1>&2; exit 1; } + no) { { echo "$as_me:1637: error: \"--without-logfac not supported.\"" >&5 +echo "$as_me: error: \"--without-logfac not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) cat >> confdefs.h <&6 + authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; - *) { echo "configure: error: "$with_logfac is not a supported syslog facility."" 1>&2; exit 1; } + *) { { echo "$as_me:1643: error: \"$with_logfac is not a supported syslog facility.\"" >&5 +echo "$as_me: error: \"$with_logfac is not a supported syslog facility.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - cat >> confdefs.h <>confdefs.h <&6 -fi +echo "$as_me:1654: result: $logfac" >&5 +echo "${ECHO_T}$logfac" >&6 + +echo "$as_me:1657: checking at which syslog priority to log commands" >&5 +echo $ECHO_N "checking at which syslog priority to log commands... $ECHO_C" >&6 -echo $ac_n "checking at which syslog priority to log commands""... $ac_c" 1>&6 -echo "configure:1185: checking at which syslog priority to log commands" >&5 # Check whether --with-goodpri or --without-goodpri was given. if test "${with_goodpri+set}" = set; then withval="$with_goodpri" - case $with_goodpri in - yes) { echo "configure: error: "must give --with-goodpri an argument."" 1>&2; exit 1; } + case $with_goodpri in + yes) { { echo "$as_me:1664: error: \"must give --with-goodpri an argument.\"" >&5 +echo "$as_me: error: \"must give --with-goodpri an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; - no) { echo "configure: error: "--without-goodpri not supported."" 1>&2; exit 1; } + no) { { echo "$as_me:1668: error: \"--without-goodpri not supported.\"" >&5 +echo "$as_me: error: \"--without-goodpri not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - alert|crit|debug|emerg|err|info|notice|warning) cat >> confdefs.h <&6 + alert|crit|debug|emerg|err|info|notice|warning) + goodpri=$with_goodpri ;; - *) { echo "configure: error: "$with_goodpri is not a supported syslog priority."" 1>&2; exit 1; } + *) { { echo "$as_me:1675: error: \"$with_goodpri is not a supported syslog priority.\"" >&5 +echo "$as_me: error: \"$with_goodpri is not a supported syslog priority.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - cat >> confdefs.h <>confdefs.h <&6 -fi +echo "$as_me:1686: result: $goodpri" >&5 +echo "${ECHO_T}$goodpri" >&6 + +echo "$as_me:1689: checking at which syslog priority to log failures" >&5 +echo $ECHO_N "checking at which syslog priority to log failures... $ECHO_C" >&6 -echo $ac_n "checking at which syslog priority to log failures""... $ac_c" 1>&6 -echo "configure:1212: checking at which syslog priority to log failures" >&5 # Check whether --with-badpri or --without-badpri was given. if test "${with_badpri+set}" = set; then withval="$with_badpri" - case $with_badpri in - yes) { echo "configure: error: "must give --with-badpri an argument."" 1>&2; exit 1; } + case $with_badpri in + yes) { { echo "$as_me:1696: error: \"must give --with-badpri an argument.\"" >&5 +echo "$as_me: error: \"must give --with-badpri an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; - no) { echo "configure: error: "--without-badpri not supported."" 1>&2; exit 1; } + no) { { echo "$as_me:1700: error: \"--without-badpri not supported.\"" >&5 +echo "$as_me: error: \"--without-badpri not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - alert|crit|debug|emerg|err|info|notice|warning) cat >> confdefs.h <&6 + alert|crit|debug|emerg|err|info|notice|warning) + badpri=$with_badpri ;; - *) { echo "configure: error: $with_badpri is not a supported syslog priority." 1>&2; exit 1; } + *) { { echo "$as_me:1707: error: $with_badpri is not a supported syslog priority." >&5 +echo "$as_me: error: $with_badpri is not a supported syslog priority." >&2;} + { (exit 1); exit 1; }; } ;; esac -else - cat >> confdefs.h <>confdefs.h <&6 -fi +echo "$as_me:1718: result: badpri" >&5 +echo "${ECHO_T}badpri" >&6 # Check whether --with-logpath or --without-logpath was given. if test "${with_logpath+set}" = set; then withval="$with_logpath" - case $with_logpath in - yes) { echo "configure: error: "must give --with-logpath an argument."" 1>&2; exit 1; } + case $with_logpath in + yes) { { echo "$as_me:1725: error: \"must give --with-logpath an argument.\"" >&5 +echo "$as_me: error: \"must give --with-logpath an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; - no) { echo "configure: error: "--without-logpath not supported."" 1>&2; exit 1; } + no) { { echo "$as_me:1729: error: \"--without-logpath not supported.\"" >&5 +echo "$as_me: error: \"--without-logpath not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi +fi; +echo "$as_me:1736: checking how long a line in the log file should be" >&5 +echo $ECHO_N "checking how long a line in the log file should be... $ECHO_C" >&6 -echo $ac_n "checking how long a line in the log file should be""... $ac_c" 1>&6 -echo "configure:1251: checking how long a line in the log file should be" >&5 # Check whether --with-loglen or --without-loglen was given. if test "${with_loglen+set}" = set; then withval="$with_loglen" - case $with_loglen in - yes) { echo "configure: error: "must give --with-loglen an argument."" 1>&2; exit 1; } + case $with_loglen in + yes) { { echo "$as_me:1743: error: \"must give --with-loglen an argument.\"" >&5 +echo "$as_me: error: \"must give --with-loglen an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; - no) { echo "configure: error: "--without-loglen not supported."" 1>&2; exit 1; } + no) { { echo "$as_me:1747: error: \"--without-loglen not supported.\"" >&5 +echo "$as_me: error: \"--without-loglen not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - [0-9]*) cat >> confdefs.h <&6 + [0-9]*) loglen=$with_loglen ;; - *) { echo "configure: error: "you must enter a number, not $with_loglen"" 1>&2; exit 1; } + *) { { echo "$as_me:1753: error: \"you must enter a number, not $with_loglen\"" >&5 +echo "$as_me: error: \"you must enter a number, not $with_loglen\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - cat >> confdefs.h <<\EOF -#define MAXLOGFILELEN 80 +fi; + +cat >>confdefs.h <&6 -fi +echo "$as_me:1764: result: $loglen" >&5 +echo "${ECHO_T}$loglen" >&6 + +echo "$as_me:1767: checking whether sudo should ignore '.' or '' in \$PATH" >&5 +echo $ECHO_N "checking whether sudo should ignore '.' or '' in \$PATH... $ECHO_C" >&6 -echo $ac_n "checking whether sudo should ignore '.' or '' in \$PATH""... $ac_c" 1>&6 -echo "configure:1278: checking whether sudo should ignore '.' or '' in \$PATH" >&5 # Check whether --with-ignore-dot or --without-ignore-dot was given. if test "${with_ignore_dot+set}" = set; then withval="$with_ignore_dot" - case $with_ignore_dot in - yes) cat >> confdefs.h <<\EOF -#define IGNORE_DOT_PATH 1 -EOF - - echo "$ac_t""yes" 1>&6 + case $with_ignore_dot in + yes) ignore_dot=on ;; - no) echo "$ac_t""no" 1>&6 + no) ignore_dot=off ;; - *) { echo "configure: error: "--with-ignore-dot does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1778: error: \"--with-ignore-dot does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-ignore-dot does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - echo "$ac_t""no" 1>&6 -fi - - -echo $ac_n "checking who should get the mail that sudo sends""... $ac_c" 1>&6 -echo "configure:1300: checking who should get the mail that sudo sends" >&5 -# Check whether --with-mailto or --without-mailto was given. -if test "${with_mailto+set}" = set; then - withval="$with_mailto" - case $with_mailto in - yes) { echo "configure: error: "must give --with-mailto an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-mailto not supported."" 1>&2; exit 1; } - ;; - *) cat >> confdefs.h <&6 - ;; -esac -else - cat >> confdefs.h <<\EOF -#define MAILTO "root" -EOF - echo "$ac_t""root" 1>&6 -fi +fi; +if test "$ignore_dot" = "on"; then - -# Check whether --with-mailsubject or --without-mailsubject was given. -if test "${with_mailsubject+set}" = set; then - withval="$with_mailsubject" - case $with_mailsubject in - yes) { echo "configure: error: "must give --with-mailsubject an argument."" 1>&2; exit 1; } - ;; - no) echo "Sorry, --without-mailsubject not supported." - ;; - *) cat >> confdefs.h <>confdefs.h <<\EOF +#define IGNORE_DOT_PATH 1 EOF - echo $ac_n "checking sudo mail subject""... $ac_c" 1>&6 -echo "configure:1337: checking sudo mail subject" >&5 - echo "$ac_t""Using alert mail subject: $with_mailsubject" 1>&6 - ;; -esac + echo "$as_me:1790: result: yes" >&5 +echo "${ECHO_T}yes" >&6 else - cat >> confdefs.h <<\EOF -#define MAILSUBJECT "*** SECURITY information for %h ***" -EOF - + echo "$as_me:1793: result: no" >&5 +echo "${ECHO_T}no" >&6 fi +echo "$as_me:1797: checking whether to send mail when a user is not in sudoers" >&5 +echo $ECHO_N "checking whether to send mail when a user is not in sudoers... $ECHO_C" >&6 -echo $ac_n "checking whether to send mail when a user is not in sudoers""... $ac_c" 1>&6 -echo "configure:1350: checking whether to send mail when a user is not in sudoers" >&5 # Check whether --with-mail-if-no-user or --without-mail-if-no-user was given. if test "${with_mail_if_no_user+set}" = set; then withval="$with_mail_if_no_user" - case $with_mail_if_no_user in - yes) cat >> confdefs.h <<\EOF -#define SEND_MAIL_WHEN_NO_USER 1 -EOF - - echo "$ac_t""yes" 1>&6 + case $with_mail_if_no_user in + yes) mail_no_user=on ;; - no) echo "$ac_t""no" 1>&6 + no) mail_no_user=off ;; - *) { echo "configure: error: "unknown argument to --with-mail-if-no-user: $with_mail_if_no_user"" 1>&2; exit 1; } + *) { { echo "$as_me:1808: error: \"--with-mail-if-no-user does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-mail-if-no-user does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - cat >> confdefs.h <<\EOF +fi; +if test "$mail_no_user" = "on"; then + +cat >>confdefs.h <<\EOF #define SEND_MAIL_WHEN_NO_USER 1 EOF - echo "$ac_t""yes" 1>&6 + + echo "$as_me:1820: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +else + echo "$as_me:1823: result: no" >&5 +echo "${ECHO_T}no" >&6 fi +echo "$as_me:1827: checking whether to send mail when user listed but not for this host" >&5 +echo $ECHO_N "checking whether to send mail when user listed but not for this host... $ECHO_C" >&6 -echo $ac_n "checking whether to send mail when user listed but not for this host""... $ac_c" 1>&6 -echo "configure:1375: checking whether to send mail when user listed but not for this host" >&5 # Check whether --with-mail-if-no-host or --without-mail-if-no-host was given. if test "${with_mail_if_no_host+set}" = set; then withval="$with_mail_if_no_host" - case $with_mail_if_no_host in - yes) cat >> confdefs.h <<\EOF -#define SEND_MAIL_WHEN_NO_HOST 1 -EOF - - echo "$ac_t""yes" 1>&6 + case $with_mail_if_no_host in + yes) mail_no_host=on ;; - no) echo "$ac_t""no" 1>&6 + no) mail_no_host=off ;; - *) { echo "configure: error: "unknown argument to --with-mail-if-no-host: $with_mail_if_no_host"" 1>&2; exit 1; } + *) { { echo "$as_me:1838: error: \"--with-mail-if-no-host does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-mail-if-no-host does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac +fi; +if test "$mail_no_host" = "on"; then + +cat >>confdefs.h <<\EOF +#define SEND_MAIL_WHEN_NO_HOST 1 +EOF + + echo "$as_me:1850: result: yes" >&5 +echo "${ECHO_T}yes" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:1853: result: no" >&5 +echo "${ECHO_T}no" >&6 fi +echo "$as_me:1857: checking whether to send mail when a user tries a disallowed command" >&5 +echo $ECHO_N "checking whether to send mail when a user tries a disallowed command... $ECHO_C" >&6 -echo $ac_n "checking whether to send mail when a user tries a disallowed command""... $ac_c" 1>&6 -echo "configure:1397: checking whether to send mail when a user tries a disallowed command" >&5 # Check whether --with-mail-if-noperms or --without-mail-if-noperms was given. if test "${with_mail_if_noperms+set}" = set; then withval="$with_mail_if_noperms" - case $with_mail_if_noperms in - yes) cat >> confdefs.h <<\EOF + case $with_mail_if_noperms in + yes) mail_noperms=on + ;; + no) mail_noperms=off + ;; + *) { { echo "$as_me:1868: error: \"--with-mail-if-noperms does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-mail-if-noperms does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; +esac +fi; +if test "$mail_noperms" = "on"; then + +cat >>confdefs.h <<\EOF #define SEND_MAIL_WHEN_NOT_OK 1 EOF - echo "$ac_t""yes" 1>&6 + echo "$as_me:1880: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +else + echo "$as_me:1883: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +echo "$as_me:1887: checking who should get the mail that sudo sends" >&5 +echo $ECHO_N "checking who should get the mail that sudo sends... $ECHO_C" >&6 + +# Check whether --with-mailto or --without-mailto was given. +if test "${with_mailto+set}" = set; then + withval="$with_mailto" + case $with_mailto in + yes) { { echo "$as_me:1894: error: \"must give --with-mailto an argument.\"" >&5 +echo "$as_me: error: \"must give --with-mailto an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; - no) echo "$ac_t""no" 1>&6 + no) { { echo "$as_me:1898: error: \"--without-mailto not supported.\"" >&5 +echo "$as_me: error: \"--without-mailto not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - *) { echo "configure: error: "unknown argument to --with-mail-if-noperms: $with_mail_if_noperms"" 1>&2; exit 1; } + *) mailto=$with_mailto ;; esac -else - echo "$ac_t""no" 1>&6 -fi +fi; + +cat >>confdefs.h <&5 +echo "${ECHO_T}$mailto" >&6 + +# Check whether --with-mailsubject or --without-mailsubject was given. +if test "${with_mailsubject+set}" = set; then + withval="$with_mailsubject" + case $with_mailsubject in + yes) { { echo "$as_me:1918: error: \"must give --with-mailsubject an argument.\"" >&5 +echo "$as_me: error: \"must give --with-mailsubject an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) echo "Sorry, --without-mailsubject not supported." + ;; + *) mailsub="$with_mailsubject" + echo "$as_me:1925: checking sudo mail subject" >&5 +echo $ECHO_N "checking sudo mail subject... $ECHO_C" >&6 + echo "$as_me:1927: result: Using alert mail subject: $mailsub" >&5 +echo "${ECHO_T}Using alert mail subject: $mailsub" >&6 + ;; +esac +fi; +cat >>confdefs.h <&5 +echo $ECHO_N "checking for bad password prompt... $ECHO_C" >&6 -echo $ac_n "checking for bad password prompt""... $ac_c" 1>&6 -echo "configure:1419: checking for bad password prompt" >&5 # Check whether --with-passprompt or --without-passprompt was given. if test "${with_passprompt+set}" = set; then withval="$with_passprompt" - case $with_passprompt in - yes) { echo "configure: error: "must give --with-passprompt an argument."" 1>&2; exit 1; } + case $with_passprompt in + yes) { { echo "$as_me:1944: error: \"must give --with-passprompt an argument.\"" >&5 +echo "$as_me: error: \"must give --with-passprompt an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; no) echo "Sorry, --without-passprompt not supported." ;; - *) cat >> confdefs.h <&6 - ;; + *) passprompt="$with_passprompt" esac -else - cat >> confdefs.h <<\EOF -#define PASSPROMPT "Password:" +fi; +echo "$as_me:1953: result: $passprompt" >&5 +echo "${ECHO_T}$passprompt" >&6 + +cat >>confdefs.h <&6 -fi +echo "$as_me:1960: checking for bad password message" >&5 +echo $ECHO_N "checking for bad password message... $ECHO_C" >&6 -echo $ac_n "checking for bad password message""... $ac_c" 1>&6 -echo "configure:1444: checking for bad password message" >&5 # Check whether --with-badpass-message or --without-badpass-message was given. if test "${with_badpass_message+set}" = set; then withval="$with_badpass_message" - case $with_badpass_message in - yes) { echo "configure: error: "Must give --with-badpass-message an argument."" 1>&2; exit 1; } + case $with_badpass_message in + yes) { { echo "$as_me:1967: error: \"Must give --with-badpass-message an argument.\"" >&5 +echo "$as_me: error: \"Must give --with-badpass-message an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; no) echo "Sorry, --without-badpass-message not supported." ;; - *) cat >> confdefs.h <&6 + *) badpass_message="$with_badpass_message" ;; esac -else - cat >> confdefs.h <<\EOF -#define INCORRECT_PASSWORD "Sorry, try again." +fi; + +cat >>confdefs.h <&6 -fi +echo "$as_me:1982: result: $badpass_message" >&5 +echo "${ECHO_T}$badpass_message" >&6 + +echo "$as_me:1985: checking whether to expect fully qualified hosts in sudoers" >&5 +echo $ECHO_N "checking whether to expect fully qualified hosts in sudoers... $ECHO_C" >&6 -echo $ac_n "checking whether to expect fully qualified hosts in sudoers""... $ac_c" 1>&6 -echo "configure:1469: checking whether to expect fully qualified hosts in sudoers" >&5 # Check whether --with-fqdn or --without-fqdn was given. if test "${with_fqdn+set}" = set; then withval="$with_fqdn" - case $with_fqdn in - yes) cat >> confdefs.h <<\EOF -#define FQDN 1 -EOF - - echo "$ac_t""yes" 1>&6 + case $with_fqdn in + yes) fqdn=on ;; - no) echo "$ac_t""no" 1>&6 + no) fqdn=off ;; - *) { echo "configure: error: "--with-fqdn does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:1996: error: \"--with-fqdn does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-fqdn does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac +fi; +if test "$fqdn" = "on"; then + +cat >>confdefs.h <<\EOF +#define FQDN 1 +EOF + + echo "$as_me:2008: result: yes" >&5 +echo "${ECHO_T}yes" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:2011: result: no" >&5 +echo "${ECHO_T}no" >&6 fi - # Check whether --with-timedir or --without-timedir was given. if test "${with_timedir+set}" = set; then withval="$with_timedir" - case $with_timedir in - yes) { echo "configure: error: "must give --with-timedir an argument."" 1>&2; exit 1; } + case $with_timedir in + yes) { { echo "$as_me:2019: error: \"must give --with-timedir an argument.\"" >&5 +echo "$as_me: error: \"must give --with-timedir an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; - no) { echo "configure: error: "--without-timedir not supported."" 1>&2; exit 1; } + no) { { echo "$as_me:2023: error: \"--without-timedir not supported.\"" >&5 +echo "$as_me: error: \"--without-timedir not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-sendmail or --without-sendmail was given. if test "${with_sendmail+set}" = set; then withval="$with_sendmail" - case $with_sendmail in + case $with_sendmail in yes) with_sendmail="" ;; no) ;; - *) cat >> confdefs.h <>confdefs.h <&2; exit 1; } - ;; - no) { echo "configure: error: "--without-sudoers-mode not supported."" 1>&2; exit 1; } + case $with_sudoers_mode in + yes) { { echo "$as_me:2049: error: \"must give --with-sudoers-mode an argument.\"" >&5 +echo "$as_me: error: \"must give --with-sudoers-mode an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:2053: error: \"--without-sudoers-mode not supported.\"" >&5 +echo "$as_me: error: \"--without-sudoers-mode not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; [1-9]*) SUDOERS_MODE=0${with_sudoers_mode} ;; 0*) SUDOERS_MODE=$with_sudoers_mode ;; - *) { echo "configure: error: "you must use a numeric uid, not a name."" 1>&2; exit 1; } + *) { { echo "$as_me:2061: error: \"you must use a numeric uid, not a name.\"" >&5 +echo "$as_me: error: \"you must use a numeric uid, not a name.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-sudoers-uid or --without-sudoers-uid was given. if test "${with_sudoers_uid+set}" = set; then withval="$with_sudoers_uid" - case $with_sudoers_uid in - yes) { echo "configure: error: "must give --with-sudoers-uid an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-sudoers-uid not supported."" 1>&2; exit 1; } + case $with_sudoers_uid in + yes) { { echo "$as_me:2072: error: \"must give --with-sudoers-uid an argument.\"" >&5 +echo "$as_me: error: \"must give --with-sudoers-uid an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:2076: error: \"--without-sudoers-uid not supported.\"" >&5 +echo "$as_me: error: \"--without-sudoers-uid not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; [0-9]*) SUDOERS_UID=$with_sudoers_uid ;; - *) { echo "configure: error: "you must use a numeric uid, not a name."" 1>&2; exit 1; } + *) { { echo "$as_me:2082: error: \"you must use a numeric uid, not a name.\"" >&5 +echo "$as_me: error: \"you must use a numeric uid, not a name.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-sudoers-gid or --without-sudoers-gid was given. if test "${with_sudoers_gid+set}" = set; then withval="$with_sudoers_gid" - case $with_sudoers_gid in - yes) { echo "configure: error: "must give --with-sudoers-gid an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-sudoers-gid not supported."" 1>&2; exit 1; } + case $with_sudoers_gid in + yes) { { echo "$as_me:2093: error: \"must give --with-sudoers-gid an argument.\"" >&5 +echo "$as_me: error: \"must give --with-sudoers-gid an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:2097: error: \"--without-sudoers-gid not supported.\"" >&5 +echo "$as_me: error: \"--without-sudoers-gid not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; [0-9]*) SUDOERS_GID=$with_sudoers_gid ;; - *) { echo "configure: error: "you must use a numeric gid, not a name."" 1>&2; exit 1; } + *) { { echo "$as_me:2103: error: \"you must use a numeric gid, not a name.\"" >&5 +echo "$as_me: error: \"you must use a numeric gid, not a name.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi +fi; +echo "$as_me:2110: checking for umask programs should be run with" >&5 +echo $ECHO_N "checking for umask programs should be run with... $ECHO_C" >&6 -echo $ac_n "checking for umask programs should be run with""... $ac_c" 1>&6 -echo "configure:1569: checking for umask programs should be run with" >&5 # Check whether --with-umask or --without-umask was given. if test "${with_umask+set}" = set; then withval="$with_umask" - case $with_umask in - yes) { echo "configure: error: "must give --with-umask an argument."" 1>&2; exit 1; } + case $with_umask in + yes) { { echo "$as_me:2117: error: \"must give --with-umask an argument.\"" >&5 +echo "$as_me: error: \"must give --with-umask an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; - no) echo "$ac_t""user" 1>&6 + no) sudo_umask=0777 ;; - [0-9]*) cat >> confdefs.h <&6 + [0-9]*) sudo_umask=$with_umask ;; - *) { echo "configure: error: "you must enter a numeric mask."" 1>&2; exit 1; } + *) { { echo "$as_me:2125: error: \"you must enter a numeric mask.\"" >&5 +echo "$as_me: error: \"you must enter a numeric mask.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - cat >> confdefs.h <<\EOF -#define SUDO_UMASK 0022 +fi; + +cat >>confdefs.h <&6 + +if test "$sudo_umask" = "0777"; then + echo "$as_me:2137: result: user" >&5 +echo "${ECHO_T}user" >&6 +else + echo "$as_me:2140: result: $sudo_umask" >&5 +echo "${ECHO_T}$sudo_umask" >&6 fi +echo "$as_me:2144: checking for default user to run commands as" >&5 +echo $ECHO_N "checking for default user to run commands as... $ECHO_C" >&6 -echo $ac_n "checking for default user to run commands as""... $ac_c" 1>&6 -echo "configure:1596: checking for default user to run commands as" >&5 # Check whether --with-runas-default or --without-runas-default was given. if test "${with_runas_default+set}" = set; then withval="$with_runas_default" - case $with_runas_default in - yes) { echo "configure: error: "must give --with-runas-default an argument."" 1>&2; exit 1; } + case $with_runas_default in + yes) { { echo "$as_me:2151: error: \"must give --with-runas-default an argument.\"" >&5 +echo "$as_me: error: \"must give --with-runas-default an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; - no) { echo "configure: error: "--without-runas-default not supported."" 1>&2; exit 1; } + no) { { echo "$as_me:2155: error: \"--without-runas-default not supported.\"" >&5 +echo "$as_me: error: \"--without-runas-default not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - *) cat >> confdefs.h <&6 + *) runas_default="$with_runas_default" ;; esac -else - cat >> confdefs.h <<\EOF -#define RUNAS_DEFAULT "root" +fi; + +cat >>confdefs.h <&6 -fi +echo "$as_me:2168: result: $runas_default" >&5 +echo "${ECHO_T}$runas_default" >&6 # Check whether --with-exempt or --without-exempt was given. if test "${with_exempt+set}" = set; then withval="$with_exempt" - case $with_exempt in - yes) { echo "configure: error: "must give --with-exempt an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-exempt not supported."" 1>&2; exit 1; } + case $with_exempt in + yes) { { echo "$as_me:2175: error: \"must give --with-exempt an argument.\"" >&5 +echo "$as_me: error: \"must give --with-exempt an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:2179: error: \"--without-exempt not supported.\"" >&5 +echo "$as_me: error: \"--without-exempt not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - *) cat >> confdefs.h <>confdefs.h <&6 -echo "configure:1633: checking for group to be exempt from password" >&5 - echo "$ac_t""$with_exempt" 1>&6 + echo "$as_me:2188: checking for group to be exempt from password" >&5 +echo $ECHO_N "checking for group to be exempt from password... $ECHO_C" >&6 + echo "$as_me:2190: result: $with_exempt" >&5 +echo "${ECHO_T}$with_exempt" >&6 ;; esac -fi +fi; +echo "$as_me:2196: checking for editor that visudo should use" >&5 +echo $ECHO_N "checking for editor that visudo should use... $ECHO_C" >&6 -echo $ac_n "checking for editor that visudo should use""... $ac_c" 1>&6 -echo "configure:1641: checking for editor that visudo should use" >&5 # Check whether --with-editor or --without-editor was given. if test "${with_editor+set}" = set; then withval="$with_editor" - case $with_editor in - yes) { echo "configure: error: "must give --with-editor an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-editor not supported."" 1>&2; exit 1; } + case $with_editor in + yes) { { echo "$as_me:2203: error: \"must give --with-editor an argument.\"" >&5 +echo "$as_me: error: \"must give --with-editor an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + no) { { echo "$as_me:2207: error: \"--without-editor not supported.\"" >&5 +echo "$as_me: error: \"--without-editor not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - *) cat >> confdefs.h <>confdefs.h <&6 + echo "$as_me:2216: result: $with_editor" >&5 +echo "${ECHO_T}$with_editor" >&6 ;; esac else - cat >> confdefs.h <<\EOF + cat >>confdefs.h <<\EOF #define EDITOR _PATH_VI EOF - echo "$ac_t""vi" 1>&6 -fi + echo "$as_me:2224: result: vi" >&5 +echo "${ECHO_T}vi" >&6 +fi; +echo "$as_me:2228: checking whether to obey EDITOR and VISUAL environment variables" >&5 +echo $ECHO_N "checking whether to obey EDITOR and VISUAL environment variables... $ECHO_C" >&6 -echo $ac_n "checking whether to obey EDITOR and VISUAL environment variables""... $ac_c" 1>&6 -echo "configure:1666: checking whether to obey EDITOR and VISUAL environment variables" >&5 # Check whether --with-env-editor or --without-env-editor was given. if test "${with_env_editor+set}" = set; then withval="$with_env_editor" - case $with_env_editor in - yes) cat >> confdefs.h <<\EOF -#define ENV_EDITOR 1 -EOF - - echo "$ac_t""yes" 1>&6 + case $with_env_editor in + yes) env_editor=on ;; - no) echo "$ac_t""no" 1>&6 + no) env_editor=off ;; - *) { echo "configure: error: "--with-env-editor does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2239: error: \"--with-env-editor does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-env-editor does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac +fi; +if test "$env_editor" = "on"; then + +cat >>confdefs.h <<\EOF +#define ENV_EDITOR 1 +EOF + + echo "$as_me:2251: result: yes" >&5 +echo "${ECHO_T}yes" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:2254: result: no" >&5 +echo "${ECHO_T}no" >&6 fi +echo "$as_me:2258: checking number of tries a user gets to enter their password" >&5 +echo $ECHO_N "checking number of tries a user gets to enter their password... $ECHO_C" >&6 -echo $ac_n "checking number of tries a user gets to enter their password""... $ac_c" 1>&6 -echo "configure:1688: checking number of tries a user gets to enter their password" >&5 # Check whether --with-passwd-tries or --without-passwd-tries was given. if test "${with_passwd_tries+set}" = set; then withval="$with_passwd_tries" - case $with_passwd_tries in - yes) cat >> confdefs.h <<\EOF -#define TRIES_FOR_PASSWORD 3 -EOF - - echo "$ac_t""3" 1>&6 - ;; - no) { echo "configure: error: "--without-editor not supported."" 1>&2; exit 1; } + case $with_passwd_tries in + yes) ;; + no) { { echo "$as_me:2266: error: \"--without-editor not supported.\"" >&5 +echo "$as_me: error: \"--without-editor not supported.\"" >&2;} + { (exit 1); exit 1; }; } ;; - [1-9]*) cat >> confdefs.h <&6 + [1-9]*) passwd_tries=$with_passwd_tries ;; - *) { echo "configure: error: "you must enter the numer of tries, > 0"" 1>&2; exit 1; } + *) { { echo "$as_me:2272: error: \"you must enter the numer of tries, > 0\"" >&5 +echo "$as_me: error: \"you must enter the numer of tries, > 0\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - cat >> confdefs.h <<\EOF -#define TRIES_FOR_PASSWORD 3 +fi; + +cat >>confdefs.h <&6 -fi +echo "$as_me:2283: result: $passwd_tries" >&5 +echo "${ECHO_T}$passwd_tries" >&6 + +echo "$as_me:2286: checking time in minutes after which sudo will ask for a password again" >&5 +echo $ECHO_N "checking time in minutes after which sudo will ask for a password again... $ECHO_C" >&6 -echo $ac_n "checking time in minutes after which sudo will ask for a password again""... $ac_c" 1>&6 -echo "configure:1719: checking time in minutes after which sudo will ask for a password again" >&5 # Check whether --with-timeout or --without-timeout was given. if test "${with_timeout+set}" = set; then withval="$with_timeout" - echo $with_timeout; case $with_timeout in - yes) cat >> confdefs.h <<\EOF -#define TIMEOUT 5 -EOF - - echo "$ac_t""5" 1>&6 - ;; - no) cat >> confdefs.h <<\EOF -#define TIMEOUT 0 -EOF - - echo "$ac_t""no timeout" 1>&6 + echo $with_timeout; case $with_timeout in + yes) ;; + no) timeout=0 ;; - [0-9]*) cat >> confdefs.h <&6 + [0-9]*) timeout=$with_timeout ;; - *) { echo "configure: error: "you must enter the numer of minutes."" 1>&2; exit 1; } + *) { { echo "$as_me:2298: error: \"you must enter the numer of minutes.\"" >&5 +echo "$as_me: error: \"you must enter the numer of minutes.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - cat >> confdefs.h <<\EOF -#define TIMEOUT 5 +fi; + +cat >>confdefs.h <&6 -fi +echo "$as_me:2309: result: $timeout" >&5 +echo "${ECHO_T}$timeout" >&6 + +echo "$as_me:2312: checking time in minutes after the password prompt will time out" >&5 +echo $ECHO_N "checking time in minutes after the password prompt will time out... $ECHO_C" >&6 -echo $ac_n "checking time in minutes after the password prompt will time out""... $ac_c" 1>&6 -echo "configure:1754: checking time in minutes after the password prompt will time out" >&5 # Check whether --with-password-timeout or --without-password-timeout was given. if test "${with_password_timeout+set}" = set; then withval="$with_password_timeout" - case $with_password_timeout in - yes) cat >> confdefs.h <<\EOF -#define PASSWORD_TIMEOUT 5 -EOF - - echo "$ac_t""5" 1>&6 - ;; - no) cat >> confdefs.h <<\EOF -#define PASSWORD_TIMEOUT 0 -EOF - - echo "$ac_t""no timeout" 1>&6 + case $with_password_timeout in + yes) ;; + no) password_timeout=0 ;; - [0-9]*) cat >> confdefs.h <&6 + [0-9]*) password_timeout=$with_password_timeout ;; - *) { echo "configure: error: "you must enter the numer of minutes."" 1>&2; exit 1; } + *) { { echo "$as_me:2324: error: \"you must enter the numer of minutes.\"" >&5 +echo "$as_me: error: \"you must enter the numer of minutes.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - cat >> confdefs.h <<\EOF -#define PASSWORD_TIMEOUT 5 +fi; + +cat >>confdefs.h <&6 -fi +echo "$as_me:2335: result: $password_timeout" >&5 +echo "${ECHO_T}$password_timeout" >&6 -echo $ac_n "checking whether to use execvp or execv""... $ac_c" 1>&6 -echo "configure:1789: checking whether to use execvp or execv" >&5 # Check whether --with-execv or --without-execv was given. if test "${with_execv+set}" = set; then withval="$with_execv" - case $with_execv in - yes) cat >> confdefs.h <<\EOF + case $with_execv in + yes) echo "$as_me:2342: checking whether to use execvp or execv" >&5 +echo $ECHO_N "checking whether to use execvp or execv... $ECHO_C" >&6 + echo "$as_me:2344: result: execv" >&5 +echo "${ECHO_T}execv" >&6 + +cat >>confdefs.h <<\EOF #define USE_EXECV 1 EOF - echo "$ac_t""execv" 1>&6 ;; - no) echo "$ac_t""execvp" 1>&6 - ;; - *) { echo "configure: error: "--with-execv does not take an argument."" 1>&2; exit 1; } + no) ;; + *) { { echo "$as_me:2353: error: \"--with-execv does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-execv does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -else - echo "$ac_t""execvp" 1>&6 -fi +fi; +echo "$as_me:2360: checking whether to use per-tty ticket files" >&5 +echo $ECHO_N "checking whether to use per-tty ticket files... $ECHO_C" >&6 -echo $ac_n "checking whether to use per-tty ticket files""... $ac_c" 1>&6 -echo "configure:1811: checking whether to use per-tty ticket files" >&5 # Check whether --with-tty-tickets or --without-tty-tickets was given. if test "${with_tty_tickets+set}" = set; then withval="$with_tty_tickets" - case $with_tty_tickets in - yes) cat >> confdefs.h <<\EOF -#define USE_TTY_TICKETS 1 -EOF - - echo "$ac_t""yes" 1>&6 + case $with_tty_tickets in + yes) tty_tickets=on ;; - no) echo "$ac_t""no" 1>&6 + no) tty_tickets=off ;; - *) { echo "configure: error: "--with-tty-tickets does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2371: error: \"--with-tty-tickets does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-tty-tickets does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac +fi; +if test "$tty_tickets" = "on"; then + +cat >>confdefs.h <<\EOF +#define USE_TTY_TICKETS 1 +EOF + + echo "$as_me:2383: result: yes" >&5 +echo "${ECHO_T}yes" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:2386: result: no" >&5 +echo "${ECHO_T}no" >&6 fi +echo "$as_me:2390: checking whether to include insults" >&5 +echo $ECHO_N "checking whether to include insults... $ECHO_C" >&6 -echo $ac_n "checking whether to include insults""... $ac_c" 1>&6 -echo "configure:1833: checking whether to include insults" >&5 # Check whether --with-insults or --without-insults was given. if test "${with_insults+set}" = set; then withval="$with_insults" - case $with_insults in - yes) cat >> confdefs.h <<\EOF -#define USE_INSULTS 1 -EOF - - echo "$ac_t""yes" 1>&6 + case $with_insults in + yes) insults=on with_classic_insults=yes with_csops_insults=yes ;; - no) echo "$ac_t""no" 1>&6 + no) insults=off ;; - *) { echo "configure: error: "--with-insults does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2403: error: \"--with-insults does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-insults does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac +fi; +if test "$insults" = "on"; then + +cat >>confdefs.h <<\EOF +#define USE_INSULTS 1 +EOF + + echo "$as_me:2415: result: yes" >&5 +echo "${ECHO_T}yes" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:2418: result: no" >&5 +echo "${ECHO_T}no" >&6 fi - # Check whether --with-all-insults or --without-all-insults was given. if test "${with_all_insults+set}" = set; then withval="$with_all_insults" - case $with_all_insults in + case $with_all_insults in yes) with_classic_insults=yes with_csops_insults=yes with_hal_insults=yes with_goons_insults=yes ;; no) ;; - *) { echo "configure: error: "--with-all-insults does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2432: error: \"--with-all-insults does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-all-insults does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-classic-insults or --without-classic-insults was given. if test "${with_classic_insults+set}" = set; then withval="$with_classic_insults" - case $with_classic_insults in - yes) cat >> confdefs.h <<\EOF + case $with_classic_insults in + yes) +cat >>confdefs.h <<\EOF #define CLASSIC_INSULTS 1 EOF ;; no) ;; - *) { echo "configure: error: "--with-classic-insults does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2450: error: \"--with-classic-insults does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-classic-insults does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-csops-insults or --without-csops-insults was given. if test "${with_csops_insults+set}" = set; then withval="$with_csops_insults" - case $with_csops_insults in - yes) cat >> confdefs.h <<\EOF + case $with_csops_insults in + yes) +cat >>confdefs.h <<\EOF #define CSOPS_INSULTS 1 EOF ;; no) ;; - *) { echo "configure: error: "--with-csops-insults does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2468: error: \"--with-csops-insults does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-csops-insults does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-hal-insults or --without-hal-insults was given. if test "${with_hal_insults+set}" = set; then withval="$with_hal_insults" - case $with_hal_insults in - yes) cat >> confdefs.h <<\EOF + case $with_hal_insults in + yes) +cat >>confdefs.h <<\EOF #define HAL_INSULTS 1 EOF ;; no) ;; - *) { echo "configure: error: "--with-hal-insults does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2486: error: \"--with-hal-insults does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-hal-insults does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi - +fi; # Check whether --with-goons-insults or --without-goons-insults was given. if test "${with_goons_insults+set}" = set; then withval="$with_goons_insults" - case $with_goons_insults in - yes) cat >> confdefs.h <<\EOF + case $with_goons_insults in + yes) +cat >>confdefs.h <<\EOF #define GOONS_INSULTS 1 EOF ;; no) ;; - *) { echo "configure: error: "--with-goons-insults does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2504: error: \"--with-goons-insults does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-goons-insults does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac -fi +fi; - -if test "$with_insults" = "yes"; then - echo $ac_n "checking which insult sets to include""... $ac_c" 1>&6 -echo "configure:1938: checking which insult sets to include" >&5 +if test "$insults" = "on"; then + echo "$as_me:2512: checking which insult sets to include" >&5 +echo $ECHO_N "checking which insult sets to include... $ECHO_C" >&6 i="" test "$with_goons_insults" = "yes" && i="goons ${i}" test "$with_hal_insults" = "yes" && i="hal ${i}" test "$with_csops_insults" = "yes" && i="csops ${i}" test "$with_classic_insults" = "yes" && i="classic ${i}" - echo "$ac_t""$i" 1>&6 + echo "$as_me:2519: result: $i" >&5 +echo "${ECHO_T}$i" >&6 fi -echo $ac_n "checking whether to override the user's path""... $ac_c" 1>&6 -echo "configure:1948: checking whether to override the user's path" >&5 +echo "$as_me:2523: checking whether to override the user's path" >&5 +echo $ECHO_N "checking whether to override the user's path... $ECHO_C" >&6 + # Check whether --with-secure-path or --without-secure-path was given. if test "${with_secure_path+set}" = set; then withval="$with_secure_path" - case $with_secure_path in - yes) cat >> confdefs.h <>confdefs.h <&6 + echo "$as_me:2535: result: :/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" >&5 +echo "${ECHO_T}:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" >&6 ;; - no) echo "$ac_t""no" 1>&6 + no) echo "$as_me:2538: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - *) cat >> confdefs.h <>confdefs.h <&6 + echo "$as_me:2545: result: $with_secure_path" >&5 +echo "${ECHO_T}$with_secure_path" >&6 ;; esac else - echo "$ac_t""no" 1>&6 -fi + echo "$as_me:2550: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; +echo "$as_me:2554: checking whether to get ip addresses from the network interfaces" >&5 +echo $ECHO_N "checking whether to get ip addresses from the network interfaces... $ECHO_C" >&6 -echo $ac_n "checking whether to get ip addresses from the network interfaces""... $ac_c" 1>&6 -echo "configure:1974: checking whether to get ip addresses from the network interfaces" >&5 # Check whether --with-interfaces or --without-interfaces was given. if test "${with_interfaces+set}" = set; then withval="$with_interfaces" - case $with_interfaces in - yes) echo "$ac_t""yes" 1>&6 + case $with_interfaces in + yes) echo "$as_me:2561: result: yes" >&5 +echo "${ECHO_T}yes" >&6 ;; - no) cat >> confdefs.h <<\EOF + no) +cat >>confdefs.h <<\EOF #define STUB_LOAD_INTERFACES 1 EOF - echo "$ac_t""no" 1>&6 + echo "$as_me:2569: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - *) { echo "configure: error: "--with-interfaces does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2572: error: \"--with-interfaces does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-interfaces does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac else - echo "$ac_t""yes" 1>&6 -fi - - + echo "$as_me:2578: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +fi; -echo $ac_n "checking whether to do user authentication by default""... $ac_c" 1>&6 -echo "configure:1997: checking whether to do user authentication by default" >&5 +echo "$as_me:2582: checking whether to do user authentication by default" >&5 +echo $ECHO_N "checking whether to do user authentication by default... $ECHO_C" >&6 # Check whether --enable-authentication or --disable-authentication was given. if test "${enable_authentication+set}" = set; then enableval="$enable_authentication" case "$enableval" in - yes) echo "$ac_t""yes" 1>&6 + yes) echo "$as_me:2588: result: yes" >&5 +echo "${ECHO_T}yes" >&6 ;; - no) echo "$ac_t""no" 1>&6 - cat >> confdefs.h <<\EOF + no) echo "$as_me:2591: result: no" >&5 +echo "${ECHO_T}no" >&6 + +cat >>confdefs.h <<\EOF #define NO_AUTHENTICATION 1 EOF ;; - *) echo "$ac_t""no" 1>&6 + *) echo "$as_me:2599: result: no" >&5 +echo "${ECHO_T}no" >&6 echo "Ignoring unknown argument to --enable-authentication: $enableval" ;; esac else - echo "$ac_t""yes" 1>&6 -fi + echo "$as_me:2606: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +fi; + +echo "$as_me:2610: checking whether to disable running the mailer as root" >&5 +echo $ECHO_N "checking whether to disable running the mailer as root... $ECHO_C" >&6 +# Check whether --enable-root-mailer or --disable-root-mailer was given. +if test "${enable_root_mailer+set}" = set; then + enableval="$enable_root_mailer" + case "$enableval" in + yes) echo "$as_me:2616: result: no" >&5 +echo "${ECHO_T}no" >&6 + ;; + no) echo "$as_me:2619: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +cat >>confdefs.h <<\EOF +#define NO_ROOT_MAILER 1 +EOF + + ;; + *) echo "$as_me:2627: result: no" >&5 +echo "${ECHO_T}no" >&6 + echo "Ignoring unknown argument to --enable-root-mailer: $enableval" + ;; + esac + +else + echo "$as_me:2634: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; + +echo "$as_me:2638: checking whether to disable use of POSIX saved ids" >&5 +echo $ECHO_N "checking whether to disable use of POSIX saved ids... $ECHO_C" >&6 +# Check whether --enable-saved-ids or --disable-saved-ids was given. +if test "${enable_saved_ids+set}" = set; then + enableval="$enable_saved_ids" + case "$enableval" in + yes) echo "$as_me:2644: result: no" >&5 +echo "${ECHO_T}no" >&6 + ;; + no) echo "$as_me:2647: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +cat >>confdefs.h <<\EOF +#define NO_SAVED_IDS 1 +EOF + ;; + *) echo "$as_me:2655: result: no" >&5 +echo "${ECHO_T}no" >&6 + echo "Ignoring unknown argument to --enable-saved-ids: $enableval" + ;; + esac + +else + echo "$as_me:2662: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; -echo $ac_n "checking whether to disable shadow password support""... $ac_c" 1>&6 -echo "configure:2021: checking whether to disable shadow password support" >&5 +echo "$as_me:2666: checking whether to disable shadow password support" >&5 +echo $ECHO_N "checking whether to disable shadow password support... $ECHO_C" >&6 # Check whether --enable-shadow or --disable-shadow was given. if test "${enable_shadow+set}" = set; then enableval="$enable_shadow" case "$enableval" in - yes) echo "$ac_t""no" 1>&6 + yes) echo "$as_me:2672: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - no) echo "$ac_t""yes" 1>&6 + no) echo "$as_me:2675: result: yes" >&5 +echo "${ECHO_T}yes" >&6 CHECKSHADOW="false" ;; - *) echo "$ac_t""no" 1>&6 + *) echo "$as_me:2679: result: no" >&5 +echo "${ECHO_T}no" >&6 echo "Ignoring unknown argument to --enable-shadow: $enableval" ;; esac else - echo "$ac_t""no" 1>&6 -fi + echo "$as_me:2686: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; - -echo $ac_n "checking whether root should be allowed to use sudo""... $ac_c" 1>&6 -echo "configure:2042: checking whether root should be allowed to use sudo" >&5 +echo "$as_me:2690: checking whether root should be allowed to use sudo" >&5 +echo $ECHO_N "checking whether root should be allowed to use sudo... $ECHO_C" >&6 # Check whether --enable-root-sudo or --disable-root-sudo was given. if test "${enable_root_sudo+set}" = set; then enableval="$enable_root_sudo" - case "$enableval" in - yes) echo "$ac_t""yes" 1>&6 + case "$enableval" in + yes) echo "$as_me:2696: result: yes" >&5 +echo "${ECHO_T}yes" >&6 ;; - no) cat >> confdefs.h <<\EOF + no) +cat >>confdefs.h <<\EOF #define NO_ROOT_SUDO 1 EOF - echo "$ac_t""no" 1>&6 + echo "$as_me:2704: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - *) { echo "configure: error: "--enable-root-sudo does not take an argument."" 1>&2; exit 1; } + *) { { echo "$as_me:2707: error: \"--enable-root-sudo does not take an argument.\"" >&5 +echo "$as_me: error: \"--enable-root-sudo does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } ;; esac else - echo "$ac_t""yes" 1>&6 -fi - + echo "$as_me:2714: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +fi; -echo $ac_n "checking whether to log the hostname in the log file""... $ac_c" 1>&6 -echo "configure:2065: checking whether to log the hostname in the log file" >&5 +echo "$as_me:2718: checking whether to log the hostname in the log file" >&5 +echo $ECHO_N "checking whether to log the hostname in the log file... $ECHO_C" >&6 # Check whether --enable-log-host or --disable-log-host was given. if test "${enable_log_host+set}" = set; then enableval="$enable_log_host" case "$enableval" in - yes) echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + yes) echo "$as_me:2724: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +cat >>confdefs.h <<\EOF #define HOST_IN_LOG 1 EOF ;; - no) echo "$ac_t""no" 1>&6 + no) echo "$as_me:2732: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - *) echo "$ac_t""no" 1>&6 + *) echo "$as_me:2735: result: no" >&5 +echo "${ECHO_T}no" >&6 echo "Ignoring unknown argument to --enable-log-host: $enableval" ;; esac else - echo "$ac_t""no" 1>&6 -fi + echo "$as_me:2742: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; - -echo $ac_n "checking whether to invoke a shell if sudo is given no arguments""... $ac_c" 1>&6 -echo "configure:2089: checking whether to invoke a shell if sudo is given no arguments" >&5 +echo "$as_me:2746: checking whether to invoke a shell if sudo is given no arguments" >&5 +echo $ECHO_N "checking whether to invoke a shell if sudo is given no arguments... $ECHO_C" >&6 # Check whether --enable-noargs-shell or --disable-noargs-shell was given. if test "${enable_noargs_shell+set}" = set; then enableval="$enable_noargs_shell" case "$enableval" in - yes) echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + yes) echo "$as_me:2752: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +cat >>confdefs.h <<\EOF #define SHELL_IF_NO_ARGS 1 EOF ;; - no) echo "$ac_t""no" 1>&6 + no) echo "$as_me:2760: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - *) echo "$ac_t""no" 1>&6 + *) echo "$as_me:2763: result: no" >&5 +echo "${ECHO_T}no" >&6 echo "Ignoring unknown argument to --enable-noargs-shell: $enableval" ;; esac else - echo "$ac_t""no" 1>&6 -fi - + echo "$as_me:2770: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; -echo $ac_n "checking whether to set \$HOME to target user in shell mode""... $ac_c" 1>&6 -echo "configure:2113: checking whether to set \$HOME to target user in shell mode" >&5 +echo "$as_me:2774: checking whether to set \$HOME to target user in shell mode" >&5 +echo $ECHO_N "checking whether to set \$HOME to target user in shell mode... $ECHO_C" >&6 # Check whether --enable-shell-sets-home or --disable-shell-sets-home was given. if test "${enable_shell_sets_home+set}" = set; then enableval="$enable_shell_sets_home" case "$enableval" in - yes) echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + yes) echo "$as_me:2780: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +cat >>confdefs.h <<\EOF #define SHELL_SETS_HOME 1 EOF ;; - no) echo "$ac_t""no" 1>&6 + no) echo "$as_me:2788: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - *) echo "$ac_t""no" 1>&6 + *) echo "$as_me:2791: result: no" >&5 +echo "${ECHO_T}no" >&6 echo "Ignoring unknown argument to --enable-shell-sets-home: $enableval" ;; esac else - echo "$ac_t""no" 1>&6 -fi - + echo "$as_me:2798: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; -echo $ac_n "checking whether to disable 'command not found' messages""... $ac_c" 1>&6 -echo "configure:2137: checking whether to disable 'command not found' messages" >&5 +echo "$as_me:2802: checking whether to disable 'command not found' messages" >&5 +echo $ECHO_N "checking whether to disable 'command not found' messages... $ECHO_C" >&6 # Check whether --enable-path_info or --disable-path_info was given. if test "${enable_path_info+set}" = set; then enableval="$enable_path_info" case "$enableval" in - yes) echo "$ac_t""no" 1>&6 + yes) echo "$as_me:2808: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - no) echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + no) echo "$as_me:2811: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +cat >>confdefs.h <<\EOF #define DONT_LEAK_PATH_INFO 1 EOF ;; - *) echo "$ac_t""no" 1>&6 + *) echo "$as_me:2819: result: no" >&5 +echo "${ECHO_T}no" >&6 echo "Ignoring unknown argument to --enable-path-info: $enableval" ;; esac else - echo "$ac_t""no" 1>&6 -fi - + echo "$as_me:2826: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; # Extract the first word of "egrep", so it can be a program name with args. set dummy egrep; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2163: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_EGREPPROG'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:2832: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_EGREPPROG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$EGREPPROG"; then ac_cv_prog_EGREPPROG="$EGREPPROG" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_EGREPPROG="egrep" - break - fi - done - IFS="$ac_save_ifs" + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_EGREPPROG="egrep" +echo "$as_me:2847: found $ac_dir/$ac_word" >&5 +break +done + fi fi -EGREPPROG="$ac_cv_prog_EGREPPROG" +EGREPPROG=$ac_cv_prog_EGREPPROG if test -n "$EGREPPROG"; then - echo "$ac_t""$EGREPPROG" 1>&6 + echo "$as_me:2855: result: $EGREPPROG" >&5 +echo "${ECHO_T}$EGREPPROG" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:2858: result: no" >&5 +echo "${ECHO_T}no" >&6 fi if test -z "$EGREPPROG"; then @@ -2189,262 +2864,1025 @@ exit fi -ac_cv_prog_cc_cross="no" -cross_compiling="no" -# Extract the first word of "gcc", so it can be a program name with args. +if test "$with_devel" != "yes"; then + ac_cv_prog_cc_g=no +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:2879: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_CC="${ac_tool_prefix}gcc" +echo "$as_me:2894: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:2902: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:2905: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2198: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:2914: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_ac_ct_CC="gcc" +echo "$as_me:2929: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:2937: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:2940: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:2953: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_CC="gcc" - break - fi - done - IFS="$ac_save_ifs" + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_CC="${ac_tool_prefix}cc" +echo "$as_me:2968: found $ac_dir/$ac_word" >&5 +break +done + fi fi -CC="$ac_cv_prog_CC" +CC=$ac_cv_prog_CC if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 + echo "$as_me:2976: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:2979: result: no" >&5 +echo "${ECHO_T}no" >&6 fi +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:2988: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_ac_ct_CC="cc" +echo "$as_me:3003: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:3011: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:3014: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2227: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:3027: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" ac_prog_rejected=no - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - break - fi - done - IFS="$ac_save_ifs" + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue +fi +ac_cv_prog_CC="cc" +echo "$as_me:3047: found $ac_dir/$ac_word" >&5 +break +done + if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift - if test $# -gt 0; then + if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift - set dummy "$ac_dir/$ac_word" "$@" + set dummy "$ac_dir/$ac_word" ${1+"$@"} shift ac_cv_prog_CC="$@" fi fi fi fi -CC="$ac_cv_prog_CC" +CC=$ac_cv_prog_CC if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 + echo "$as_me:3069: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:3072: result: no" >&5 +echo "${ECHO_T}no" >&6 fi - test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:3083: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_CC="$ac_tool_prefix$ac_prog" +echo "$as_me:3098: found $ac_dir/$ac_word" >&5 +break +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:3106: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:3109: result: no" >&5 +echo "${ECHO_T}no" >&6 fi -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:2275: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:3122: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_ac_ct_CC="$ac_prog" +echo "$as_me:3137: found $ac_dir/$ac_word" >&5 +break +done -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - ac_cv_prog_cc_works=yes - # If we can't run a trivial program, we are probably using a cross compiler. - if (./conftest; exit) 2>/dev/null; then - ac_cv_prog_cc_cross=no +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:3145: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:3148: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$ac_ct_CC" && break +done + + CC=$ac_ct_CC +fi + +fi + +test -z "$CC" && { { echo "$as_me:3160: error: no acceptable cc found in \$PATH" >&5 +echo "$as_me: error: no acceptable cc found in \$PATH" >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:3165:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:3168: \"$ac_compiler --version &5\"") >&5 + (eval $ac_compiler --version &5) 2>&5 + ac_status=$? + echo "$as_me:3171: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:3173: \"$ac_compiler -v &5\"") >&5 + (eval $ac_compiler -v &5) 2>&5 + ac_status=$? + echo "$as_me:3176: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:3178: \"$ac_compiler -V &5\"") >&5 + (eval $ac_compiler -V &5) 2>&5 + ac_status=$? + echo "$as_me:3181: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +#line 3185 "configure" +#include "confdefs.h" + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.exe" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +echo "$as_me:3201: checking for C compiler default output" >&5 +echo $ECHO_N "checking for C compiler default output... $ECHO_C" >&6 +ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if { (eval echo "$as_me:3204: \"$ac_link_default\"") >&5 + (eval $ac_link_default) 2>&5 + ac_status=$? + echo "$as_me:3207: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Find the output, starting from the most likely. This scheme is +# not robust to junk in `.', hence go to wildcards (a.*) only as a last +# resort. +for ac_file in `ls a.exe conftest.exe 2>/dev/null; + ls a.out conftest 2>/dev/null; + ls a.* conftest.* 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb ) ;; + a.out ) # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + # FIXME: I believe we export ac_cv_exeext for Libtool --akim. + export ac_cv_exeext + break;; + * ) break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +{ { echo "$as_me:3230: error: C compiler cannot create executables" >&5 +echo "$as_me: error: C compiler cannot create executables" >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext +echo "$as_me:3236: result: $ac_file" >&5 +echo "${ECHO_T}$ac_file" >&6 + +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:3241: checking whether the C compiler works" >&5 +echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (eval echo "$as_me:3247: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3250: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no else - ac_cv_prog_cc_cross=yes + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { echo "$as_me:3257: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'." >&5 +echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'." >&2;} + { (exit 1); exit 1; }; } + fi fi -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - ac_cv_prog_cc_works=no fi -rm -fr conftest* +echo "$as_me:3265: result: yes" >&5 +echo "${ECHO_T}yes" >&6 -echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 -if test $ac_cv_prog_cc_works = no; then - { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } +rm -f a.out a.exe conftest$ac_cv_exeext +ac_clean_files=$ac_clean_files_save +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:3272: checking whether we are cross compiling" >&5 +echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 +echo "$as_me:3274: result: $cross_compiling" >&5 +echo "${ECHO_T}$cross_compiling" >&6 + +echo "$as_me:3277: checking for executable suffix" >&5 +echo $ECHO_N "checking for executable suffix... $ECHO_C" >&6 +if { (eval echo "$as_me:3279: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:3282: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in `(ls conftest.exe; ls conftest; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + export ac_cv_exeext + break;; + * ) break;; + esac +done +else + { { echo "$as_me:3298: error: cannot compute EXEEXT: cannot compile and link" >&5 +echo "$as_me: error: cannot compute EXEEXT: cannot compile and link" >&2;} + { (exit 1); exit 1; }; } fi -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:2309: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 -echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 -cross_compiling=$ac_cv_prog_cc_cross -echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:2314: checking whether we are using GNU C" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +rm -f conftest$ac_cv_exeext +echo "$as_me:3304: result: $ac_cv_exeext" >&5 +echo "${ECHO_T}$ac_cv_exeext" >&6 + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +echo "$as_me:3310: checking for object suffix" >&5 +echo $ECHO_N "checking for object suffix... $ECHO_C" >&6 +if test "${ac_cv_objext+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then - ac_cv_prog_gcc=yes + cat >conftest.$ac_ext <<_ACEOF +#line 3316 "configure" +#include "confdefs.h" + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (eval echo "$as_me:3328: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3331: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done else - ac_cv_prog_gcc=no + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +{ { echo "$as_me:3343: error: cannot compute OBJEXT: cannot compile" >&5 +echo "$as_me: error: cannot compute OBJEXT: cannot compile" >&2;} + { (exit 1); exit 1; }; } fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext fi +echo "$as_me:3350: result: $ac_cv_objext" >&5 +echo "${ECHO_T}$ac_cv_objext" >&6 +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +echo "$as_me:3354: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 3360 "configure" +#include "confdefs.h" -echo "$ac_t""$ac_cv_prog_gcc" 1>&6 +int +main () +{ +#ifndef __GNUC__ + choke me +#endif -if test $ac_cv_prog_gcc = yes; then - GCC=yes - ac_test_CFLAGS="${CFLAGS+set}" - ac_save_CFLAGS="$CFLAGS" - CFLAGS= - echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:2338: checking whether ${CC-cc} accepts -g" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:3375: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3378: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:3381: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3384: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_compiler_gnu=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:3396: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:3402: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo 'void f(){}' > conftest.c -if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then + cat >conftest.$ac_ext <<_ACEOF +#line 3408 "configure" +#include "confdefs.h" + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:3420: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3423: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:3426: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3429: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_prog_cc_g=yes else - ac_cv_prog_cc_g=no + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_prog_cc_g=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:3439: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi fi +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:3466: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3469: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:3472: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3475: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + ''\ + '#include ' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +#line 3487 "configure" +#include "confdefs.h" +#include +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:3500: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3503: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:3506: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3509: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +continue +fi +rm -f conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +#line 3519 "configure" +#include "confdefs.h" +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:3531: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3534: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:3537: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3540: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f conftest.$ac_objext conftest.$ac_ext +done rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 fi +rm -f conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu -echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 - if test "$ac_test_CFLAGS" = set; then - CFLAGS="$ac_save_CFLAGS" - elif test $ac_cv_prog_cc_g = yes; then - CFLAGS="-g -O2" +echo "$as_me:3567: checking for POSIXized ISC" >&5 +echo $ECHO_N "checking for POSIXized ISC... $ECHO_C" >&6 +if test -d /etc/conf/kconfig.d && + grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 +then + echo "$as_me:3572: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + ISC=yes # If later tests want to check for ISC. + +cat >>confdefs.h <<\EOF +#define _POSIX_SOURCE 1 +EOF + + if test "$GCC" = yes; then + CC="$CC -posix" else - CFLAGS="-O2" + CC="$CC -Xp" fi else - GCC= - test "${CFLAGS+set}" = set || CFLAGS="-g" + echo "$as_me:3586: result: no" >&5 +echo "${ECHO_T}no" >&6 + ISC= +fi + +ac_cv_prog_cc_cross="no" +cross_compiling="no" + +echo "$as_me:3594: checking for $CC option to accept ANSI C" >&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +#line 3602 "configure" +#include "confdefs.h" +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:3651: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:3654: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:3657: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:3660: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 fi +rm -f conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:3677: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:3680: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac ac_cv_prog_cc_cross="no" cross_compiling="no" -echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:2368: checking how to run the C preprocessor" >&5 +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +echo "$as_me:3692: checking how to run the C preprocessor" >&5 +echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then -if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + if test "${ac_cv_prog_CPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - # This must be in double quotes, not single quotes, because CPP may get - # substituted into the Makefile and "${CC-cc}" will confuse make. - CPP="${CC-cc} -E" + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 3713 "configure" #include "confdefs.h" #include -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2389: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then + Syntax error +_ACEOF +if { (eval echo "$as_me:3718: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:3724: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then : else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 + echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP="${CC-cc} -E -traditional-cpp" - cat > conftest.$ac_ext < -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2406: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - : + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +#line 3747 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:3751: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:3757: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP=/lib/cpp + # Passes both tests. +ac_preproc_ok=: +break fi -rm -f conftest* +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break fi -rm -f conftest* - ac_cv_prog_CPP="$CPP" + + done + ac_cv_prog_CPP=$CPP + fi - CPP="$ac_cv_prog_CPP" + CPP=$ac_cv_prog_CPP else - ac_cv_prog_CPP="$CPP" + ac_cv_prog_CPP=$CPP fi -echo "$ac_t""$CPP" 1>&6 - -echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 -echo "configure:2429: checking for POSIXized ISC" >&5 -if test -d /etc/conf/kconfig.d && - grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 -then - echo "$ac_t""yes" 1>&6 - ISC=yes # If later tests want to check for ISC. - cat >> confdefs.h <<\EOF -#define _POSIX_SOURCE 1 -EOF +echo "$as_me:3794: result: $CPP" >&5 +echo "${ECHO_T}$CPP" >&6 +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +#line 3804 "configure" +#include "confdefs.h" +#include + Syntax error +_ACEOF +if { (eval echo "$as_me:3809: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:3815: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext - if test "$GCC" = yes; then - CC="$CC -posix" + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +#line 3838 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:3842: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:3848: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag else - CC="$CC -Xp" + ac_cpp_err= fi else - echo "$ac_t""no" 1>&6 - ISC= + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 + cat conftest.$ac_ext >&5 + # Passes both tests. +ac_preproc_ok=: +break fi +rm -f conftest.err conftest.$ac_ext +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { echo "$as_me:3876: error: C preprocessor \"$CPP\" fails sanity check" >&5 +echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check" >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu if test "$with_devel" = "yes" -a -n "$GCC"; then CFLAGS="${CFLAGS} -Wall" @@ -2452,114 +3890,130 @@ # Extract the first word of "uname", so it can be a program name with args. set dummy uname; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2457: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_UNAMEPROG'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:3893: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_UNAMEPROG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$UNAMEPROG"; then ac_cv_prog_UNAMEPROG="$UNAMEPROG" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_UNAMEPROG="uname" - break - fi - done - IFS="$ac_save_ifs" + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_UNAMEPROG="uname" +echo "$as_me:3908: found $ac_dir/$ac_word" >&5 +break +done + fi fi -UNAMEPROG="$ac_cv_prog_UNAMEPROG" +UNAMEPROG=$ac_cv_prog_UNAMEPROG if test -n "$UNAMEPROG"; then - echo "$ac_t""$UNAMEPROG" 1>&6 + echo "$as_me:3916: result: $UNAMEPROG" >&5 +echo "${ECHO_T}$UNAMEPROG" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:3919: result: no" >&5 +echo "${ECHO_T}no" >&6 fi # Extract the first word of "tr", so it can be a program name with args. set dummy tr; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2485: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_TRPROG'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:3925: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_TRPROG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$TRPROG"; then ac_cv_prog_TRPROG="$TRPROG" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_TRPROG="tr" - break - fi - done - IFS="$ac_save_ifs" + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_TRPROG="tr" +echo "$as_me:3940: found $ac_dir/$ac_word" >&5 +break +done + fi fi -TRPROG="$ac_cv_prog_TRPROG" +TRPROG=$ac_cv_prog_TRPROG if test -n "$TRPROG"; then - echo "$ac_t""$TRPROG" 1>&6 + echo "$as_me:3948: result: $TRPROG" >&5 +echo "${ECHO_T}$TRPROG" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:3951: result: no" >&5 +echo "${ECHO_T}no" >&6 fi # Extract the first word of "sed", so it can be a program name with args. set dummy sed; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2513: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_SEDPROG'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:3957: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_SEDPROG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$SEDPROG"; then ac_cv_prog_SEDPROG="$SEDPROG" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_SEDPROG="sed" - break - fi - done - IFS="$ac_save_ifs" + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_SEDPROG="sed" +echo "$as_me:3972: found $ac_dir/$ac_word" >&5 +break +done + fi fi -SEDPROG="$ac_cv_prog_SEDPROG" +SEDPROG=$ac_cv_prog_SEDPROG if test -n "$SEDPROG"; then - echo "$ac_t""$SEDPROG" 1>&6 + echo "$as_me:3980: result: $SEDPROG" >&5 +echo "${ECHO_T}$SEDPROG" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:3983: result: no" >&5 +echo "${ECHO_T}no" >&6 fi # Extract the first word of "nroff", so it can be a program name with args. set dummy nroff; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2541: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_NROFFPROG'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:3989: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_NROFFPROG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$NROFFPROG"; then ac_cv_prog_NROFFPROG="$NROFFPROG" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_NROFFPROG="nroff" - break - fi - done - IFS="$ac_save_ifs" + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_NROFFPROG="nroff" +echo "$as_me:4004: found $ac_dir/$ac_word" >&5 +break +done + fi fi -NROFFPROG="$ac_cv_prog_NROFFPROG" +NROFFPROG=$ac_cv_prog_NROFFPROG if test -n "$NROFFPROG"; then - echo "$ac_t""$NROFFPROG" 1>&6 + echo "$as_me:4012: result: $NROFFPROG" >&5 +echo "${ECHO_T}$NROFFPROG" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:4015: result: no" >&5 +echo "${ECHO_T}no" >&6 fi if test -z "$NROFFPROG"; then @@ -2568,7 +4022,7 @@ fi ac_aux_dir= -for ac_dir in ${GNUSYSTEM_AUX_DIR} $srcdir $srcdir/.. $srcdir/../..; do +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do if test -f $ac_dir/install-sh; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" @@ -2577,41 +4031,72 @@ ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break + elif test -f $ac_dir/shtool; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break fi done if test -z "$ac_aux_dir"; then - { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } -fi -ac_config_guess="/bin/sh $ac_aux_dir/config.guess" -ac_config_sub="/bin/sh $ac_aux_dir/config.sub" -ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. - + { { echo "$as_me:4041: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 +echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} + { (exit 1); exit 1; }; } +fi +ac_config_guess="$SHELL $ac_aux_dir/config.guess" +ac_config_sub="$SHELL $ac_aux_dir/config.sub" +ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. # Make sure we can run config.sub. -if $ac_config_sub sun4 >/dev/null 2>&1; then : -else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } -fi - -echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:2597: checking host system type" >&5 - -host_alias=$host -case "$host_alias" in -NONE) - case $nonopt in - NONE) - if host_alias=`$ac_config_guess`; then : - else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } - fi ;; - *) host_alias=$nonopt ;; - esac ;; -esac - -host=`$ac_config_sub $host_alias` -host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$ac_t""$host" 1>&6 +$ac_config_sub sun4 >/dev/null 2>&1 || + { { echo "$as_me:4051: error: cannot run $ac_config_sub" >&5 +echo "$as_me: error: cannot run $ac_config_sub" >&2;} + { (exit 1); exit 1; }; } + +echo "$as_me:4055: checking build system type" >&5 +echo $ECHO_N "checking build system type... $ECHO_C" >&6 +if test "${ac_cv_build+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_build_alias=$build_alias +test -z "$ac_cv_build_alias" && + ac_cv_build_alias=`$ac_config_guess` +test -z "$ac_cv_build_alias" && + { { echo "$as_me:4064: error: cannot guess build type; you must specify one" >&5 +echo "$as_me: error: cannot guess build type; you must specify one" >&2;} + { (exit 1); exit 1; }; } +ac_cv_build=`$ac_config_sub $ac_cv_build_alias` || + { { echo "$as_me:4068: error: $ac_config_sub $ac_cv_build_alias failed." >&5 +echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed." >&2;} + { (exit 1); exit 1; }; } + +fi +echo "$as_me:4073: result: $ac_cv_build" >&5 +echo "${ECHO_T}$ac_cv_build" >&6 +build=$ac_cv_build +build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` + +echo "$as_me:4080: checking host system type" >&5 +echo $ECHO_N "checking host system type... $ECHO_C" >&6 +if test "${ac_cv_host+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_host_alias=$host_alias +test -z "$ac_cv_host_alias" && + ac_cv_host_alias=$ac_cv_build_alias +ac_cv_host=`$ac_config_sub $ac_cv_host_alias` || + { { echo "$as_me:4089: error: $ac_config_sub $ac_cv_host_alias failed" >&5 +echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;} + { (exit 1); exit 1; }; } + +fi +echo "$as_me:4094: result: $ac_cv_host" >&5 +echo "${ECHO_T}$ac_cv_host" >&6 +host=$ac_cv_host +host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` if test -n "$sudo_cv_prev_host"; then if test "$sudo_cv_prev_host" != "$host"; then @@ -2621,10 +4106,10 @@ echo "" exit 1 else - echo $ac_n "checking previous host type""... $ac_c" 1>&6 -echo "configure:2626: checking previous host type" >&5 - if eval "test \"`echo '$''{'sudo_cv_prev_host'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:4109: checking previous host type" >&5 +echo $ECHO_N "checking previous host type... $ECHO_C" >&6 + if test "${sudo_cv_prev_host+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else sudo_cv_prev_host="$host" fi @@ -2633,8 +4118,8 @@ fi else # this will produce no output since there is no cached value - if eval "test \"`echo '$''{'sudo_cv_prev_host'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + if test "${sudo_cv_prev_host+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else sudo_cv_prev_host="$host" fi @@ -2661,111 +4146,78 @@ # check for password adjunct functions (shadow passwords) if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getpwanam""... $ac_c" 1>&6 -echo "configure:2666: checking for getpwanam" >&5 -if eval "test \"`echo '$''{'ac_cv_func_getpwanam'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getpwanam(); -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_getpwanam) || defined (__stub___getpwanam) -choke me -#else -getpwanam(); -#endif - -; return 0; } -EOF -if { (eval echo configure:2694: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_getpwanam=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_getpwanam=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'getpwanam`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_GETPWANAM 1 -EOF - for ac_func in issecure +for ac_func in getpwanam issecure do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2714: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:4153: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4159 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4190: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4193: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4196: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4199: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:4209: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 + break fi done -else - echo "$ac_t""no" 1>&6 -fi - CHECKSHADOW="false" fi ;; @@ -2776,13 +4228,13 @@ if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lucb" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-aix*) # To get all prototypes (so we pass -Wall) CPPFLAGS="${CPPFLAGS} -D_XOPEN_EXTENDED_SOURCE" - cat >> confdefs.h <<\EOF + cat >>confdefs.h <<\EOF #define _ALL_SOURCE 1 EOF @@ -2790,323 +4242,328 @@ ;; *-*-hiuxmpp*) if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:2795: checking for getprpwnam in -lsec" >&5 -if test -n ""; then - ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo sec'_'getprpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lsec $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" + echo "$as_me:4245: checking for getprpwnam in -lsec" >&5 +echo $ECHO_N "checking for getprpwnam in -lsec... $ECHO_C" >&6 +if test "${ac_cv_lib_sec_getprpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsec $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 4253 "configure" +#include "confdefs.h" -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +int +main () +{ +getprpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4272: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4275: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4278: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4281: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_sec_getprpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_sec_getprpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:4292: result: $ac_cv_lib_sec_getprpwnam" >&5 +echo "${ECHO_T}$ac_cv_lib_sec_getprpwnam" >&6 +if test $ac_cv_lib_sec_getprpwnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1 else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:2840: checking for getprpwnam in -lsecurity" >&5 -if test -n ""; then - ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo security'_'getprpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:4300: checking for getprpwnam in -lsecurity" >&5 +echo $ECHO_N "checking for getprpwnam in -lsecurity... $ECHO_C" >&6 +if test "${ac_cv_lib_security_getprpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsecurity $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4308 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getprpwnam(); - -int main() { -getprpwnam() -; return 0; } -EOF -if { (eval echo configure:2863: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +int +main () +{ +getprpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4327: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4330: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4333: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4336: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_security_getprpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_security_getprpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:4347: result: $ac_cv_lib_security_getprpwnam" >&5 +echo "${ECHO_T}$ac_cv_lib_security_getprpwnam" >&6 +if test $ac_cv_lib_security_getprpwnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"; SECUREWARE=1 -else - echo "$ac_t""no" 1>&6 fi fi CHECKSHADOW="false" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-hpux1[0-9]*) - # uncomment this for a statically linked sudo - # (XXX - should be an option to configure) - #STATIC_SUDO=true - - # If using cc, run in ANSI mode if possible - if test -z "$GCC"; then - $CC -Aa 2>&1 | grep 'A option is available only' >conftest.out - if test ! -s conftest.out; then - CPPFLAGS="${CPPFLAGS} -Aa" - fi - rm -f conftest.out - fi - - # Add -D_HPUX_SOURCE so we don't get strict ANSI headers - CPPFLAGS="${CPPFLAGS} -D_HPUX_SOURCE" - if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:2912: checking for getprpwnam in -lsec" >&5 -if test -n ""; then - ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` + echo "$as_me:4365: checking for getprpwnam in -lsec" >&5 +echo $ECHO_N "checking for getprpwnam in -lsec... $ECHO_C" >&6 +if test "${ac_cv_lib_sec_getprpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_lib_var=`echo sec'_'getprpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsec $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4373 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getprpwnam(); - -int main() { -getprpwnam() -; return 0; } -EOF -if { (eval echo configure:2935: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +int +main () +{ +getprpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4392: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4395: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4398: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4401: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_sec_getprpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_sec_getprpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:4412: result: $ac_cv_lib_sec_getprpwnam" >&5 +echo "${ECHO_T}$ac_cv_lib_sec_getprpwnam" >&6 +if test $ac_cv_lib_sec_getprpwnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF - echo $ac_n "checking for iscomsec in -lsec""... $ac_c" 1>&6 -echo "configure:2954: checking for iscomsec in -lsec" >&5 -if test -n ""; then - ac_lib_var=`echo sec'_'iscomsec | sed 'y% ./+-%___p_%'` + echo "$as_me:4418: checking for iscomsec in -lsec" >&5 +echo $ECHO_N "checking for iscomsec in -lsec... $ECHO_C" >&6 +if test "${ac_cv_lib_sec_iscomsec+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_lib_var=`echo sec'_'iscomsec | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsec $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4426 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char iscomsec(); - -int main() { -iscomsec() -; return 0; } -EOF -if { (eval echo configure:2977: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" + builtin and then its argument prototype would still apply. */ +char iscomsec (); +int +main () +{ +iscomsec (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4445: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4448: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4451: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4454: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_sec_iscomsec=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_sec_iscomsec=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:4465: result: $ac_cv_lib_sec_iscomsec" >&5 +echo "${ECHO_T}$ac_cv_lib_sec_iscomsec" >&6 +if test $ac_cv_lib_sec_iscomsec = yes; then -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\EOF #define HAVE_ISCOMSEC 1 EOF -else - echo "$ac_t""no" 1>&6 fi SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1 -else - echo "$ac_t""no" 1>&6 fi CHECKSHADOW="false" fi - if test -n "$STATIC_SUDO"; then - if test -n "$GCC"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" - else - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive" - fi - fi - # AFS support needs -lBSD if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-hpux9*) - # uncomment this for a statically linked sudo - # (XXX - should be an option to configure) - #STATIC_SUDO=true - # If using cc, run in ANSI mode if possible - if test -z "$GCC"; then - $CC -Aa 2>&1 | grep 'A option is available only' >conftest.out - if test ! -s conftest.out; then - CPPFLAGS="${CPPFLAGS} -Aa" - fi - rm -f conftest.out - fi - - # Add -D_HPUX_SOURCE so we don't get strict ANSI headers - CPPFLAGS="${CPPFLAGS} -D_HPUX_SOURCE" - - cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\EOF #define BROKEN_SYSLOG 1 EOF - if test "$CHECKSHADOW" = "true"; then - for ac_func in getspwuid + +for ac_func in getspwuid do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3048: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:4498: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4504 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4535: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4538: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4541: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4544: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:4554: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 fi done CHECKSHADOW="false" fi - if test -n "$STATIC_SUDO"; then - if test -n "$GCC"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" - else - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive" - fi - fi - # DCE support (requires ANSI C compiler) if test "$with_DCE" = "yes"; then # order of libs in 9.X is important. -lc_r must be last @@ -3119,16 +4576,14 @@ if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-hpux*) - - cat >> confdefs.h <<\EOF + cat >>confdefs.h <<\EOF #define BROKEN_SYSLOG 1 EOF - # Not sure if setuid binaries are safe in < 9.x if test -n "$GCC"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" @@ -3140,391 +4595,493 @@ if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-dec-osf*) # ignore envariables wrt dynamic lib path SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement" - echo $ac_n "checking whether to disable sia support on Digital UNIX""... $ac_c" 1>&6 -echo "configure:3152: checking whether to disable sia support on Digital UNIX" >&5 + echo "$as_me:4605: checking whether to disable sia support on Digital UNIX" >&5 +echo $ECHO_N "checking whether to disable sia support on Digital UNIX... $ECHO_C" >&6 # Check whether --enable-sia or --disable-sia was given. if test "${enable_sia+set}" = set; then enableval="$enable_sia" case "$enableval" in - yes) echo "$ac_t""no" 1>&6 + yes) echo "$as_me:4611: result: no" >&5 +echo "${ECHO_T}no" >&6 ;; - no) echo "$ac_t""yes" 1>&6 + no) echo "$as_me:4614: result: yes" >&5 +echo "${ECHO_T}yes" >&6 CHECKSIA=false ;; - *) echo "$ac_t""no" 1>&6 + *) echo "$as_me:4618: result: no" >&5 +echo "${ECHO_T}no" >&6 echo "Ignoring unknown argument to --enable-sia: $enableval" ;; esac - -else - echo "$ac_t""no" 1>&6 -fi +else + echo "$as_me:4625: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi; # use SIA by default, if we have it, else SecureWare # unless overridden on the command line if test "$CHECKSIA" = "true"; then - echo $ac_n "checking for sia_ses_init""... $ac_c" 1>&6 -echo "configure:3176: checking for sia_ses_init" >&5 -if eval "test \"`echo '$''{'ac_cv_func_sia_ses_init'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:4632: checking for sia_ses_init" >&5 +echo $ECHO_N "checking for sia_ses_init... $ECHO_C" >&6 +if test "${ac_cv_func_sia_ses_init+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4638 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char sia_ses_init(); below. */ + which can conflict with char sia_ses_init (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char sia_ses_init(); - -int main() { + builtin and then its argument prototype would still apply. */ +char sia_ses_init (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_sia_ses_init) || defined (__stub___sia_ses_init) choke me #else -sia_ses_init(); +f = sia_ses_init; #endif -; return 0; } -EOF -if { (eval echo configure:3204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_sia_ses_init=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_sia_ses_init=no" -fi -rm -f conftest* -fi + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4669: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4672: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4675: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4678: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_sia_ses_init=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_sia_ses_init=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:4688: result: $ac_cv_func_sia_ses_init" >&5 +echo "${ECHO_T}$ac_cv_func_sia_ses_init" >&6 +if test $ac_cv_func_sia_ses_init = yes; then -if eval "test \"`echo '$ac_cv_func_'sia_ses_init`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\EOF #define HAVE_SIA 1 EOF - + if test -n "$with_skey" -o -n "$with_opie" -o -n "$with_otp_only" -o -n "$with_long_otp_prompt" -o -n "$with_SecurID" -o -n "$with_fwtk" -o -n "$with_kerb4" -o -n "$with_kerb5" -o -n "$with_pam" -o -n "$with_AFS" -o -n "$with_DCE"; then - { echo "configure: error: "you cannot mix SIA and other authentication schemes. You can turn off SIA support via the --disable-sia option"" 1>&2; exit 1; } + { { echo "$as_me:4697: error: \"you cannot mix SIA and other authentication schemes. You can turn off SIA support via the --disable-sia option\"" >&5 +echo "$as_me: error: \"you cannot mix SIA and other authentication schemes. You can turn off SIA support via the --disable-sia option\"" >&2;} + { (exit 1); exit 1; }; } fi; CHECKSHADOW=false -else - echo "$ac_t""no" 1>&6 fi fi if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:3232: checking for getprpwnam in -lsecurity" >&5 -if test -n ""; then - ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo security'_'getprpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:4705: checking for getprpwnam in -lsecurity" >&5 +echo $ECHO_N "checking for getprpwnam in -lsecurity... $ECHO_C" >&6 +if test "${ac_cv_lib_security_getprpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsecurity $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4713 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getprpwnam(); - -int main() { -getprpwnam() -; return 0; } -EOF -if { (eval echo configure:3255: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +int +main () +{ +getprpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4732: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4735: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4738: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4741: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_security_getprpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_security_getprpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:4752: result: $ac_cv_lib_security_getprpwnam" >&5 +echo "${ECHO_T}$ac_cv_lib_security_getprpwnam" >&6 +if test $ac_cv_lib_security_getprpwnam = yes; then SECUREWARE=1 -else - echo "$ac_t""no" 1>&6 fi CHECKSHADOW="false" fi if test -n "$SECUREWARE"; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF # -ldb includes bogus versions of snprintf/vsnprintf - echo $ac_n "checking for snprintf""... $ac_c" 1>&6 -echo "configure:3285: checking for snprintf" >&5 -if eval "test \"`echo '$''{'ac_cv_func_snprintf'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + +for ac_func in snprintf +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:4772: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4778 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char snprintf(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char snprintf(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_snprintf) || defined (__stub___snprintf) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -snprintf(); +f = $ac_func; #endif -; return 0; } -EOF -if { (eval echo configure:3313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_snprintf=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_snprintf=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'snprintf`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_SNPRINTF 1 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4809: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4812: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4815: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4818: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:4828: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&6 -NEED_SNPRINTF=1 + NEED_SNPRINTF=1 fi +done - echo $ac_n "checking for vsnprintf""... $ac_c" 1>&6 -echo "configure:3337: checking for vsnprintf" >&5 -if eval "test \"`echo '$''{'ac_cv_func_vsnprintf'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +for ac_func in vsnprintf +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:4843: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4849 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char vsnprintf(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char vsnprintf(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_vsnprintf) || defined (__stub___vsnprintf) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -vsnprintf(); +f = $ac_func; #endif -; return 0; } -EOF -if { (eval echo configure:3365: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_vsnprintf=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_vsnprintf=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'vsnprintf`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_VSNPRINTF 1 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4880: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4883: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4886: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4889: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:4899: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&6 -NEED_SNPRINTF=1 + NEED_SNPRINTF=1 fi +done # 4.x and higher need -ldb too... - echo $ac_n "checking for dbopen in -ldb""... $ac_c" 1>&6 -echo "configure:3390: checking for dbopen in -ldb" >&5 -if test -n ""; then - ac_lib_var=`echo db'_'dbopen | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo db'_'dbopen | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:4912: checking for dbopen in -ldb" >&5 +echo $ECHO_N "checking for dbopen in -ldb... $ECHO_C" >&6 +if test "${ac_cv_lib_db_dbopen+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-ldb $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4920 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char dbopen(); - -int main() { -dbopen() -; return 0; } -EOF -if { (eval echo configure:3413: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char dbopen (); +int +main () +{ +dbopen (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:4939: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:4942: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:4945: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:4948: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_db_dbopen=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_db_dbopen=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:4959: result: $ac_cv_lib_db_dbopen" >&5 +echo "${ECHO_T}$ac_cv_lib_db_dbopen" >&6 +if test $ac_cv_lib_db_dbopen = yes; then SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm" else - echo "$ac_t""no" 1>&6 -SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm" + SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm" fi - for ac_func in dispcrypt +for ac_func in dispcrypt do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3437: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:4970: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 4976 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5007: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5010: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5013: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5016: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:5026: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 fi done - echo $ac_n "checking for broken /usr/include/prot.h""... $ac_c" 1>&6 -echo "configure:3490: checking for broken /usr/include/prot.h" >&5 - cat > conftest.$ac_ext <&5 +echo $ECHO_N "checking for broken /usr/include/prot.h... $ECHO_C" >&6 + cat >conftest.$ac_ext <<_ACEOF +#line 5039 "configure" #include "confdefs.h" #include #include #include - -int main() { + +int +main () +{ exit(0); -; return 0; } -EOF -if { (eval echo configure:3503: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - echo "$ac_t""no" 1>&6 -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - echo "$ac_t""yes, fixing locally" 1>&6 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:5055: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:5058: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:5061: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5064: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + echo "$as_me:5066: result: no" >&5 +echo "${ECHO_T}no" >&6 +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +echo "$as_me:5071: result: yes, fixing locally" >&5 +echo "${ECHO_T}yes, fixing locally" >&6 sed 's:::g' < /usr/include/prot.h > prot.h - + fi -rm -f conftest* - else +rm -f conftest.$ac_objext conftest.$ac_ext + elif test "$CHECKSIA" = "true"; then with_passwd=no AUTH_OBJS="sia.o" fi - mansectsu=8 - mansectform=4 + test -n "$mansectsu" || mansectsu=8 + test -n "$mansectform" || mansectform=4 ;; *-*-irix*) - # configure may not think irix has stdc headers - # but it's good enough for sudo - cat >> confdefs.h <<\EOF -#define STDC_HEADERS 1 -EOF - CPPFLAGS="${CPPFLAGS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then MAN_POSTINSTALL=' /bin/rm -f $(mandir8)/sudo.$(mansect8).z $(mandir8)/visudo.$(mansect8).z $(mandir5)/sudoers.$(mansect5).z ; /usr/bin/pack $(mandir8)/sudo.$(mansect8) $(mandir8)/visudo.$(mansect8) $(mandir5)/sudoers.$(mansect5)' @@ -3546,166 +5103,198 @@ fi # IRIX <= 4 needs -lsun if test "$OSREV" -le 4; then - echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6 -echo "configure:3551: checking for getpwnam in -lsun" >&5 -if test -n ""; then - ac_lib_var=`echo sun'_'getpwnam | sed 'y% ./+-%___p_%'` + echo "$as_me:5106: checking for getpwnam in -lsun" >&5 +echo $ECHO_N "checking for getpwnam in -lsun... $ECHO_C" >&6 +if test "${ac_cv_lib_sun_getpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_lib_var=`echo sun'_'getpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsun $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5114 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getpwnam(); - -int main() { -getpwnam() -; return 0; } -EOF -if { (eval echo configure:3574: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char getpwnam (); +int +main () +{ +getpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5133: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5136: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5139: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5142: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_sun_getpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_sun_getpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5153: result: $ac_cv_lib_sun_getpwnam" >&5 +echo "${ECHO_T}$ac_cv_lib_sun_getpwnam" >&6 +if test $ac_cv_lib_sun_getpwnam = yes; then LIBS="${LIBS} -lsun" -else - echo "$ac_t""no" 1>&6 fi fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-linux*) - # To get crypt(3) and vasprintf() prototypes (so we pass -Wall) - cat >> confdefs.h <<\EOF -#define _GNU_SOURCE 1 -EOF - - # Some Linux versions need to link with -lshadow if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:3608: checking for getspnam" >&5 -if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + +for ac_func in getspnam +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:5170: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5176 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getspnam(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getspnam(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_getspnam) || defined (__stub___getspnam) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -getspnam(); +f = $ac_func; #endif -; return 0; } -EOF -if { (eval echo configure:3636: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_getspnam=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_getspnam=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'getspnam`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_GETSPNAM 1 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5207: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5210: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5213: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5216: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:5226: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&6 -echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6 -echo "configure:3657: checking for getspnam in -lshadow" >&5 -if test -n ""; then - ac_lib_var=`echo shadow'_'getspnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo shadow'_'getspnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:5234: checking for getspnam in -lshadow" >&5 +echo $ECHO_N "checking for getspnam in -lshadow... $ECHO_C" >&6 +if test "${ac_cv_lib_shadow_getspnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lshadow $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5242 "configure" #include "confdefs.h" -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getspnam(); - -int main() { -getspnam() -; return 0; } -EOF -if { (eval echo configure:3680: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char getspnam (); +int +main () +{ +getspnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5261: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5264: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5267: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5270: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_shadow_getspnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_shadow_getspnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5281: result: $ac_cv_lib_shadow_getspnam" >&5 +echo "${ECHO_T}$ac_cv_lib_shadow_getspnam" >&6 +if test $ac_cv_lib_shadow_getspnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETSPNAM 1 EOF SUDO_LIBS="${SUDO_LIBS} -lshadow"; LIBS="${LIBS} -lshadow" -else - echo "$ac_t""no" 1>&6 fi fi +done CHECKSHADOW="false" fi ;; *-convex-bsd*) - cat >> confdefs.h <<\EOF + cat >>confdefs.h <<\EOF #define _CONVEX_SOURCE 1 EOF @@ -3714,51 +5303,60 @@ fi if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:3719: checking for getprpwnam in -lsec" >&5 -if test -n ""; then - ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo sec'_'getprpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:5306: checking for getprpwnam in -lsec" >&5 +echo $ECHO_N "checking for getprpwnam in -lsec... $ECHO_C" >&6 +if test "${ac_cv_lib_sec_getprpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsec $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5314 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getprpwnam(); - -int main() { -getprpwnam() -; return 0; } -EOF -if { (eval echo configure:3742: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +int +main () +{ +getprpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5333: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5336: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5339: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5342: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_sec_getprpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_sec_getprpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5353: result: $ac_cv_lib_sec_getprpwnam" >&5 +echo "${ECHO_T}$ac_cv_lib_sec_getprpwnam" >&6 +if test $ac_cv_lib_sec_getprpwnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"; OSDEFS="${OSDEFS} -D_AUDIT -D_ACL -DSecureWare"; SECUREWARE=1 -else - echo "$ac_t""no" 1>&6 fi CHECKSHADOW="false" @@ -3767,51 +5365,61 @@ *-*-ultrix*) OS="ultrix" if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getauthuid in -lauth""... $ac_c" 1>&6 -echo "configure:3772: checking for getauthuid in -lauth" >&5 -if test -n ""; then - ac_lib_var=`echo auth'_'getauthuid | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo auth'_'getauthuid | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:5368: checking for getauthuid in -lauth" >&5 +echo $ECHO_N "checking for getauthuid in -lauth... $ECHO_C" >&6 +if test "${ac_cv_lib_auth_getauthuid+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lauth $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5376 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getauthuid(); - -int main() { -getauthuid() -; return 0; } -EOF -if { (eval echo configure:3795: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" + builtin and then its argument prototype would still apply. */ +char getauthuid (); +int +main () +{ +getauthuid (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5395: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5398: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5401: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5404: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_auth_getauthuid=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_auth_getauthuid=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5415: result: $ac_cv_lib_auth_getauthuid" >&5 +echo "${ECHO_T}$ac_cv_lib_auth_getauthuid" >&6 +if test $ac_cv_lib_auth_getauthuid = yes; then -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\EOF #define HAVE_GETAUTHUID 1 EOF SUDO_LIBS="${SUDO_LIBS} -lauth"; LIBS="${LIBS} -lauth" -else - echo "$ac_t""no" 1>&6 fi CHECKSHADOW="false" @@ -3821,8 +5429,8 @@ LIBS="${LIBS} -lsun -lbsd" CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" OSDEFS="${OSDEFS} -D_MIPS" - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" @@ -3831,218 +5439,320 @@ LIBS="${LIBS} -lcrypt" if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3836: checking for getspnam in -lsec" >&5 -if test -n ""; then - ac_lib_var=`echo sec'_'getspnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:5442: checking for getspnam in -lsec" >&5 +echo $ECHO_N "checking for getspnam in -lsec... $ECHO_C" >&6 +if test "${ac_cv_lib_sec_getspnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsec $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5450 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getspnam(); - -int main() { -getspnam() -; return 0; } -EOF -if { (eval echo configure:3859: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getspnam (); +int +main () +{ +getspnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5469: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5472: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5475: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5478: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_sec_getspnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_sec_getspnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5489: result: $ac_cv_lib_sec_getspnam" >&5 +echo "${ECHO_T}$ac_cv_lib_sec_getspnam" >&6 +if test $ac_cv_lib_sec_getspnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETSPNAM 1 EOF SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec" -else - echo "$ac_t""no" 1>&6 fi CHECKSHADOW="false" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; - *-*-sco*) + *-*-sco*|*-sco-*) if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getprpwnam in -lprot""... $ac_c" 1>&6 -echo "configure:3890: checking for getprpwnam in -lprot" >&5 -if test -n "-lx"; then - ac_lib_var=`echo prot'_'getprpwnam-lx | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo prot'_'getprpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:5505: checking for getprpwnam in -lprot" >&5 +echo $ECHO_N "checking for getprpwnam in -lprot... $ECHO_C" >&6 +if test "${ac_cv_lib_prot_getprpwnam_lx+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lprot -lx $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5513 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getprpwnam(); - -int main() { -getprpwnam() -; return 0; } -EOF -if { (eval echo configure:3913: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +int +main () +{ +getprpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5532: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5535: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5538: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5541: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_prot_getprpwnam_lx=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_prot_getprpwnam_lx=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5552: result: $ac_cv_lib_prot_getprpwnam_lx" >&5 +echo "${ECHO_T}$ac_cv_lib_prot_getprpwnam_lx" >&6 +if test $ac_cv_lib_prot_getprpwnam_lx = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF SUDO_LIBS="${SUDO_LIBS} -lprot -lx"; LIBS="${LIBS} -lprot -lx"; SECUREWARE=1 -else - echo "$ac_t""no" 1>&6 fi - echo $ac_n "checking for getspnam in -lgen""... $ac_c" 1>&6 -echo "configure:3937: checking for getspnam in -lgen" >&5 -if test -n ""; then - ac_lib_var=`echo gen'_'getspnam | sed 'y% ./+-%___p_%'` + echo "$as_me:5561: checking for getspnam in -lgen" >&5 +echo $ECHO_N "checking for getspnam in -lgen... $ECHO_C" >&6 +if test "${ac_cv_lib_gen_getspnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_lib_var=`echo gen'_'getspnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lgen $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5569 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getspnam(); - -int main() { -getspnam() -; return 0; } -EOF -if { (eval echo configure:3960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getspnam (); +int +main () +{ +getspnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5588: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5591: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5594: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5597: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_gen_getspnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_gen_getspnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5608: result: $ac_cv_lib_gen_getspnam" >&5 +echo "${ECHO_T}$ac_cv_lib_gen_getspnam" >&6 +if test $ac_cv_lib_gen_getspnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETSPNAM 1 EOF SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen" -else - echo "$ac_t""no" 1>&6 fi CHECKSHADOW="false" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 + ;; + m88k-motorola-sysv*) + # motorolla's cc (a variant of gcc) does -O but not -O2 + CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-sequent-sysv*) if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3991: checking for getspnam in -lsec" >&5 -if test -n ""; then - ac_lib_var=`echo sec'_'getspnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:5630: checking for getspnam in -lsec" >&5 +echo $ECHO_N "checking for getspnam in -lsec... $ECHO_C" >&6 +if test "${ac_cv_lib_sec_getspnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsec $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5638 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getspnam(); - -int main() { -getspnam() -; return 0; } -EOF -if { (eval echo configure:4014: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getspnam (); +int +main () +{ +getspnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5657: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5660: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5663: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5666: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_sec_getspnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_sec_getspnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5677: result: $ac_cv_lib_sec_getspnam" >&5 +echo "${ECHO_T}$ac_cv_lib_sec_getspnam" >&6 +if test $ac_cv_lib_sec_getspnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETSPNAM 1 EOF SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec" -else - echo "$ac_t""no" 1>&6 fi CHECKSHADOW="false" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 + ;; + *-ncr-sysv4*|*-ncr-sysvr4*) + echo "$as_me:5692: checking for strcasecmp in -lc89" >&5 +echo $ECHO_N "checking for strcasecmp in -lc89... $ECHO_C" >&6 +if test "${ac_cv_lib_c89_strcasecmp+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc89 $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 5700 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char strcasecmp (); +int +main () +{ +strcasecmp (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5719: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5722: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5725: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5728: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_c89_strcasecmp=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_c89_strcasecmp=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5739: result: $ac_cv_lib_c89_strcasecmp" >&5 +echo "${ECHO_T}$ac_cv_lib_c89_strcasecmp" >&6 +if test $ac_cv_lib_c89_strcasecmp = yes; then + cat >>confdefs.h <<\EOF +#define HAVE_STRCASECMP 1 +EOF + LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes +fi + + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; - *-ccur-sysv4|*-ccur-sysvr4) + *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" SUDO_LIBS="${SUDO_LIBS} -lgen" - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-bsdi*) # Use shlicc for BSD/OS [23].x unless asked to do otherwise @@ -4066,14 +5776,31 @@ CHECKSHADOW="false" fi ;; + *-*-*openbsd*) + BROKEN_SETREUID=yes + if test "$CHECKSHADOW" = "true"; then + CHECKSHADOW="false" + fi + ;; + *-*-*netbsd*) + BROKEN_SETREUID=yes + if test "$CHECKSHADOW" = "true"; then + CHECKSHADOW="false" + fi + ;; *-*-*bsd*) if test "$CHECKSHADOW" = "true"; then CHECKSHADOW="false" fi ;; + *-*-nextstep*) + # lockf() on is broken on the NeXT -- use flock instead + ac_cv_func_lockf=no + ac_cv_func_flock=yes + ;; *-*-sysv*) - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; esac @@ -4081,243 +5808,362 @@ test -n "$mansectform" || mansectform=5 if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:4086: checking for getspnam" >&5 -if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + +for ac_func in getspnam +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:5815: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5821 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getspnam(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getspnam(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_getspnam) || defined (__stub___getspnam) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -getspnam(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5852: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5855: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5858: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5861: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:5871: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_getspnam=yes" + CHECKSHADOW="false" else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_getspnam=no" -fi -rm -f conftest* -fi + echo "$as_me:5879: checking for getspnam in -lgen" >&5 +echo $ECHO_N "checking for getspnam in -lgen... $ECHO_C" >&6 +if test "${ac_cv_lib_gen_getspnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgen $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 5887 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char getspnam (); +int +main () +{ +getspnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5906: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5909: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5912: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5915: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_gen_getspnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_gen_getspnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:5926: result: $ac_cv_lib_gen_getspnam" >&5 +echo "${ECHO_T}$ac_cv_lib_gen_getspnam" >&6 +if test $ac_cv_lib_gen_getspnam = yes; then -if eval "test \"`echo '$ac_cv_func_'getspnam`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\EOF #define HAVE_GETSPNAM 1 EOF - CHECKSHADOW="false" -else - echo "$ac_t""no" 1>&6 + SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen" +fi + fi +done fi if test "$CHECKSHADOW" = "true"; then - echo $ac_n "checking for getprpwnam""... $ac_c" 1>&6 -echo "configure:4139: checking for getprpwnam" >&5 -if eval "test \"`echo '$''{'ac_cv_func_getprpwnam'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:5941: checking for getprpwnam" >&5 +echo $ECHO_N "checking for getprpwnam... $ECHO_C" >&6 +if test "${ac_cv_func_getprpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 5947 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getprpwnam(); below. */ + which can conflict with char getprpwnam (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getprpwnam(); - -int main() { + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_getprpwnam) || defined (__stub___getprpwnam) choke me #else -getprpwnam(); +f = getprpwnam; #endif -; return 0; } -EOF -if { (eval echo configure:4167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_getprpwnam=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_getprpwnam=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'getprpwnam`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:5978: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:5981: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:5984: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:5987: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_getprpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_getprpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:5997: result: $ac_cv_func_getprpwnam" >&5 +echo "${ECHO_T}$ac_cv_func_getprpwnam" >&6 +if test $ac_cv_func_getprpwnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF - CHECKSHADOW="false"; SECUREWARE=1 -else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:4188: checking for getprpwnam in -lsec" >&5 -if test -n ""; then - ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo sec'_'getprpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + CHECKSHADOW="false"; SECUREWARE=1, echo "$as_me:6003: checking for getprpwnam in -lsec" >&5 +echo $ECHO_N "checking for getprpwnam in -lsec... $ECHO_C" >&6 +if test "${ac_cv_lib_sec_getprpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsec $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6011 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getprpwnam(); - -int main() { -getprpwnam() -; return 0; } -EOF -if { (eval echo configure:4211: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +int +main () +{ +getprpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:6030: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:6033: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:6036: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6039: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_sec_getprpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_sec_getprpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:6050: result: $ac_cv_lib_sec_getprpwnam" >&5 +echo "${ECHO_T}$ac_cv_lib_sec_getprpwnam" >&6 +if test $ac_cv_lib_sec_getprpwnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec" else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:4233: checking for getprpwnam in -lsecurity" >&5 -if test -n ""; then - ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo security'_'getprpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:6058: checking for getprpwnam in -lsecurity" >&5 +echo $ECHO_N "checking for getprpwnam in -lsecurity... $ECHO_C" >&6 +if test "${ac_cv_lib_security_getprpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsecurity $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6066 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getprpwnam(); - -int main() { -getprpwnam() -; return 0; } -EOF -if { (eval echo configure:4256: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +int +main () +{ +getprpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:6085: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:6088: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:6091: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6094: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_security_getprpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_security_getprpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:6105: result: $ac_cv_lib_security_getprpwnam" >&5 +echo "${ECHO_T}$ac_cv_lib_security_getprpwnam" >&6 +if test $ac_cv_lib_security_getprpwnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity" else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for getprpwnam in -lprot""... $ac_c" 1>&6 -echo "configure:4278: checking for getprpwnam in -lprot" >&5 -if test -n ""; then - ac_lib_var=`echo prot'_'getprpwnam | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo prot'_'getprpwnam | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:6113: checking for getprpwnam in -lprot" >&5 +echo $ECHO_N "checking for getprpwnam in -lprot... $ECHO_C" >&6 +if test "${ac_cv_lib_prot_getprpwnam+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lprot $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6121 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getprpwnam(); - -int main() { -getprpwnam() -; return 0; } -EOF -if { (eval echo configure:4301: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char getprpwnam (); +int +main () +{ +getprpwnam (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:6140: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:6143: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:6146: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6149: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_prot_getprpwnam=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_prot_getprpwnam=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:6160: result: $ac_cv_lib_prot_getprpwnam" >&5 +echo "${ECHO_T}$ac_cv_lib_prot_getprpwnam" >&6 +if test $ac_cv_lib_prot_getprpwnam = yes; then + cat >>confdefs.h <<\EOF #define HAVE_GETPRPWNAM 1 EOF CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot" -else - echo "$ac_t""no" 1>&6 fi fi @@ -4328,366 +6174,473 @@ fi -if test $ac_cv_prog_gcc = yes; then - echo $ac_n "checking whether ${CC-cc} needs -traditional""... $ac_c" 1>&6 -echo "configure:4334: checking whether ${CC-cc} needs -traditional" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_gcc_traditional'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +if test $ac_cv_c_compiler_gnu = yes; then + echo "$as_me:6178: checking whether $CC needs -traditional" >&5 +echo $ECHO_N "checking whether $CC needs -traditional... $ECHO_C" >&6 +if test "${ac_cv_prog_gcc_traditional+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_pattern="Autoconf.*'x'" - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6185 "configure" #include "confdefs.h" #include Autoconf TIOCGETP -EOF +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "$ac_pattern" >/dev/null 2>&1; then - rm -rf conftest* ac_cv_prog_gcc_traditional=yes else - rm -rf conftest* ac_cv_prog_gcc_traditional=no fi rm -f conftest* - if test $ac_cv_prog_gcc_traditional = no; then - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6200 "configure" #include "confdefs.h" #include Autoconf TCGETA -EOF +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "$ac_pattern" >/dev/null 2>&1; then - rm -rf conftest* ac_cv_prog_gcc_traditional=yes fi rm -f conftest* fi fi - -echo "$ac_t""$ac_cv_prog_gcc_traditional" 1>&6 +echo "$as_me:6213: result: $ac_cv_prog_gcc_traditional" >&5 +echo "${ECHO_T}$ac_cv_prog_gcc_traditional" >&6 if test $ac_cv_prog_gcc_traditional = yes; then CC="$CC -traditional" fi fi -echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:4380: checking for working const" >&5 -if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <j = 5; -} -{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ - const int foo = 10; -} +echo "$as_me:6220: checking for an ANSI C-conforming const" >&5 +echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6 +if test "${ac_cv_c_const+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 6226 "configure" +#include "confdefs.h" -; return 0; } -EOF -if { (eval echo configure:4434: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* +int +main () +{ +/* FIXME: Include the comments suggested by Paul. */ +#ifndef __cplusplus + /* Ultrix mips cc rejects this. */ + typedef int charset[2]; + const charset x; + /* SunOS 4.1.1 cc rejects this. */ + char const *const *ccp; + char **p; + /* NEC SVR4.0.2 mips cc rejects this. */ + struct point {int x, y;}; + static struct point const zero = {0,0}; + /* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in + an arm of an if-expression whose if-part is not a constant + expression */ + const char *g = "string"; + ccp = &g + (g ? g-g : 0); + /* HPUX 7.0 cc rejects these. */ + ++ccp; + p = (char**) ccp; + ccp = (char const *const *) p; + { /* SCO 3.2v4 cc rejects this. */ + char *t; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; + } + { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; + } + { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; + } + { /* AIX XL C 1.02.0.0 rejects this saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; }; + struct s *b; b->j = 5; + } + { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; + } +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:6284: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:6287: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:6290: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6293: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_c_const=yes else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_c_const=no + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_c_const=no fi -rm -f conftest* +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:6303: result: $ac_cv_c_const" >&5 +echo "${ECHO_T}$ac_cv_c_const" >&6 +if test $ac_cv_c_const = no; then + +cat >>confdefs.h <<\EOF +#define const +EOF + fi -echo "$ac_t""$ac_cv_c_const" 1>&6 -if test $ac_cv_c_const = no; then - cat >> confdefs.h <<\EOF -#define const +echo "$as_me:6313: checking for working volatile" >&5 +echo $ECHO_N "checking for working volatile... $ECHO_C" >&6 +if test "${ac_cv_c_volatile+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 6319 "configure" +#include "confdefs.h" + +int +main () +{ + +volatile int x; +int * volatile y; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:6333: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:6336: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:6339: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6342: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_volatile=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_c_volatile=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:6352: result: $ac_cv_c_volatile" >&5 +echo "${ECHO_T}$ac_cv_c_volatile" >&6 +if test $ac_cv_c_volatile = no; then + +cat >>confdefs.h <<\EOF +#define volatile EOF fi for ac_prog in 'bison -y' byacc do -# Extract the first word of "$ac_prog", so it can be a program name with args. + # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4459: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:6366: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_YACC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_YACC="$ac_prog" - break - fi - done - IFS="$ac_save_ifs" + ac_save_IFS=$IFS; IFS=$ac_path_separator +ac_dummy="$PATH" +for ac_dir in $ac_dummy; do + IFS=$ac_save_IFS + test -z "$ac_dir" && ac_dir=. + $as_executable_p "$ac_dir/$ac_word" || continue +ac_cv_prog_YACC="$ac_prog" +echo "$as_me:6381: found $ac_dir/$ac_word" >&5 +break +done + fi fi -YACC="$ac_cv_prog_YACC" +YACC=$ac_cv_prog_YACC if test -n "$YACC"; then - echo "$ac_t""$YACC" 1>&6 + echo "$as_me:6389: result: $YACC" >&5 +echo "${ECHO_T}$YACC" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:6392: result: no" >&5 +echo "${ECHO_T}no" >&6 fi -test -n "$YACC" && break + test -n "$YACC" && break done test -n "$YACC" || YACC="yacc" -if test -z "$with_sendmail"; then - echo $ac_n "checking for sendmail""... $ac_c" 1>&6 -echo "configure:4490: checking for sendmail" >&5 -if test -f "/usr/sbin/sendmail"; then - echo "$ac_t""/usr/sbin/sendmail" 1>&6 - cat >> confdefs.h <<\EOF -#define _PATH_SENDMAIL "/usr/sbin/sendmail" -EOF - -elif test -f "/usr/lib/sendmail"; then - echo "$ac_t""/usr/lib/sendmail" 1>&6 - cat >> confdefs.h <<\EOF -#define _PATH_SENDMAIL "/usr/lib/sendmail" -EOF - -elif test -f "/usr/etc/sendmail"; then - echo "$ac_t""/usr/etc/sendmail" 1>&6 - cat >> confdefs.h <<\EOF -#define _PATH_SENDMAIL "/usr/etc/sendmail" -EOF - -elif test -f "/usr/ucblib/sendmail"; then - echo "$ac_t""/usr/ucblib/sendmail" 1>&6 - cat >> confdefs.h <<\EOF -#define _PATH_SENDMAIL "/usr/ucblib/sendmail" -EOF - -elif test -f "/usr/local/lib/sendmail"; then - echo "$ac_t""/usr/local/lib/sendmail" 1>&6 - cat >> confdefs.h <<\EOF -#define _PATH_SENDMAIL "/usr/local/lib/sendmail" -EOF - -elif test -f "/usr/local/bin/sendmail"; then - echo "$ac_t""/usr/local/bin/sendmail" 1>&6 - cat >> confdefs.h <<\EOF -#define _PATH_SENDMAIL "/usr/local/bin/sendmail" -EOF - -else - echo "$ac_t""not found" 1>&6 -fi - -fi -echo $ac_n "checking for mv""... $ac_c" 1>&6 -echo "configure:4533: checking for mv" >&5 +echo "$as_me:6400: checking for mv" >&5 +echo $ECHO_N "checking for mv... $ECHO_C" >&6 if test -f "/usr/bin/mv"; then - echo "$ac_t""/usr/bin/mv" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6403: result: /usr/bin/mv" >&5 +echo "${ECHO_T}/usr/bin/mv" >&6 + cat >>confdefs.h <<\EOF #define _PATH_MV "/usr/bin/mv" EOF elif test -f "/bin/mv"; then - echo "$ac_t""/bin/mv" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6410: result: /bin/mv" >&5 +echo "${ECHO_T}/bin/mv" >&6 + cat >>confdefs.h <<\EOF #define _PATH_MV "/bin/mv" EOF elif test -f "/usr/ucb/mv"; then - echo "$ac_t""/usr/ucb/mv" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6417: result: /usr/ucb/mv" >&5 +echo "${ECHO_T}/usr/ucb/mv" >&6 + cat >>confdefs.h <<\EOF #define _PATH_MV "/usr/ucb/mv" EOF elif test -f "/usr/sbin/mv"; then - echo "$ac_t""/usr/sbin/mv" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6424: result: /usr/sbin/mv" >&5 +echo "${ECHO_T}/usr/sbin/mv" >&6 + cat >>confdefs.h <<\EOF #define _PATH_MV "/usr/sbin/mv" EOF else - echo "$ac_t""not found" 1>&6 + echo "$as_me:6431: result: not found" >&5 +echo "${ECHO_T}not found" >&6 fi -echo $ac_n "checking for bourne shell""... $ac_c" 1>&6 -echo "configure:4563: checking for bourne shell" >&5 +echo "$as_me:6435: checking for bourne shell" >&5 +echo $ECHO_N "checking for bourne shell... $ECHO_C" >&6 if test -f "/bin/sh"; then - echo "$ac_t""/bin/sh" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6438: result: /bin/sh" >&5 +echo "${ECHO_T}/bin/sh" >&6 + cat >>confdefs.h <<\EOF #define _PATH_BSHELL "/bin/sh" EOF elif test -f "/usr/bin/sh"; then - echo "$ac_t""/usr/bin/sh" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6445: result: /usr/bin/sh" >&5 +echo "${ECHO_T}/usr/bin/sh" >&6 + cat >>confdefs.h <<\EOF #define _PATH_BSHELL "/usr/bin/sh" EOF elif test -f "/sbin/sh"; then - echo "$ac_t""/sbin/sh" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6452: result: /sbin/sh" >&5 +echo "${ECHO_T}/sbin/sh" >&6 + cat >>confdefs.h <<\EOF #define _PATH_BSHELL "/sbin/sh" EOF elif test -f "/usr/sbin/sh"; then - echo "$ac_t""/usr/sbin/sh" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6459: result: /usr/sbin/sh" >&5 +echo "${ECHO_T}/usr/sbin/sh" >&6 + cat >>confdefs.h <<\EOF #define _PATH_BSHELL "/usr/sbin/sh" EOF elif test -f "/bin/ksh"; then - echo "$ac_t""/bin/ksh" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6466: result: /bin/ksh" >&5 +echo "${ECHO_T}/bin/ksh" >&6 + cat >>confdefs.h <<\EOF #define _PATH_BSHELL "/bin/ksh" EOF elif test -f "/usr/bin/ksh"; then - echo "$ac_t""/usr/bin/ksh" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6473: result: /usr/bin/ksh" >&5 +echo "${ECHO_T}/usr/bin/ksh" >&6 + cat >>confdefs.h <<\EOF #define _PATH_BSHELL "/usr/bin/ksh" EOF elif test -f "/bin/bash"; then - echo "$ac_t""/bin/bash" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6480: result: /bin/bash" >&5 +echo "${ECHO_T}/bin/bash" >&6 + cat >>confdefs.h <<\EOF #define _PATH_BSHELL "/bin/bash" EOF elif test -f "/usr/bin/bash"; then - echo "$ac_t""/usr/bin/bash" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6487: result: /usr/bin/bash" >&5 +echo "${ECHO_T}/usr/bin/bash" >&6 + cat >>confdefs.h <<\EOF #define _PATH_BSHELL "/usr/bin/bash" EOF else - echo "$ac_t""not found" 1>&6 + echo "$as_me:6494: result: not found" >&5 +echo "${ECHO_T}not found" >&6 +fi + +if test -z "$with_sendmail"; then + echo "$as_me:6499: checking for sendmail" >&5 +echo $ECHO_N "checking for sendmail... $ECHO_C" >&6 +if test -f "/usr/sbin/sendmail"; then + echo "$as_me:6502: result: /usr/sbin/sendmail" >&5 +echo "${ECHO_T}/usr/sbin/sendmail" >&6 + cat >>confdefs.h <<\EOF +#define _PATH_SUDO_SENDMAIL "/usr/sbin/sendmail" +EOF + +elif test -f "/usr/lib/sendmail"; then + echo "$as_me:6509: result: /usr/lib/sendmail" >&5 +echo "${ECHO_T}/usr/lib/sendmail" >&6 + cat >>confdefs.h <<\EOF +#define _PATH_SUDO_SENDMAIL "/usr/lib/sendmail" +EOF + +elif test -f "/usr/etc/sendmail"; then + echo "$as_me:6516: result: /usr/etc/sendmail" >&5 +echo "${ECHO_T}/usr/etc/sendmail" >&6 + cat >>confdefs.h <<\EOF +#define _PATH_SUDO_SENDMAIL "/usr/etc/sendmail" +EOF + +elif test -f "/usr/ucblib/sendmail"; then + echo "$as_me:6523: result: /usr/ucblib/sendmail" >&5 +echo "${ECHO_T}/usr/ucblib/sendmail" >&6 + cat >>confdefs.h <<\EOF +#define _PATH_SUDO_SENDMAIL "/usr/ucblib/sendmail" +EOF + +elif test -f "/usr/local/lib/sendmail"; then + echo "$as_me:6530: result: /usr/local/lib/sendmail" >&5 +echo "${ECHO_T}/usr/local/lib/sendmail" >&6 + cat >>confdefs.h <<\EOF +#define _PATH_SUDO_SENDMAIL "/usr/local/lib/sendmail" +EOF + +elif test -f "/usr/local/bin/sendmail"; then + echo "$as_me:6537: result: /usr/local/bin/sendmail" >&5 +echo "${ECHO_T}/usr/local/bin/sendmail" >&6 + cat >>confdefs.h <<\EOF +#define _PATH_SUDO_SENDMAIL "/usr/local/bin/sendmail" +EOF + +else + echo "$as_me:6544: result: not found" >&5 +echo "${ECHO_T}not found" >&6 fi -echo $ac_n "checking for vi""... $ac_c" 1>&6 -echo "configure:4617: checking for vi" >&5 +fi +if test -z "$with_editor"; then + echo "$as_me:6550: checking for vi" >&5 +echo $ECHO_N "checking for vi... $ECHO_C" >&6 if test -f "/usr/bin/vi"; then - echo "$ac_t""/usr/bin/vi" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6553: result: /usr/bin/vi" >&5 +echo "${ECHO_T}/usr/bin/vi" >&6 + cat >>confdefs.h <<\EOF #define _PATH_VI "/usr/bin/vi" EOF elif test -f "/usr/ucb/vi"; then - echo "$ac_t""/usr/ucb/vi" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6560: result: /usr/ucb/vi" >&5 +echo "${ECHO_T}/usr/ucb/vi" >&6 + cat >>confdefs.h <<\EOF #define _PATH_VI "/usr/ucb/vi" EOF elif test -f "/usr/bsd/vi"; then - echo "$ac_t""/usr/bsd/vi" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6567: result: /usr/bsd/vi" >&5 +echo "${ECHO_T}/usr/bsd/vi" >&6 + cat >>confdefs.h <<\EOF #define _PATH_VI "/usr/bsd/vi" EOF elif test -f "/bin/vi"; then - echo "$ac_t""/bin/vi" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6574: result: /bin/vi" >&5 +echo "${ECHO_T}/bin/vi" >&6 + cat >>confdefs.h <<\EOF #define _PATH_VI "/bin/vi" EOF elif test -f "/usr/local/bin/vi"; then - echo "$ac_t""/usr/local/bin/vi" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:6581: result: /usr/local/bin/vi" >&5 +echo "${ECHO_T}/usr/local/bin/vi" >&6 + cat >>confdefs.h <<\EOF #define _PATH_VI "/usr/local/bin/vi" EOF else - echo "$ac_t""not found" 1>&6 + echo "$as_me:6588: result: not found" >&5 +echo "${ECHO_T}not found" >&6 fi -echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:4653: checking for ANSI C header files" >&5 -if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +fi +echo "$as_me:6593: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6599 "configure" #include "confdefs.h" #include #include #include #include -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4666: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* + +_ACEOF +if { (eval echo "$as_me:6607: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:6613: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then ac_cv_header_stdc=yes else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 + echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -rf conftest* ac_cv_header_stdc=no fi -rm -f conftest* +rm -f conftest.err conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6635 "configure" #include "confdefs.h" #include -EOF + +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "memchr" >/dev/null 2>&1; then : else - rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* @@ -4696,16 +6649,16 @@ if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6653 "configure" #include "confdefs.h" #include -EOF + +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "free" >/dev/null 2>&1; then : else - rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* @@ -4714,682 +6667,930 @@ if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. -if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6674 "configure" #include "confdefs.h" #include -#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int main () { int i; for (i = 0; i < 256; i++) -if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); -exit (0); } +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif -EOF -if { (eval echo configure:4733: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:6700: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:6703: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:6705: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6708: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then : else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - ac_cv_header_stdc=no + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_header_stdc=no fi -rm -fr conftest* +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - fi fi - -echo "$ac_t""$ac_cv_header_stdc" 1>&6 +echo "$as_me:6721: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 if test $ac_cv_header_stdc = yes; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define STDC_HEADERS 1 EOF fi ac_header_dirent=no -for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:4761: checking for $ac_hdr that defines DIR" >&5 -if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do + as_ac_Header=`echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` +echo "$as_me:6734: checking for $ac_hdr that defines DIR" >&5 +echo $ECHO_N "checking for $ac_hdr that defines DIR... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6740 "configure" #include "confdefs.h" #include #include <$ac_hdr> -int main() { -DIR *dirp = 0; -; return 0; } -EOF -if { (eval echo configure:4774: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - eval "ac_cv_header_dirent_$ac_safe=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_dirent_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_dirent_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:6758: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:6761: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6764: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_Header=no" +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:6774: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <&6 + +ac_header_dirent=$ac_hdr; break fi + done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then -echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:4799: checking for opendir in -ldir" >&5 -if test -n ""; then - ac_lib_var=`echo dir'_'opendir | sed 'y% ./+-%___p_%'` + echo "$as_me:6787: checking for opendir in -ldir" >&5 +echo $ECHO_N "checking for opendir in -ldir... $ECHO_C" >&6 +if test "${ac_cv_lib_dir_opendir+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-ldir $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6795 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char opendir(); - -int main() { -opendir() -; return 0; } -EOF -if { (eval echo configure:4822: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:6814: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:6817: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:6820: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6823: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_dir_opendir=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_dir_opendir=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:6834: result: $ac_cv_lib_dir_opendir" >&5 +echo "${ECHO_T}$ac_cv_lib_dir_opendir" >&6 +if test $ac_cv_lib_dir_opendir = yes; then LIBS="$LIBS -ldir" -else - echo "$ac_t""no" 1>&6 fi else -echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:4844: checking for opendir in -lx" >&5 -if test -n ""; then - ac_lib_var=`echo x'_'opendir | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:6841: checking for opendir in -lx" >&5 +echo $ECHO_N "checking for opendir in -lx... $ECHO_C" >&6 +if test "${ac_cv_lib_x_opendir+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lx $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6849 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char opendir(); - -int main() { -opendir() -; return 0; } -EOF -if { (eval echo configure:4867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:6868: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:6871: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:6874: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6877: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_x_opendir=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_x_opendir=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:6888: result: $ac_cv_lib_x_opendir" >&5 +echo "${ECHO_T}$ac_cv_lib_x_opendir" >&6 +if test $ac_cv_lib_x_opendir = yes; then LIBS="$LIBS -lx" -else - echo "$ac_t""no" 1>&6 fi fi -for ac_hdr in string.h strings.h unistd.h malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h +for ac_header in malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4893: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:6899: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 6905 "configure" +#include "confdefs.h" +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:6909: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:6915: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4903: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + eval "$as_ac_Header=yes" else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 + echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" + eval "$as_ac_Header=no" fi -rm -f conftest* +rm -f conftest.err conftest.$ac_ext fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <&6 + fi done if test "$OS" != "ultrix"; then - for ac_hdr in termio.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4934: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:6945: checking POSIX termios" >&5 +echo $ECHO_N "checking POSIX termios... $ECHO_C" >&6 +if test "${ac_cv_sys_posix_termios+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 6951 "configure" #include "confdefs.h" -#include <$ac_hdr> +#include +#include +#include +int +main () +{ +/* SunOS 4.0.3 has termios.h but not the library calls. */ + tcgetattr(0, 0); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:6966: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:6969: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:6972: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:6975: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_sys_posix_termios=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_sys_posix_termios=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:6985: result: $ac_cv_sys_posix_termios" >&5 +echo "${ECHO_T}$ac_cv_sys_posix_termios" >&6 + + if test "$ac_cv_sys_posix_termios" = "yes"; then + +cat >>confdefs.h <<\EOF +#define HAVE_TERMIOS_H 1 EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4944: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" + + else + +for ac_header in termio.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:6999: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 7005 "configure" +#include "confdefs.h" +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:7009: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:7015: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + eval "$as_ac_Header=yes" else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 + echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" + eval "$as_ac_Header=no" fi -rm -f conftest* +rm -f conftest.err conftest.$ac_ext fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <&6 + fi done - for ac_hdr in termios.h + fi +fi +if test "$with_logincap" = "yes"; then + +for ac_header in login_cap.h do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4974: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:7051: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 7057 "configure" +#include "confdefs.h" +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:7061: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:7067: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi else - cat > conftest.$ac_ext < -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4984: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + eval "$as_ac_Header=yes" else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 + echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" + eval "$as_ac_Header=no" fi -rm -f conftest* +rm -f conftest.err conftest.$ac_ext fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <&6 -echo "configure:5007: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif +fi +done -; return 0; } -EOF -if { (eval echo configure:5035: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" +fi +if test "$with_bsdauth" = "yes"; then + echo "$as_me:7098: checking for bsd_auth.h" >&5 +echo $ECHO_N "checking for bsd_auth.h... $ECHO_C" >&6 +if test "${ac_cv_header_bsd_auth_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 7104 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:7108: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:7114: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi else - echo "configure: failed program was:" >&5 + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_cv_header_bsd_auth_h=yes +else + echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" + ac_cv_header_bsd_auth_h=no fi -rm -f conftest* +rm -f conftest.err conftest.$ac_ext fi +echo "$as_me:7133: result: $ac_cv_header_bsd_auth_h" >&5 +echo "${ECHO_T}$ac_cv_header_bsd_auth_h" >&6 +if test $ac_cv_header_bsd_auth_h = yes; then -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <>confdefs.h <<\EOF +#define HAVE_BSD_AUTH_H 1 EOF - -else - echo "$ac_t""no" 1>&6 + with_passwd=no; AUTH_OBJS=bsdauth.o fi -done -else - echo "$ac_t""no" 1>&6 fi -done +# On IRIX 5.3, sys/types and inttypes.h are conflicting. -fi -if test "$with_logincap" = "yes"; then - for ac_hdr in login_cap.h +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:5070: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:7150: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 7156 "configure" +#include "confdefs.h" +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:7162: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:7165: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:7168: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7171: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_Header=no" +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:7181: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <&5 +echo $ECHO_N "checking for mode_t... $ECHO_C" >&6 +if test "${ac_cv_type_mode_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7197 "configure" #include "confdefs.h" -#include <$ac_hdr> -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:5080: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" +$ac_includes_default +int +main () +{ +if ((mode_t *) 0) + return 0; +if (sizeof (mode_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:7212: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:7215: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:7218: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7221: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_mode_t=yes else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <&5 +cat conftest.$ac_ext >&5 +ac_cv_type_mode_t=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:7231: result: $ac_cv_type_mode_t" >&5 +echo "${ECHO_T}$ac_cv_type_mode_t" >&6 +if test $ac_cv_type_mode_t = yes; then + : else - echo "$ac_t""no" 1>&6 -fi -done + +cat >>confdefs.h <&6 -echo "configure:5110: checking for bsd_auth.h" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + +echo "$as_me:7243: checking for uid_t in sys/types.h" >&5 +echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6 +if test "${ac_cv_type_uid_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7249 "configure" #include "confdefs.h" -#include -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:5120: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "uid_t" >/dev/null 2>&1; then + ac_cv_type_uid_t=yes else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" + ac_cv_type_uid_t=no fi rm -f conftest* + fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_BSD_AUTH_H 1 +echo "$as_me:7263: result: $ac_cv_type_uid_t" >&5 +echo "${ECHO_T}$ac_cv_type_uid_t" >&6 +if test $ac_cv_type_uid_t = no; then + +cat >>confdefs.h <<\EOF +#define uid_t int +EOF + +cat >>confdefs.h <<\EOF +#define gid_t int EOF - with_passwd=no; AUTH_OBJS=bsdauth.o -else - echo "$ac_t""no" 1>&6 -fi fi -echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:5147: checking for mode_t" >&5 -if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:7277: checking for sig_atomic_t" >&5 +echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6 +if test "${ac_cv_type_sig_atomic_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7283 "configure" #include "confdefs.h" #include -#if STDC_HEADERS -#include -#include -#endif -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_mode_t=yes +#include + +int +main () +{ +if ((sig_atomic_t *) 0) + return 0; +if (sizeof (sig_atomic_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:7300: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:7303: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:7306: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7309: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_sig_atomic_t=yes else - rm -rf conftest* - ac_cv_type_mode_t=no + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_sig_atomic_t=no fi -rm -f conftest* - +rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$ac_t""$ac_cv_type_mode_t" 1>&6 -if test $ac_cv_type_mode_t = no; then - cat >> confdefs.h <<\EOF -#define mode_t int +echo "$as_me:7319: result: $ac_cv_type_sig_atomic_t" >&5 +echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6 +if test $ac_cv_type_sig_atomic_t = yes; then + +cat >>confdefs.h <>confdefs.h <<\EOF +#define sig_atomic_t int EOF fi -echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:5180: checking for uid_t in sys/types.h" >&5 -if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:7335: checking for sigaction_t" >&5 +echo $ECHO_N "checking for sigaction_t... $ECHO_C" >&6 +if test "${ac_cv_type_sigaction_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7341 "configure" #include "confdefs.h" #include -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "uid_t" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_uid_t=yes +#include + +int +main () +{ +if ((sigaction_t *) 0) + return 0; +if (sizeof (sigaction_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:7358: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:7361: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:7364: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7367: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_sigaction_t=yes else - rm -rf conftest* - ac_cv_type_uid_t=no + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_sigaction_t=no fi -rm -f conftest* - +rm -f conftest.$ac_objext conftest.$ac_ext fi +echo "$as_me:7377: result: $ac_cv_type_sigaction_t" >&5 +echo "${ECHO_T}$ac_cv_type_sigaction_t" >&6 +if test $ac_cv_type_sigaction_t = yes; then -echo "$ac_t""$ac_cv_type_uid_t" 1>&6 -if test $ac_cv_type_uid_t = no; then - cat >> confdefs.h <<\EOF -#define uid_t int +cat >>confdefs.h <> confdefs.h <<\EOF -#define gid_t int +cat >>confdefs.h <<\EOF +#define HAVE_SIGACTION_T 1 EOF fi -echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:5214: checking for size_t" >&5 -if eval "test \"`echo '$''{'sudo_cv_type_size_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:7391: checking for size_t" >&5 +echo $ECHO_N "checking for size_t... $ECHO_C" >&6 +if test "${sudo_cv_type_size_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7397 "configure" #include "confdefs.h" #include +#include #if STDC_HEADERS #include #endif #if HAVE_UNISTD_H #include #endif -EOF +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "size_t" >/dev/null 2>&1; then - rm -rf conftest* sudo_cv_type_size_t=yes else - rm -rf conftest* sudo_cv_type_size_t=no fi rm -f conftest* fi -echo "$ac_t""$sudo_cv_type_size_t" 1>&6 +echo "$as_me:7417: result: $sudo_cv_type_size_t" >&5 +echo "${ECHO_T}$sudo_cv_type_size_t" >&6 if test $sudo_cv_type_size_t = no; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define size_t int EOF fi -echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 -echo "configure:5249: checking for ssize_t" >&5 -if eval "test \"`echo '$''{'sudo_cv_type_ssize_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:7427: checking for ssize_t" >&5 +echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6 +if test "${sudo_cv_type_ssize_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7433 "configure" #include "confdefs.h" #include +#include #if STDC_HEADERS #include #endif #if HAVE_UNISTD_H #include #endif -EOF +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "ssize_t" >/dev/null 2>&1; then - rm -rf conftest* sudo_cv_type_ssize_t=yes else - rm -rf conftest* sudo_cv_type_ssize_t=no fi rm -f conftest* fi -echo "$ac_t""$sudo_cv_type_ssize_t" 1>&6 +echo "$as_me:7453: result: $sudo_cv_type_ssize_t" >&5 +echo "${ECHO_T}$sudo_cv_type_ssize_t" >&6 if test $sudo_cv_type_ssize_t = no; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define ssize_t int EOF fi -echo $ac_n "checking for dev_t""... $ac_c" 1>&6 -echo "configure:5284: checking for dev_t" >&5 -if eval "test \"`echo '$''{'sudo_cv_type_dev_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:7463: checking for dev_t" >&5 +echo $ECHO_N "checking for dev_t... $ECHO_C" >&6 +if test "${sudo_cv_type_dev_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7469 "configure" #include "confdefs.h" #include +#include #if STDC_HEADERS #include #endif #if HAVE_UNISTD_H #include #endif -EOF +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "dev_t" >/dev/null 2>&1; then - rm -rf conftest* sudo_cv_type_dev_t=yes else - rm -rf conftest* sudo_cv_type_dev_t=no fi rm -f conftest* fi -echo "$ac_t""$sudo_cv_type_dev_t" 1>&6 +echo "$as_me:7489: result: $sudo_cv_type_dev_t" >&5 +echo "${ECHO_T}$sudo_cv_type_dev_t" >&6 if test $sudo_cv_type_dev_t = no; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define dev_t int EOF fi -echo $ac_n "checking for ino_t""... $ac_c" 1>&6 -echo "configure:5319: checking for ino_t" >&5 -if eval "test \"`echo '$''{'sudo_cv_type_ino_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:7499: checking for ino_t" >&5 +echo $ECHO_N "checking for ino_t... $ECHO_C" >&6 +if test "${sudo_cv_type_ino_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7505 "configure" #include "confdefs.h" #include +#include #if STDC_HEADERS #include #endif #if HAVE_UNISTD_H #include #endif -EOF +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "ino_t" >/dev/null 2>&1; then - rm -rf conftest* sudo_cv_type_ino_t=yes else - rm -rf conftest* sudo_cv_type_ino_t=no fi rm -f conftest* fi -echo "$ac_t""$sudo_cv_type_ino_t" 1>&6 +echo "$as_me:7525: result: $sudo_cv_type_ino_t" >&5 +echo "${ECHO_T}$sudo_cv_type_ino_t" >&6 if test $sudo_cv_type_ino_t = no; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define ino_t unsigned int EOF fi -echo $ac_n "checking for full void implementation""... $ac_c" 1>&6 -echo "configure:5354: checking for full void implementation" >&5 -cat > conftest.$ac_ext <&5 +echo $ECHO_N "checking for full void implementation... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line 7538 "configure" #include "confdefs.h" -int main() { +int +main () +{ void *foo; foo = (void *)0; (void *)"test"; -; return 0; } -EOF -if { (eval echo configure:5364: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - cat >> confdefs.h <<\EOF + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:7551: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:7554: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:7557: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7560: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +cat >>confdefs.h <<\EOF #define VOID void EOF -echo "$ac_t""yes" 1>&6 +echo "$as_me:7567: result: yes" >&5 +echo "${ECHO_T}yes" >&6 else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - cat >> confdefs.h <<\EOF + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +cat >>confdefs.h <<\EOF #define VOID char EOF -echo "$ac_t""no" 1>&6 +echo "$as_me:7576: result: no" >&5 +echo "${ECHO_T}no" >&6 fi -rm -f conftest* +rm -f conftest.$ac_objext conftest.$ac_ext -echo $ac_n "checking max length of uid_t""... $ac_c" 1>&6 -echo "configure:5384: checking max length of uid_t" >&5 -if eval "test \"`echo '$''{'sudo_cv_uid_t_len'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:7581: checking max length of uid_t" >&5 +echo $ECHO_N "checking max length of uid_t... $ECHO_C" >&6 +if test "${sudo_cv_uid_t_len+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else rm -f conftestdata if test "$cross_compiling" = yes; then - { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + { { echo "$as_me:7588: error: cannot run test program while cross compiling" >&5 +echo "$as_me: error: cannot run test program while cross compiling" >&2;} + { (exit 1); exit 1; }; } else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7593 "configure" #include "confdefs.h" #include #include @@ -5409,84 +7610,121 @@ (void) fclose(f); exit(0); } -EOF -if { (eval echo configure:5414: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:7615: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:7618: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:7620: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7623: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then sudo_cv_uid_t_len=`cat conftestdata` else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - sudo_cv_uid_t_len=10 + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +sudo_cv_uid_t_len=10 fi -rm -fr conftest* +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - fi rm -f conftestdata -echo "$ac_t""$sudo_cv_uid_t_len" 1>&6 -cat >> confdefs.h <&5 +echo "${ECHO_T}$sudo_cv_uid_t_len" >&6 + +cat >>confdefs.h <&6 -echo "configure:5437: checking for long long support" >&5 -cat > conftest.$ac_ext <&5 +echo $ECHO_N "checking for long long support... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line 7648 "configure" #include "confdefs.h" -int main() { +int +main () +{ long long foo = 1000; foo /= 10; -; return 0; } -EOF -if { (eval echo configure:5446: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - cat >> confdefs.h <<\EOF + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:7660: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:7663: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:7666: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7669: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +cat >>confdefs.h <<\EOF #define HAVE_LONG_LONG 1 EOF if test "$cross_compiling" = yes; then - { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + { { echo "$as_me:7677: error: cannot run test program while cross compiling" >&5 +echo "$as_me: error: cannot run test program while cross compiling" >&2;} + { (exit 1); exit 1; }; } else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7682 "configure" #include "confdefs.h" main() {if (sizeof(long long) == sizeof(long)) exit(0); else exit(1);} -EOF -if { (eval echo configure:5460: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then - cat >> confdefs.h <<\EOF +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:7687: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:7690: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:7692: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7695: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + +cat >>confdefs.h <<\EOF #define LONG_IS_QUAD 1 EOF else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 -fi -rm -fr conftest* -fi - -echo "$ac_t""yes" 1>&6 -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - echo "$ac_t""no" 1>&6 -fi -rm -f conftest* -echo $ac_n "checking for sa_len field in struct sockaddr""... $ac_c" 1>&6 -echo "configure:5482: checking for sa_len field in struct sockaddr" >&5 -if eval "test \"`echo '$''{'sudo_cv_sock_sa_len'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +fi +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:7709: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +echo "$as_me:7714: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +echo "$as_me:7718: checking for sa_len field in struct sockaddr" >&5 +echo $ECHO_N "checking for sa_len field in struct sockaddr... $ECHO_C" >&6 +if test "${sudo_cv_sock_sa_len+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then sudo_cv_sock_sa_len=no else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7727 "configure" #include "confdefs.h" #include #include @@ -5495,24 +7733,34 @@ s.sa_len = 0; exit(0); } -EOF -if { (eval echo configure:5500: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:7738: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:7741: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:7743: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7746: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then sudo_cv_sock_sa_len=yes else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - sudo_cv_sock_sa_len=no + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +sudo_cv_sock_sa_len=no fi -rm -fr conftest* +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - rm -f core core.* *.core fi -echo "$ac_t""$sudo_cv_sock_sa_len" 1>&6 +echo "$as_me:7759: result: $sudo_cv_sock_sa_len" >&5 +echo "${ECHO_T}$sudo_cv_sock_sa_len" >&6 if test $sudo_cv_sock_sa_len = yes; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define HAVE_SA_LEN 1 EOF @@ -5520,18 +7768,18 @@ case "$DEFS" in *"RETSIGTYPE"*) ;; - *) echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:5525: checking return type of signal handlers" >&5 -if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + *) echo "$as_me:7771: checking return type of signal handlers" >&5 +echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6 +if test "${ac_cv_type_signal+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7777 "configure" #include "confdefs.h" #include #include #ifdef signal -#undef signal +# undef signal #endif #ifdef __cplusplus extern "C" void (*signal (int, void (*)(int)))(int); @@ -5539,915 +7787,928 @@ void (*signal ()) (); #endif -int main() { +int +main () +{ int i; -; return 0; } -EOF -if { (eval echo configure:5547: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:7799: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:7802: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:7805: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7808: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_type_signal=void else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_type_signal=int + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_type_signal=int fi -rm -f conftest* +rm -f conftest.$ac_objext conftest.$ac_ext fi +echo "$as_me:7818: result: $ac_cv_type_signal" >&5 +echo "${ECHO_T}$ac_cv_type_signal" >&6 -echo "$ac_t""$ac_cv_type_signal" 1>&6 -cat >> confdefs.h <>confdefs.h <&6 -echo "configure:5569: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:7832: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7838 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:7869: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:7872: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:7875: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7878: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:7888: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 fi done -if test -n "$SECUREWARE"; then - for ac_func in bigcrypt +if test -z "$BROKEN_SETREUID"; then + +for ac_func in setreuid do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5625: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:7903: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7909 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:7940: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:7943: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:7946: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:7949: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:7959: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 fi done - for ac_func in set_auth_parameters -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5680: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif - -; return 0; } -EOF -if { (eval echo configure:5708: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 fi -done +if test X"$with_interfaces" != X"no"; then - for ac_func in initprivs +for ac_func in getifaddrs do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5735: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:7975: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 7981 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8012: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8015: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8018: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8021: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8031: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 fi done fi -if test -z "$BROKEN_GETCWD"; then - echo $ac_n "checking for getcwd""... $ac_c" 1>&6 -echo "configure:5790: checking for getcwd" >&5 -if eval "test \"`echo '$''{'ac_cv_func_getcwd'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char getcwd(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_getcwd) || defined (__stub___getcwd) -choke me -#else -getcwd(); -#endif - -; return 0; } -EOF -if { (eval echo configure:5818: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_getcwd=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_getcwd=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'getcwd`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_GETCWD 1 -EOF - -else - echo "$ac_t""no" 1>&6 -LIBOBJS="$LIBOBJS getcwd.o" -fi - -fi -echo $ac_n "checking for lockf""... $ac_c" 1>&6 -echo "configure:5843: checking for lockf" >&5 -if eval "test \"`echo '$''{'ac_cv_func_lockf'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char lockf(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_lockf) || defined (__stub___lockf) -choke me -#else -lockf(); -#endif - -; return 0; } -EOF -if { (eval echo configure:5871: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_lockf=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_lockf=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'lockf`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_LOCKF 1 -EOF +if test -n "$SECUREWARE"; then -else - echo "$ac_t""no" 1>&6 -for ac_func in flock +for ac_func in bigcrypt set_auth_parameters initprivs do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5894: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8047: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8053 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8084: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8087: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8090: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8093: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8103: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 fi done fi +if test -z "$BROKEN_GETCWD"; then -echo $ac_n "checking for waitpid""... $ac_c" 1>&6 -echo "configure:5949: checking for waitpid" >&5 -if eval "test \"`echo '$''{'ac_cv_func_waitpid'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char waitpid(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_waitpid) || defined (__stub___waitpid) -choke me -#else -waitpid(); -#endif - -; return 0; } -EOF -if { (eval echo configure:5977: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_waitpid=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_waitpid=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'waitpid`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_WAITPID 1 -EOF - -else - echo "$ac_t""no" 1>&6 -for ac_func in wait3 +for ac_func in getcwd do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6000: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8119: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8125 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8156: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8159: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8162: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8165: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8175: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 + LIBOBJS="$LIBOBJS $ac_func.$ac_objext" fi done fi -echo $ac_n "checking for innetgr""... $ac_c" 1>&6 -echo "configure:6055: checking for innetgr" >&5 -if eval "test \"`echo '$''{'ac_cv_func_innetgr'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +for ac_func in lockf flock +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8192: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8198 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char innetgr(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char innetgr(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_innetgr) || defined (__stub___innetgr) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -innetgr(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8229: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8232: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8235: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8238: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8248: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_innetgr=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_innetgr=no" -fi -rm -f conftest* + break fi +done -if eval "test \"`echo '$ac_cv_func_'innetgr`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_INNETGR 1 -EOF - for ac_func in getdomainname +for ac_func in waitpid wait3 do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6103: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8261: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8267 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } -EOF -if { (eval echo configure:6131: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8301: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8304: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8307: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8317: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&6 + break fi done +for ac_func in innetgr _innetgr +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8330: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "$ac_t""no" 1>&6 -fi - -echo $ac_n "checking for lsearch""... $ac_c" 1>&6 -echo "configure:6160: checking for lsearch" >&5 -if eval "test \"`echo '$''{'ac_cv_func_lsearch'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8336 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char lsearch(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char lsearch(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_lsearch) || defined (__stub___lsearch) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -lsearch(); +f = $ac_func; #endif -; return 0; } -EOF -if { (eval echo configure:6188: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_lsearch=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_lsearch=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'lsearch`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_LSEARCH 1 -EOF - -else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for lsearch in -lcompat""... $ac_c" 1>&6 -echo "configure:6209: checking for lsearch in -lcompat" >&5 -if test -n ""; then - ac_lib_var=`echo compat'_'lsearch | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo compat'_'lsearch | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lcompat $LIBS" -cat > conftest.$ac_ext <&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8370: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8373: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8376: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8386: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_safe=`echo "search.h" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for search.h""... $ac_c" 1>&6 -echo "configure:6249: checking for search.h" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +for ac_func in getdomainname +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8396: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8402 "configure" #include "confdefs.h" -#include -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:6259: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_LSEARCH 1 -EOF - LIBS="${LIBS} -lcompat" -else - echo "$ac_t""no" 1>&6 -LIBOBJS="$LIBOBJS lsearch.o" -fi - -else - echo "$ac_t""no" 1>&6 -LIBOBJS="$LIBOBJS lsearch.o" -fi - -fi - -echo $ac_n "checking for setenv""... $ac_c" 1>&6 -echo "configure:6292: checking for setenv" >&5 -if eval "test \"`echo '$''{'ac_cv_func_setenv'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +/* System header to define __stub macros and hopefully few prototypes else - cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char setenv(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_setenv) || defined (__stub___setenv) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -setenv(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8434: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8437: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8440: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8443: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8453: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_setenv=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_setenv=no" + fi -rm -f conftest* +done + break fi +done -if eval "test \"`echo '$ac_cv_func_'setenv`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_SETENV 1 -EOF - -else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for putenv""... $ac_c" 1>&6 -echo "configure:6341: checking for putenv" >&5 -if eval "test \"`echo '$''{'ac_cv_func_putenv'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +for ac_func in lsearch +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8469: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8475 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char putenv(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char putenv(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_putenv) || defined (__stub___putenv) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -putenv(); +f = $ac_func; #endif -; return 0; } + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8506: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8509: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8512: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8515: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8525: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_putenv=yes" + +else + echo "$as_me:8533: checking for lsearch in -lcompat" >&5 +echo $ECHO_N "checking for lsearch in -lcompat... $ECHO_C" >&6 +if test "${ac_cv_lib_compat_lsearch+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcompat $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 8541 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char lsearch (); +int +main () +{ +lsearch (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8560: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8563: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8566: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8569: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_compat_lsearch=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_compat_lsearch=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:8580: result: $ac_cv_lib_compat_lsearch" >&5 +echo "${ECHO_T}$ac_cv_lib_compat_lsearch" >&6 +if test $ac_cv_lib_compat_lsearch = yes; then + echo "$as_me:8583: checking for search.h" >&5 +echo $ECHO_N "checking for search.h... $ECHO_C" >&6 +if test "${ac_cv_header_search_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line 8589 "configure" +#include "confdefs.h" +#include +_ACEOF +if { (eval echo "$as_me:8593: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + egrep -v '^ *\+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:8599: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_cv_header_search_h=yes else - echo "configure: failed program was:" >&5 + echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_putenv=no" + ac_cv_header_search_h=no fi -rm -f conftest* +rm -f conftest.err conftest.$ac_ext fi - -if eval "test \"`echo '$ac_cv_func_'putenv`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_PUTENV 1 +echo "$as_me:8618: result: $ac_cv_header_search_h" >&5 +echo "${ECHO_T}$ac_cv_header_search_h" >&6 +if test $ac_cv_header_search_h = yes; then + cat >>confdefs.h <<\EOF +#define HAVE_LSEARCH 1 EOF + LIBS="${LIBS} -lcompat" +else + LIBOBJS="$LIBOBJS lsearch.$ac_objext" +fi else - echo "$ac_t""no" 1>&6 -LIBOBJS="$LIBOBJS putenv.o" + LIBOBJS="$LIBOBJS lsearch.$ac_objext" fi fi +done -echo $ac_n "checking for utime""... $ac_c" 1>&6 -echo "configure:6395: checking for utime" >&5 -if eval "test \"`echo '$''{'ac_cv_func_utime'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +for ac_func in utime +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8639: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8645 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char utime(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char utime(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_utime) || defined (__stub___utime) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -utime(); +f = $ac_func; #endif -; return 0; } -EOF -if { (eval echo configure:6423: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_utime=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_utime=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'utime`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_UTIME 1 -EOF - -echo $ac_n "checking for POSIX utime""... $ac_c" 1>&6 -echo "configure:6442: checking for POSIX utime" >&5 -if eval "test \"`echo '$''{'sudo_cv_func_utime_posix'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8676: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8679: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8682: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8685: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8695: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&5 +echo $ECHO_N "checking for POSIX utime... $ECHO_C" >&6 +if test "${sudo_cv_func_utime_posix+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else rm -f conftestdata; > conftestdata if test "$cross_compiling" = yes; then sudo_cv_func_utime_posix=no else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8711 "configure" #include "confdefs.h" #include #include @@ -6458,515 +8719,504 @@ utime("conftestdata", &ut); exit(0); } -EOF -if { (eval echo configure:6463: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:8724: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8727: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:8729: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8732: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then sudo_cv_func_utime_posix=yes else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - sudo_cv_func_utime_posix=no + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +sudo_cv_func_utime_posix=no fi -rm -fr conftest* +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - rm -f core core.* *.core fi -echo "$ac_t""$sudo_cv_func_utime_posix" 1>&6 +echo "$as_me:8745: result: $sudo_cv_func_utime_posix" >&5 +echo "${ECHO_T}$sudo_cv_func_utime_posix" >&6 if test $sudo_cv_func_utime_posix = yes; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define HAVE_UTIME_POSIX 1 EOF fi else - echo "$ac_t""no" 1>&6 -LIBOBJS="$LIBOBJS utime.o" + LIBOBJS="$LIBOBJS utime.$ac_objext" fi +done -echo $ac_n "checking for working fnmatch with FNM_CASEFOLD""... $ac_c" 1>&6 -echo "configure:6491: checking for working fnmatch with FNM_CASEFOLD" >&5 -if eval "test \"`echo '$''{'sudo_cv_func_fnmatch'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:8760: checking for working fnmatch with FNM_CASEFOLD" >&5 +echo $ECHO_N "checking for working fnmatch with FNM_CASEFOLD... $ECHO_C" >&6 +if test "${sudo_cv_func_fnmatch+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else rm -f conftestdata; > conftestdata if test "$cross_compiling" = yes; then sudo_cv_func_fnmatch=no else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8770 "configure" #include "confdefs.h" #include main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); } -EOF -if { (eval echo configure:6506: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:8777: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8780: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:8782: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8785: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then sudo_cv_func_fnmatch=yes else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - sudo_cv_func_fnmatch=no + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +sudo_cv_func_fnmatch=no fi -rm -fr conftest* +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - rm -f core core.* *.core fi -echo "$ac_t""$sudo_cv_func_fnmatch" 1>&6 +echo "$as_me:8798: result: $sudo_cv_func_fnmatch" >&5 +echo "${ECHO_T}$sudo_cv_func_fnmatch" >&6 if test $sudo_cv_func_fnmatch = yes; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define HAVE_FNMATCH 1 EOF else - LIBOBJS="$LIBOBJS fnmatch.o" + LIBOBJS="$LIBOBJS fnmatch.$ac_objext" fi -for ac_func in strerror strcasecmp -do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6533: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:8810: checking for isblank" >&5 +echo $ECHO_N "checking for isblank... $ECHO_C" >&6 +if test "${sudo_cv_func_isblank+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8816 "configure" #include "confdefs.h" -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -#include -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -$ac_func(); -#endif - -; return 0; } -EOF -if { (eval echo configure:6561: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <&6 -LIBOBJS="$LIBOBJS ${ac_func}.o" +#include +int +main () +{ +(void)isblank(1); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8828: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8831: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8834: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8837: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + sudo_cv_func_isblank=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +sudo_cv_func_isblank=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -done - - -echo $ac_n "checking for snprintf""... $ac_c" 1>&6 -echo "configure:6588: checking for snprintf" >&5 -if eval "test \"`echo '$''{'ac_cv_func_snprintf'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char snprintf(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_snprintf) || defined (__stub___snprintf) -choke me -#else -snprintf(); -#endif +echo "$as_me:8847: result: $sudo_cv_func_isblank" >&5 +echo "${ECHO_T}$sudo_cv_func_isblank" >&6 -; return 0; } -EOF -if { (eval echo configure:6616: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_snprintf=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_snprintf=no" -fi -rm -f conftest* -fi + if test "$sudo_cv_func_isblank" = "yes"; then -if eval "test \"`echo '$ac_cv_func_'snprintf`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_SNPRINTF 1 +cat >>confdefs.h <<\EOF +#define HAVE_ISBLANK 1 EOF -else - echo "$ac_t""no" 1>&6 -NEED_SNPRINTF=1 -fi + fi -echo $ac_n "checking for vsnprintf""... $ac_c" 1>&6 -echo "configure:6640: checking for vsnprintf" >&5 -if eval "test \"`echo '$''{'ac_cv_func_vsnprintf'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +for ac_func in strerror strcasecmp sigaction +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8861: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8867 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char vsnprintf(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char vsnprintf(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_vsnprintf) || defined (__stub___vsnprintf) -choke me -#else -vsnprintf(); +#ifdef __cplusplus +extern "C" #endif - -; return 0; } -EOF -if { (eval echo configure:6668: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_vsnprintf=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_vsnprintf=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'vsnprintf`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_VSNPRINTF 1 -EOF - -else - echo "$ac_t""no" 1>&6 -NEED_SNPRINTF=1 -fi - -echo $ac_n "checking for asprintf""... $ac_c" 1>&6 -echo "configure:6692: checking for asprintf" >&5 -if eval "test \"`echo '$''{'ac_cv_func_asprintf'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char asprintf(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_asprintf) || defined (__stub___asprintf) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -asprintf(); +f = $ac_func; #endif -; return 0; } -EOF -if { (eval echo configure:6720: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_asprintf=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_asprintf=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'asprintf`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_ASPRINTF 1 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8898: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8901: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8904: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8907: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8917: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&6 -NEED_SNPRINTF=1 + LIBOBJS="$LIBOBJS $ac_func.$ac_objext" fi +done -echo $ac_n "checking for vasprintf""... $ac_c" 1>&6 -echo "configure:6744: checking for vasprintf" >&5 -if eval "test \"`echo '$''{'ac_cv_func_vasprintf'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +for ac_func in snprintf vsnprintf asprintf vasprintf +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:8932: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 8938 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char vasprintf(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char vasprintf(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_vasprintf) || defined (__stub___vasprintf) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -vasprintf(); +f = $ac_func; #endif -; return 0; } -EOF -if { (eval echo configure:6772: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_vasprintf=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_vasprintf=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'vasprintf`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_VASPRINTF 1 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:8969: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:8972: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:8975: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:8978: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:8988: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <&6 -NEED_SNPRINTF=1 + NEED_SNPRINTF=1 fi +done if test -n "$NEED_SNPRINTF"; then - LIBOBJS="$LIBOBJS snprintf.o" + LIBOBJS="$LIBOBJS snprintf.$ac_objext" fi if test -z "$LIB_CRYPT"; then - echo $ac_n "checking for crypt""... $ac_c" 1>&6 -echo "configure:6800: checking for crypt" >&5 -if eval "test \"`echo '$''{'ac_cv_func_crypt'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9004: checking for crypt" >&5 +echo $ECHO_N "checking for crypt... $ECHO_C" >&6 +if test "${ac_cv_func_crypt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9010 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char crypt(); below. */ + which can conflict with char crypt (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char crypt(); - -int main() { + builtin and then its argument prototype would still apply. */ +char crypt (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_crypt) || defined (__stub___crypt) choke me #else -crypt(); +f = crypt; #endif -; return 0; } -EOF -if { (eval echo configure:6828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_crypt=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_crypt=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'crypt`\" = yes"; then - echo "$ac_t""yes" 1>&6 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9041: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9044: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9047: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9050: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_crypt=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_crypt=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:9060: result: $ac_cv_func_crypt" >&5 +echo "${ECHO_T}$ac_cv_func_crypt" >&6 +if test $ac_cv_func_crypt = yes; then : else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:6846: checking for crypt in -lcrypt" >&5 -if test -n ""; then - ac_lib_var=`echo crypt'_'crypt | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9065: checking for crypt in -lcrypt" >&5 +echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6 +if test "${ac_cv_lib_crypt_crypt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypt $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9073 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char crypt(); - -int main() { -crypt() -; return 0; } -EOF -if { (eval echo configure:6869: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char crypt (); +int +main () +{ +crypt (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9092: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9095: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9098: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9101: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_crypt_crypt=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_crypt_crypt=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9112: result: $ac_cv_lib_crypt_crypt" >&5 +echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6 +if test $ac_cv_lib_crypt_crypt = yes; then SUDO_LIBS="${SUDO_LIBS} -lcrypt"; LIBS="${LIBS} -lcrypt" else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for crypt in -lcrypt_d""... $ac_c" 1>&6 -echo "configure:6888: checking for crypt in -lcrypt_d" >&5 -if test -n ""; then - ac_lib_var=`echo crypt_d'_'crypt | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo crypt_d'_'crypt | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9117: checking for crypt in -lcrypt_d" >&5 +echo $ECHO_N "checking for crypt in -lcrypt_d... $ECHO_C" >&6 +if test "${ac_cv_lib_crypt_d_crypt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypt_d $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9125 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char crypt(); - -int main() { -crypt() -; return 0; } -EOF -if { (eval echo configure:6911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char crypt (); +int +main () +{ +crypt (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9144: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9147: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9150: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9153: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_crypt_d_crypt=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_crypt_d_crypt=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9164: result: $ac_cv_lib_crypt_d_crypt" >&5 +echo "${ECHO_T}$ac_cv_lib_crypt_d_crypt" >&6 +if test $ac_cv_lib_crypt_d_crypt = yes; then SUDO_LIBS="${SUDO_LIBS} -lcrypt_d"; LIBS="${LIBS} -lcrypt_d" else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for crypt in -lufc""... $ac_c" 1>&6 -echo "configure:6930: checking for crypt in -lufc" >&5 -if test -n ""; then - ac_lib_var=`echo ufc'_'crypt | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo ufc'_'crypt | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9169: checking for crypt in -lufc" >&5 +echo $ECHO_N "checking for crypt in -lufc... $ECHO_C" >&6 +if test "${ac_cv_lib_ufc_crypt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lufc $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9177 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char crypt(); - -int main() { -crypt() -; return 0; } -EOF -if { (eval echo configure:6953: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char crypt (); +int +main () +{ +crypt (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9196: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9199: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9202: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9205: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_ufc_crypt=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_ufc_crypt=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9216: result: $ac_cv_lib_ufc_crypt" >&5 +echo "${ECHO_T}$ac_cv_lib_ufc_crypt" >&6 +if test $ac_cv_lib_ufc_crypt = yes; then SUDO_LIBS="${SUDO_LIBS} -lufc"; LIBS="${LIBS} -lufc" -else - echo "$ac_t""no" 1>&6 fi fi @@ -6976,179 +9226,224 @@ fi fi -echo $ac_n "checking for socket""... $ac_c" 1>&6 -echo "configure:6981: checking for socket" >&5 -if eval "test \"`echo '$''{'ac_cv_func_socket'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:9229: checking for socket" >&5 +echo $ECHO_N "checking for socket... $ECHO_C" >&6 +if test "${ac_cv_func_socket+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9235 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char socket(); below. */ + which can conflict with char socket (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char socket(); - -int main() { + builtin and then its argument prototype would still apply. */ +char socket (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_socket) || defined (__stub___socket) choke me #else -socket(); +f = socket; #endif -; return 0; } -EOF -if { (eval echo configure:7009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_socket=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_socket=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'socket`\" = yes"; then - echo "$ac_t""yes" 1>&6 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9266: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9269: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9272: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9275: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_socket=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_socket=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:9285: result: $ac_cv_func_socket" >&5 +echo "${ECHO_T}$ac_cv_func_socket" >&6 +if test $ac_cv_func_socket = yes; then : else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:7027: checking for socket in -lsocket" >&5 -if test -n ""; then - ac_lib_var=`echo socket'_'socket | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9290: checking for socket in -lsocket" >&5 +echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6 +if test "${ac_cv_lib_socket_socket+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9298 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char socket(); - -int main() { -socket() -; return 0; } -EOF -if { (eval echo configure:7050: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char socket (); +int +main () +{ +socket (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9317: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9320: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9323: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9326: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_socket_socket=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_socket_socket=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9337: result: $ac_cv_lib_socket_socket" >&5 +echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6 +if test $ac_cv_lib_socket_socket = yes; then NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket" else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for socket in -linet""... $ac_c" 1>&6 -echo "configure:7069: checking for socket in -linet" >&5 -if test -n ""; then - ac_lib_var=`echo inet'_'socket | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo inet'_'socket | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9342: checking for socket in -linet" >&5 +echo $ECHO_N "checking for socket in -linet... $ECHO_C" >&6 +if test "${ac_cv_lib_inet_socket+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-linet $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9350 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char socket(); - -int main() { -socket() -; return 0; } -EOF -if { (eval echo configure:7092: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char socket (); +int +main () +{ +socket (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9369: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9372: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9375: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9378: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_inet_socket=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_inet_socket=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9389: result: $ac_cv_lib_inet_socket" >&5 +echo "${ECHO_T}$ac_cv_lib_inet_socket" >&6 +if test $ac_cv_lib_inet_socket = yes; then NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet" else - echo "$ac_t""no" 1>&6 -echo "configure: warning: unable to find socket() trying -lsocket -lnsl" 1>&2 -echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:7112: checking for socket in -lsocket" >&5 -if test -n "-lnsl"; then - ac_lib_var=`echo socket'_'socket-lnsl | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + { echo "$as_me:9394: WARNING: unable to find socket() trying -lsocket -lnsl" >&5 +echo "$as_me: WARNING: unable to find socket() trying -lsocket -lnsl" >&2;} +echo "$as_me:9396: checking for socket in -lsocket" >&5 +echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6 +if test "${ac_cv_lib_socket_socket_lnsl+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket -lnsl $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9404 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char socket(); - -int main() { -socket() -; return 0; } -EOF -if { (eval echo configure:7135: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char socket (); +int +main () +{ +socket (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9423: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9426: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9429: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9432: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_socket_socket_lnsl=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_socket_socket_lnsl=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9443: result: $ac_cv_lib_socket_socket_lnsl" >&5 +echo "${ECHO_T}$ac_cv_lib_socket_socket_lnsl" >&6 +if test $ac_cv_lib_socket_socket_lnsl = yes; then NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl" -else - echo "$ac_t""no" 1>&6 fi fi @@ -7157,225 +9452,285 @@ fi -echo $ac_n "checking for inet_addr""... $ac_c" 1>&6 -echo "configure:7162: checking for inet_addr" >&5 -if eval "test \"`echo '$''{'ac_cv_func_inet_addr'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:9455: checking for inet_addr" >&5 +echo $ECHO_N "checking for inet_addr... $ECHO_C" >&6 +if test "${ac_cv_func_inet_addr+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9461 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char inet_addr(); below. */ + which can conflict with char inet_addr (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char inet_addr(); - -int main() { + builtin and then its argument prototype would still apply. */ +char inet_addr (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_inet_addr) || defined (__stub___inet_addr) choke me #else -inet_addr(); +f = inet_addr; #endif -; return 0; } -EOF -if { (eval echo configure:7190: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_inet_addr=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_inet_addr=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'inet_addr`\" = yes"; then - echo "$ac_t""yes" 1>&6 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9492: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9495: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9498: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9501: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_inet_addr=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_inet_addr=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:9511: result: $ac_cv_func_inet_addr" >&5 +echo "${ECHO_T}$ac_cv_func_inet_addr" >&6 +if test $ac_cv_func_inet_addr = yes; then : else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for __inet_addr""... $ac_c" 1>&6 -echo "configure:7208: checking for __inet_addr" >&5 -if eval "test \"`echo '$''{'ac_cv_func___inet_addr'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9516: checking for __inet_addr" >&5 +echo $ECHO_N "checking for __inet_addr... $ECHO_C" >&6 +if test "${ac_cv_func___inet_addr+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9522 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char __inet_addr(); below. */ + which can conflict with char __inet_addr (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char __inet_addr(); - -int main() { + builtin and then its argument prototype would still apply. */ +char __inet_addr (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub___inet_addr) || defined (__stub_____inet_addr) choke me #else -__inet_addr(); +f = __inet_addr; #endif -; return 0; } -EOF -if { (eval echo configure:7236: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func___inet_addr=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func___inet_addr=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'__inet_addr`\" = yes"; then - echo "$ac_t""yes" 1>&6 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9553: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9556: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9559: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9562: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func___inet_addr=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func___inet_addr=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:9572: result: $ac_cv_func___inet_addr" >&5 +echo "${ECHO_T}$ac_cv_func___inet_addr" >&6 +if test $ac_cv_func___inet_addr = yes; then : else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for inet_addr in -lnsl""... $ac_c" 1>&6 -echo "configure:7254: checking for inet_addr in -lnsl" >&5 -if test -n ""; then - ac_lib_var=`echo nsl'_'inet_addr | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo nsl'_'inet_addr | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9577: checking for inet_addr in -lnsl" >&5 +echo $ECHO_N "checking for inet_addr in -lnsl... $ECHO_C" >&6 +if test "${ac_cv_lib_nsl_inet_addr+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9585 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char inet_addr(); - -int main() { -inet_addr() -; return 0; } -EOF -if { (eval echo configure:7277: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char inet_addr (); +int +main () +{ +inet_addr (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9604: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9607: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9610: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9613: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_nsl_inet_addr=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_nsl_inet_addr=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9624: result: $ac_cv_lib_nsl_inet_addr" >&5 +echo "${ECHO_T}$ac_cv_lib_nsl_inet_addr" >&6 +if test $ac_cv_lib_nsl_inet_addr = yes; then NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl" else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for inet_addr in -linet""... $ac_c" 1>&6 -echo "configure:7296: checking for inet_addr in -linet" >&5 -if test -n ""; then - ac_lib_var=`echo inet'_'inet_addr | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo inet'_'inet_addr | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9629: checking for inet_addr in -linet" >&5 +echo $ECHO_N "checking for inet_addr in -linet... $ECHO_C" >&6 +if test "${ac_cv_lib_inet_inet_addr+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-linet $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9637 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char inet_addr(); - -int main() { -inet_addr() -; return 0; } -EOF -if { (eval echo configure:7319: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char inet_addr (); +int +main () +{ +inet_addr (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9656: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9659: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9662: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9665: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_inet_inet_addr=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_inet_inet_addr=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9676: result: $ac_cv_lib_inet_inet_addr" >&5 +echo "${ECHO_T}$ac_cv_lib_inet_inet_addr" >&6 +if test $ac_cv_lib_inet_inet_addr = yes; then NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet" else - echo "$ac_t""no" 1>&6 -echo "configure: warning: unable to find inet_addr() trying -lsocket -lnsl" 1>&2 -echo $ac_n "checking for inet_addr in -lsocket""... $ac_c" 1>&6 -echo "configure:7339: checking for inet_addr in -lsocket" >&5 -if test -n "-lnsl"; then - ac_lib_var=`echo socket'_'inet_addr-lnsl | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo socket'_'inet_addr | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + { echo "$as_me:9681: WARNING: unable to find inet_addr() trying -lsocket -lnsl" >&5 +echo "$as_me: WARNING: unable to find inet_addr() trying -lsocket -lnsl" >&2;} +echo "$as_me:9683: checking for inet_addr in -lsocket" >&5 +echo $ECHO_N "checking for inet_addr in -lsocket... $ECHO_C" >&6 +if test "${ac_cv_lib_socket_inet_addr_lnsl+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket -lnsl $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9691 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char inet_addr(); - -int main() { -inet_addr() -; return 0; } -EOF -if { (eval echo configure:7362: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char inet_addr (); +int +main () +{ +inet_addr (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9710: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9713: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9716: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9719: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_socket_inet_addr_lnsl=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_socket_inet_addr_lnsl=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9730: result: $ac_cv_lib_socket_inet_addr_lnsl" >&5 +echo "${ECHO_T}$ac_cv_lib_socket_inet_addr_lnsl" >&6 +if test $ac_cv_lib_socket_inet_addr_lnsl = yes; then NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl" -else - echo "$ac_t""no" 1>&6 fi fi @@ -7386,178 +9741,222 @@ fi -echo $ac_n "checking for syslog""... $ac_c" 1>&6 -echo "configure:7391: checking for syslog" >&5 -if eval "test \"`echo '$''{'ac_cv_func_syslog'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:9744: checking for syslog" >&5 +echo $ECHO_N "checking for syslog... $ECHO_C" >&6 +if test "${ac_cv_func_syslog+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9750 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char syslog(); below. */ + which can conflict with char syslog (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char syslog(); - -int main() { + builtin and then its argument prototype would still apply. */ +char syslog (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_syslog) || defined (__stub___syslog) choke me #else -syslog(); +f = syslog; #endif -; return 0; } -EOF -if { (eval echo configure:7419: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_syslog=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_syslog=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'syslog`\" = yes"; then - echo "$ac_t""yes" 1>&6 + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9781: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9784: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9787: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9790: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_syslog=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_syslog=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:9800: result: $ac_cv_func_syslog" >&5 +echo "${ECHO_T}$ac_cv_func_syslog" >&6 +if test $ac_cv_func_syslog = yes; then : else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for syslog in -lsocket""... $ac_c" 1>&6 -echo "configure:7437: checking for syslog in -lsocket" >&5 -if test -n ""; then - ac_lib_var=`echo socket'_'syslog | sed 'y% ./+-%___p_%'` + echo "$as_me:9805: checking for syslog in -lsocket" >&5 +echo $ECHO_N "checking for syslog in -lsocket... $ECHO_C" >&6 +if test "${ac_cv_lib_socket_syslog+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_lib_var=`echo socket'_'syslog | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9813 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char syslog(); - -int main() { -syslog() -; return 0; } -EOF -if { (eval echo configure:7460: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char syslog (); +int +main () +{ +syslog (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9832: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9835: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9838: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9841: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_socket_syslog=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_socket_syslog=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9852: result: $ac_cv_lib_socket_syslog" >&5 +echo "${ECHO_T}$ac_cv_lib_socket_syslog" >&6 +if test $ac_cv_lib_socket_syslog = yes; then NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket" else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for syslog in -lnsl""... $ac_c" 1>&6 -echo "configure:7479: checking for syslog in -lnsl" >&5 -if test -n ""; then - ac_lib_var=`echo nsl'_'syslog | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo nsl'_'syslog | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lnsl $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" + echo "$as_me:9857: checking for syslog in -lnsl" >&5 +echo $ECHO_N "checking for syslog in -lnsl... $ECHO_C" >&6 +if test "${ac_cv_lib_nsl_syslog+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnsl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 9865 "configure" +#include "confdefs.h" -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char syslog (); +int +main () +{ +syslog (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9884: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9887: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9890: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9893: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_nsl_syslog=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_nsl_syslog=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9904: result: $ac_cv_lib_nsl_syslog" >&5 +echo "${ECHO_T}$ac_cv_lib_nsl_syslog" >&6 +if test $ac_cv_lib_nsl_syslog = yes; then NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl" else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for syslog in -linet""... $ac_c" 1>&6 -echo "configure:7521: checking for syslog in -linet" >&5 -if test -n ""; then - ac_lib_var=`echo inet'_'syslog | sed 'y% ./+-%___p_%'` -else - ac_lib_var=`echo inet'_'syslog | sed 'y%./+-%__p_%'` -fi -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:9909: checking for syslog in -linet" >&5 +echo $ECHO_N "checking for syslog in -linet... $ECHO_C" >&6 +if test "${ac_cv_lib_inet_syslog+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-linet $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9917 "configure" #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char syslog(); - -int main() { -syslog() -; return 0; } -EOF -if { (eval echo configure:7544: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char syslog (); +int +main () +{ +syslog (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9936: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9939: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9942: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9945: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_inet_syslog=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_inet_syslog=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:9956: result: $ac_cv_lib_inet_syslog" >&5 +echo "${ECHO_T}$ac_cv_lib_inet_syslog" >&6 +if test $ac_cv_lib_inet_syslog = yes; then NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet" -else - echo "$ac_t""no" 1>&6 fi fi @@ -7569,106 +9968,138 @@ if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works # for constant arguments. Useless! -echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 -echo "configure:7574: checking for working alloca.h" >&5 -if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:9971: checking for working alloca.h" >&5 +echo $ECHO_N "checking for working alloca.h... $ECHO_C" >&6 +if test "${ac_cv_working_alloca_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 9977 "configure" #include "confdefs.h" #include -int main() { -char *p = alloca(2 * sizeof(int)); -; return 0; } -EOF -if { (eval echo configure:7586: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - ac_cv_header_alloca_h=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_header_alloca_h=no -fi -rm -f conftest* -fi +int +main () +{ +char *p = (char *) alloca (2 * sizeof (int)); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:9989: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:9992: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:9995: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:9998: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_working_alloca_h=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_working_alloca_h=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:10008: result: $ac_cv_working_alloca_h" >&5 +echo "${ECHO_T}$ac_cv_working_alloca_h" >&6 +if test $ac_cv_working_alloca_h = yes; then -echo "$ac_t""$ac_cv_header_alloca_h" 1>&6 -if test $ac_cv_header_alloca_h = yes; then - cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\EOF #define HAVE_ALLOCA_H 1 EOF fi -echo $ac_n "checking for alloca""... $ac_c" 1>&6 -echo "configure:7607: checking for alloca" >&5 -if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:10018: checking for alloca" >&5 +echo $ECHO_N "checking for alloca... $ECHO_C" >&6 +if test "${ac_cv_func_alloca_works+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 10024 "configure" #include "confdefs.h" - #ifdef __GNUC__ # define alloca __builtin_alloca #else -# if HAVE_ALLOCA_H -# include +# ifdef _MSC_VER +# include +# define alloca _alloca # else -# ifdef _AIX - #pragma alloca +# if HAVE_ALLOCA_H +# include # else -# ifndef alloca /* predefined by HP cc +Olibcalls */ +# ifdef _AIX + #pragma alloca +# else +# ifndef alloca /* predefined by HP cc +Olibcalls */ char *alloca (); +# endif # endif # endif # endif #endif -int main() { -char *p = (char *) alloca(1); -; return 0; } -EOF -if { (eval echo configure:7635: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* +int +main () +{ +char *p = (char *) alloca (1); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:10056: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:10059: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:10062: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:10065: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_func_alloca_works=yes else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_func_alloca_works=no + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_func_alloca_works=no fi -rm -f conftest* +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi +echo "$as_me:10075: result: $ac_cv_func_alloca_works" >&5 +echo "${ECHO_T}$ac_cv_func_alloca_works" >&6 -echo "$ac_t""$ac_cv_func_alloca_works" 1>&6 if test $ac_cv_func_alloca_works = yes; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define HAVE_ALLOCA 1 EOF -fi - -if test $ac_cv_func_alloca_works = no; then +else # The SVR3 libPW and SVR4 libucb both contain incompatible functions - # that cause trouble. Some versions do not even contain alloca or - # contain a buggy version. If you still want to use their alloca, - # use ar to extract alloca.o from them instead of compiling alloca.c. - ALLOCA=alloca.o - cat >> confdefs.h <<\EOF +# that cause trouble. Some versions do not even contain alloca or +# contain a buggy version. If you still want to use their alloca, +# use ar to extract alloca.o from them instead of compiling alloca.c. + +ALLOCA=alloca.$ac_objext + +cat >>confdefs.h <<\EOF #define C_ALLOCA 1 EOF - -echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 -echo "configure:7667: checking whether alloca needs Cray hooks" >&5 -if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:10096: checking whether \`alloca.c' needs Cray hooks" >&5 +echo $ECHO_N "checking whether \`alloca.c' needs Cray hooks... $ECHO_C" >&6 +if test "${ac_cv_os_cray+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 10102 "configure" #include "confdefs.h" #if defined(CRAY) && ! defined(CRAY2) webecray @@ -7676,88 +10107,103 @@ wenotbecray #endif -EOF +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | egrep "webecray" >/dev/null 2>&1; then - rm -rf conftest* ac_cv_os_cray=yes else - rm -rf conftest* ac_cv_os_cray=no fi rm -f conftest* fi - -echo "$ac_t""$ac_cv_os_cray" 1>&6 +echo "$as_me:10120: result: $ac_cv_os_cray" >&5 +echo "${ECHO_T}$ac_cv_os_cray" >&6 if test $ac_cv_os_cray = yes; then -for ac_func in _getb67 GETB67 getb67; do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7697: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + for ac_func in _getb67 GETB67 getb67; do + as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:10125: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 10131 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ + which can conflict with char $ac_func (); below. */ #include /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); - -int main() { + builtin and then its argument prototype would still apply. */ +char $ac_func (); +char (*f) (); +int +main () +{ /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +f = $ac_func; #endif -; return 0; } -EOF -if { (eval echo configure:7725: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:10162: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:10165: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:10168: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:10171: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:10181: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <>confdefs.h <&6 + break fi -done + done fi -echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 -echo "configure:7752: checking stack direction for C alloca" >&5 -if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:10195: checking stack direction for C alloca" >&5 +echo $ECHO_N "checking stack direction for C alloca... $ECHO_C" >&6 +if test "${ac_cv_c_stack_direction+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then ac_cv_c_stack_direction=0 else - cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 10204 "configure" #include "confdefs.h" +int find_stack_direction () { static char *addr = 0; @@ -7770,27 +10216,38 @@ else return (&dummy > addr) ? 1 : -1; } + +int main () { - exit (find_stack_direction() < 0); + exit (find_stack_direction () < 0); } -EOF -if { (eval echo configure:7779: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:10227: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:10230: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:10232: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:10235: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_c_stack_direction=1 else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - ac_cv_c_stack_direction=-1 + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_c_stack_direction=-1 fi -rm -fr conftest* +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - fi +echo "$as_me:10247: result: $ac_cv_c_stack_direction" >&5 +echo "${ECHO_T}$ac_cv_c_stack_direction" >&6 -echo "$ac_t""$ac_cv_c_stack_direction" 1>&6 -cat >> confdefs.h <>confdefs.h <> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define HAVE_KERB5 1 EOF @@ -7807,6 +10265,8 @@ CPPFLAGS="$CPPFLAGS -I/usr/local/include" elif test -f "/usr/local/kerberos/include/krb5.h"; then CPPFLAGS="$CPPFLAGS -I/usr/local/kerberos/include" + elif test -f "/usr/krb5/include/krb5.h"; then + CPPFLAGS="$CPPFLAGS -I/usr/krb5/include" elif test -f "/usr/local/krb5/include/krb5.h"; then CPPFLAGS="$CPPFLAGS -I/usr/local/krb5/include" else @@ -7817,6 +10277,8 @@ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" elif test -f "/usr/local/kerberos/lib/libkrb5.a"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/kerberos/lib" + elif test -f "/usr/krb5/lib/libkrb5.a"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/krb5/lib" elif test -f "/usr/local/krb5/lib/libkrb5.a"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/krb5/lib" else @@ -7828,45 +10290,60 @@ fi if test "$with_pam" = "yes"; then - echo $ac_n "checking for -ldl""... $ac_c" 1>&6 -echo "configure:7833: checking for -ldl" >&5 -if eval "test \"`echo '$''{'ac_cv_lib_dl'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:10293: checking for main in -ldl" >&5 +echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6 +if test "${ac_cv_lib_dl_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 10301 "configure" #include "confdefs.h" -int main() { -main() -; return 0; } -EOF -if { (eval echo configure:7847: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - ac_cv_lib_dl=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lib_dl=no -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -echo "$ac_t""$ac_cv_lib_dl" 1>&6 -if test "$ac_cv_lib_dl" = yes; then +int +main () +{ +main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:10313: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:10316: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:10319: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:10322: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_dl_main=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_dl_main=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:10333: result: $ac_cv_lib_dl_main" >&5 +echo "${ECHO_T}$ac_cv_lib_dl_main" >&6 +if test $ac_cv_lib_dl_main = yes; then SUDO_LIBS="${SUDO_LIBS} -ldl -lpam" else SUDO_LIBS="${SUDO_LIBS} -lpam" fi +ac_cv_lib_dl=ac_cv_lib_dl_main fi if test "$with_kerb4" = "yes"; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\EOF #define HAVE_KERB4 1 EOF @@ -7892,40 +10369,54 @@ echo 'Unable to locate kerberos 4 libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS' fi - echo $ac_n "checking for -ldes""... $ac_c" 1>&6 -echo "configure:7897: checking for -ldes" >&5 -if eval "test \"`echo '$''{'ac_cv_lib_des'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:10372: checking for main in -ldes" >&5 +echo $ECHO_N "checking for main in -ldes... $ECHO_C" >&6 +if test "${ac_cv_lib_des_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-ldes $LIBS" -cat > conftest.$ac_ext <conftest.$ac_ext <<_ACEOF +#line 10380 "configure" #include "confdefs.h" -int main() { -main() -; return 0; } -EOF -if { (eval echo configure:7911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - rm -rf conftest* - ac_cv_lib_des=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lib_des=no -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -echo "$ac_t""$ac_cv_lib_des" 1>&6 -if test "$ac_cv_lib_des" = yes; then +int +main () +{ +main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:10392: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:10395: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:10398: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:10401: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_des_main=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_des_main=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:10412: result: $ac_cv_lib_des_main" >&5 +echo "${ECHO_T}$ac_cv_lib_des_main" >&6 +if test $ac_cv_lib_des_main = yes; then SUDO_LIBS="${SUDO_LIBS} -lkrb -ldes" else SUDO_LIBS="${SUDO_LIBS} -lkrb" fi +ac_cv_lib_des=ac_cv_lib_des_main AUTH_OBJS="${AUTH_OBJS} kerb4.o" fi @@ -7990,6 +10481,63 @@ else echo 'Unable to locate libskey.a and/or skey.h, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS and/or -I/path/to/skey.h to CPPFLAGS' fi + echo "$as_me:10484: checking for skeyaccess in -lskey" >&5 +echo $ECHO_N "checking for skeyaccess in -lskey... $ECHO_C" >&6 +if test "${ac_cv_lib_skey_skeyaccess+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lskey $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line 10492 "configure" +#include "confdefs.h" + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char skeyaccess (); +int +main () +{ +skeyaccess (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:10511: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:10514: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:10517: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:10520: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_skey_skeyaccess=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_lib_skey_skeyaccess=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:10531: result: $ac_cv_lib_skey_skeyaccess" >&5 +echo "${ECHO_T}$ac_cv_lib_skey_skeyaccess" >&6 +if test $ac_cv_lib_skey_skeyaccess = yes; then + +cat >>confdefs.h <<\EOF +#define HAVE_SKEYACCESS 1 +EOF + +fi + fi if test "$with_opie" = "yes"; then @@ -8025,69 +10573,78 @@ SUDO_LIBS="${SUDO_LIBS} -ls" fi -echo $ac_n "checking for log file location""... $ac_c" 1>&6 -echo "configure:8030: checking for log file location" >&5 +echo "$as_me:10576: checking for log file location" >&5 +echo $ECHO_N "checking for log file location... $ECHO_C" >&6 if test -n "$with_logpath"; then - echo "$ac_t""$with_logpath" 1>&6 - cat >> confdefs.h <&5 +echo "${ECHO_T}$with_logpath" >&6 + cat >>confdefs.h <&6 - cat >> confdefs.h <<\EOF + echo "$as_me:10586: result: /var/log/sudo.log" >&5 +echo "${ECHO_T}/var/log/sudo.log" >&6 + cat >>confdefs.h <<\EOF #define _PATH_SUDO_LOGFILE "/var/log/sudo.log" EOF elif test -d "/var/adm"; then - echo "$ac_t""/var/adm/sudo.log" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:10593: result: /var/adm/sudo.log" >&5 +echo "${ECHO_T}/var/adm/sudo.log" >&6 + cat >>confdefs.h <<\EOF #define _PATH_SUDO_LOGFILE "/var/adm/sudo.log" EOF elif test -d "/usr/adm"; then - echo "$ac_t""/usr/adm/sudo.log" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:10600: result: /usr/adm/sudo.log" >&5 +echo "${ECHO_T}/usr/adm/sudo.log" >&6 + cat >>confdefs.h <<\EOF #define _PATH_SUDO_LOGFILE "/usr/adm/sudo.log" EOF else - echo "$ac_t""unknown" 1>&6 + echo "$as_me:10607: result: unknown" >&5 +echo "${ECHO_T}unknown" >&6 fi -echo $ac_n "checking for timestamp file location""... $ac_c" 1>&6 -echo "configure:8060: checking for timestamp file location" >&5 +echo "$as_me:10611: checking for timestamp file location" >&5 +echo $ECHO_N "checking for timestamp file location... $ECHO_C" >&6 if test -n "$with_timedir"; then - echo "$ac_t""$with_timedir" 1>&6 - cat >> confdefs.h <&5 +echo "${ECHO_T}$with_timedir" >&6 + cat >>confdefs.h <&6 - cat >> confdefs.h <<\EOF + echo "$as_me:10622: result: /var/run/sudo" >&5 +echo "${ECHO_T}/var/run/sudo" >&6 + cat >>confdefs.h <<\EOF #define _PATH_SUDO_TIMEDIR "/var/run/sudo" EOF - TIMEDIR="/var/run/sudo" + timedir="/var/run/sudo" else - echo "$ac_t""/tmp/.odus" 1>&6 - cat >> confdefs.h <<\EOF + echo "$as_me:10630: result: /tmp/.odus" >&5 +echo "${ECHO_T}/tmp/.odus" >&6 + cat >>confdefs.h <<\EOF #define _PATH_SUDO_TIMEDIR "/tmp/.odus" EOF - TIMEDIR="/tmp/.odus" + timedir="/tmp/.odus" fi - if test "$with_passwd" = "no"; then - cat >> confdefs.h <<\EOF -#define WITHOUT_PASSWD 1 + cat >>confdefs.h <<\EOF +#define WITHOUT_PASSWD 1. Define to avoid using the passwd/shadow file for authentication. EOF if test -z "$AUTH_OBJS"; then - { echo "configure: error: no authentication methods defined." 1>&2; exit 1; } + { { echo "$as_me:10645: error: no authentication methods defined." >&5 +echo "$as_me: error: no authentication methods defined." >&2;} + { (exit 1); exit 1; }; } fi else if test -n "$SECUREWARE"; then @@ -8111,382 +10668,870 @@ test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' -trap '' 1 2 15 -cat > confcache <<\EOF +ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man" +cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure -# scripts and configure runs. It is not useful on other systems. -# If it contains results you don't want to keep, you may remove or edit it. +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. # -# By default, configure uses ./config.cache as the cache file, -# creating it if it does not exist already. You can give configure -# the --cache-file=FILE option to use a different cache file; that is -# what configure does when it calls configure scripts in -# subdirectories, so they share the cache. -# Giving --cache-file=/dev/null disables caching, for debugging configure. -# config.status only pays attention to the cache file if you give it the -# --recheck option to rerun configure. +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. # -EOF +# `ac_cv_env_foo' variables (set or unset) will be overriden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, don't put newlines in cache variables' values. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. -(set) 2>&1 | - case `(ac_space=' '; set) 2>&1` in - *ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote substitution - # turns \\\\ into \\, and sed turns \\ into \). - sed -n \ - -e "s/'/'\\\\''/g" \ - -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" - ;; - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' - ;; - esac >> confcache -if cmp -s $cache_file confcache; then - : -else +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if cmp -s $cache_file confcache; then :; else if test -w $cache_file; then - echo "updating cache $cache_file" - cat confcache > $cache_file + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file else echo "not updating unwritable cache $cache_file" fi fi rm -f confcache -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' -# Any assignment to VPATH causes Sun make to only execute -# the first set of double-colon rules, so remove it if not needed. -# If there is a colon in the path, we need to keep it. +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +}' fi -trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 - DEFS=-DHAVE_CONFIG_H -# Without the "./", some shells look in PATH for config.status. : ${CONFIG_STATUS=./config.status} - -echo creating $CONFIG_STATUS -rm -f $CONFIG_STATUS -cat > $CONFIG_STATUS <&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL # Generated automatically by configure. # Run this file to recreate the current configuration. -# This directory was configured as follows, -# on host `(hostname || uname -n) 2>/dev/null | sed 1q`: -# -# $0 $ac_configure_args -# # Compiler output produced by configure, useful for debugging -# configure, is in ./config.log if it exists. +# configure, is in config.log if it exists. -ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" -for ac_option +debug=false +SHELL=\${CONFIG_SHELL-$SHELL} +ac_cs_invocation="\$0 \$@" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi + +# Name of the executable. +as_me=`echo "$0" |sed 's,.*[\\/],,'` + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +as_executable_p="test -f" + +# Support unset when possible. +if (FOO=FOO; unset FOO) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + +# NLS nuisances. +$as_unset LANG || test "${LANG+set}" != set || { LANG=C; export LANG; } +$as_unset LC_ALL || test "${LC_ALL+set}" != set || { LC_ALL=C; export LC_ALL; } +$as_unset LC_TIME || test "${LC_TIME+set}" != set || { LC_TIME=C; export LC_TIME; } +$as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set || { LC_CTYPE=C; export LC_CTYPE; } +$as_unset LANGUAGE || test "${LANGUAGE+set}" != set || { LANGUAGE=C; export LANGUAGE; } +$as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set || { LC_COLLATE=C; export LC_COLLATE; } +$as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set || { LC_NUMERIC=C; export LC_NUMERIC; } +$as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set || { LC_MESSAGES=C; export LC_MESSAGES; } + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=:; export CDPATH; } + +exec 6>&1 + +_ACEOF + +# Files that config.status was made for. +if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS +fi + +cat >>$CONFIG_STATUS <<\EOF + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to ." +EOF + +cat >>$CONFIG_STATUS <>$CONFIG_STATUS <<\EOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 do - case "\$ac_option" in + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + shift + set dummy "$ac_option" "$ac_optarg" ${1+"$@"} + shift + ;; + -*);; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_need_defaults=false;; + esac + + case $1 in + # Handling of the options. +EOF +cat >>$CONFIG_STATUS <>$CONFIG_STATUS <<\EOF + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:10923: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + shift + CONFIG_FILES="$CONFIG_FILES $1" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + shift + CONFIG_HEADERS="$CONFIG_HEADERS $1" + ac_need_defaults=false;; + + # This is an error. + -*) { { echo "$as_me:10942: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + esac + shift done -ac_given_srcdir=$srcdir +exec 5>>config.log +cat >&5 << _ACEOF + +## ----------------------- ## +## Running config.status. ## +## ----------------------- ## + +This file was extended by $as_me (sudo 1.6.5) 2.52, executed with + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + > $ac_cs_invocation +on `(hostname || uname -n) 2>/dev/null | sed 1q` -trap 'rm -fr `echo "Makefile sudo.man visudo.man sudoers.man config.h pathnames.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +_ACEOF EOF -cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF -$ac_vpsub -$extrasub -s%@CFLAGS@%$CFLAGS%g -s%@CPPFLAGS@%$CPPFLAGS%g -s%@CXXFLAGS@%$CXXFLAGS%g -s%@DEFS@%$DEFS%g -s%@LDFLAGS@%$LDFLAGS%g -s%@LIBS@%$LIBS%g -s%@exec_prefix@%$exec_prefix%g -s%@prefix@%$prefix%g -s%@program_transform_name@%$program_transform_name%g -s%@bindir@%$bindir%g -s%@sbindir@%$sbindir%g -s%@libexecdir@%$libexecdir%g -s%@datadir@%$datadir%g -s%@sysconfdir@%$sysconfdir%g -s%@sharedstatedir@%$sharedstatedir%g -s%@localstatedir@%$localstatedir%g -s%@libdir@%$libdir%g -s%@includedir@%$includedir%g -s%@oldincludedir@%$oldincludedir%g -s%@infodir@%$infodir%g -s%@mandir@%$mandir%g -s%@PROGS@%$PROGS%g -s%@SUDO_LDFLAGS@%$SUDO_LDFLAGS%g -s%@SUDO_LIBS@%$SUDO_LIBS%g -s%@NET_LIBS@%$NET_LIBS%g -s%@AFS_LIBS@%$AFS_LIBS%g -s%@OSDEFS@%$OSDEFS%g -s%@AUTH_OBJS@%$AUTH_OBJS%g -s%@LIBOBJS@%$LIBOBJS%g -s%@MANTYPE@%$MANTYPE%g -s%@MAN_POSTINSTALL@%$MAN_POSTINSTALL%g -s%@SUDOERS_MODE@%$SUDOERS_MODE%g -s%@SUDOERS_UID@%$SUDOERS_UID%g -s%@SUDOERS_GID@%$SUDOERS_GID%g -s%@TIMEDIR@%$TIMEDIR%g -s%@DEV@%$DEV%g -s%@mansectsu@%$mansectsu%g -s%@mansectform@%$mansectform%g -s%@mansrcdir@%$mansrcdir%g -s%@EGREPPROG@%$EGREPPROG%g -s%@CC@%$CC%g -s%@CPP@%$CPP%g -s%@UNAMEPROG@%$UNAMEPROG%g -s%@TRPROG@%$TRPROG%g -s%@SEDPROG@%$SEDPROG%g -s%@NROFFPROG@%$NROFFPROG%g -s%@host@%$host%g -s%@host_alias@%$host_alias%g -s%@host_cpu@%$host_cpu%g -s%@host_vendor@%$host_vendor%g -s%@host_os@%$host_os%g -s%@YACC@%$YACC%g -s%@ALLOCA@%$ALLOCA%g +cat >>$CONFIG_STATUS <<\EOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "sudo.man" ) CONFIG_FILES="$CONFIG_FILES sudo.man" ;; + "visudo.man" ) CONFIG_FILES="$CONFIG_FILES visudo.man" ;; + "sudoers.man" ) CONFIG_FILES="$CONFIG_FILES sudoers.man" ;; + "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "pathnames.h" ) CONFIG_HEADERS="$CONFIG_HEADERS pathnames.h" ;; + *) { { echo "$as_me:10983: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +fi + +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. +: ${TMPDIR=/tmp} +{ + tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=$TMPDIR/cs$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in $TMPDIR" >&2 + { (exit 1); exit 1; } +} -CEOF EOF -cat >> $CONFIG_STATUS <<\EOF +cat >>$CONFIG_STATUS < conftest.s$ac_file - else - sed "${ac_end}q" conftest.subs > conftest.s$ac_file - fi - if test ! -s conftest.s$ac_file; then - ac_more_lines=false - rm -f conftest.s$ac_file - else - if test -z "$ac_sed_cmds"; then - ac_sed_cmds="sed -f conftest.s$ac_file" +# +# CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "\$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF +s,@SHELL@,$SHELL,;t t +s,@exec_prefix@,$exec_prefix,;t t +s,@prefix@,$prefix,;t t +s,@program_transform_name@,$program_transform_name,;t t +s,@bindir@,$bindir,;t t +s,@sbindir@,$sbindir,;t t +s,@libexecdir@,$libexecdir,;t t +s,@datadir@,$datadir,;t t +s,@sysconfdir@,$sysconfdir,;t t +s,@sharedstatedir@,$sharedstatedir,;t t +s,@localstatedir@,$localstatedir,;t t +s,@libdir@,$libdir,;t t +s,@includedir@,$includedir,;t t +s,@oldincludedir@,$oldincludedir,;t t +s,@infodir@,$infodir,;t t +s,@mandir@,$mandir,;t t +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t +s,@build_alias@,$build_alias,;t t +s,@host_alias@,$host_alias,;t t +s,@target_alias@,$target_alias,;t t +s,@ECHO_C@,$ECHO_C,;t t +s,@ECHO_N@,$ECHO_N,;t t +s,@ECHO_T@,$ECHO_T,;t t +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t +s,@DEFS@,$DEFS,;t t +s,@LIBS@,$LIBS,;t t +s,@CFLAGS@,$CFLAGS,;t t +s,@PROGS@,$PROGS,;t t +s,@CPPFLAGS@,$CPPFLAGS,;t t +s,@LDFLAGS@,$LDFLAGS,;t t +s,@SUDO_LDFLAGS@,$SUDO_LDFLAGS,;t t +s,@SUDO_LIBS@,$SUDO_LIBS,;t t +s,@NET_LIBS@,$NET_LIBS,;t t +s,@AFS_LIBS@,$AFS_LIBS,;t t +s,@OSDEFS@,$OSDEFS,;t t +s,@AUTH_OBJS@,$AUTH_OBJS,;t t +s,@LIBOBJS@,$LIBOBJS,;t t +s,@MANTYPE@,$MANTYPE,;t t +s,@MAN_POSTINSTALL@,$MAN_POSTINSTALL,;t t +s,@SUDOERS_MODE@,$SUDOERS_MODE,;t t +s,@SUDOERS_UID@,$SUDOERS_UID,;t t +s,@SUDOERS_GID@,$SUDOERS_GID,;t t +s,@DEV@,$DEV,;t t +s,@mansectsu@,$mansectsu,;t t +s,@mansectform@,$mansectform,;t t +s,@mansrcdir@,$mansrcdir,;t t +s,@timedir@,$timedir,;t t +s,@timeout@,$timeout,;t t +s,@password_timeout@,$password_timeout,;t t +s,@sudo_umask@,$sudo_umask,;t t +s,@passprompt@,$passprompt,;t t +s,@long_otp_prompt@,$long_otp_prompt,;t t +s,@lecture@,$lecture,;t t +s,@logfac@,$logfac,;t t +s,@goodpri@,$goodpri,;t t +s,@badpri@,$badpri,;t t +s,@loglen@,$loglen,;t t +s,@ignore_dot@,$ignore_dot,;t t +s,@mail_no_user@,$mail_no_user,;t t +s,@mail_no_host@,$mail_no_host,;t t +s,@mail_no_perms@,$mail_no_perms,;t t +s,@mailto@,$mailto,;t t +s,@mailsub@,$mailsub,;t t +s,@badpass_message@,$badpass_message,;t t +s,@fqdn@,$fqdn,;t t +s,@runas_default@,$runas_default,;t t +s,@env_editor@,$env_editor,;t t +s,@passwd_tries@,$passwd_tries,;t t +s,@tty_tickets@,$tty_tickets,;t t +s,@insults@,$insults,;t t +s,@EGREPPROG@,$EGREPPROG,;t t +s,@CC@,$CC,;t t +s,@ac_ct_CC@,$ac_ct_CC,;t t +s,@EXEEXT@,$EXEEXT,;t t +s,@OBJEXT@,$OBJEXT,;t t +s,@CPP@,$CPP,;t t +s,@UNAMEPROG@,$UNAMEPROG,;t t +s,@TRPROG@,$TRPROG,;t t +s,@SEDPROG@,$SEDPROG,;t t +s,@NROFFPROG@,$NROFFPROG,;t t +s,@build@,$build,;t t +s,@build_cpu@,$build_cpu,;t t +s,@build_vendor@,$build_vendor,;t t +s,@build_os@,$build_os,;t t +s,@host@,$host,;t t +s,@host_cpu@,$host_cpu,;t t +s,@host_vendor@,$host_vendor,;t t +s,@host_os@,$host_os,;t t +s,@YACC@,$YACC,;t t +s,@ALLOCA@,$ALLOCA,;t t +CEOF + +EOF + + cat >>$CONFIG_STATUS <<\EOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false else - ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` fi - ac_file=`expr $ac_file + 1` - ac_beg=$ac_end - ac_end=`expr $ac_end + $ac_max_sed_cmds` + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat fi -done -if test -z "$ac_sed_cmds"; then - ac_sed_cmds=cat -fi -EOF +fi # test -n "$CONFIG_FILES" -cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF -for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then +cat >>$CONFIG_STATUS <<\EOF +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". - case "$ac_file" in - *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` - ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; - *) ac_file_in="${ac_file}.in" ;; + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; esac - # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. - - # Remove last slash and all that follows it. Not all systems have dirname. - ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then - # The file is in a subdirectory. - test ! -d "$ac_dir" && mkdir "$ac_dir" - ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" + { case "$ac_dir" in + [\\/]* | ?:[\\/]* ) as_incr_dir=;; + *) as_incr_dir=.;; +esac +as_dummy="$ac_dir" +for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do + case $as_mkdir_dir in + # Skip DOS drivespec + ?:) as_incr_dir=$as_mkdir_dir ;; + *) + as_incr_dir=$as_incr_dir/$as_mkdir_dir + test -d "$as_incr_dir" || mkdir "$as_incr_dir" + ;; + esac +done; } + + ac_dir_suffix="/`echo $ac_dir|sed 's,^\./,,'`" # A "../" for each directory in $ac_dir_suffix. - ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` + ac_dots=`echo "$ac_dir_suffix" | sed 's,/[^/]*,../,g'` else ac_dir_suffix= ac_dots= fi - case "$ac_given_srcdir" in - .) srcdir=. - if test -z "$ac_dots"; then top_srcdir=. - else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; - /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + case $srcdir in + .) ac_srcdir=. + if test -z "$ac_dots"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_dots | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; *) # Relative path. - srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" - top_srcdir="$ac_dots$ac_given_srcdir" ;; + ac_srcdir=$ac_dots$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_dots$srcdir ;; esac + if test x"$ac_file" != x-; then + { echo "$as_me:11237: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated automatically by config.status. */ + configure_input="Generated automatically from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:11255: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo $f;; + *) # Relative + if test -f "$f"; then + # Build tree + echo $f + elif test -f "$srcdir/$f"; then + # Source tree + echo $srcdir/$f + else + # /dev/null tree + { { echo "$as_me:11268: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } +EOF +cat >>$CONFIG_STATUS <>$CONFIG_STATUS <<\EOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi - echo creating "$ac_file" - rm -f "$ac_file" - configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." - case "$ac_file" in - *Makefile*) ac_comsub="1i\\ -# $configure_input" ;; - *) ac_comsub= ;; - esac +done +EOF +cat >>$CONFIG_STATUS <<\EOF - ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` - sed -e "$ac_comsub -s%@configure_input@%$configure_input%g -s%@srcdir@%$srcdir%g -s%@top_srcdir@%$top_srcdir%g -" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file -fi; done -rm -f conftest.s* +# +# CONFIG_HEADER section. +# # These sed commands are passed to sed as "A NAME B NAME C VALUE D", where # NAME is the cpp macro being defined and VALUE is the value it is being given. # # ac_d sets the value in "#define NAME VALUE" lines. -ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)' -ac_dB='\([ ][ ]*\)[^ ]*%\1#\2' -ac_dC='\3' -ac_dD='%g' -# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE". -ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' -ac_uB='\([ ]\)%\1#\2define\3' +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' ac_uC=' ' -ac_uD='\4%g' -# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE". -ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' -ac_eB='$%\1#\2define\3' -ac_eC=' ' -ac_eD='%g' +ac_uD=',;t' -if test "${CONFIG_HEADERS+set}" != set; then -EOF -cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF -fi -for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". - case "$ac_file" in - *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` - ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; - *) ac_file_in="${ac_file}.in" ;; + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; esac - echo creating $ac_file + test x"$ac_file" != x- && { echo "$as_me:11328: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} - rm -f conftest.frag conftest.in conftest.out - ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` - cat $ac_file_inputs > conftest.in + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:11339: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo $f;; + *) # Relative + if test -f "$f"; then + # Build tree + echo $f + elif test -f "$srcdir/$f"; then + # Source tree + echo $srcdir/$f + else + # /dev/null tree + { { echo "$as_me:11352: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in EOF -# Transform confdefs.h into a sed script conftest.vals that substitutes -# the proper values into config.h.in to produce config.h. And first: -# Protect against being on the right side of a sed subst in config.status. -# Protect against being in an unquoted here document in config.status. -rm -f conftest.vals -cat > conftest.hdr <<\EOF -s/[\\&%]/\\&/g -s%[\\$`]%\\&%g -s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp -s%ac_d%ac_u%gp -s%ac_u%ac_e%gp -EOF -sed -n -f conftest.hdr confdefs.h > conftest.vals -rm -f conftest.hdr +# Transform confdefs.h into two sed scripts, `conftest.defines' and +# `conftest.undefs', that substitutes the proper values into +# config.h.in to produce config.h. The first handles `#define' +# templates, and the second `#undef' templates. +# And first: Protect against being on the right side of a sed subst in +# config.status. Protect against being in an unquoted here document +# in config.status. +rm -f conftest.defines conftest.undefs +# Using a here document instead of a string reduces the quoting nightmare. +# Putting comments in sed scripts is not portable. +# +# `end' is used to avoid that the second main sed command (meant for +# 0-ary CPP macros) applies to n-ary macro definitions. +# See the Autoconf documentation for `clear'. +cat >confdef2sed.sed <<\EOF +s/[\\&,]/\\&/g +s,[\\$`],\\&,g +t clear +: clear +s,^[ ]*#[ ]*define[ ][ ]*\(\([^ (][^ (]*\)([^)]*)\)[ ]*\(.*\)$,${ac_dA}\2${ac_dB}\1${ac_dC}\3${ac_dD},gp +t end +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp +: end +EOF +# If some macros were called several times there might be several times +# the same #defines, which is useless. Nevertheless, we may not want to +# sort them, since we want the *last* AC-DEFINE to be honored. +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs +rm -f confdef2sed.sed # This sed command replaces #undef with comments. This is necessary, for # example, in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. -cat >> conftest.vals <<\EOF -s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */% +cat >>conftest.undefs <<\EOF +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, EOF -# Break up conftest.vals because some shells have a limit on -# the size of here documents, and old seds have small limits too. - +# Break up conftest.defines because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS +echo ' if egrep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS +echo ' :' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.defines >/dev/null +do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines +done +rm -f conftest.defines +echo ' fi # egrep' >>$CONFIG_STATUS +echo >>$CONFIG_STATUS + +# Break up conftest.undefs because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS rm -f conftest.tail -while : +while grep . conftest.undefs >/dev/null do - ac_lines=`grep -c . conftest.vals` - # grep -c gives empty output for an empty file on some AIX systems. - if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi - # Write a limited-size here document to conftest.frag. - echo ' cat > conftest.frag <> $CONFIG_STATUS - sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS echo 'CEOF - sed -f conftest.frag conftest.in > conftest.out - rm -f conftest.in - mv conftest.out conftest.in -' >> $CONFIG_STATUS - sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail - rm -f conftest.vals - mv conftest.tail conftest.vals -done -rm -f conftest.vals - -cat >> $CONFIG_STATUS <<\EOF - rm -f conftest.frag conftest.h - echo "/* $ac_file. Generated automatically by configure. */" > conftest.h - cat conftest.in >> conftest.h - rm -f conftest.in - if cmp -s $ac_file conftest.h 2>/dev/null; then - echo "$ac_file is unchanged" - rm -f conftest.h + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs +done +rm -f conftest.undefs + +cat >>$CONFIG_STATUS <<\EOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated automatically by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated automatically by configure. */" >$tmp/config.h else - # Remove last slash and all that follows it. Not all systems have dirname. - ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + echo "/* $ac_file. Generated automatically by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if cmp -s $ac_file $tmp/config.h 2>/dev/null; then + { echo "$as_me:11469: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then - # The file is in a subdirectory. - test ! -d "$ac_dir" && mkdir "$ac_dir" + { case "$ac_dir" in + [\\/]* | ?:[\\/]* ) as_incr_dir=;; + *) as_incr_dir=.;; +esac +as_dummy="$ac_dir" +for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do + case $as_mkdir_dir in + # Skip DOS drivespec + ?:) as_incr_dir=$as_mkdir_dir ;; + *) + as_incr_dir=$as_incr_dir/$as_mkdir_dir + test -d "$as_incr_dir" || mkdir "$as_incr_dir" + ;; + esac +done; } + + fi + rm -f $ac_file + mv $tmp/config.h $ac_file fi - rm -f $ac_file - mv conftest.h $ac_file + else + cat $tmp/config.h + rm -f $tmp/config.h fi -fi; done - +done EOF -cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF +cat >>$CONFIG_STATUS <<\EOF -exit 0 +{ (exit 0); exit 0; } EOF chmod +x $CONFIG_STATUS -rm -fr confdefs* $ac_clean_files -test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 +ac_clean_files=$ac_clean_files_save +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + exec 5>/dev/null + $SHELL $CONFIG_STATUS || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi if test "$with_pam" = "yes"; then echo "" @@ -8497,3 +11542,4 @@ esac echo "" fi + Index: usr.bin/sudo/configure.in =================================================================== RCS file: /cvs/src/usr.bin/sudo/configure.in,v retrieving revision 1.6 diff -u -r1.6 configure.in --- usr.bin/sudo/configure.in 21 Nov 2000 17:58:44 -0000 1.6 +++ usr.bin/sudo/configure.in 17 Jan 2002 01:05:35 -0000 @@ -1,17 +1,17 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.310 2000/03/24 20:14:04 millert Exp $ +dnl $Sudo: configure.in,v 1.346 2002/01/16 23:37:34 millert Exp $ dnl -dnl Copyright (c) 1994-1996,1998-1999 Todd C. Miller +dnl Copyright (c) 1994-1996,1998-2002 Todd C. Miller dnl -AC_INIT(sudo.h) +AC_INIT(sudo, 1.6.5) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT() dnl -echo "Configuring Sudo version 1.6.3" +echo "Configuring Sudo version 1.6.5" dnl -dnl Variables that get substituted in the Makefile +dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST(CFLAGS)dnl AC_SUBST(PROGS)dnl @@ -30,14 +30,66 @@ AC_SUBST(SUDOERS_MODE)dnl AC_SUBST(SUDOERS_UID)dnl AC_SUBST(SUDOERS_GID)dnl -AC_SUBST(TIMEDIR) AC_SUBST(DEV) AC_SUBST(mansectsu) AC_SUBST(mansectform) AC_SUBST(mansrcdir) dnl +dnl Variables that get substituted in docs (not overridden by environment) +dnl +AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR +AC_SUBST(timeout) +AC_SUBST(password_timeout) +AC_SUBST(sudo_umask) +AC_SUBST(passprompt) +AC_SUBST(long_otp_prompt) +AC_SUBST(lecture) +AC_SUBST(logfac) +AC_SUBST(goodpri) +AC_SUBST(badpri) +AC_SUBST(loglen) +AC_SUBST(ignore_dot) +AC_SUBST(mail_no_user) +AC_SUBST(mail_no_host) +AC_SUBST(mail_no_perms) +AC_SUBST(mailto) +AC_SUBST(mailsub) +AC_SUBST(badpass_message) +AC_SUBST(fqdn) +AC_SUBST(runas_default) +AC_SUBST(env_editor) +AC_SUBST(passwd_tries) +AC_SUBST(tty_tickets) +AC_SUBST(insults) +dnl +dnl Initial values for above +dnl +timeout=5 +password_timeout=5 +sudo_umask=0022 +passprompt="Password:" +long_otp_prompt=off +lecture=on +logfac=local2 +goodpri=notice +badpri=alert +loglen=80 +ignore_dot=off +mail_no_user=on +mail_no_host=off +mail_no_perms=off +mailto=root +mailsub='*** SECURITY information for %h ***' +badpass_message='Sorry, try again.' +fqdn=off +runas_default=root +env_editor=off +passwd_tries=3 +tty_tickets=off +insults=off +dnl dnl Initial values for Makefile variables listed above -dnl Some may be overridden by environment variables.. +dnl May be overridden by environment variables.. dnl PROGS="sudo visudo" test -n "$MANTYPE" || MANTYPE="man" @@ -68,7 +120,7 @@ AC_ARG_WITH(otp-only, [ --with-otp-only deprecated], [case $with_otp_only in yes) with_passwd=no - AC_DEFINE(WITHOUT_PASSWD) + AC_DEFINE(WITHOUT_PASSWD, 1, [Define to avoid using the passwd/shadow file for authentication.]) AC_MSG_WARN([--with-otp-only option deprecated, treating as --without-passwd]) ;; esac]) @@ -76,7 +128,6 @@ AC_ARG_WITH(alertmail, [ --with-alertmail deprecated], [case $with_alertmail in *) with_mailto="$with_alertmail" - AC_DEFINE(WITHOUT_PASSWD) AC_MSG_WARN([--with-alertmail option deprecated, treating as --mailto]) ;; esac]) @@ -152,12 +203,25 @@ ;; esac]) +AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging], +[case $with_efence in + yes) echo 'Sudo will link with -lefence (Electric Fence)' + LIBS="${LIBS} -lefence" + if test -f /usr/local/lib/libefence.a; then + LDFLAGS="${LDFLAGS} -L/usr/local/lib" + fi + ;; + no) ;; + *) echo "Ignoring unknown argument to --with-efence: $with_efence" + ;; +esac]) + AC_ARG_WITH(csops, [ --with-csops add CSOps standard options], [case $with_csops in yes) echo 'Adding CSOps standard options' CHECKSIA=false with_ignore_dot=yes - with_insults=yes + insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes @@ -183,7 +247,7 @@ yes) if test -n "$with_opie"; then AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) fi - AC_DEFINE(HAVE_SKEY) + AC_DEFINE(HAVE_SKEY, 1, [Define if you use S/Key.]) AC_MSG_CHECKING(whether to try S/Key authentication) AC_MSG_RESULT(yes) AUTH_OBJS="${AUTH_OBJS} rfc1938.o" @@ -198,7 +262,7 @@ yes) if test -n "$with_skey"; then AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) fi - AC_DEFINE(HAVE_OPIE) + AC_DEFINE(HAVE_OPIE, 1, [Define if you use NRL OPIE.]) AC_MSG_CHECKING(whether to try NRL OPIE authentication) AC_MSG_RESULT(yes) AUTH_OBJS="${AUTH_OBJS} rfc1938.o" @@ -210,11 +274,13 @@ AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt], [case $with_long_otp_prompt in - yes) AC_DEFINE(LONG_OTP_PROMPT) + yes) AC_DEFINE(LONG_OTP_PROMPT, 1, [Define if you want a two line OTP (S/Key or OPIE) prompt.]) AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication) AC_MSG_RESULT(yes) + long_otp_prompt=on + ;; + no) long_otp_prompt=off ;; - no) ;; *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."]) ;; esac]) @@ -222,7 +288,7 @@ AC_ARG_WITH(SecurID, [ --with-SecurID enable SecurID support], [case $with_SecurID in no) ;; - *) AC_DEFINE(HAVE_SECURID) + *) AC_DEFINE(HAVE_SECURID, 1, [Define if you use SecurID.]) AC_MSG_CHECKING(whether to use SecurID for authentication) AC_MSG_RESULT(yes) with_passwd=no @@ -232,21 +298,17 @@ AC_ARG_WITH(fwtk, [ --with-fwtk enable FWTK AuthSRV support], [case $with_fwtk in - yes) AC_DEFINE(HAVE_FWTK) - AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) - AC_MSG_RESULT(yes) - with_passwd=no - AUTH_OBJS="fwtk.o" - ;; no) ;; - *) AC_DEFINE(HAVE_FWTK) + *) AC_DEFINE(HAVE_FWTK, 1, [Define if you use the FWTK authsrv daemon.]) AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) AC_MSG_RESULT(yes) - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" - CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" with_passwd=no AUTH_OBJS="fwtk.o" - with_fwtk=yes + if test "$with_fwtk" != "yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" + CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" + with_fwtk=yes + fi ;; esac]) @@ -272,7 +334,7 @@ AC_ARG_WITH(authenticate, [ --with-authenticate enable AIX general authentication support], [case $with_authenticate in - yes) AC_DEFINE(HAVE_AUTHENTICATE) + yes) AC_DEFINE(HAVE_AUTHENTICATE, 1, [Define if you use AIX general authentication.]) AC_MSG_CHECKING(whether to use AIX general authentication) AC_MSG_RESULT(yes) with_passwd=no @@ -285,7 +347,7 @@ AC_ARG_WITH(pam, [ --with-pam enable PAM support], [case $with_pam in - yes) AC_DEFINE(HAVE_PAM) + yes) AC_DEFINE(HAVE_PAM, 1, [Define if you use PAM.]) AC_MSG_CHECKING(whether to use PAM authentication) AC_MSG_RESULT(yes) with_passwd=no @@ -298,7 +360,7 @@ AC_ARG_WITH(AFS, [ --with-AFS enable AFS support], [case $with_AFS in - yes) AC_DEFINE(HAVE_AFS) + yes) AC_DEFINE(HAVE_AFS, 1, [Define if you use AFS.]) AC_MSG_CHECKING(whether to try AFS (kerberos) authentication) AC_MSG_RESULT(yes) AUTH_OBJS="${AUTH_OBJS} afs.o" @@ -310,7 +372,7 @@ AC_ARG_WITH(DCE, [ --with-DCE enable DCE support], [case $with_DCE in - yes) AC_DEFINE(HAVE_DCE) + yes) AC_DEFINE(HAVE_DCE, 1, [Define if you use OSF DCE.]) AC_MSG_CHECKING(whether to try DCE (kerberos) authentication) AC_MSG_RESULT(yes) AUTH_OBJS="${AUTH_OBJS} dce.o" @@ -339,14 +401,19 @@ AC_MSG_CHECKING(whether to lecture users the first time they run sudo) AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer], [case $with_lecture in - yes|short) AC_MSG_RESULT(yes) + yes|short) lecture=on ;; - no|none) AC_DEFINE(NO_LECTURE) - AC_MSG_RESULT(no) + no|none) lecture=off ;; *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"]) ;; -esac], [AC_MSG_RESULT(yes)]) +esac]) +if test "$lecture" = "on"; then + AC_MSG_RESULT(yes) +else + AC_DEFINE(NO_LECTURE, 1, [Define if you don't want users to get the lecture the first they user sudo.]) + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default) AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both], @@ -355,7 +422,7 @@ ;; no) AC_MSG_ERROR(["--without-logging not supported."]) ;; - syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG) + syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) AC_MSG_RESULT(syslog) ;; file) AC_DEFINE(LOGGING, SLOG_FILE) @@ -369,46 +436,51 @@ esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) AC_MSG_CHECKING(which syslog facility sudo should log with) -AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is local2)], +AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")], [case $with_logfac in yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) ;; no) AC_MSG_ERROR(["--without-logfac not supported."]) ;; - authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) AC_DEFINE_UNQUOTED(LOGFAC, "$with_logfac") - AC_MSG_RESULT([$with_logfac]) + authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) ;; -esac], [AC_DEFINE_UNQUOTED(LOGFAC, "local2") AC_MSG_RESULT("local2")]) +esac]) +AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) +AC_MSG_RESULT($logfac) AC_MSG_CHECKING(at which syslog priority to log commands) -AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is notice)], +AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")], [case $with_goodpri in yes) AC_MSG_ERROR(["must give --with-goodpri an argument."]) ;; no) AC_MSG_ERROR(["--without-goodpri not supported."]) ;; - alert|crit|debug|emerg|err|info|notice|warning) AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$with_goodpri") - AC_MSG_RESULT([$with_goodpri]) + alert|crit|debug|emerg|err|info|notice|warning) + goodpri=$with_goodpri ;; *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."]) ;; -esac], [AC_DEFINE_UNQUOTED(PRI_SUCCESS, "notice") AC_MSG_RESULT("notice")]) +esac]) +AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.]) +AC_MSG_RESULT($goodpri) AC_MSG_CHECKING(at which syslog priority to log failures) -AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is LOG_ALERT)], +AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")], [case $with_badpri in yes) AC_MSG_ERROR(["must give --with-badpri an argument."]) ;; no) AC_MSG_ERROR(["--without-badpri not supported."]) ;; - alert|crit|debug|emerg|err|info|notice|warning) AC_DEFINE_UNQUOTED(PRI_FAILURE, "$with_badpri") - AC_MSG_RESULT([$with_badpri]) + alert|crit|debug|emerg|err|info|notice|warning) + badpri=$with_badpri ;; *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.]) ;; -esac], [AC_DEFINE_UNQUOTED(PRI_FAILURE, "alert") AC_MSG_RESULT("alert")]) +esac]) +AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) +AC_MSG_RESULT(badpri) AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file], [case $with_logpath in @@ -425,84 +497,107 @@ ;; no) AC_MSG_ERROR(["--without-loglen not supported."]) ;; - [[0-9]]*) AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $with_loglen) - AC_MSG_RESULT([$with_loglen]) + [[0-9]]*) loglen=$with_loglen ;; *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"]) ;; -esac], [AC_DEFINE(MAXLOGFILELEN, 80) AC_MSG_RESULT(80)]) +esac]) +AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).]) +AC_MSG_RESULT($loglen) AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH) AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH], [case $with_ignore_dot in - yes) AC_DEFINE(IGNORE_DOT_PATH) - AC_MSG_RESULT(yes) + yes) ignore_dot=on ;; - no) AC_MSG_RESULT(no) + no) ignore_dot=off ;; *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) - -AC_MSG_CHECKING(who should get the mail that sudo sends) -AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")], -[case $with_mailto in - yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) - ;; - no) AC_MSG_ERROR(["--without-mailto not supported."]) - ;; - *) AC_DEFINE_UNQUOTED(MAILTO, "$with_mailto") - AC_MSG_RESULT([$with_mailto]) - ;; -esac], [AC_DEFINE(MAILTO, "root") AC_MSG_RESULT(root)]) - -AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail], -[case $with_mailsubject in - yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) - ;; - no) echo "Sorry, --without-mailsubject not supported." - ;; - *) AC_DEFINE_UNQUOTED(MAILSUBJECT, "$with_mailsubject") - AC_MSG_CHECKING(sudo mail subject) - AC_MSG_RESULT([Using alert mail subject: $with_mailsubject]) - ;; -esac], AC_DEFINE(MAILSUBJECT, "*** SECURITY information for %h ***")) +esac]) +if test "$ignore_dot" = "on"; then + AC_DEFINE(IGNORE_DOT_PATH, 1, [Define if you want to ignore '.' and empty \$PATH elements]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether to send mail when a user is not in sudoers) AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers], [case $with_mail_if_no_user in - yes) AC_DEFINE(SEND_MAIL_WHEN_NO_USER) - AC_MSG_RESULT(yes) + yes) mail_no_user=on ;; - no) AC_MSG_RESULT(no) + no) mail_no_user=off ;; - *) AC_MSG_ERROR(["unknown argument to --with-mail-if-no-user: $with_mail_if_no_user"]) + *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."]) ;; -esac], [AC_DEFINE(SEND_MAIL_WHEN_NO_USER) AC_MSG_RESULT(yes)]) +esac]) +if test "$mail_no_user" = "on"; then + AC_DEFINE(SEND_MAIL_WHEN_NO_USER, 1, [Define to send mail when the user is not in the sudoers file.]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether to send mail when user listed but not for this host) AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host], [case $with_mail_if_no_host in - yes) AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) - AC_MSG_RESULT(yes) + yes) mail_no_host=on ;; - no) AC_MSG_RESULT(no) + no) mail_no_host=off ;; - *) AC_MSG_ERROR(["unknown argument to --with-mail-if-no-host: $with_mail_if_no_host"]) + *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$mail_no_host" = "on"; then + AC_DEFINE(SEND_MAIL_WHEN_NO_HOST, 1, [Define to send mail when the user is not not allowed to run sudo on this host.]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command) AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command], [case $with_mail_if_noperms in - yes) AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) - AC_MSG_RESULT(yes) + yes) mail_noperms=on ;; - no) AC_MSG_RESULT(no) + no) mail_noperms=off ;; - *) AC_MSG_ERROR(["unknown argument to --with-mail-if-noperms: $with_mail_if_noperms"]) + *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$mail_noperms" = "on"; then + AC_DEFINE(SEND_MAIL_WHEN_NOT_OK, 1, [Define to send mail when the user is not not allowed to run a command.]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi + +AC_MSG_CHECKING(who should get the mail that sudo sends) +AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")], +[case $with_mailto in + yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) + ;; + no) AC_MSG_ERROR(["--without-mailto not supported."]) + ;; + *) mailto=$with_mailto + ;; +esac]) +AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) +AC_MSG_RESULT([$mailto]) + +AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail], +[case $with_mailsubject in + yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) + ;; + no) echo "Sorry, --without-mailsubject not supported." + ;; + *) mailsub="$with_mailsubject" + AC_MSG_CHECKING(sudo mail subject) + AC_MSG_RESULT([Using alert mail subject: $mailsub]) + ;; +esac]) +AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) AC_MSG_CHECKING(for bad password prompt) AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt], @@ -511,10 +606,10 @@ ;; no) echo "Sorry, --without-passprompt not supported." ;; - *) AC_DEFINE_UNQUOTED(PASSPROMPT, "$with_passprompt") - AC_MSG_RESULT([$with_passprompt]) - ;; -esac], [AC_DEFINE(PASSPROMPT, "Password:") AC_MSG_RESULT(Password:)]) + *) passprompt="$with_passprompt" +esac]) +AC_MSG_RESULT($passprompt) +AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) AC_MSG_CHECKING(for bad password message) AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong], @@ -523,22 +618,28 @@ ;; no) echo "Sorry, --without-badpass-message not supported." ;; - *) AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$with_badpass_message") - AC_MSG_RESULT([$with_badpass_message]) + *) badpass_message="$with_badpass_message" ;; -esac], [AC_DEFINE(INCORRECT_PASSWORD, ["Sorry, try again."]) AC_MSG_RESULT([Sorry, try again.])]) +esac]) +AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.]) +AC_MSG_RESULT([$badpass_message]) AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers) AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers], [case $with_fqdn in - yes) AC_DEFINE(FQDN) - AC_MSG_RESULT(yes) + yes) fqdn=on ;; - no) AC_MSG_RESULT(no) + no) fqdn=off ;; *) AC_MSG_ERROR(["--with-fqdn does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$fqdn" = "on"; then + AC_DEFINE(FQDN, 1, [Define if you want to require fully qualified hosts in sudoers.]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir], [case $with_timedir in @@ -554,7 +655,7 @@ yes) with_sendmail="" ;; no) ;; - *) AC_DEFINE_UNQUOTED(_PATH_SENDMAIL, "$with_sendmail") + *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail") ;; esac]) @@ -597,31 +698,37 @@ esac]) AC_MSG_CHECKING(for umask programs should be run with) -AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 0022) +AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022) --without-umask Preserves the umask of the user invoking sudo.], [case $with_umask in yes) AC_MSG_ERROR(["must give --with-umask an argument."]) ;; - no) AC_MSG_RESULT(user) + no) sudo_umask=0777 ;; - [[0-9]]*) AC_DEFINE_UNQUOTED(SUDO_UMASK, $with_umask) - AC_MSG_RESULT([$with_umask]) + [[0-9]]*) sudo_umask=$with_umask ;; *) AC_MSG_ERROR(["you must enter a numeric mask."]) ;; -esac], [AC_DEFINE(SUDO_UMASK, 0022) AC_MSG_RESULT(0022)]) +esac]) +AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.]) +if test "$sudo_umask" = "0777"; then + AC_MSG_RESULT(user) +else + AC_MSG_RESULT($sudo_umask) +fi AC_MSG_CHECKING(for default user to run commands as) -AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root"], +AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")], [case $with_runas_default in yes) AC_MSG_ERROR(["must give --with-runas-default an argument."]) ;; no) AC_MSG_ERROR(["--without-runas-default not supported."]) ;; - *) AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$with_runas_default") - AC_MSG_RESULT([$with_runas_default]) + *) runas_default="$with_runas_default" ;; -esac], [AC_DEFINE(RUNAS_DEFAULT, "root") AC_MSG_RESULT(root)]) +esac]) +AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) +AC_MSG_RESULT([$runas_default]) AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group], [case $with_exempt in @@ -629,7 +736,7 @@ ;; no) AC_MSG_ERROR(["--without-exempt not supported."]) ;; - *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt") + *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").]) AC_MSG_CHECKING(for group to be exempt from password) AC_MSG_RESULT([$with_exempt]) ;; @@ -642,7 +749,7 @@ ;; no) AC_MSG_ERROR(["--without-editor not supported."]) ;; - *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor") + *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) AC_MSG_RESULT([$with_editor]) ;; esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) @@ -650,99 +757,108 @@ AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables) AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo], [case $with_env_editor in - yes) AC_DEFINE(ENV_EDITOR) - AC_MSG_RESULT(yes) + yes) env_editor=on ;; - no) AC_MSG_RESULT(no) + no) env_editor=off ;; *) AC_MSG_ERROR(["--with-env-editor does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$env_editor" = "on"; then + AC_DEFINE(ENV_EDITOR, 1, [Define if you want visudo to honor the EDITOR and VISUAL env variables.]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(number of tries a user gets to enter their password) AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)], [case $with_passwd_tries in - yes) AC_DEFINE(TRIES_FOR_PASSWORD, 3) - AC_MSG_RESULT(3) - ;; + yes) ;; no) AC_MSG_ERROR(["--without-editor not supported."]) ;; - [[1-9]]*) AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $with_passwd_tries) - AC_MSG_RESULT([$with_passwd_tries]) + [[1-9]]*) passwd_tries=$with_passwd_tries ;; *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"]) ;; -esac], [AC_DEFINE(TRIES_FOR_PASSWORD, 3) AC_MSG_RESULT(3)]) +esac]) +AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) +AC_MSG_RESULT($passwd_tries) AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again) -AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5)], +AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)], [echo $with_timeout; case $with_timeout in - yes) AC_DEFINE(TIMEOUT, 5) - AC_MSG_RESULT(5) - ;; - no) AC_DEFINE(TIMEOUT, 0) - AC_MSG_RESULT([no timeout]) + yes) ;; + no) timeout=0 ;; - [[0-9]]*) AC_DEFINE_UNQUOTED(TIMEOUT, $with_timeout) - AC_MSG_RESULT([$with_timeout]) + [[0-9]]*) timeout=$with_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; -esac], [AC_DEFINE(TIMEOUT, 5) AC_MSG_RESULT(5)]) +esac]) +AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) +AC_MSG_RESULT($timeout) AC_MSG_CHECKING(time in minutes after the password prompt will time out) -AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5)], +AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)], [case $with_password_timeout in - yes) AC_DEFINE(PASSWORD_TIMEOUT, 5) - AC_MSG_RESULT(5) - ;; - no) AC_DEFINE(PASSWORD_TIMEOUT, 0) - AC_MSG_RESULT([no timeout]) + yes) ;; + no) password_timeout=0 ;; - [[0-9]]*) AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $with_password_timeout) - AC_MSG_RESULT([$with_password_timeout]) + [[0-9]]*) password_timeout=$with_password_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; -esac], [AC_DEFINE(PASSWORD_TIMEOUT, 5) AC_MSG_RESULT(5)]) +esac]) +AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) +AC_MSG_RESULT($password_timeout) -AC_MSG_CHECKING(whether to use execvp or execv) AC_ARG_WITH(execv, [ --with-execv use execv() instead of execvp()], [case $with_execv in - yes) AC_DEFINE(USE_EXECV) + yes) AC_MSG_CHECKING(whether to use execvp or execv) AC_MSG_RESULT(execv) + AC_DEFINE(USE_EXECV, 1, [Define if you wish to use execv() instead of execvp() when running programs.]) ;; - no) AC_MSG_RESULT(execvp) - ;; + no) ;; *) AC_MSG_ERROR(["--with-execv does not take an argument."]) ;; -esac], AC_MSG_RESULT(execvp)) +esac]) AC_MSG_CHECKING(whether to use per-tty ticket files) AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty], [case $with_tty_tickets in - yes) AC_DEFINE(USE_TTY_TICKETS) - AC_MSG_RESULT(yes) + yes) tty_tickets=on ;; - no) AC_MSG_RESULT(no) + no) tty_tickets=off ;; *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$tty_tickets" = "on"; then + AC_DEFINE(USE_TTY_TICKETS, 1, [Define if you want a different ticket file for each tty.]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether to include insults) AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password], [case $with_insults in - yes) AC_DEFINE(USE_INSULTS) - AC_MSG_RESULT(yes) + yes) insults=on with_classic_insults=yes with_csops_insults=yes ;; - no) AC_MSG_RESULT(no) + no) insults=off ;; *) AC_MSG_ERROR(["--with-insults does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$insults" = "on"; then + AC_DEFINE(USE_INSULTS, 1, [Define if you want to insult the user for entering an incorrect password.]) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets], [case $with_all_insults in @@ -758,7 +874,7 @@ AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo], [case $with_classic_insults in - yes) AC_DEFINE(CLASSIC_INSULTS) + yes) AC_DEFINE(CLASSIC_INSULTS, 1, [Define if you want the insults from the "classic" version sudo.]) ;; no) ;; *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."]) @@ -767,7 +883,7 @@ AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults], [case $with_csops_insults in - yes) AC_DEFINE(CSOPS_INSULTS) + yes) AC_DEFINE(CSOPS_INSULTS, 1, [Define if you want insults culled from the twisted minds of CSOps.]) ;; no) ;; *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."]) @@ -776,16 +892,16 @@ AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults], [case $with_hal_insults in - yes) AC_DEFINE(HAL_INSULTS) + yes) AC_DEFINE(HAL_INSULTS, 1, [Define if you want 2001-like insults.]) ;; no) ;; *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."]) ;; esac]) -AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the \"Goon Show\"], +AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"], [case $with_goons_insults in - yes) AC_DEFINE(GOONS_INSULTS) + yes) AC_DEFINE(GOONS_INSULTS, 1, [Define if you want insults from the "Goon Show".]) ;; no) ;; *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."]) @@ -793,7 +909,7 @@ esac]) dnl include all insult sets on one line -if test "$with_insults" = "yes"; then +if test "$insults" = "on"; then AC_MSG_CHECKING(which insult sets to include) i="" test "$with_goons_insults" = "yes" && i="goons ${i}" @@ -806,7 +922,7 @@ AC_MSG_CHECKING(whether to override the user's path) AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a builtin one], [case $with_secure_path in - yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc") + yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc", [Define to override the user's path with a builtin one.]) AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc]) ;; no) AC_MSG_RESULT(no) @@ -821,7 +937,7 @@ [case $with_interfaces in yes) AC_MSG_RESULT(yes) ;; - no) AC_DEFINE(STUB_LOAD_INTERFACES) + no) AC_DEFINE(STUB_LOAD_INTERFACES, 1, [Define if the code in interfaces.c does not compile for you.]) AC_MSG_RESULT(no) ;; *) AC_MSG_ERROR(["--with-interfaces does not take an argument."]) @@ -840,7 +956,7 @@ yes) AC_MSG_RESULT(yes) ;; no) AC_MSG_RESULT(no) - AC_DEFINE(NO_AUTHENTICATION) + AC_DEFINE(NO_AUTHENTICATION, 1, [Define if you don't want sudo to prompt for a password by default.]) ;; *) AC_MSG_RESULT(no) echo "Ignoring unknown argument to --enable-authentication: $enableval" @@ -848,6 +964,36 @@ esac ], AC_MSG_RESULT(yes)) +AC_MSG_CHECKING(whether to disable running the mailer as root) +AC_ARG_ENABLE(root-mailer, +[ --disable-root-mailer Don't run the mailer as root, run as the user], +[ case "$enableval" in + yes) AC_MSG_RESULT(no) + ;; + no) AC_MSG_RESULT(yes) + AC_DEFINE(NO_ROOT_MAILER, 1, [Define to avoid runing the mailer as root.]) + ;; + *) AC_MSG_RESULT(no) + echo "Ignoring unknown argument to --enable-root-mailer: $enableval" + ;; + esac +], AC_MSG_RESULT(no)) + +AC_MSG_CHECKING(whether to disable use of POSIX saved ids) +AC_ARG_ENABLE(saved-ids, +[ --disable-saved-ids Don't try to use POSIX saved ids], +[ case "$enableval" in + yes) AC_MSG_RESULT(no) + ;; + no) AC_MSG_RESULT(yes) + AC_DEFINE(NO_SAVED_IDS, 1, [Define to avoid using POSIX saved ids.]) + ;; + *) AC_MSG_RESULT(no) + echo "Ignoring unknown argument to --enable-saved-ids: $enableval" + ;; + esac +], AC_MSG_RESULT(no)) + AC_MSG_CHECKING(whether to disable shadow password support) AC_ARG_ENABLE(shadow, [ --disable-shadow Never use shadow passwords], @@ -865,11 +1011,11 @@ AC_MSG_CHECKING(whether root should be allowed to use sudo) AC_ARG_ENABLE(root-sudo, -[ --disable-root-sudo don't allow root to run sudo], +[ --disable-root-sudo Don't allow root to run sudo], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; - no) AC_DEFINE(NO_ROOT_SUDO) + no) AC_DEFINE(NO_ROOT_SUDO, 1, [Define if root should not be allowed to use sudo.]) AC_MSG_RESULT(no) ;; *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."]) @@ -882,7 +1028,7 @@ [ --enable-log-host Log the hostname in the log file], [ case "$enableval" in yes) AC_MSG_RESULT(yes) - AC_DEFINE(HOST_IN_LOG) + AC_DEFINE(HOST_IN_LOG, 1, [Define if you want the hostname to be entered into the log file.]) ;; no) AC_MSG_RESULT(no) ;; @@ -897,7 +1043,7 @@ [ --enable-noargs-shell If sudo is given no arguments run a shell], [ case "$enableval" in yes) AC_MSG_RESULT(yes) - AC_DEFINE(SHELL_IF_NO_ARGS) + AC_DEFINE(SHELL_IF_NO_ARGS, 1, [Define if you want sudo to start a shell if given no arguments.]) ;; no) AC_MSG_RESULT(no) ;; @@ -910,10 +1056,10 @@ AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode) AC_ARG_ENABLE(shell-sets-home, [ --enable-shell-sets-home - set \$HOME to target user in shell mode], + set $HOME to target user in shell mode], [ case "$enableval" in yes) AC_MSG_RESULT(yes) - AC_DEFINE(SHELL_SETS_HOME) + AC_DEFINE(SHELL_SETS_HOME, 1, [Define if you want sudo to set $HOME in shell mode.]) ;; no) AC_MSG_RESULT(no) ;; @@ -930,7 +1076,7 @@ yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) - AC_DEFINE(DONT_LEAK_PATH_INFO) + AC_DEFINE(DONT_LEAK_PATH_INFO, 1, [Define if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) ;; *) AC_MSG_RESULT(no) echo "Ignoring unknown argument to --enable-path-info: $enableval" @@ -948,16 +1094,23 @@ fi dnl +dnl Prevent configure from adding the -g flag unless in devel mode +dnl +if test "$with_devel" != "yes"; then + ac_cv_prog_cc_g=no +fi + +dnl dnl C compiler checks dnl XXX - the cross-compiler check gets false positives so we override it dnl +AC_ISC_POSIX ac_cv_prog_cc_cross="no" cross_compiling="no" -AC_PROG_CC +AC_PROG_CC_STDC ac_cv_prog_cc_cross="no" cross_compiling="no" AC_PROG_CPP -AC_ISC_POSIX dnl dnl It is now safe to modify CFLAGS and CPPFLAGS @@ -1023,7 +1176,9 @@ # check for password adjunct functions (shadow passwords) if test "$CHECKSHADOW" = "true"; then - AC_CHECK_FUNC(getpwanam, AC_DEFINE(HAVE_GETPWANAM) AC_CHECK_FUNCS(issecure)) + AC_CHECK_FUNCS(getpwanam issecure, , [break]) + AH_TEMPLATE([HAVE_GETPWANAM], [Define if you have the `getpwanam' function. (SunOS 4.x shadow passwords)]) + AH_TEMPLATE([HAVE_ISSECURE], [Define if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) CHECKSHADOW="false" fi ;; @@ -1034,13 +1189,13 @@ if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lucb" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-aix*) # To get all prototypes (so we pass -Wall) CPPFLAGS="${CPPFLAGS} -D_XOPEN_EXTENDED_SOURCE" - AC_DEFINE(_ALL_SOURCE) + SUDO_DEFINE(_ALL_SOURCE) SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" ;; *-*-hiuxmpp*) @@ -1048,78 +1203,31 @@ AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"; SECUREWARE=1])) CHECKSHADOW="false" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-hpux1[[0-9]]*) - # uncomment this for a statically linked sudo - # (XXX - should be an option to configure) - #STATIC_SUDO=true - - # If using cc, run in ANSI mode if possible - if test -z "$GCC"; then - $CC -Aa 2>&1 | grep 'A option is available only' >conftest.out - if test ! -s conftest.out; then - CPPFLAGS="${CPPFLAGS} -Aa" - fi - rm -f conftest.out - fi - - # Add -D_HPUX_SOURCE so we don't get strict ANSI headers - CPPFLAGS="${CPPFLAGS} -D_HPUX_SOURCE" - if test "$CHECKSHADOW" = "true"; then - AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) AC_CHECK_LIB(sec, iscomsec, AC_DEFINE(HAVE_ISCOMSEC)) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1]) + AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) AC_CHECK_LIB(sec, iscomsec, AC_DEFINE(HAVE_ISCOMSEC, 1, [Define if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1]) CHECKSHADOW="false" fi - if test -n "$STATIC_SUDO"; then - if test -n "$GCC"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" - else - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive" - fi - fi - # AFS support needs -lBSD if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-hpux9*) - # uncomment this for a statically linked sudo - # (XXX - should be an option to configure) - #STATIC_SUDO=true - - # If using cc, run in ANSI mode if possible - if test -z "$GCC"; then - $CC -Aa 2>&1 | grep 'A option is available only' >conftest.out - if test ! -s conftest.out; then - CPPFLAGS="${CPPFLAGS} -Aa" - fi - rm -f conftest.out - fi - - # Add -D_HPUX_SOURCE so we don't get strict ANSI headers - CPPFLAGS="${CPPFLAGS} -D_HPUX_SOURCE" - - AC_DEFINE(BROKEN_SYSLOG) + AC_DEFINE(BROKEN_SYSLOG, 1, [Define if the `syslog' function returns a non-zero int to denote failure.]) if test "$CHECKSHADOW" = "true"; then AC_CHECK_FUNCS(getspwuid) + AH_TEMPLATE([HAVE_GETSPWUID], [Define if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)]) CHECKSHADOW="false" fi - if test -n "$STATIC_SUDO"; then - if test -n "$GCC"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" - else - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive" - fi - fi - # DCE support (requires ANSI C compiler) if test "$with_DCE" = "yes"; then # order of libs in 9.X is important. -lc_r must be last @@ -1132,11 +1240,10 @@ if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-hpux*) - AC_DEFINE(BROKEN_SYSLOG) # Not sure if setuid binaries are safe in < 9.x @@ -1150,8 +1257,8 @@ if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-dec-osf*) # ignore envariables wrt dynamic lib path @@ -1175,7 +1282,7 @@ # use SIA by default, if we have it, else SecureWare # unless overridden on the command line if test "$CHECKSIA" = "true"; then - AC_CHECK_FUNC(sia_ses_init, AC_DEFINE(HAVE_SIA) [ + AC_CHECK_FUNC(sia_ses_init, AC_DEFINE(HAVE_SIA, 1, [Define if you use SIA.]) [ if test -n "$with_skey" -o -n "$with_opie" -o -n "$with_otp_only" -o -n "$with_long_otp_prompt" -o -n "$with_SecurID" -o -n "$with_fwtk" -o -n "$with_kerb4" -o -n "$with_kerb5" -o -n "$with_pam" -o -n "$with_AFS" -o -n "$with_DCE"; then AC_MSG_ERROR(["you cannot mix SIA and other authentication schemes. You can turn off SIA support via the --disable-sia option"]) fi]; CHECKSHADOW=false) @@ -1186,10 +1293,10 @@ fi if test -n "$SECUREWARE"; then - AC_DEFINE(HAVE_GETPRPWNAM) + AC_DEFINE(HAVE_GETPRPWNAM, 1, [Define if you have the `getprpwnam' function. (SecureWare-style shadow passwords)]) # -ldb includes bogus versions of snprintf/vsnprintf - AC_CHECK_FUNC(snprintf, AC_DEFINE(HAVE_SNPRINTF), NEED_SNPRINTF=1) - AC_CHECK_FUNC(vsnprintf, AC_DEFINE(HAVE_VSNPRINTF), NEED_SNPRINTF=1) + AC_CHECK_FUNCS(snprintf, , [NEED_SNPRINTF=1]) + AC_CHECK_FUNCS(vsnprintf, , [NEED_SNPRINTF=1]) # 4.x and higher need -ldb too... AC_CHECK_LIB(db, dbopen, [SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm"], [SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm"]) AC_CHECK_FUNCS(dispcrypt) @@ -1202,17 +1309,14 @@ [AC_MSG_RESULT([yes, fixing locally]) sed 's:::g' < /usr/include/prot.h > prot.h ]) - else + elif test "$CHECKSIA" = "true"; then with_passwd=no AUTH_OBJS="sia.o" fi - mansectsu=8 - mansectform=4 + test -n "$mansectsu" || mansectsu=8 + test -n "$mansectform" || mansectform=4 ;; *-*-irix*) - # configure may not think irix has stdc headers - # but it's good enough for sudo - AC_DEFINE(STDC_HEADERS) CPPFLAGS="${CPPFLAGS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then MAN_POSTINSTALL=' /bin/rm -f $(mandir8)/sudo.$(mansect8).z $(mandir8)/visudo.$(mansect8).z $(mandir5)/sudoers.$(mansect5).z ; /usr/bin/pack $(mandir8)/sudo.$(mansect8) $(mandir8)/visudo.$(mansect8) $(mandir5)/sudoers.$(mansect5)' @@ -1236,21 +1340,18 @@ if test "$OSREV" -le 4; then AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-linux*) - # To get crypt(3) and vasprintf() prototypes (so we pass -Wall) - AC_DEFINE(_GNU_SOURCE) - # Some Linux versions need to link with -lshadow if test "$CHECKSHADOW" = "true"; then - AC_CHECK_FUNC(getspnam, AC_DEFINE(HAVE_GETSPNAM), AC_CHECK_LIB(shadow, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lshadow"; LIBS="${LIBS} -lshadow"])) + AC_CHECK_FUNCS(getspnam, , [AC_CHECK_LIB(shadow, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lshadow"; LIBS="${LIBS} -lshadow"])]) CHECKSHADOW="false" fi ;; *-convex-bsd*) - AC_DEFINE(_CONVEX_SOURCE) + SUDO_DEFINE(_CONVEX_SOURCE) if test -z "$GCC"; then CFLAGS="${CFLAGS} -D__STDC__" fi @@ -1263,7 +1364,7 @@ *-*-ultrix*) OS="ultrix" if test "$CHECKSHADOW" = "true"; then - AC_CHECK_LIB(auth, getauthuid, AC_DEFINE(HAVE_GETAUTHUID) [SUDO_LIBS="${SUDO_LIBS} -lauth"; LIBS="${LIBS} -lauth"]) + AC_CHECK_LIB(auth, getauthuid, AC_DEFINE(HAVE_GETAUTHUID, 1, [Define if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)]) [SUDO_LIBS="${SUDO_LIBS} -lauth"; LIBS="${LIBS} -lauth"]) CHECKSHADOW="false" fi ;; @@ -1271,8 +1372,8 @@ LIBS="${LIBS} -lsun -lbsd" CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" OSDEFS="${OSDEFS} -D_MIPS" - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" @@ -1284,31 +1385,42 @@ AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) CHECKSHADOW="false" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; - *-*-sco*) + *-*-sco*|*-sco-*) if test "$CHECKSHADOW" = "true"; then AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lprot -lx"; LIBS="${LIBS} -lprot -lx"; SECUREWARE=1], , -lx) AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"]) CHECKSHADOW="false" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 + ;; + m88k-motorola-sysv*) + # motorolla's cc (a variant of gcc) does -O but not -O2 + CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-sequent-sysv*) if test "$CHECKSHADOW" = "true"; then AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"]) CHECKSHADOW="false" fi - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 + ;; + *-ncr-sysv4*|*-ncr-sysvr4*) + AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes]) + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; - *-ccur-sysv4|*-ccur-sysvr4) + *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" SUDO_LIBS="${SUDO_LIBS} -lgen" - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; *-*-bsdi*) # Use shlicc for BSD/OS [23].x unless asked to do otherwise @@ -1332,14 +1444,31 @@ CHECKSHADOW="false" fi ;; + *-*-*openbsd*) + BROKEN_SETREUID=yes + if test "$CHECKSHADOW" = "true"; then + CHECKSHADOW="false" + fi + ;; + *-*-*netbsd*) + BROKEN_SETREUID=yes + if test "$CHECKSHADOW" = "true"; then + CHECKSHADOW="false" + fi + ;; *-*-*bsd*) if test "$CHECKSHADOW" = "true"; then CHECKSHADOW="false" fi ;; + *-*-nextstep*) + # lockf() on is broken on the NeXT -- use flock instead + ac_cv_func_lockf=no + ac_cv_func_flock=yes + ;; *-*-sysv*) - mansectsu=1m - mansectform=4 + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 ;; esac @@ -1354,10 +1483,10 @@ dnl We check for SVR4-style first and then SecureWare-style. dnl if test "$CHECKSHADOW" = "true"; then - AC_CHECK_FUNC(getspnam, AC_DEFINE(HAVE_GETSPNAM) [CHECKSHADOW="false"]) + AC_CHECK_FUNCS(getspnam, [CHECKSHADOW="false"], [AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM, 1, [Define if you have the `getspnam' function (SVR4-style shadow passwords)]) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])]) fi if test "$CHECKSHADOW" = "true"; then - AC_CHECK_FUNC(getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1], AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"], AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"])))) + AC_CHECK_FUNC(getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1], AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"], AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"])))]) fi dnl @@ -1365,39 +1494,49 @@ dnl AC_PROG_GCC_TRADITIONAL AC_C_CONST +AC_C_VOLATILE dnl dnl Program checks dnl AC_PROG_YACC +SUDO_PROG_MV +SUDO_PROG_BSHELL if test -z "$with_sendmail"; then SUDO_PROG_SENDMAIL fi -SUDO_PROG_MV -SUDO_PROG_BSHELL -SUDO_PROG_VI +if test -z "$with_editor"; then + SUDO_PROG_VI +fi dnl dnl Header file checks dnl AC_HEADER_STDC AC_HEADER_DIRENT -AC_CHECK_HEADERS(string.h strings.h unistd.h malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h) +AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h) dnl ultrix termio/termios are broken if test "$OS" != "ultrix"; then - AC_CHECK_HEADERS(termio.h) - AC_CHECK_HEADERS(termios.h, AC_CHECK_FUNCS(tcgetattr)) + AC_SYS_POSIX_TERMIOS + if test "$ac_cv_sys_posix_termios" = "yes"; then + AC_DEFINE(HAVE_TERMIOS_H, 1, [Define if you have the header file and the `tcgetattr' function.]) + else + AC_CHECK_HEADERS(termio.h) + fi fi if test "$with_logincap" = "yes"; then AC_CHECK_HEADERS(login_cap.h) fi if test "$with_bsdauth" = "yes"; then - AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) [with_passwd=no; AUTH_OBJS=bsdauth.o]) + AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H, 1, [Define if you use BSD authentication.]) [with_passwd=no; AUTH_OBJS=bsdauth.o]) fi - dnl dnl typedef checks dnl AC_TYPE_MODE_T AC_TYPE_UID_T +AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int, [Define to `int' if does not define.])], [#include +#include ]) +AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T, 1, [Define if has the sigaction_t typedef.])], ,[#include +#include ]) SUDO_TYPE_SIZE_T SUDO_TYPE_SSIZE_T SUDO_TYPE_DEV_T @@ -1416,58 +1555,59 @@ dnl dnl Function checks dnl -AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf sigaction tzset seteuid strftime setrlimit initgroups fstat) +AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ + seteuid setegid strftime setrlimit initgroups fstat) +if test -z "$BROKEN_SETREUID"; then + AC_CHECK_FUNCS(setreuid) +fi +if test X"$with_interfaces" != X"no"; then + AC_CHECK_FUNCS(getifaddrs) +fi if test -n "$SECUREWARE"; then - AC_CHECK_FUNCS(bigcrypt) - AC_CHECK_FUNCS(set_auth_parameters) - AC_CHECK_FUNCS(initprivs) + AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) fi if test -z "$BROKEN_GETCWD"; then - AC_CHECK_FUNC(getcwd, AC_DEFINE(HAVE_GETCWD), LIBOBJS="$LIBOBJS getcwd.o") + AC_REPLACE_FUNCS(getcwd) fi -AC_CHECK_FUNC(lockf, AC_DEFINE(HAVE_LOCKF), AC_CHECK_FUNCS(flock)) -AC_CHECK_FUNC(waitpid, AC_DEFINE(HAVE_WAITPID), AC_CHECK_FUNCS(wait3)) -AC_CHECK_FUNC(innetgr, AC_DEFINE(HAVE_INNETGR) AC_CHECK_FUNCS(getdomainname)) -AC_CHECK_FUNC(lsearch, AC_DEFINE(HAVE_LSEARCH), AC_CHECK_LIB(compat, lsearch, AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [LIBS="${LIBS} -lcompat"], LIBOBJS="$LIBOBJS lsearch.o"), LIBOBJS="$LIBOBJS lsearch.o")) -AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), AC_FUNC_CHECK(putenv, AC_DEFINE(HAVE_PUTENV), LIBOBJS="$LIBOBJS putenv.o")) -AC_CHECK_FUNC(utime, AC_DEFINE(HAVE_UTIME) -SUDO_FUNC_UTIME_POSIX, LIBOBJS="$LIBOBJS utime.o") -SUDO_FUNC_FNMATCH(AC_DEFINE(HAVE_FNMATCH), LIBOBJS="$LIBOBJS fnmatch.o") -AC_REPLACE_FUNCS(strerror strcasecmp) -AC_CHECK_FUNC(snprintf, AC_DEFINE(HAVE_SNPRINTF), NEED_SNPRINTF=1) -AC_CHECK_FUNC(vsnprintf, AC_DEFINE(HAVE_VSNPRINTF), NEED_SNPRINTF=1) -AC_CHECK_FUNC(asprintf, AC_DEFINE(HAVE_ASPRINTF), NEED_SNPRINTF=1) -AC_CHECK_FUNC(vasprintf, AC_DEFINE(HAVE_VASPRINTF), NEED_SNPRINTF=1) +AC_CHECK_FUNCS(lockf flock, [break]) +AC_CHECK_FUNCS(waitpid wait3, [break]) +AC_CHECK_FUNCS(innetgr _innetgr, AC_CHECK_FUNCS(getdomainname) [break]) +AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [LIBS="${LIBS} -lcompat"], AC_LIBOBJ(lsearch)), AC_LIBOBJ(lsearch))]) +AC_CHECK_FUNCS(utime, SUDO_FUNC_UTIME_POSIX, AC_LIBOBJ(utime)) +SUDO_FUNC_FNMATCH(AC_DEFINE(HAVE_FNMATCH, 1, [Define if you have the `fnmatch' function.]), AC_LIBOBJ(fnmatch)) +SUDO_FUNC_ISBLANK +AC_REPLACE_FUNCS(strerror strcasecmp sigaction) +AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) dnl dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf) dnl if test -n "$NEED_SNPRINTF"; then - LIBOBJS="$LIBOBJS snprintf.o" + AC_LIBOBJ(snprintf) fi dnl dnl if crypt(3) not in libc, look elsewhere dnl if test -z "$LIB_CRYPT"; then - AC_CHECK_FUNC(crypt, ,AC_CHECK_LIB(crypt, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt"; LIBS="${LIBS} -lcrypt"], AC_CHECK_LIB(crypt_d, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt_d"; LIBS="${LIBS} -lcrypt_d"], AC_CHECK_LIB(ufc, crypt, [SUDO_LIBS="${SUDO_LIBS} -lufc"; LIBS="${LIBS} -lufc"])))) + AC_CHECK_FUNC(crypt, , [AC_CHECK_LIB(crypt, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt"; LIBS="${LIBS} -lcrypt"], AC_CHECK_LIB(crypt_d, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt_d"; LIBS="${LIBS} -lcrypt_d"], AC_CHECK_LIB(ufc, crypt, [SUDO_LIBS="${SUDO_LIBS} -lufc"; LIBS="${LIBS} -lufc"])))]) fi dnl dnl If socket(2) not in libc, check -lsocket and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl In this case we look for main(), not socket() to avoid using a cached value dnl -AC_CHECK_FUNC(socket, ,AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) -AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))) +AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) +AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))]) dnl dnl If inet_addr(3) not in libc, check -lnsl and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl -AC_CHECK_FUNC(inet_addr, , AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) -AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))) +AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) +AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))]) dnl dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet dnl -AC_CHECK_FUNC(syslog, ,AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))) +AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))]) dnl dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc) dnl (gcc includes its own alloca(3) but other compilers may not) @@ -1480,11 +1620,13 @@ dnl Kerberos 5 dnl if test "$with_kerb5" = "yes"; then - AC_DEFINE(HAVE_KERB5) + AC_DEFINE(HAVE_KERB5, 1, [Define if you use Kerberos V.]) if test -f "/usr/local/include/krb5.h"; then CPPFLAGS="$CPPFLAGS -I/usr/local/include" elif test -f "/usr/local/kerberos/include/krb5.h"; then CPPFLAGS="$CPPFLAGS -I/usr/local/kerberos/include" + elif test -f "/usr/krb5/include/krb5.h"; then + CPPFLAGS="$CPPFLAGS -I/usr/krb5/include" elif test -f "/usr/local/krb5/include/krb5.h"; then CPPFLAGS="$CPPFLAGS -I/usr/local/krb5/include" else @@ -1495,6 +1637,8 @@ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" elif test -f "/usr/local/kerberos/lib/libkrb5.a"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/kerberos/lib" + elif test -f "/usr/krb5/lib/libkrb5.a"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/krb5/lib" elif test -f "/usr/local/krb5/lib/libkrb5.a"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/krb5/lib" else @@ -1516,7 +1660,7 @@ dnl Find kerberos 4 includes and libs or complain dnl if test "$with_kerb4" = "yes"; then - AC_DEFINE(HAVE_KERB4) + AC_DEFINE(HAVE_KERB4, 1, [Define if you use Kerberos IV.]) if test -f "/usr/include/kerberosIV/krb.h"; then CPPFLAGS="${CPPFLAGS} -I/usr/include/kerberosIV" elif test -f "/usr/local/include/kerberosIV/krb.h"; then @@ -1613,6 +1757,7 @@ else echo 'Unable to locate libskey.a and/or skey.h, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS and/or -I/path/to/skey.h to CPPFLAGS' fi + AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS, 1, [Define if your S/Key library has skeyaccess().])) fi dnl @@ -1670,7 +1815,7 @@ dnl Use passwd (and secureware) auth modules? dnl if test "$with_passwd" = "no"; then - AC_DEFINE(WITHOUT_PASSWD) + AC_DEFINE(WITHOUT_PASSWD, 1. [Define to avoid using the passwd/shadow file for authentication.]) if test -z "$AUTH_OBJS"; then AC_MSG_ERROR([no authentication methods defined.]) fi @@ -1719,3 +1864,67 @@ esac echo "" fi + +dnl +dnl Special bits for autoheader +dnl +AH_VERBATIM([_GNU_SOURCE], +[/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE 1 +#endif]) + +AH_VERBATIM([_ALL_SOURCE], +[/* Enable non-POSIX extensions on AIX. */ +#ifndef _ALL_SOURCE +# undef _ALL_SOURCE +#endif]) + +AH_VERBATIM([_CONVEX_SOURCE], +[/* Enable non-POSIX extensions on ConvexOS. */ +#ifndef _CONVEX_SOURCE +# undef _CONVEX_SOURCE +#endif]) + +AH_TOP([#ifndef _SUDO_CONFIG_H +#define _SUDO_CONFIG_H]) + +AH_BOTTOM([/* + * Emulate a subset of waitpid() if we don't have it. + */ +#ifdef HAVE_WAITPID +# define sudo_waitpid(p, s, o) waitpid(p, s, o) +#else +# ifdef HAVE_WAIT3 +# define sudo_waitpid(p, s, o) wait3(s, o, NULL) +# endif +#endif + +/* Solaris doesn't use const qualifiers in PAM. */ +#ifdef sun +# define PAM_CONST +#else +# define PAM_CONST const +#endif + +#ifdef USE_EXECV +# define EXEC execv +#else +# define EXEC execvp +#endif /* USE_EXECV */ + +/* New ANSI-style OS defs for HP-UX and ConvexOS. */ +#if defined(hpux) && !defined(__hpux) +# define __hpux 1 +#endif /* hpux */ + +#if defined(convex) && !defined(__convex__) +# define __convex__ 1 +#endif /* convex */ + +/* BSD compatibility on some SVR4 systems. */ +#ifdef __svr4__ +# define BSD_COMP +#endif /* __svr4__ */ + +#endif /* _SUDO_CONFIG_H */]) Index: usr.bin/sudo/def_data.in =================================================================== RCS file: usr.bin/sudo/def_data.in diff -N usr.bin/sudo/def_data.in --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ usr.bin/sudo/def_data.in 16 Jan 2002 19:09:14 -0000 @@ -0,0 +1,182 @@ +# +# Format: +# +# var_name +# TYPE +# description (or NULL) +# + +syslog_ifac + T_UINT + NULL +syslog_igoodpri + T_UINT + NULL +syslog_ibadpri + T_UINT + NULL +syslog + T_LOGFAC|T_BOOL + "Syslog facility if syslog is being used for logging: %s" +syslog_goodpri + T_LOGPRI + "Syslog priority to use when user authenticates successfully: %s" +syslog_badpri + T_LOGPRI + "Syslog priority to use when user authenticates unsuccessfully: %s" +long_otp_prompt + T_FLAG + "Put OTP prompt on its own line" +ignore_dot + T_FLAG + "Ignore '.' in $PATH" +mail_always + T_FLAG + "Always send mail when sudo is run" +mail_badpass + T_FLAG + "Send mail if user authentication fails" +mail_no_user + T_FLAG + "Send mail if the user is not in sudoers" +mail_no_host + T_FLAG + "Send mail if the user is not in sudoers for this host" +mail_no_perms + T_FLAG + "Send mail if the user is not allowed to run a command" +tty_tickets + T_FLAG + "Use a separate timestamp for each user/tty combo" +lecture + T_FLAG + "Lecture user the first time they run sudo" +authenticate + T_FLAG + "Require users to authenticate by default" +root_sudo + T_FLAG + "Root may run sudo" +log_host + T_FLAG + "Log the hostname in the (non-syslog) log file" +log_year + T_FLAG + "Log the year in the (non-syslog) log file" +shell_noargs + T_FLAG + "If sudo is invoked with no arguments, start a shell" +set_home + T_FLAG + "Set $HOME to the target user when starting a shell with -s" +always_set_home + T_FLAG + "Always set $HOME to the target user's home directory" +path_info + T_FLAG + "Allow some information gathering to give useful error messages" +fqdn + T_FLAG + "Require fully-qualified hostnames in the sudoers file" +insults + T_FLAG + "Insult the user when they enter an incorrect password" +requiretty + T_FLAG + "Only allow the user to run sudo if they have a tty" +env_editor + T_FLAG + "Visudo will honor the EDITOR environment variable" +rootpw + T_FLAG + "Prompt for root's password, not the users's" +runaspw + T_FLAG + "Prompt for the runas_default user's password, not the users's" +targetpw + T_FLAG + "Prompt for the target user's password, not the users's" +use_loginclass + T_FLAG + "Apply defaults in the target user's login class if there is one" +set_logname + T_FLAG + "Set the LOGNAME and USER environment variables" +stay_setuid + T_FLAG + "Only set the effective uid to the target user, not the real uid" +env_reset + T_FLAG + "Reset the environment to a default set of variables" +preserve_groups + T_FLAG + "Don't initialize the group vector to that of the target user" +loglinelen + T_UINT|T_BOOL + "Length at which to wrap log file lines (0 for no wrap): %d" +timestamp_timeout + T_INT|T_BOOL + "Authentication timestamp timeout: %d minutes" +passwd_timeout + T_UINT|T_BOOL + "Password prompt timeout: %d minutes" +passwd_tries + T_UINT + "Number of tries to enter a password: %d" +umask + T_MODE|T_BOOL + "Umask to use or 0777 to use user's: 0%o" +logfile + T_STR|T_BOOL|T_PATH + "Path to log file: %s" +mailerpath + T_STR|T_BOOL|T_PATH + "Path to mail program: %s" +mailerflags + T_STR|T_BOOL + "Flags for mail program: %s" +mailto + T_STR|T_BOOL + "Address to send mail to: %s" +mailsub + T_STR + "Subject line for mail messages: %s" +badpass_message + T_STR + "Incorrect password message: %s" +timestampdir + T_STR|T_PATH + "Path to authentication timestamp dir: %s" +exempt_group + T_STR|T_BOOL + "Users in this group are exempt from password and PATH requirements: %s" +passprompt + T_STR + "Default password prompt: %s" +runas_default + T_STR + "Default user to run commands as: %s" +editor + T_STR|T_PATH + "Path to the editor for use by visudo: %s" +env_check + T_LIST|T_BOOL + "Environment variables to check for sanity:" +env_delete + T_LIST|T_BOOL + "Environment variables to remove:" +env_keep + T_LIST|T_BOOL + "Environment variables to preserve:" +listpw_i + T_UINT + NULL +verifypw_i + T_UINT + NULL +listpw + T_PWFLAG + "When to require a password for 'list' pseudocommand: %s" +verifypw + T_PWFLAG + "When to require a password for 'verify' pseudocommand: %s" Index: usr.bin/sudo/defaults.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/defaults.c,v retrieving revision 1.7 diff -u -r1.7 defaults.c --- usr.bin/sudo/defaults.c 2 Mar 2001 14:39:44 -0000 1.7 +++ usr.bin/sudo/defaults.c 16 Jan 2002 19:09:14 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2000 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,26 +34,33 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +# ifdef HAVE_UNISTD_H +#include +#endif /* HAVE_UNISTD_H */ +#include #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: defaults.c,v 1.23 2000/03/22 23:40:09 millert Exp $"; +static const char rcsid[] = "$Sudo: defaults.c,v 1.38 2001/12/30 18:40:09 millert Exp $"; #endif /* lint */ /* @@ -102,168 +109,19 @@ * Local prototypes. */ static int store_int __P((char *, struct sudo_defs_types *, int)); +static int store_uint __P((char *, struct sudo_defs_types *, int)); static int store_str __P((char *, struct sudo_defs_types *, int)); static int store_syslogfac __P((char *, struct sudo_defs_types *, int)); static int store_syslogpri __P((char *, struct sudo_defs_types *, int)); static int store_mode __P((char *, struct sudo_defs_types *, int)); static int store_pwflag __P((char *, struct sudo_defs_types *, int)); +static int store_list __P((char *, struct sudo_defs_types *, int)); +static void list_op __P((char *, size_t, struct sudo_defs_types *, enum list_ops)); /* * Table describing compile-time and run-time options. */ -struct sudo_defs_types sudo_defs_table[] = { - { - "syslog_ifac", T_INT, NULL - }, { - "syslog_igoodpri", T_INT, NULL - }, { - "syslog_ibadpri", T_INT, NULL - }, { - "syslog", T_LOGFAC|T_BOOL, - "Syslog facility if syslog is being used for logging: %s" - }, { - "syslog_goodpri", T_LOGPRI, - "Syslog priority to use when user authenticates successfully: %s" - }, { - "syslog_badpri", T_LOGPRI, - "Syslog priority to use when user authenticates unsuccessfully: %s" - }, { - "long_otp_prompt", T_FLAG, - "Put OTP prompt on its own line" - }, { - "ignore_dot", T_FLAG, - "Ignore '.' in $PATH" - }, { - "mail_always", T_FLAG, - "Always send mail when sudo is run" - }, { - "mail_no_user", T_FLAG, - "Send mail if the user is not in sudoers" - }, { - "mail_no_host", T_FLAG, - "Send mail if the user is not in sudoers for this host" - }, { - "mail_no_perms", T_FLAG, - "Send mail if the user is not allowed to run a command" - }, { - "tty_tickets", T_FLAG, - "Use a separate timestamp for each user/tty combo" - }, { - "lecture", T_FLAG, - "Lecture user the first time they run sudo" - }, { - "authenticate", T_FLAG, - "Require users to authenticate by default" - }, { - "root_sudo", T_FLAG, - "Root may run sudo" - }, { - "log_host", T_FLAG, - "Log the hostname in the (non-syslog) log file" - }, { - "log_year", T_FLAG, - "Log the year in the (non-syslog) log file" - }, { - "shell_noargs", T_FLAG, - "If sudo is invoked with no arguments, start a shell" - }, { - "set_home", T_FLAG, - "Set $HOME to the target user when starting a shell with -s" - }, { - "path_info", T_FLAG, - "Allow some information gathering to give useful error messages" - }, { - "fqdn", T_FLAG, - "Require fully-qualified hsotnames in the sudoers file" - }, { - "insults", T_FLAG, - "Insult the user when they enter an incorrect password" - }, { - "requiretty", T_FLAG, - "Only allow the user to run sudo if they have a tty" - }, { - "env_editor", T_FLAG, - "Visudo will honor the EDITOR environment variable" - }, { - "rootpw", T_FLAG, - "Prompt for root's password, not the users's" - }, { - "runaspw", T_FLAG, - "Prompt for the runas_default user's password, not the users's" - }, { - "targetpw", T_FLAG, - "Prompt for the target user's password, not the users's" - }, { - "use_loginclass", T_FLAG, - "Apply defaults in the target user's login class if there is one" - }, { - "set_logname", T_FLAG, - "Set the LOGNAME and USER environment variables" - }, { - "loglinelen", T_INT|T_BOOL, - "Length at which to wrap log file lines (0 for no wrap): %d" - }, { - "timestamp_timeout", T_INT|T_BOOL, - "Authentication timestamp timeout: %d minutes" - }, { - "passwd_timeout", T_INT|T_BOOL, - "Password prompt timeout: %d minutes" - }, { - "passwd_tries", T_INT, - "Number of tries to enter a password: %d" - }, { - "umask", T_MODE|T_BOOL, - "Umask to use or 0777 to use user's: 0%o" - }, { - "logfile", T_STR|T_BOOL|T_PATH, - "Path to log file: %s" - }, { - "mailerpath", T_STR|T_BOOL|T_PATH, - "Path to mail program: %s" - }, { - "mailerflags", T_STR|T_BOOL, - "Flags for mail program: %s" - }, { - "mailto", T_STR|T_BOOL, - "Address to send mail to: %s" - }, { - "mailsub", T_STR, - "Subject line for mail messages: %s" - }, { - "badpass_message", T_STR, - "Incorrect password message: %s" - }, { - "timestampdir", T_STR|T_PATH, - "Path to authentication timestamp dir: %s" - }, { - "exempt_group", T_STR|T_BOOL, - "Users in this group are exempt from password and PATH requirements: %s" - }, { - "passprompt", T_STR, - "Default password prompt: %s" - }, { - "runas_default", T_STR, - "Default user to run commands as: %s" - }, { - "secure_path", T_STR|T_BOOL, - "Value to override user's $PATH with: %s" - }, { - "editor", T_STR|T_PATH, - "Path to the editor for use by visudo: %s" - }, { - "listpw_i", T_INT, NULL - }, { - "verifypw_i", T_INT, NULL - }, { - "listpw", T_PWFLAG, - "When to require a password for 'list' pseudocommand: %s" - }, { - "verifypw", T_PWFLAG, - "When to require a password for 'verify' pseudocommand: %s" - }, { - NULL, 0, NULL - } -}; +#include /* * Print version and configure info. @@ -272,6 +130,7 @@ dump_defaults() { struct sudo_defs_types *cur; + struct list_member *item; for (cur = sudo_defs_table; cur->name; cur++) { if (cur->desc) { @@ -289,6 +148,7 @@ putchar('\n'); } break; + case T_UINT: case T_INT: (void) printf(cur->desc, cur->sd_un.ival); putchar('\n'); @@ -297,6 +157,13 @@ (void) printf(cur->desc, cur->sd_un.mode); putchar('\n'); break; + case T_LIST: + if (cur->sd_un.list) { + puts(cur->desc); + for (item = cur->sd_un.list; item; item = item->next) + printf("\t%s\n", item->value); + } + break; } } } @@ -321,8 +188,8 @@ default: p = strrchr(cur->desc, ':'); if (p) - (void) printf("%s: %.*s\n", cur->name, (int)(p - cur->desc), - cur->desc); + (void) printf("%s: %.*s\n", cur->name, + (int) (p - cur->desc), cur->desc); else (void) printf("%s: %s\n", cur->name, cur->desc); break; @@ -438,6 +305,23 @@ return(FALSE); } break; + case T_UINT: + if (!val) { + /* Check for bogus boolean usage or lack of a value. */ + if (!(cur->type & T_BOOL) || op != FALSE) { + (void) fprintf(stderr, + "%s: no value specified for `%s' on line %d\n", Argv[0], + var, sudolineno); + return(FALSE); + } + } + if (!store_uint(val, cur, op)) { + (void) fprintf(stderr, + "%s: value '%s' is invalid for option '%s'\n", Argv[0], + val, var); + return(FALSE); + } + break; case T_MODE: if (!val) { /* Check for bogus boolean usage or lack of a value. */ @@ -468,6 +352,22 @@ if (num == I_FQDN && op) set_fqdn(); break; + case T_LIST: + if (!val) { + /* Check for bogus boolean usage or lack of a value. */ + if (!(cur->type & T_BOOL) || op != FALSE) { + (void) fprintf(stderr, + "%s: no value specified for `%s' on line %d\n", Argv[0], + var, sudolineno); + return(FALSE); + } + } + if (!store_list(val, cur, op)) { + (void) fprintf(stderr, + "%s: value '%s' is invalid for option '%s'\n", Argv[0], + val, var); + return(FALSE); + } } return(TRUE); @@ -496,6 +396,9 @@ def->sd_un.str = NULL; } break; + case T_LIST: + list_op(NULL, 0, def, freeall); + break; } } @@ -510,13 +413,13 @@ def_flag(I_MAIL_ALWAYS) = TRUE; #endif #ifdef SEND_MAIL_WHEN_NO_USER - def_flag(I_MAIL_NOUSER) = TRUE; + def_flag(I_MAIL_NO_USER) = TRUE; #endif #ifdef SEND_MAIL_WHEN_NO_HOST - def_flag(I_MAIL_NOHOST) = TRUE; + def_flag(I_MAIL_NO_HOST) = TRUE; #endif #ifdef SEND_MAIL_WHEN_NOT_OK - def_flag(I_MAIL_NOPERMS) = TRUE; + def_flag(I_MAIL_NO_PERMS) = TRUE; #endif #ifdef USE_TTY_TICKETS def_flag(I_TTY_TICKETS) = TRUE; @@ -551,18 +454,20 @@ #ifdef ENV_EDITOR def_flag(I_ENV_EDITOR) = TRUE; #endif - def_flag(I_LOGNAME) = TRUE; + def_flag(I_SET_LOGNAME) = TRUE; /* Syslog options need special care since they both strings and ints */ #if (LOGGING & SLOG_SYSLOG) - (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_LOGFACSTR], TRUE); - (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_GOODPRISTR], TRUE); - (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE); + (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE); + (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI], + TRUE); + (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI], + TRUE); #endif /* Password flags also have a string and integer component. */ - (void) store_pwflag("any", &sudo_defs_table[I_LISTPWSTR], TRUE); - (void) store_pwflag("all", &sudo_defs_table[I_VERIFYPWSTR], TRUE); + (void) store_pwflag("any", &sudo_defs_table[I_LISTPW], TRUE); + (void) store_pwflag("all", &sudo_defs_table[I_VERIFYPW], TRUE); /* Then initialize the int-like things. */ #ifdef SUDO_UMASK @@ -570,40 +475,40 @@ #else def_mode(I_UMASK) = 0777; #endif - def_ival(I_LOGLEN) = MAXLOGFILELEN; - def_ival(I_TS_TIMEOUT) = TIMEOUT; - def_ival(I_PW_TIMEOUT) = PASSWORD_TIMEOUT; - def_ival(I_PW_TRIES) = TRIES_FOR_PASSWORD; + def_ival(I_LOGLINELEN) = MAXLOGFILELEN; + def_ival(I_TIMESTAMP_TIMEOUT) = TIMEOUT; + def_ival(I_PASSWD_TIMEOUT) = PASSWORD_TIMEOUT; + def_ival(I_PASSWD_TRIES) = TRIES_FOR_PASSWORD; - /* Finally do the strings */ + /* Now do the strings */ def_str(I_MAILTO) = estrdup(MAILTO); def_str(I_MAILSUB) = estrdup(MAILSUBJECT); - def_str(I_BADPASS_MSG) = estrdup(INCORRECT_PASSWORD); + def_str(I_BADPASS_MESSAGE) = estrdup(INCORRECT_PASSWORD); def_str(I_TIMESTAMPDIR) = estrdup(_PATH_SUDO_TIMEDIR); def_str(I_PASSPROMPT) = estrdup(PASSPROMPT); - def_str(I_RUNAS_DEF) = estrdup(RUNAS_DEFAULT); -#ifdef _PATH_SENDMAIL - def_str(I_MAILERPATH) = estrdup(_PATH_SENDMAIL); + def_str(I_RUNAS_DEFAULT) = estrdup(RUNAS_DEFAULT); +#ifdef _PATH_SUDO_SENDMAIL + def_str(I_MAILERPATH) = estrdup(_PATH_SUDO_SENDMAIL); def_str(I_MAILERFLAGS) = estrdup("-t"); #endif #if (LOGGING & SLOG_FILE) def_str(I_LOGFILE) = estrdup(_PATH_SUDO_LOGFILE); #endif #ifdef EXEMPTGROUP - def_str(I_EXEMPT_GRP) = estrdup(EXEMPTGROUP); -#endif -#ifdef SECURE_PATH - def_str(I_SECURE_PATH) = estrdup(SECURE_PATH); + def_str(I_EXEMPT_GROUP) = estrdup(EXEMPTGROUP); #endif def_str(I_EDITOR) = estrdup(EDITOR); + /* Finally do the lists (currently just environment tables). */ + init_envtables(); + /* * The following depend on the above values. * We use a pointer to the string so that if its * value changes we get the change. */ if (user_runas == NULL) - user_runas = &def_str(I_RUNAS_DEF); + user_runas = &def_str(I_RUNAS_DEFAULT); firsttime = 0; } @@ -621,6 +526,27 @@ def->sd_un.ival = 0; } else { l = strtol(val, &endp, 10); + if (*endp != '\0') + return(FALSE); + /* XXX - should check against INT_MAX */ + def->sd_un.ival = (unsigned int)l; + } + return(TRUE); +} + +static int +store_uint(val, def, op) + char *val; + struct sudo_defs_types *def; + int op; +{ + char *endp; + long l; + + if (op == FALSE) { + def->sd_un.ival = 0; + } else { + l = strtol(val, &endp, 10); if (*endp != '\0' || l < 0) return(FALSE); /* XXX - should check against INT_MAX */ @@ -646,6 +572,37 @@ } static int +store_list(str, def, op) + char *str; + struct sudo_defs_types *def; + int op; +{ + char *start, *end; + + /* Remove all old members. */ + if (op == FALSE || op == TRUE) + list_op(NULL, 0, def, freeall); + + /* Split str into multiple space-separated words and act on each one. */ + if (op != FALSE) { + end = str; + do { + /* Remove leading blanks, if nothing but blanks we are done. */ + for (start = end; isblank(*start); start++) + ; + if (*start == '\0') + break; + + /* Find end position and perform operation. */ + for (end = start; *end && !isblank(*end); end++) + ; + list_op(start, end - start, def, op == '-' ? delete : add); + } while (*end++ != '\0'); + } + return(TRUE); +} + +static int store_syslogfac(val, def, op) char *val; struct sudo_defs_types *def; @@ -669,19 +626,13 @@ return(FALSE); /* not found */ /* Store both name and number. */ - if (def->sd_un.str) { + if (def->sd_un.str) free(def->sd_un.str); - closelog(); - } - openlog(Argv[0], 0, fac->num); def->sd_un.str = estrdup(fac->name); sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num; #else - if (def->sd_un.str) { + if (def->sd_un.str) free(def->sd_un.str); - closelog(); - } - openlog(Argv[0], 0); def->sd_un.str = estrdup("default"); #endif /* LOG_NFACILITIES */ return(TRUE); @@ -698,9 +649,9 @@ if (op == FALSE || !val) return(FALSE); - if (def == &sudo_defs_table[I_GOODPRISTR]) + if (def == &sudo_defs_table[I_SYSLOG_GOODPRI]) idef = &sudo_defs_table[I_GOODPRI]; - else if (def == &sudo_defs_table[I_BADPRISTR]) + else if (def == &sudo_defs_table[I_SYSLOG_BADPRI]) idef = &sudo_defs_table[I_BADPRI]; else return(FALSE); @@ -747,9 +698,9 @@ int isub, flags; if (strcmp(def->name, "verifypw") == 0) - isub = I_VERIFYPW; + isub = I_VERIFYPW_I; else - isub = I_LISTPW; + isub = I_LISTPW_I; /* Handle !foo. */ if (op == FALSE) { @@ -783,4 +734,52 @@ sudo_defs_table[isub].sd_un.ival = flags; return(TRUE); +} + +static void +list_op(val, len, def, op) + char *val; + size_t len; + struct sudo_defs_types *def; + enum list_ops op; +{ + struct list_member *cur, *prev, *tmp; + + if (op == freeall) { + for (cur = def->sd_un.list; cur; ) { + tmp = cur; + cur = tmp->next; + free(tmp->value); + free(tmp); + } + def->sd_un.list = NULL; + return; + } + + for (cur = def->sd_un.list, prev = NULL; cur; prev = cur, cur = cur->next) { + if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) { + + if (op == add) + return; /* already exists */ + + /* Delete node */ + if (prev != NULL) + prev->next = cur->next; + else + def->sd_un.list = cur->next; + free(cur->value); + free(cur); + break; + } + } + + /* Add new node to the head of the list. */ + if (op == add) { + cur = emalloc(sizeof(struct list_member)); + cur->value = emalloc(len + 1); + (void) memcpy(cur->value, val, len); + cur->value[len] = '\0'; + cur->next = def->sd_un.list; + def->sd_un.list = cur; + } } Index: usr.bin/sudo/defaults.h =================================================================== RCS file: /cvs/src/usr.bin/sudo/defaults.h,v retrieving revision 1.4 diff -u -r1.4 defaults.h --- usr.bin/sudo/defaults.h 27 Mar 2000 03:44:38 -0000 1.4 +++ usr.bin/sudo/defaults.h 16 Jan 2002 19:09:14 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2000 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,12 +31,23 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: defaults.h,v 1.16 2000/03/22 23:40:09 millert Exp $ + * $Sudo: defaults.h,v 1.23 2001/12/14 19:54:56 millert Exp $ */ #ifndef _SUDO_DEFAULTS_H #define _SUDO_DEFAULTS_H +struct list_member { + char *value; + struct list_member *next; +}; + +enum list_ops { + add, + delete, + freeall +}; + /* * Structure describing compile-time and run-time options. */ @@ -46,9 +57,10 @@ char *desc; union { int flag; + int ival; char *str; - unsigned int ival; mode_t mode; + struct list_member *list; } sd_un; }; @@ -59,18 +71,22 @@ */ #undef T_INT #define T_INT 0x001 +#undef T_UINT +#define T_UINT 0x002 #undef T_STR -#define T_STR 0x002 +#define T_STR 0x003 #undef T_FLAG -#define T_FLAG 0x003 +#define T_FLAG 0x004 #undef T_MODE -#define T_MODE 0x004 +#define T_MODE 0x005 +#undef T_LIST +#define T_LIST 0x006 #undef T_LOGFAC -#define T_LOGFAC 0x005 +#define T_LOGFAC 0x007 #undef T_LOGPRI -#define T_LOGPRI 0x006 +#define T_LOGPRI 0x008 #undef T_PWFLAG -#define T_PWFLAG 0x007 +#define T_PWFLAG 0x009 #undef T_MASK #define T_MASK 0x0FF #undef T_BOOL @@ -81,71 +97,10 @@ /* * Indexes into sudo_defs_table */ - -/* Integer versions of syslog options. */ -#define I_LOGFAC 0 /* syslog facility */ -#define I_GOODPRI 1 /* syslog priority for successful auth */ -#define I_BADPRI 2 /* syslog priority for unsuccessful auth */ - -/* String versions of syslog options. */ -#define I_LOGFACSTR 3 /* syslog facility */ -#define I_GOODPRISTR 4 /* syslog priority for successful auth */ -#define I_BADPRISTR 5 /* syslog priority for unsuccessful auth */ - -/* Booleans */ -#define I_LONG_OTP_PROMPT 6 -#define I_IGNORE_DOT 7 -#define I_MAIL_ALWAYS 8 -#define I_MAIL_NOUSER 9 -#define I_MAIL_NOHOST 10 -#define I_MAIL_NOPERMS 11 -#define I_TTY_TICKETS 12 -#define I_LECTURE 13 -#define I_AUTHENTICATE 14 -#define I_ROOT_SUDO 15 -#define I_LOG_HOST 16 -#define I_LOG_YEAR 17 -#define I_SHELL_NOARGS 18 -#define I_SET_HOME 19 -#define I_PATH_INFO 20 -#define I_FQDN 21 -#define I_INSULTS 22 -#define I_REQUIRETTY 23 -#define I_ENV_EDITOR 24 -#define I_ROOTPW 25 -#define I_RUNASPW 26 -#define I_TARGETPW 27 -#define I_LOGINCLASS 28 -#define I_LOGNAME 29 - -/* Integer values */ -#define I_LOGLEN 30 /* wrap log file line after N chars */ -#define I_TS_TIMEOUT 31 /* timestamp stale after N minutes */ -#define I_PW_TIMEOUT 32 /* exit if pass not entered in N minutes */ -#define I_PW_TRIES 33 /* exit after N bad password tries */ -#define I_UMASK 34 /* umask to use or 0777 to use user's */ - -/* Strings */ -#define I_LOGFILE 35 /* path to logfile (or NULL for none) */ -#define I_MAILERPATH 36 /* path to sendmail or other mailer */ -#define I_MAILERFLAGS 37 /* flags to pass to the mailer */ -#define I_MAILTO 38 /* who to send bitch mail to */ -#define I_MAILSUB 39 /* subject line of mail msg */ -#define I_BADPASS_MSG 40 /* what to say when passwd is wrong */ -#define I_TIMESTAMPDIR 41 /* path to timestamp dir */ -#define I_EXEMPT_GRP 42 /* no password or PATH override for these */ -#define I_PASSPROMPT 43 /* password prompt */ -#define I_RUNAS_DEF 44 /* default user to run commands as */ -#define I_SECURE_PATH 45 /* set $PATH to this if not NULL */ -#define I_EDITOR 46 /* path to editor used by visudo */ - -/* Integer versions of list/verify options */ -#define I_LISTPW 47 -#define I_VERIFYPW 48 - -/* String versions of list/verify options */ -#define I_LISTPWSTR 49 -#define I_VERIFYPWSTR 50 +#include +#define I_LOGFAC I_SYSLOG_IFAC +#define I_GOODPRI I_SYSLOG_IGOODPRI +#define I_BADPRI I_SYSLOG_IBADPRI /* * Macros for accessing sudo_defs_table. @@ -153,6 +108,7 @@ #define def_flag(_i) (sudo_defs_table[(_i)].sd_un.flag) #define def_ival(_i) (sudo_defs_table[(_i)].sd_un.ival) #define def_str(_i) (sudo_defs_table[(_i)].sd_un.str) +#define def_list(_i) (sudo_defs_table[(_i)].sd_un.list) #define def_mode(_i) (sudo_defs_table[(_i)].sd_un.mode) /* Index: usr.bin/sudo/env.c =================================================================== RCS file: usr.bin/sudo/env.c diff -N usr.bin/sudo/env.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ usr.bin/sudo/env.c 16 Jan 2002 19:09:14 -0000 @@ -0,0 +1,490 @@ +/* + * Copyright (c) 2000, 2001 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * 4. Products derived from this software may not be called "Sudo" nor + * may "Sudo" appear in their names without specific prior written + * permission from the author. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif +#endif /* HAVE_STRING_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#include +#include + +#include "sudo.h" + +#ifndef lint +static const char rcsid[] = "$Sudo: env.c,v 1.15 2002/01/15 23:43:58 millert Exp $"; +#endif /* lint */ + +/* + * Flags used in env_reset() + */ +#undef DID_TERM +#define DID_TERM 0x01 +#undef DID_PATH +#define DID_PATH 0x02 +#undef DID_HOME +#define DID_HOME 0x04 +#undef DID_SHELL +#define DID_SHELL 0x08 +#undef DID_LOGNAME +#define DID_LOGNAME 0x10 +#undef DID_USER +#define DID_USER 0x12 + +/* + * Prototypes + */ +char **rebuild_env __P((int, char **)); +char **zero_env __P((char **)); +static void insert_env __P((char **, char *)); +static char *format_env __P((char *, char *)); + +/* + * Default table of "bad" variables to remove from the environment. + * XXX - how to omit TERMCAP if it starts with '/'? + */ +char *initial_badenv_table[] = { + "IFS", + "LOCALDOMAIN", + "RES_OPTIONS", + "HOSTALIASES", + "NLSPATH", + "PATH_LOCALE", + "LD_*", + "_RLD*", +#ifdef __hpux + "SHLIB_PATH", +#endif /* __hpux */ +#ifdef _AIX + "LIBPATH", +#endif /* _AIX */ +#ifdef HAVE_KERB4 + "KRB_CONF*", + "KRBCONFDIR" + "KRBTKFILE", +#endif /* HAVE_KERB4 */ +#ifdef HAVE_KERB5 + "KRB5_CONFIG*", +#endif /* HAVE_KERB5 */ +#ifdef HAVE_SECURID + "VAR_ACE", + "USR_ACE", + "DLC_ACE", +#endif /* HAVE_SECURID */ + "TERMINFO", + "TERMINFO_DIRS", + "TERMPATH", + "TERMCAP", /* XXX - only if it starts with '/' */ + "ENV", + "BASH_ENV", + NULL +}; + +/* + * Default table of variables to check for '%' and '/' characters. + */ +char *initial_checkenv_table[] = { + "LC_*", + "LANG", + "LANGUAGE", + NULL +}; + +/* + * Zero out environment and replace with a minimal set of + * USER, LOGNAME, HOME, TZ, PATH (XXX - should just set path to default) + * May set user_path, user_shell, and/or user_prompt as side effects. + */ +char ** +zero_env(envp) + char **envp; +{ + char **ep, **nep; + static char *newenv[7]; + + for (ep = envp; *ep; ep++) { + switch (**ep) { + case 'H': + if (strncmp("HOME=", *ep, 5) == 0) + break; + continue; + case 'L': + if (strncmp("LOGNAME=", *ep, 8) == 0) + break; + continue; + case 'P': + if (strncmp("PATH=", *ep, 5) == 0) { + user_path = *ep + 5; + /* XXX - set to sane default instead of user's? */ + break; + } + continue; + case 'S': + if (strncmp("SHELL=", *ep, 6) == 0) + user_shell = *ep + 6; + else if (!user_prompt && !strncmp("SUDO_PROMPT=", *ep, 12)) + user_prompt = *ep + 12; + continue; + case 'T': + if (strncmp("TZ=", *ep, 3) == 0) + break; + continue; + case 'U': + if (strncmp("USER=", *ep, 5) == 0) + break; + continue; + default: + continue; + } + + /* Deal with multiply defined variables (take first instance) */ + for (nep = newenv; *nep; nep++) { + if (**nep == **ep) + break; + } + if (*nep == NULL) + *nep++ = *ep; + } + return(&newenv[0]); +} + +/* + * Given a variable and value, allocate and format an environment string. + */ +static char * +format_env(var, val) + char *var; + char *val; +{ + char *estring, *p; + size_t varlen, vallen; + + varlen = strlen(var); + vallen = strlen(val); + p = estring = (char *) emalloc(varlen + vallen + 2); + strcpy(p, var); + p += varlen; + *p++ = '='; + strcpy(p, val); + + return(estring); +} + +/* + * Insert str into envp. + * Assumes str has an '=' in it and does not check for available space! + */ +static void +insert_env(envp, str) + char **envp; + char *str; +{ + char **ep; + size_t varlen; + + varlen = (strchr(str, '=') - str) + 1; + + for (ep = envp; *ep; ep++) { + if (strncmp(str, *ep, varlen) == 0) { + *ep = str; + break; + } + } + if (*ep == NULL) { + *ep++ = str; + *ep = NULL; + } +} + +/* + * Build a new environment and ether clear potentially dangerous + * variables from the old one or start with a clean slate. + * Also adds sudo-specific variables (SUDO_*). + */ +char ** +rebuild_env(sudo_mode, envp) + int sudo_mode; + char **envp; +{ + char **newenvp, **ep, **nep, *cp, *ps1; + int okvar, iswild, didvar; + size_t env_size, len; + struct list_member *cur; + + /* Count number of items in "env_keep" list (if any) */ + for (len = 0, cur = def_list(I_ENV_KEEP); cur; cur = cur->next) + len++; + + /* + * Either clean out the environment or reset to a safe default. + */ + ps1 = NULL; + didvar = 0; + if (def_flag(I_ENV_RESET)) { + int keepit; + + /* Alloc space for new environment. */ + env_size = 32 + len; + nep = newenvp = (char **) emalloc(env_size * sizeof(char *)); + + /* Pull in vars we want to keep from the old environment. */ + for (ep = envp; *ep; ep++) { + keepit = 0; + for (cur = def_list(I_ENV_KEEP); cur; cur = cur->next) { + len = strlen(cur->value); + /* Deal with '*' wildcard */ + if (cur->value[len - 1] == '*') { + len--; + iswild = 1; + } else + iswild = 0; + if (strncmp(cur->value, *ep, len) == 0 && + (iswild || (*ep)[len] == '=')) { + /* We always preserve TERM, no special treatment needed. */ + if (strncmp(*ep, "TERM=", 5) != 0) + keepit = 1; + break; + } + } + + /* For SUDO_PS1 -> PS1 conversion. */ + if (strncmp(*ep, "SUDO_PS1=", 8) == 0) + ps1 = *ep + 5; + + if (keepit) { + /* Preserve variable. */ + switch (**ep) { + case 'H': + if (strncmp(*ep, "HOME=", 5) == 0) + didvar |= DID_HOME; + break; + case 'S': + if (strncmp(*ep, "SHELL=", 6) == 0) + didvar |= DID_SHELL; + break; + case 'L': + if (strncmp(*ep, "LOGNAME=", 8) == 0) + didvar |= DID_LOGNAME; + break; + case 'U': + if (strncmp(*ep, "USER=", 5) == 0) + didvar |= DID_USER; + break; + } + *nep++ = *ep; + } else { + /* Preserve TERM and PATH, ignore anything else. */ + if (!(didvar & DID_TERM) && !strncmp(*ep, "TERM=", 5)) { + *nep++ = *ep; + didvar |= DID_TERM; + } else if (!(didvar & DID_PATH) && !strncmp(*ep, "PATH=", 5)) { + *nep++ = *ep; + didvar |= DID_PATH; + } + } + } + + /* + * Add in defaults unless they were preserved from the + * user's environment. + */ + if (!(didvar & DID_HOME)) + *nep++ = format_env("HOME", user_dir); + if (!(didvar & DID_SHELL)) + *nep++ = format_env("SHELL", sudo_user.pw->pw_shell); + if (!(didvar & DID_LOGNAME)) + *nep++ = format_env("LOGNAME", user_name); + if (!(didvar & DID_USER)) + *nep++ = format_env("USER", user_name); + } else { + /* Alloc space for new environment. */ + for (env_size = 16 + len, ep = envp; *ep; ep++, env_size++) + ; + nep = newenvp = (char **) emalloc(env_size * sizeof(char *)); + + /* + * Copy envp entries as long as they don't match env_delete or + * env_check. + */ + for (ep = envp; *ep; ep++) { + okvar = 1; + + /* Skip anything listed in env_delete. */ + for (cur = def_list(I_ENV_DELETE); cur && okvar; cur = cur->next) { + len = strlen(cur->value); + /* Deal with '*' wildcard */ + if (cur->value[len - 1] == '*') { + len--; + iswild = 1; + } else + iswild = 0; + if (strncmp(cur->value, *ep, len) == 0 && + (iswild || (*ep)[len] == '=')) { + okvar = 0; + } + } + + /* Check certain variables for '%' and '/' characters. */ + for (cur = def_list(I_ENV_CHECK); cur && okvar; cur = cur->next) { + len = strlen(cur->value); + /* Deal with '*' wildcard */ + if (cur->value[len - 1] == '*') { + len--; + iswild = 1; + } else + iswild = 0; + if (strncmp(cur->value, *ep, len) == 0 && + (iswild || (*ep)[len] == '=') && + strpbrk(*ep, "/%")) { + okvar = 0; + } + } + + if (okvar) { + if (strncmp(*ep, "SUDO_PS1=", 9) == 0) + ps1 = *ep + 5; + else if (strncmp(*ep, "PATH=", 5) == 0) + didvar |= DID_PATH; + else if (strncmp(*ep, "TERM=", 5) == 0) + didvar |= DID_TERM; + *nep++ = *ep; + } + } + } + /* Provide default values for $TERM and $PATH if they are not set. */ + if (!(didvar & DID_TERM)) + *nep++ = "TERM=unknown"; + if (!(didvar & DID_PATH)) + *nep++ = format_env("PATH", _PATH_DEFPATH); + *nep = NULL; + + /* + * At this point we must use insert_env() to modify newenvp. + * Access via 'nep' is not allowed (since we must check for dupes). + */ + +#ifdef SECURE_PATH + /* Replace the PATH envariable with a secure one. */ + insert_env(newenvp, format_env("PATH", SECURE_PATH)); +#endif + + /* Set $USER and $LOGNAME to target if "set_logname" is true. */ + if (def_flag(I_SET_LOGNAME) && runas_pw->pw_name) { + insert_env(newenvp, format_env("LOGNAME", runas_pw->pw_name)); + insert_env(newenvp, format_env("USER", runas_pw->pw_name)); + } + + /* Set $HOME for `sudo -H'. Only valid at PERM_RUNAS. */ + if ((sudo_mode & MODE_RESET_HOME) && runas_pw->pw_dir) + insert_env(newenvp, format_env("HOME", runas_pw->pw_dir)); + + /* Set PS1 if SUDO_PS1 is set. */ + if (ps1) + insert_env(newenvp, ps1); + + /* Add the SUDO_COMMAND envariable (cmnd + args). */ + if (user_args) { + cp = emalloc(strlen(user_cmnd) + strlen(user_args) + 15); + sprintf(cp, "SUDO_COMMAND=%s %s", user_cmnd, user_args); + insert_env(newenvp, cp); + } else + insert_env(newenvp, format_env("SUDO_COMMAND", user_cmnd)); + + /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */ + insert_env(newenvp, format_env("SUDO_USER", user_name)); + cp = emalloc(MAX_UID_T_LEN + 10); + sprintf(cp, "SUDO_UID=%ld", (long) user_uid); + insert_env(newenvp, cp); + cp = emalloc(MAX_UID_T_LEN + 10); + sprintf(cp, "SUDO_GID=%ld", (long) user_gid); + insert_env(newenvp, cp); + + return(newenvp); +} + +void +dump_badenv() +{ + struct list_member *cur; + + puts("Default table of environment variables to clear"); + for (cur = def_list(I_ENV_DELETE); cur; cur = cur->next) + printf("\t%s\n", cur->value); + + puts("Default table of environment variables to sanity check"); + for (cur = def_list(I_ENV_CHECK); cur; cur = cur->next) + printf("\t%s\n", cur->value); +} + +void +init_envtables() +{ + struct list_member *cur; + char **p; + + /* Fill in "env_delete" variable. */ + for (p = initial_badenv_table; *p; p++) { + cur = emalloc(sizeof(struct list_member)); + cur->value = estrdup(*p); + cur->next = def_list(I_ENV_DELETE); + def_list(I_ENV_DELETE) = cur; + } + + /* Fill in "env_check" variable. */ + for (p = initial_checkenv_table; *p; p++) { + cur = emalloc(sizeof(struct list_member)); + cur->value = estrdup(*p); + cur->next = def_list(I_ENV_CHECK); + def_list(I_ENV_CHECK) = cur; + } +} Index: usr.bin/sudo/fileops.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/fileops.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 fileops.c --- usr.bin/sudo/fileops.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/fileops.c 16 Jan 2002 19:09:14 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999, 2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,26 +34,29 @@ #include "config.h" +#include +#include +#ifdef HAVE_FLOCK +# include +#endif /* HAVE_FLOCK */ #include #ifdef HAVE_UNISTD_H -#include +# include #endif /* HAVE_UNISTD_H */ #include #include -#include -#include #ifdef HAVE_UTIME # ifdef HAVE_UTIME_H # include # endif /* HAVE_UTIME_H */ #else -# include "emul/utime.h" +# include "emul/utime.h" #endif /* HAVE_UTIME */ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: fileops.c,v 1.1 1999/08/07 09:59:43 millert Exp $"; +static const char rcsid[] = "$Sudo: fileops.c,v 1.3 2001/12/14 19:52:47 millert Exp $"; #endif /* lint */ /* @@ -119,7 +122,7 @@ op = LOCK_EX | LOCK_NB; break; case SUDO_UNLOCK: - op = LOCK_EX; + op = LOCK_UN; break; } return(flock(fd, op) == 0); Index: usr.bin/sudo/find_path.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/find_path.c,v retrieving revision 1.2 diff -u -r1.2 find_path.c --- usr.bin/sudo/find_path.c 28 Jan 2000 01:10:20 -0000 1.2 +++ usr.bin/sudo/find_path.c 16 Jan 2002 19:09:14 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller + * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,37 +34,34 @@ #include "config.h" +#include +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include -#include -#include -#include #include "sudo.h" -#ifndef STDC_HEADERS -extern char *getenv __P((const char *)); -extern char *strcpy __P((char *, const char *)); -extern int fprintf __P((FILE *, const char *, ...)); -extern ssize_t readlink __P((const char *, VOID *, size_t)); -extern int stat __P((const char *, struct stat *)); -extern int lstat __P((const char *, struct stat *)); -#endif /* !STDC_HEADERS */ - #ifndef lint -static const char rcsid[] = "$Sudo: find_path.c,v 1.95 2000/01/27 04:31:58 millert Exp $"; +static const char rcsid[] = "$Sudo: find_path.c,v 1.99 2001/12/14 19:52:47 millert Exp $"; #endif /* lint */ /* @@ -75,13 +72,13 @@ * but it is in '.' and IGNORE_DOT is set. */ int -find_path(infile, outfile) +find_path(infile, outfile, path) char *infile; /* file to find */ char **outfile; /* result parameter */ + char *path; /* path to search */ { static char command[MAXPATHLEN]; /* qualified filename */ char *n; /* for traversing path */ - char *path = NULL; /* contents of PATH env var */ char *origpath; /* so we can free path later */ char *result = NULL; /* result of path/file lookup */ int checkdot = 0; /* check current dir? */ @@ -104,13 +101,12 @@ return(NOT_FOUND); } - /* - * Grab PATH out of the environment (or from the string table - * if SECURE_PATH is in effect) and make a local copy. - */ - if (def_str(I_SECURE_PATH) && !user_is_exempt()) - path = def_str(I_SECURE_PATH); - else if ((path = getenv("PATH")) == NULL) + /* Use PATH passed in unless SECURE_PATH is in effect. */ +#ifdef SECURE_PATH + if (!user_is_exempt()) + path = SECURE_PATH; +#endif /* SECURE_PATH */ + if (path == NULL) return(NOT_FOUND); path = estrdup(path); origpath = path; Index: usr.bin/sudo/getspwuid.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/getspwuid.c,v retrieving revision 1.4 diff -u -r1.4 getspwuid.c --- usr.bin/sudo/getspwuid.c 21 Nov 2000 17:58:44 -0000 1.4 +++ usr.bin/sudo/getspwuid.c 16 Jan 2002 19:09:14 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller + * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,22 +34,31 @@ #include "config.h" +#include +#include +#include #include #ifdef STDC_HEADERS # include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif # include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -# include -#endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ -#include -#include -#include #include #ifdef HAVE_GETSPNAM # include @@ -75,13 +84,9 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: getspwuid.c,v 1.56 2000/02/18 17:56:26 millert Exp $"; +static const char rcsid[] = "$Sudo: getspwuid.c,v 1.62 2002/01/15 23:43:59 millert Exp $"; #endif /* lint */ -#ifndef STDC_HEADERS -extern char *getenv __P((const char *)); -#endif /* !STDC_HEADERS */ - /* * Global variables (yuck) */ @@ -93,97 +98,97 @@ /* * Local functions not visible outside getspwuid.c */ -static char *sudo_getshell __P((struct passwd *)); static struct passwd *sudo_pwdup __P((struct passwd *)); /* - * Return the user's shell based on either the SHELL - * environment variable or the passwd(5) entry (in that order). - */ -static char * -sudo_getshell(pw) - struct passwd *pw; -{ - char *pw_shell; - - if ((pw_shell = getenv("SHELL")) == NULL) - pw_shell = pw->pw_shell; - - /* empty string "" means bourne shell */ - if (*pw_shell == '\0') - pw_shell = _PATH_BSHELL; - - return(pw_shell); -} - -/* - * Return the encrypted password for the user described by pw. If shadow - * passwords are in use, look in the shadow file. + * Return a copy of the encrypted password for the user described by pw. + * If shadow passwords are in use, look in the shadow file. */ char * sudo_getepw(pw) struct passwd *pw; { + char *epw; /* If there is a function to check for shadow enabled, use it... */ #ifdef HAVE_ISCOMSEC if (!iscomsec()) - return(pw->pw_passwd); + return(estrdup(pw->pw_passwd)); #endif /* HAVE_ISCOMSEC */ #ifdef HAVE_ISSECURE if (!issecure()) - return(pw->pw_passwd); + return(estrdup(pw->pw_passwd)); #endif /* HAVE_ISSECURE */ + epw = NULL; #ifdef HAVE_GETPRPWNAM { struct pr_passwd *spw; - spw = getprpwnam(pw->pw_name); - if (spw != NULL && spw->ufld.fd_encrypt != NULL) { + setprpwent(); + if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) { # ifdef __alpha crypt_type = spw->ufld.fd_oldcrypt; # endif /* __alpha */ - return(spw->ufld.fd_encrypt); + epw = estrdup(spw->ufld.fd_encrypt); } + endprpwent(); + if (epw) + return(epw); } #endif /* HAVE_GETPRPWNAM */ #ifdef HAVE_GETSPNAM { struct spwd *spw; + setspent(); if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp) - return(spw->sp_pwdp); + epw = estrdup(spw->sp_pwdp); + endspent(); + if (epw) + return(epw); } #endif /* HAVE_GETSPNAM */ #ifdef HAVE_GETSPWUID { struct s_passwd *spw; + setspwent(); if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd) - return(spw->pw_passwd); + epw = estrdup(spw->pw_passwd); + endspwent(); + if (epw) + return(epw); } #endif /* HAVE_GETSPWUID */ #ifdef HAVE_GETPWANAM { struct passwd_adjunct *spw; + setpwaent(); if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd) - return(spw->pwa_passwd); + epw = estrdup(spw->pwa_passwd); + endpwaent(); + if (epw) + return(epw); } #endif /* HAVE_GETPWANAM */ #ifdef HAVE_GETAUTHUID { AUTHORIZATION *spw; + setauthent(); if ((spw = getauthuid(pw->pw_uid)) && spw->a_password) - return(spw->a_password); + epw = estrdup(spw->a_password); + endauthent(); + if (epw) + return(epw); } #endif /* HAVE_GETAUTHUID */ /* Fall back on normal password. */ - return(pw->pw_passwd); + return(estrdup(pw->pw_passwd)); } /* @@ -210,11 +215,14 @@ local_pw->pw_class = estrdup(pw->pw_class); #endif - /* pw_shell is a special case since we overide with $SHELL */ - local_pw->pw_shell = estrdup(sudo_getshell(pw)); + /* If shell field is empty, expand to _PATH_BSHELL. */ + if (local_pw->pw_shell[0] == '\0') + local_pw->pw_shell = _PATH_BSHELL; + else + local_pw->pw_shell = estrdup(pw->pw_shell); /* pw_passwd gets a shadow password if applicable */ - local_pw->pw_passwd = estrdup(sudo_getepw(pw)); + local_pw->pw_passwd = sudo_getepw(pw); return(local_pw); } Index: usr.bin/sudo/goodpath.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/goodpath.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 goodpath.c --- usr.bin/sudo/goodpath.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/goodpath.c 16 Jan 2002 19:09:14 -0000 @@ -1,6 +1,6 @@ /* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller - * All rights reserved. + * Copyright (c) 1996, 1998, 1999, 2001 + * Todd C. Miller . All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -34,29 +34,26 @@ #include "config.h" +#include +#include +#include #include -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include -#include -#include -#include #include "sudo.h" -#ifndef STDC_HEADERS -extern int stat __P((const char *, struct stat *)); -#endif /* !STDC_HEADERS */ - #ifndef lint -static const char rcsid[] = "$Sudo: goodpath.c,v 1.37 1999/08/20 20:37:14 millert Exp $"; +static const char rcsid[] = "$Sudo: goodpath.c,v 1.38 2001/12/14 19:52:47 millert Exp $"; #endif /* lint */ /* Index: usr.bin/sudo/install-sh =================================================================== RCS file: /cvs/src/usr.bin/sudo/install-sh,v retrieving revision 1.3 diff -u -r1.3 install-sh --- usr.bin/sudo/install-sh 9 Jun 2000 16:25:59 -0000 1.3 +++ usr.bin/sudo/install-sh 16 Jan 2002 19:09:14 -0000 @@ -1,7 +1,7 @@ #! /bin/sh ## (From INN-1.4, written by Rich Salz) -## $Revision: 1.3 $ +## $Revision: 1.5 $ ## A script to install files and directories. PROGNAME=`basename $0` @@ -16,36 +16,31 @@ MV=mv RM=rm STRIP=strip -WHOAMI=whoami +WHOAMI="echo root" ## Some systems don't support -x, so we have to use -f. -if [ ${CHOWN} = chown ] ; then - if [ -f /sbin/chown ] ; then - CHOWN=/sbin/chown - elif [ -f /etc/chown ] ; then - CHOWN=/etc/chown - elif [ -f /usr/sbin/chown ] ; then - CHOWN=/usr/sbin/chown - elif [ -f /usr/etc/chown ] ; then - CHOWN=/usr/etc/chown +for d in /sbin /etc /usr/sbin /usr/etc; do + if [ -f $d/chown ]; then + CHOWN=${d}/chown + break fi -fi +done -if [ ${WHOAMI} = whoami ] ; then - if [ -f /usr/ucb/whoami ] ; then - WHOAMI=/usr/ucb/whoami - elif [ -f /usr/bin/whoami ] ; then - WHOAMI=/usr/bin/whoami +for d in /usr/bin /bin /usr/ucb /usr/bsd; do + if [ -f $d/whoami ]; then + WHOAMI=${d}/whoami + break + elif [ -f $d/id ]; then + WHOAMI=${d}/id | sed -n 's/^[^(]*(\([^)]*\)).*/\1/p' fi -fi +done -if [ ${STRIP} = strip ] ; then - if [ -f /usr/ccs/bin/strip ] ; then - STRIP=/usr/ccs/bin/strip - elif [ -f /usr/bin/strip ] ; then - STRIP=/usr/bin/strip +for d in /usr/ccs/bin /usr/bin /bin; do + if [ -f $d/strip ]; then + STRIP=${d}/strip + break fi -fi +done ## Defaults. CHOWNIT=false @@ -55,7 +50,15 @@ BACKIT=false TOUCHIT=true SAVESRC=false -ROOT=unknown + +case `${WHOAMI}` in +root) + ROOT=true + ;; +*) + ROOT=false + ;; +esac ## Process JCL. MORETODO=true @@ -83,35 +86,11 @@ CHGROUPIT=true ;; X-G) - case ${ROOT} in - unknown) - case `${WHOAMI}` in - root) - ROOT=true - ;; - *) - ROOT=false - ;; - esac - ;; - esac GROUP="$2" shift ${ROOT} && CHGROUPIT=true ;; X-G*) - case ${ROOT} in - unknown) - case `${WHOAMI}` in - root) - ROOT=true - ;; - *) - ROOT=false - ;; - esac - ;; - esac if ${ROOT} ; then GROUP=`expr "$1" : '-g\(.*\)'` CHGROUPIT=true @@ -126,6 +105,15 @@ MODE=`expr "$1" : '-m\(.*\)'` CHMODIT=true ;; + X-M) + MODE="$2" + ${ROOT} && CHMODIT=true + shift + ;; + X-M*) + MODE=`expr "$1" : '-m\(.*\)'` + ${ROOT} && CHMODIT=true + ;; X-n) TOUCHIT=false ;; @@ -139,35 +127,11 @@ CHOWNIT=true ;; X-O) - case ${ROOT} in - unknown) - case `${WHOAMI}` in - root) - ROOT=true - ;; - *) - ROOT=false - ;; - esac - ;; - esac OWNER="$2" shift ${ROOT} && CHOWNIT=true ;; X-O*) - case ${ROOT} in - unknown) - case `${WHOAMI}` in - root) - ROOT=true - ;; - *) - ROOT=false - ;; - esac - ;; - esac if ${ROOT} ; then OWNER=`expr "$1" : '-o\(.*\)'` CHOWNIT=true Index: usr.bin/sudo/interfaces.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/interfaces.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 interfaces.c --- usr.bin/sudo/interfaces.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/interfaces.c 16 Jan 2002 19:09:14 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller + * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -43,55 +43,125 @@ #include "config.h" -#include -#ifdef STDC_HEADERS -#include -#endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ -#ifdef HAVE_STRING_H -#include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include #include #include #include #include #include #if defined(HAVE_SYS_SOCKIO_H) && !defined(SIOCGIFCONF) -#include +# include #endif +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif +#endif /* HAVE_STRING_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#include +#include #ifdef _ISC -#include -#include -#include -#include -#define STRSET(cmd, param, len) {strioctl.ic_cmd=(cmd);\ +# include +# include +# include +# include +# define STRSET(cmd, param, len) {strioctl.ic_cmd=(cmd);\ strioctl.ic_dp=(param);\ strioctl.ic_timout=0;\ strioctl.ic_len=(len);} #endif /* _ISC */ #ifdef _MIPS -#include +# include #endif /* _MIPS */ #include #include #include +#ifdef HAVE_GETIFADDRS +# include +#endif #include "sudo.h" #include "interfaces.h" #ifndef lint -static const char rcsid[] = "$Sudo: interfaces.c,v 1.59 1999/08/12 16:24:09 millert Exp $"; +static const char rcsid[] = "$Sudo: interfaces.c,v 1.62 2001/12/14 22:12:39 millert Exp $"; #endif /* lint */ -#if defined(SIOCGIFCONF) && !defined(STUB_LOAD_INTERFACES) +#ifdef HAVE_GETIFADDRS + +/* + * Allocate and fill in the interfaces global variable with the + * machine's ip addresses and netmasks. + */ +void +load_interfaces() +{ + struct ifaddrs *ifa, *ifaddrs; + /* XXX - sockaddr_in6 sin6; */ + struct sockaddr_in *sin; + int i; + + if (getifaddrs(&ifaddrs)) + return; + + /* Allocate space for the interfaces list. */ + for (ifa = ifaddrs; ifa -> ifa_next; ifa = ifa -> ifa_next) { + /* Skip interfaces marked "down" and "loopback". */ + if (ifa->ifa_addr == NULL || !(ifa->ifa_flags & IFF_UP) || + (ifa->ifa_flags & IFF_LOOPBACK)) + continue; + + switch(ifa->ifa_addr->sa_family) { + /* XXX - AF_INET6 */ + case AF_INET: + num_interfaces++; + break; + } + } + interfaces = + (struct interface *) emalloc(sizeof(struct interface) * num_interfaces); + + /* Store the ip addr / netmask pairs. */ + for (ifa = ifaddrs, i = 0; ifa -> ifa_next; ifa = ifa -> ifa_next) { + /* Skip interfaces marked "down" and "loopback". */ + if (ifa->ifa_addr == NULL || !(ifa->ifa_flags & IFF_UP) || + (ifa->ifa_flags & IFF_LOOPBACK)) + continue; + + switch(ifa->ifa_addr->sa_family) { + /* XXX - AF_INET6 */ + case AF_INET: + sin = (struct sockaddr_in *)ifa->ifa_addr; + memcpy(&interfaces[i].addr, &sin->sin_addr, + sizeof(struct in_addr)); + sin = (struct sockaddr_in *)ifa->ifa_netmask; + memcpy(&interfaces[i].netmask, &sin->sin_addr, + sizeof(struct in_addr)); + i++; + break; + } + } + freeifaddrs(ifaddrs); +} + +#elif defined(SIOCGIFCONF) && !defined(STUB_LOAD_INTERFACES) + /* * Allocate and fill in the interfaces global variable with the * machine's ip addresses and netmasks. @@ -238,3 +308,14 @@ } #endif /* SIOCGIFCONF && !STUB_LOAD_INTERFACES */ + +void +dump_interfaces() +{ + int i; + + puts("Local IP address and netmask pairs:"); + for (i = 0; i < num_interfaces; i++) + printf("\t%s / 0x%x\n", inet_ntoa(interfaces[i].addr), + ntohl(interfaces[i].netmask.s_addr)); +} Index: usr.bin/sudo/interfaces.h =================================================================== RCS file: /cvs/src/usr.bin/sudo/interfaces.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 interfaces.h --- usr.bin/sudo/interfaces.h 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/interfaces.h 16 Jan 2002 19:09:14 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller + * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: interfaces.h,v 1.3 1999/07/31 16:19:46 millert Exp $ + * $Sudo: interfaces.h,v 1.5 2001/12/14 19:54:56 millert Exp $ */ #ifndef _SUDO_INTERFACES_H @@ -49,6 +49,7 @@ * Prototypes for external functions. */ void load_interfaces __P((void)); +void dump_interfaces __P((void)); /* * Definitions for external variables. Index: usr.bin/sudo/logging.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/logging.c,v retrieving revision 1.4 diff -u -r1.4 logging.c --- usr.bin/sudo/logging.c 23 Aug 2001 21:45:03 -0000 1.4 +++ usr.bin/sudo/logging.c 17 Jan 2002 01:05:35 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994-1996,1998-1999 Todd C. Miller + * Copyright (c) 1994-1996,1998-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,32 +34,38 @@ #include "config.h" +#include +#include +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include #include #include -#include -#include -#include -#include #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: logging.c,v 1.140 2000/03/13 16:05:05 millert Exp $"; +static const char rcsid[] = "$Sudo: logging.c,v 1.153 2002/01/16 21:28:25 millert Exp $"; #endif /* lint */ static void do_syslog __P((int, char *)); @@ -67,33 +73,60 @@ static void send_mail __P((char *)); static void mail_auth __P((int, char *)); static char *get_timestr __P((void)); +static void mysyslog __P((int, const char *, ...)); -#ifdef BROKEN_SYSLOG -# define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */ -# define SYSLOG syslog_wrapper - -static void syslog_wrapper __P((int, char *, char *, char *)); +#define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */ /* - * Some versions of syslog(3) don't guarantee success and return - * an int (notably HP-UX < 10.0). So, if at first we don't succeed, - * try, try again... + * We do an openlog(3)/closelog(3) for each message because some + * authentication methods (notably PAM) use syslog(3) for their + * own nefarious purposes and may call openlog(3) and closelog(3). + * Note that because we don't want to assume that all systems have + * vsyslog(3) (HP-UX doesn't) "%m" will not be expanded. + * Sadly this is a maze of #ifdefs. */ static void -syslog_wrapper(pri, fmt, ap) +#ifdef __STDC__ +mysyslog(int pri, const char *fmt, ...) +#else +mysyslog(pri, fmt, va_alist) int pri; const char *fmt; - va_list ap; + va_dcl +#endif { +#ifdef BROKEN_SYSLOG int i; +#endif + char buf[MAXSYSLOGLEN+1]; + va_list ap; +#ifdef __STDC__ + va_start(ap, fmt); +#else + va_start(ap); +#endif +#ifdef LOG_NFACILITIES + openlog(Argv[0], 0, def_ival(I_LOGFAC)); +#else + openlog(Argv[0], 0); +#endif + vsnprintf(buf, sizeof(buf), fmt, ap); +#ifdef BROKEN_SYSLOG + /* + * Some versions of syslog(3) don't guarantee success and return + * an int (notably HP-UX < 10.0). So, if at first we don't succeed, + * try, try again... + */ for (i = 0; i < MAXSYSLOGTRIES; i++) - if (vsyslog(pri, fmt, ap) == 0) + if (syslog(pri, "%s", buf) == 0) break; -} #else -# define SYSLOG syslog + syslog(pri, "%s", buf); #endif /* BROKEN_SYSLOG */ + va_end(ap); + closelog(); +} /* * Log a message to syslog, pre-pending the username and splitting the @@ -129,9 +162,9 @@ *tmp = '\0'; if (count == 0) - SYSLOG(pri, "%8.8s : %s", user_name, p); + mysyslog(pri, "%8.8s : %s", user_name, p); else - SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p); + mysyslog(pri, "%8.8s : (command continued) %s", user_name, p); *tmp = save; /* restore saved character */ @@ -140,9 +173,9 @@ ; } else { if (count == 0) - SYSLOG(pri, "%8.8s : %s", user_name, p); + mysyslog(pri, "%8.8s : %s", user_name, p); else - SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p); + mysyslog(pri, "%8.8s : (command continued) %s", user_name, p); } } } @@ -155,7 +188,7 @@ char *beg, *oldend, *end; FILE *fp; mode_t oldmask; - int maxlen = def_ival(I_LOGLEN); + int maxlen = def_ival(I_LOGLINELEN); oldmask = umask(077); fp = fopen(def_str(I_LOGFILE), "a"); @@ -171,7 +204,7 @@ send_mail(full_line); free(full_line); } else { - if (def_ival(I_LOGLEN) == 0) { + if (def_ival(I_LOGLINELEN) == 0) { /* Don't pretty-print long log file lines (hard to grep) */ if (def_flag(I_LOG_HOST)) (void) fprintf(fp, "%s : %s : HOST=%s : %s\n", get_timestr(), @@ -299,7 +332,7 @@ /* * Log via syslog and/or a file. */ - if (def_str(I_LOGFACSTR)) + if (def_str(I_SYSLOG)) do_syslog(pri, logline); if (def_str(I_LOGFILE)) do_logfile(logline); @@ -380,14 +413,14 @@ /* * Log to syslog and/or a file. */ - if (def_str(I_LOGFACSTR)) + if (def_str(I_SYSLOG)) do_syslog(def_ival(I_BADPRI), logline); if (def_str(I_LOGFILE)) do_logfile(logline); - free(logline); - if (message != logline) - free(message); + free(message); + if (logline != message) + free(logline); if (!(flags & NO_EXIT)) exit(1); @@ -405,23 +438,24 @@ FILE *mail; char *p; int pfd[2], pid, status; -#ifdef POSIX_SIGNALS sigset_t set, oset; -#else - int omask; -#endif /* POSIX_SIGNALS */ +#ifndef NO_ROOT_MAILER + static char *root_envp[] = { + "HOME=/", + "PATH=/usr/bin:/bin", + "LOGNAME=root", + "USER=root", + NULL + }; +#endif /* Just return if mailer is disabled. */ if (!def_str(I_MAILERPATH) || !def_str(I_MAILTO)) return; -#ifdef POSIX_SIGNALS (void) sigemptyset(&set); (void) sigaddset(&set, SIGCHLD); (void) sigprocmask(SIG_BLOCK, &set, &oset); -#else - omask = sigblock(sigmask(SIGCHLD)); -#endif /* POSIX_SIGNALS */ if (pipe(pfd) == -1) { (void) fprintf(stderr, "%s: cannot open pipe: %s\n", @@ -442,10 +476,12 @@ char *mpath, *mflags; int i; - /* Child. */ + /* Child, set stdin to output side of the pipe */ + if (pfd[0] != STDIN_FILENO) { + (void) dup2(pfd[0], STDIN_FILENO); + (void) close(pfd[0]); + } (void) close(pfd[1]); - (void) dup2(pfd[0], STDIN_FILENO); - (void) close(pfd[0]); /* Build up an argv based the mailer path and flags */ mflags = estrdup(def_str(I_MAILERFLAGS)); @@ -463,16 +499,27 @@ } argv[i] = NULL; - /* Run mailer as root so user cannot kill it. */ - set_perms(PERM_ROOT, 0); + /* Close password file so we don't leak the fd. */ + endpwent(); + + /* + * Depending on the config, either run the mailer as root + * (so user cannot kill it) or as the user (for the paranoid). + */ +#ifndef NO_ROOT_MAILER + set_perms(PERM_FULL_ROOT, 0); + execve(mpath, argv, root_envp); +#else + set_perms(PERM_FULL_USER, 0); execv(mpath, argv); +#endif /* NO_ROOT_MAILER */ _exit(127); } break; } - mail = fdopen(pfd[1], "w"); (void) close(pfd[0]); + mail = fdopen(pfd[1], "w"); /* Pipes are all setup, send message via sendmail. */ (void) fprintf(mail, "To: %s\nFrom: %s\nSubject: ", @@ -502,11 +549,7 @@ #ifdef sudo_waitpid (void) sudo_waitpid(pid, &status, WNOHANG); #endif -#ifdef POSIX_SIGNALS (void) sigprocmask(SIG_SETMASK, &oset, NULL); -#else - (void) sigsetmask(omask); -#endif /* POSIX_SIGNALS */ } /* @@ -525,11 +568,11 @@ VALIDATE_ERROR|VALIDATE_OK|FLAG_NO_USER|FLAG_NO_HOST|VALIDATE_NOT_OK; else { mail_mask = VALIDATE_ERROR; - if (def_flag(I_MAIL_NOUSER)) + if (def_flag(I_MAIL_NO_USER)) mail_mask |= FLAG_NO_USER; - if (def_flag(I_MAIL_NOHOST)) + if (def_flag(I_MAIL_NO_HOST)) mail_mask |= FLAG_NO_HOST; - if (def_flag(I_MAIL_NOPERMS)) + if (def_flag(I_MAIL_NO_PERMS)) mail_mask |= VALIDATE_NOT_OK; } @@ -552,9 +595,6 @@ #else (void) wait(&status); #endif -#ifndef POSIX_SIGNALS - (void) signal(SIGCHLD, reapchild); -#endif /* POSIX_SIGNALS */ errno = serrno; } Index: usr.bin/sudo/mkdefaults =================================================================== RCS file: usr.bin/sudo/mkdefaults diff -N usr.bin/sudo/mkdefaults --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ usr.bin/sudo/mkdefaults 16 Jan 2002 19:09:14 -0000 @@ -0,0 +1,81 @@ +#!/usr/bin/perl -w +# +# Generate sudo_defs_table and associated defines +# +# Input should be formatted thusly: +# +# var_name +# TYPE +# description (or NULL) + +# Deal with optional -o (output) argument +if ($#ARGV > 0 && $ARGV[0] eq "-o") { + shift; + $header = $cfile = shift; + $header .= '.h'; + $cfile .= '.c'; +} +die "usage: $0 input_file" unless $#ARGV == 0; + +$infile = $ARGV[0]; +if (!defined($header)) { + $header = $infile; + $header =~ s/(\.in)?$/.h/; +} +if (!defined($cfile)) { + $cfile = $infile; + $cfile =~ s/(\.in)?$/.c/; +} + +open(IN, "<$infile") || die "$0: can't open $infile: $!\n"; +open(HEADER, ">$header") || die "$0: can't open $header: $!\n"; +open(CFILE, ">$cfile") || die "$0: can't open $cfile: $!\n"; + +print CFILE "struct sudo_defs_types sudo_defs_table[] = {\n {\n"; + +$count = -1; +while() { + chomp; + next if /^\s*$/; + next if /^\s*#/; + + if (/^\S/) { + # Print last record + &print_record() if defined($var); + + $var = $_; + ($type, $desc) = (undef, undef); + $count++; + } else { + s/^\s+//; + s/\s+$//; + die "$0: syntax error near line $.\n" if + defined($type) && defined($desc); + next if /^NULL$/; + if (defined($type)) { + # Strip leading and trailing double quote and escape the rest + s/^"//; + s/"$//; + s/"/\\"/g; + $desc = "\"$_\""; + } else { + $type = $_; + } + } +} +&print_record(); +print CFILE "\tNULL, 0, NULL\n }\n};\n"; + +close(IN); +close(HEADER); +close(CFILE); + +sub print_record { + $defname = "I_" . uc($var); + printf HEADER "#define %-24s%d", $defname, $count; + #print HEADER "\t/* $desc */" if defined($desc); + print HEADER "\n"; + + $desc = "NULL" unless defined($desc); + print CFILE "\t\"$var\", $type,\n\t$desc\n }, {\n"; +} Index: usr.bin/sudo/mkinstalldirs =================================================================== RCS file: /cvs/src/usr.bin/sudo/mkinstalldirs,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 mkinstalldirs --- usr.bin/sudo/mkinstalldirs 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/mkinstalldirs 16 Jan 2002 19:09:14 -0000 @@ -1,26 +1,66 @@ -#!/bin/sh +#! /bin/sh # mkinstalldirs --- make directory hierarchy # Author: Noah Friedman # Created: 1993-05-16 -# Last modified: 1994-03-25 # Public domain +# $Id: mkinstalldirs,v 1.2 2002/01/03 03:49:16 millert Exp $ + +umask 022 errstatus=0 +dirmode="" + +usage="\ +Usage: mkinstalldirs [-h] [--help] [-m mode] dir ..." + +# process command line arguments +while test $# -gt 0 ; do + case "${1}" in + -h | --help | --h* ) # -h for help + echo "${usage}" 1>&2; exit 0 ;; + -m ) # -m PERM arg + shift + test $# -eq 0 && { echo "${usage}" 1>&2; exit 1; } + dirmode="${1}" + shift ;; + -- ) shift; break ;; # stop option processing + -* ) echo "${usage}" 1>&2; exit 1 ;; # unknown option + * ) break ;; # first non-opt arg + esac +done -for file in ${1+"$@"} ; do +for file +do set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` shift pathcomp= - for d in ${1+"$@"} ; do + for d + do pathcomp="$pathcomp$d" case "$pathcomp" in -* ) pathcomp=./$pathcomp ;; esac if test ! -d "$pathcomp"; then - echo "mkdir $pathcomp" 1>&2 - mkdir "$pathcomp" || errstatus=$? + echo "mkdir $pathcomp" + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + else + if test ! -z "$dirmode"; then + echo "chmod $dirmode $pathcomp" + + lasterr="" + chmod $dirmode "$pathcomp" || lasterr=$? + + if test ! -z "$lasterr"; then + errstatus=$lasterr + fi + fi + fi fi pathcomp="$pathcomp/" @@ -29,4 +69,7 @@ exit $errstatus -# mkinstalldirs ends here +# Local Variables: +# mode:shell-script +# sh-indentation:3 +# End: Index: usr.bin/sudo/parse.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/parse.c,v retrieving revision 1.5 diff -u -r1.5 parse.c --- usr.bin/sudo/parse.c 13 Aug 2000 21:58:52 -0000 1.5 +++ usr.bin/sudo/parse.c 16 Jan 2002 19:09:14 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2000 Todd C. Miller + * Copyright (c) 1996, 1998-2002 Todd C. Miller * All rights reserved. * * This code is derived from software contributed by Chris Jepeway @@ -37,19 +37,28 @@ #include "config.h" +#include +#include +#include #include #ifdef STDC_HEADERS # include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -# include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H # include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -# include -#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #ifdef HAVE_FNMATCH # include #endif /* HAVE_FNMATCH_H */ @@ -59,25 +68,22 @@ #include #include #include -#include -#include #include #include #include -#include -#if HAVE_DIRENT_H +#ifdef HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) #else # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen -# if HAVE_SYS_NDIR_H +# ifdef HAVE_SYS_NDIR_H # include # endif -# if HAVE_SYS_DIR_H +# ifdef HAVE_SYS_DIR_H # include # endif -# if HAVE_NDIR_H +# ifdef HAVE_NDIR_H # include # endif #endif @@ -91,7 +97,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -static const char rcsid[] = "$Sudo: parse.c,v 1.130 2000/03/23 04:38:19 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.c,v 1.136 2002/01/08 15:00:18 millert Exp $"; #endif /* lint */ /* @@ -112,11 +118,12 @@ * allowed to run the specified command on this host as the target user. */ int -sudoers_lookup(sudo_mode) - int sudo_mode; +sudoers_lookup(pwflag) + int pwflag; { int error; int pwcheck; + int nopass; /* Become sudoers file owner */ set_perms(PERM_SUDOERS, 0); @@ -130,8 +137,7 @@ init_parser(); /* If pwcheck *could* be PWCHECK_ALL or PWCHECK_ANY, keep more state. */ - if (!(sudo_mode & MODE_RUN) && sudo_mode != MODE_KILL && - sudo_mode != MODE_INVALIDATE) + if (pwflag > 0) keepall = TRUE; /* Need to be root while stat'ing things in the parser. */ @@ -149,21 +155,10 @@ * The pw options may have changed during sudoers parse so we * wait until now to set this. */ - switch (sudo_mode) { - case MODE_VALIDATE: - pwcheck = def_ival(I_VERIFYPW); - break; - case MODE_LIST: - pwcheck = def_ival(I_LISTPW); - break; - case MODE_KILL: - case MODE_INVALIDATE: - pwcheck = PWCHECK_NEVER; - break; - default: - pwcheck = 0; - break; -} + if (pwflag) + pwcheck = (pwflag == -1) ? PWCHECK_NEVER : def_ival(pwflag); + else + pwcheck = 0; /* * Assume the worst. If the stack is empty the user was @@ -186,13 +181,12 @@ * It is set for the "validate", "list" and "kill" pseudo-commands. * Always check the host and user. */ + nopass = -1; if (pwcheck) { - int nopass, found; + int found; if (pwcheck == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE)) nopass = FLAG_NOPASS; - else - nopass = -1; found = 0; while (top) { if (host_matches == TRUE) { @@ -241,7 +235,9 @@ /* * The user was not explicitly granted nor denied access. */ - return(error); + if (nopass == -1) + nopass = 0; + return(error | nopass); } /* @@ -387,8 +383,13 @@ addr.s_addr = inet_addr(n); if (strchr(m, '.')) mask.s_addr = inet_addr(m); - else - mask.s_addr = (1 << atoi(m)) - 1; /* XXX - better way? */ + else { + i = 32 - atoi(m); + mask.s_addr = 0xffffffff; + mask.s_addr >>= i; + mask.s_addr <<= i; + mask.s_addr = htonl(mask.s_addr); + } *(m - 1) = '/'; for (i = 0; i < num_interfaces; i++) Index: usr.bin/sudo/parse.lex =================================================================== RCS file: /cvs/src/usr.bin/sudo/parse.lex,v retrieving revision 1.3 diff -u -r1.3 parse.lex --- usr.bin/sudo/parse.lex 27 Mar 2000 03:44:38 -0000 1.3 +++ usr.bin/sudo/parse.lex 16 Jan 2002 19:09:14 -0000 @@ -1,6 +1,6 @@ %{ /* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller + * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. * * This code is derived from software contributed by Chris Jepeway @@ -39,30 +39,37 @@ #include "config.h" +#include +#include +#include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) -#include +# include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include -#include -#include #include "sudo.h" #include "parse.h" -#include "sudo.tab.h" +#include #ifndef lint -static const char rcsid[] = "$Sudo: parse.lex,v 1.111 2000/03/23 04:38:20 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.lex,v 1.118 2002/01/15 18:16:31 millert Exp $"; #endif /* lint */ #undef yywrap /* guard against a yywrap macro */ @@ -93,86 +100,115 @@ OCTET (1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]) DOTTEDQUAD {OCTET}(\.{OCTET}){3} HOSTNAME [[:alnum:]_-]+ -WORD ([^@!=:,\(\) \t\n\\]|\\[^\n])+ +WORD ([^#@!=:,\(\) \t\n\\]|\\[^\n])+ +ENVAR ([^#!=, \t\n\\]|\\[^\n])([^#=, \t\n\\]|\\[^\n])* +DEFVAR [a-z_]+ -%s GOTCMND +/* XXX - convert GOTRUNAS to exclusive state (GOTDEFS cannot be) */ %s GOTRUNAS %s GOTDEFS +%x GOTCMND +%x STARTDEFS +%x INDEFS %% -[ \t]+ { /* throw away space/tabs */ - sawspace = TRUE; /* but remember for fill_args */ +[[:blank:]]+ BEGIN STARTDEFS; + +{DEFVAR} { + BEGIN INDEFS; + LEXTRACE("DEFVAR "); + fill(yytext, yyleng); + return(DEFVAR); } -\\[ \t]*\n { - sawspace = TRUE; /* remember for fill_args */ - ++sudolineno; - LEXTRACE("\n\t"); - } /* throw away EOL after \ */ +{ + , { + BEGIN STARTDEFS; + LEXTRACE(", "); + return(','); + } /* return ',' */ -\\[:\,=\\ \t] { - LEXTRACE("QUOTEDCHAR "); - fill_args(yytext + 1, 1, sawspace); - sawspace = FALSE; - } + = { + LEXTRACE("= "); + return('='); + } /* return '=' */ + + \+= { + LEXTRACE("+= "); + return('+'); + } /* return '+' */ + + -= { + LEXTRACE("-= "); + return('-'); + } /* return '-' */ -\"([^\"]|\\\")+\" { + \"([^\"]|\\\")+\" { LEXTRACE("WORD(1) "); fill(yytext + 1, yyleng - 2); return(WORD); } -(#.*)?\n { - BEGIN INITIAL; - ++sudolineno; - LEXTRACE("\n"); - return(COMMENT); + {ENVAR} { + LEXTRACE("WORD(2) "); + fill(yytext, yyleng); + return(WORD); + } +} + +{ + \\[:\\,= \t#] { + LEXTRACE("QUOTEDCHAR "); + fill_args(yytext + 1, 1, sawspace); + sawspace = FALSE; } -[:\,=\n] { + [#:\,=\n] { BEGIN INITIAL; unput(*yytext); return(COMMAND); } /* end of command line args */ -\n { - ++sudolineno; - LEXTRACE("\n"); - BEGIN INITIAL; - return(COMMENT); - } /* return newline */ - -#.*\n { - ++sudolineno; - LEXTRACE("\n"); - return(COMMENT); - } /* return comments */ - -[^\\:, \t\n]+ { + [^\\:, \t\n]+ { LEXTRACE("ARG "); fill_args(yytext, yyleng, sawspace); sawspace = FALSE; - } /* a command line arg */ - -, { - LEXTRACE(", "); - return(','); - } /* return ',' */ + } /* a command line arg */ +} -!+ { - if (yyleng % 2 == 1) - return('!'); /* return '!' */ +^Defaults[:@]? { + BEGIN GOTDEFS; + switch (yytext[8]) { + case ':': + LEXTRACE("DEFAULTS_USER "); + return(DEFAULTS_USER); + case '@': + LEXTRACE("DEFAULTS_HOST "); + return(DEFAULTS_HOST); + default: + LEXTRACE("DEFAULTS "); + return(DEFAULTS); + } } -= { - LEXTRACE("= "); - return('='); - } /* return '=' */ - -: { - LEXTRACE(": "); - return(':'); - } /* return ':' */ +^(Host|Cmnd|User|Runas)_Alias { + fill(yytext, yyleng); + switch (*yytext) { + case 'H': + LEXTRACE("HOSTALIAS "); + return(HOSTALIAS); + case 'C': + LEXTRACE("CMNDALIAS "); + return(CMNDALIAS); + case 'U': + LEXTRACE("USERALIAS "); + return(USERALIAS); + case 'R': + LEXTRACE("RUNASALIAS "); + BEGIN GOTRUNAS; + return(RUNASALIAS); + } + } NOPASSWD[[:blank:]]*: { /* cmnd does not require passwd for this user */ @@ -218,8 +254,7 @@ return (RUNAS); } -[[:upper:]][[:upper:][:digit:]_]* { - /* Runas_Alias user can run command as or ALL */ +[[:upper:]][[:upper:][:digit:]_]* { if (strcmp(yytext, "ALL") == 0) { LEXTRACE("ALL "); return(ALL); @@ -230,10 +265,10 @@ } } -#?{WORD} { +(#[0-9-]+|{WORD}) { /* username/uid that user can run command as */ fill(yytext, yyleng); - LEXTRACE("WORD(2) "); + LEXTRACE("WORD(3) "); return(WORD); } @@ -241,62 +276,7 @@ BEGIN INITIAL; } -[[:upper:]][[:upper:][:digit:]_]* { - if (strcmp(yytext, "ALL") == 0) { - LEXTRACE("ALL "); - return(ALL); - } else { - fill(yytext, yyleng); - LEXTRACE("ALIAS "); - return(ALIAS); - } - } - -{WORD} { - LEXTRACE("WORD(3) "); - fill(yytext, yyleng); - return(WORD); - } - -^Defaults[:@]? { - BEGIN GOTDEFS; - if (yyleng == 9) { - switch (yytext[8]) { - case ':' : - LEXTRACE("DEFAULTS_USER "); - return(DEFAULTS_USER); - case '@' : - LEXTRACE("DEFAULTS_HOST "); - return(DEFAULTS_HOST); - } - } else { - LEXTRACE("DEFAULTS "); - return(DEFAULTS); - } - } - -^(Host|Cmnd|User|Runas)_Alias { - fill(yytext, yyleng); - if (*yytext == 'H') { - LEXTRACE("HOSTALIAS "); - return(HOSTALIAS); - } - if (*yytext == 'C') { - LEXTRACE("CMNDALIAS "); - return(CMNDALIAS); - } - if (*yytext == 'U') { - LEXTRACE("USERALIAS "); - return(USERALIAS); - } - if (*yytext == 'R') { - LEXTRACE("RUNASALIAS "); - BEGIN GOTRUNAS; - return(RUNASALIAS); - } - } - -\/[^\,:=\\ \t\n#]+ { +\/(\\[\,:= \t#]|[^\,:=\\ \t\n#])+ { /* directories can't have args... */ if (yytext[yyleng - 1] == '/') { LEXTRACE("COMMAND "); @@ -309,14 +289,58 @@ } } /* a pathname */ -{WORD} { +{WORD} { /* a word */ fill(yytext, yyleng); LEXTRACE("WORD(4) "); return(WORD); } -. { +, { + LEXTRACE(", "); + return(','); + } /* return ',' */ + += { + LEXTRACE("= "); + return('='); + } /* return '=' */ + +: { + LEXTRACE(": "); + return(':'); + } /* return ':' */ + +<*>!+ { + if (yyleng % 2 == 1) + return('!'); /* return '!' */ + } + +<*>\n { + BEGIN INITIAL; + ++sudolineno; + LEXTRACE("\n"); + return(COMMENT); + } /* return newline */ + +<*>[[:blank:]]+ { /* throw away space/tabs */ + sawspace = TRUE; /* but remember for fill_args */ + } + +<*>\\[[:blank:]]*\n { + sawspace = TRUE; /* remember for fill_args */ + ++sudolineno; + LEXTRACE("\n\t"); + } /* throw away EOL after \ */ + +#.*\n { + BEGIN INITIAL; + ++sudolineno; + LEXTRACE("\n"); + return(COMMENT); + } /* return comments */ + +<*>. { LEXTRACE("ERROR "); return(ERROR); } /* parse error */ @@ -354,7 +378,7 @@ if (yylval.command.cmnd == NULL) yyerror("unable to allocate memory"); - /* copy the string and NULL-terminate it */ + /* copy the string and NULL-terminate it (escapes handled by fnmatch) */ (void) strncpy(yylval.command.cmnd, s, len); yylval.command.cmnd[len] = '\0'; Index: usr.bin/sudo/parse.yacc =================================================================== RCS file: /cvs/src/usr.bin/sudo/parse.yacc,v retrieving revision 1.5 diff -u -r1.5 parse.yacc --- usr.bin/sudo/parse.yacc 19 Sep 2001 10:58:07 -0000 1.5 +++ usr.bin/sudo/parse.yacc 16 Jan 2002 19:09:14 -0000 @@ -1,6 +1,6 @@ %{ /* - * Copyright (c) 1996, 1998-2000 Todd C. Miller + * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. * * This code is derived from software contributed by Chris Jepeway @@ -45,30 +45,37 @@ */ #include "config.h" + +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif +#endif /* HAVE_STRING_H */ #ifdef HAVE_UNISTD_H -#include +# include #endif /* HAVE_UNISTD_H */ #include -#include -#include -#ifdef HAVE_STRING_H -#include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) -#include +# include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) -#include +# include #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ #ifdef HAVE_LSEARCH -#include +# include #endif /* HAVE_LSEARCH */ #include "sudo.h" @@ -79,7 +86,7 @@ #endif /* HAVE_LSEARCH */ #ifndef lint -static const char rcsid[] = "$Sudo: parse.yacc,v 1.173 2000/03/24 23:58:58 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.yacc,v 1.179 2001/12/30 18:41:12 millert Exp $"; #endif /* lint */ /* @@ -91,6 +98,7 @@ int printmatches = FALSE; int pedantic = FALSE; int keepall = FALSE; +int quiet = FALSE; /* * Alias types @@ -192,7 +200,7 @@ /* Save the line the first error occurred on. */ if (errorlineno == -1) errorlineno = sudolineno ? sudolineno - 1 : 0; - if (s) { + if (s && !quiet) { #ifndef TRACELEXER (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s, sudolineno ? sudolineno - 1 : 0); @@ -214,6 +222,7 @@ %start file /* special start symbol */ %token COMMAND /* absolute pathname w/ optional args */ %token ALIAS /* an UPPERCASE alias name */ +%token DEFVAR /* a Defaults variable name */ %token NTWKADDR /* w.x.y.z */ %token NETGROUP /* a netgroup (+NAME) */ %token USERGROUP /* a usergroup (%NAME) */ @@ -230,7 +239,7 @@ %token CMNDALIAS /* Cmnd_Alias keyword */ %token USERALIAS /* User_Alias keyword */ %token RUNASALIAS /* Runas_Alias keyword */ -%token ':' '=' ',' '!' /* union member tokens */ +%token ':' '=' ',' '!' '+' '-' /* union member tokens */ %token ERROR /* @@ -290,26 +299,43 @@ defaults_list : defaults_entry | defaults_entry ',' defaults_list -defaults_entry : WORD { +defaults_entry : DEFVAR { if (defaults_matches == TRUE && - !set_default($1, NULL, 1)) { + !set_default($1, NULL, TRUE)) { yyerror(NULL); YYERROR; } free($1); } - | '!' WORD { + | '!' DEFVAR { if (defaults_matches == TRUE && - !set_default($2, NULL, 0)) { + !set_default($2, NULL, FALSE)) { yyerror(NULL); YYERROR; } free($2); } - | WORD '=' WORD { - /* XXX - need to support quoted values */ + | DEFVAR '=' WORD { + if (defaults_matches == TRUE && + !set_default($1, $3, TRUE)) { + yyerror(NULL); + YYERROR; + } + free($1); + free($3); + } + | DEFVAR '+' WORD { + if (defaults_matches == TRUE && + !set_default($1, $3, '+')) { + yyerror(NULL); + YYERROR; + } + free($1); + free($3); + } + | DEFVAR '-' WORD { if (defaults_matches == TRUE && - !set_default($1, $3, 1)) { + !set_default($1, $3, '-')) { yyerror(NULL); YYERROR; } @@ -463,7 +489,7 @@ */ if (runas_matches == -1) runas_matches = (strcmp(*user_runas, - def_str(I_RUNAS_DEF)) == 0); + def_str(I_RUNAS_DEFAULT)) == 0); } | RUNAS runaslist { runas_matches = ($2 == TRUE ? TRUE : FALSE); @@ -1002,7 +1028,7 @@ } while ((p = strtok(NULL, ", "))); (void) fputs(") ", stdout); } else { - (void) printf("(%s) ", def_str(I_RUNAS_DEF)); + (void) printf("(%s) ", def_str(I_RUNAS_DEFAULT)); } /* Is a password required? */ Index: usr.bin/sudo/pathnames.h.in =================================================================== RCS file: /cvs/src/usr.bin/sudo/pathnames.h.in,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 pathnames.h.in --- usr.bin/sudo/pathnames.h.in 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/pathnames.h.in 16 Jan 2002 19:09:14 -0000 @@ -1,6 +1,6 @@ /* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller - * All rights reserved. + * Copyright (c) 1996, 1998, 1999, 2001 + * Todd C. Miller . All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: pathnames.h.in,v 1.42 1999/08/06 09:37:00 millert Exp $ + * $Sudo: pathnames.h.in,v 1.45 2001/12/14 19:54:56 millert Exp $ */ /* @@ -50,6 +50,10 @@ #define _PATH_TTY "/dev/tty" #endif /* _PATH_TTY */ +#ifndef _PATH_DEFPATH +#define _PATH_DEFPATH "/usr/bin:/bin" +#endif /* _PATH_DEFPATH */ + /* * NOTE: _PATH_SUDOERS is usually overriden by the Makefile. */ @@ -86,9 +90,9 @@ #undef _PATH_SUDO_LOGFILE #endif /* _PATH_SUDO_LOGFILE */ -#ifndef _PATH_SENDMAIL -#undef _PATH_SENDMAIL -#endif /* _PATH_SENDMAIL */ +#ifndef _PATH_SUDO_SENDMAIL +#undef _PATH_SUDO_SENDMAIL +#endif /* _PATH_SUDO_SENDMAIL */ #ifndef _PATH_VI #undef _PATH_VI Index: usr.bin/sudo/set_perms.c =================================================================== RCS file: usr.bin/sudo/set_perms.c diff -N usr.bin/sudo/set_perms.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ usr.bin/sudo/set_perms.c 17 Jan 2002 01:05:35 -0000 @@ -0,0 +1,338 @@ +/* + * Copyright (c) 1994-1996,1998-2001 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * 4. Products derived from this software may not be called "Sudo" nor + * may "Sudo" appear in their names without specific prior written + * permission from the author. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif +#endif /* HAVE_STRING_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#include +#include +#include +#ifdef HAVE_LOGIN_CAP_H +# include +#endif + +#include "sudo.h" + +#ifndef lint +static const char rcsid[] = "$Sudo: set_perms.c,v 1.11 2002/01/16 21:27:09 millert Exp $"; +#endif /* lint */ + +/* + * Prototypes + */ +static void runas_setup __P((void)); +static void fatal __P((char *)); + +#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION) +/* + * Set real and effective uids and gids based on perm. + * Since we have POSIX saved IDs we can get away with just + * toggling the effective uid/gid unless we are headed for an exec(). + */ +void +set_perms_posix(perm, sudo_mode) + int perm; + int sudo_mode; +{ + int error; + + switch (perm) { + case PERM_ROOT: + if (seteuid(0)) + fatal("seteuid(0)"); + break; + + case PERM_FULL_ROOT: + /* headed for exec() */ + (void) seteuid(0); + if (setuid(0)) + fatal("setuid(0)"); + break; + + case PERM_USER: + (void) setegid(user_gid); + if (seteuid(user_uid)) + fatal("seteuid(user_uid)"); + break; + + case PERM_FULL_USER: + /* headed for exec() */ + (void) setgid(user_gid); + if (setuid(user_uid)) + fatal("setuid(user_uid)"); + break; + + case PERM_RUNAS: + /* headed for exec(), assume euid == 0 */ + runas_setup(); + if (def_flag(I_STAY_SETUID)) + error = seteuid(runas_pw->pw_uid); + else + error = setuid(runas_pw->pw_uid); + if (error) + fatal("unable to change to runas uid"); + break; + + case PERM_SUDOERS: + /* assume euid == 0, ruid == user */ + if (setegid(SUDOERS_GID)) + fatal("unable to change to sudoers gid"); + + /* + * If SUDOERS_UID == 0 and SUDOERS_MODE + * is group readable we use a non-zero + * uid in order to avoid NFS lossage. + * Using uid 1 is a bit bogus but should + * work on all OS's. + */ + if (SUDOERS_UID == 0) { + if ((SUDOERS_MODE & 040) && seteuid(1)) + fatal("seteuid(1)"); + } else { + if (seteuid(SUDOERS_UID)) + fatal("seteuid(SUDOERS_UID)"); + } + break; + } +} +#endif /* !NO_SAVED_IDS && _SC_SAVED_IDS && _SC_VERSION */ + +#ifdef HAVE_SETREUID +/* + * Set real and effective uids and gids based on perm. + * We always retain a real or effective uid of 0 unless + * we are headed for an exec(). + */ +void +set_perms_fallback(perm, sudo_mode) + int perm; + int sudo_mode; +{ + int error; + + switch (perm) { + case PERM_FULL_ROOT: + case PERM_ROOT: + if (setuid(0)) + fatal("setuid(0)"); + break; + + case PERM_USER: + (void) setegid(user_gid); + if (setreuid(0, user_uid)) + fatal("setreuid(0, user_uid)"); + break; + + case PERM_FULL_USER: + /* headed for exec() */ + (void) setgid(user_gid); + if (setuid(user_uid)) + fatal("setuid(user_uid)"); + break; + + case PERM_RUNAS: + /* headed for exec(), assume euid == 0 */ + runas_setup(); + if (def_flag(I_STAY_SETUID)) + error = setreuid(user_uid, runas_pw->pw_uid); + else + error = setuid(runas_pw->pw_uid); + if (error) + fatal("unable to change to runas uid"); + break; + + case PERM_SUDOERS: + /* assume euid == 0, ruid == user */ + if (setegid(SUDOERS_GID)) + fatal("unable to change to sudoers gid"); + + /* + * If SUDOERS_UID == 0 and SUDOERS_MODE + * is group readable we use a non-zero + * uid in order to avoid NFS lossage. + * Using uid 1 is a bit bogus but should + * work on all OS's. + */ + if (SUDOERS_UID == 0) { + if ((SUDOERS_MODE & 040) && setreuid(0, 1)) + fatal("setreuid(0, 1)"); + } else { + if (setreuid(0, SUDOERS_UID)) + fatal("setreuid(0, SUDOERS_UID)"); + } + break; + } +} + +#else + +/* + * Set real and effective uids and gids based on perm. + * NOTE: does not support the "stay_setuid" option. + */ +void +set_perms_fallback(perm, sudo_mode) + int perm; + int sudo_mode; +{ + + /* + * Since we only have setuid() and seteuid() we have to set + * real and effective uidss to 0 initially. + */ + if (setuid(0)) + fatal("setuid(0)"); + + switch (perm) { + case PERM_USER: + (void) setegid(user_gid); + if (seteuid(user_uid)) + fatal("seteuid(user_uid)"); + break; + + case PERM_FULL_USER: + /* headed for exec() */ + (void) setgid(user_gid); + if (setuid(user_uid)) + fatal("setuid(user_uid)"); + break; + + case PERM_RUNAS: + /* headed for exec(), assume euid == 0 */ + runas_setup(); + if (setuid(runas_pw->pw_uid)) + fatal("unable to change to runas uid"); + break; + + case PERM_SUDOERS: + /* assume euid == 0, ruid == user */ + if (setegid(SUDOERS_GID)) + fatal("unable to change to sudoers gid"); + + /* + * If SUDOERS_UID == 0 and SUDOERS_MODE + * is group readable we use a non-zero + * uid in order to avoid NFS lossage. + * Using uid 1 is a bit bogus but should + * work on all OS's. + */ + if (SUDOERS_UID == 0) { + if ((SUDOERS_MODE & 040) && seteuid(1)) + fatal("seteuid(1)"); + } else { + if (seteuid(SUDOERS_UID)) + fatal("seteuid(SUDOERS_UID)"); + } + break; + } +} +#endif /* HAVE_SETREUID */ + +static void +runas_setup() +{ +#ifdef HAVE_LOGIN_CAP_H + int error, flags; + extern login_cap_t *lc; +#endif + + if (runas_pw->pw_name != NULL) { +#ifdef HAVE_PAM + pam_prep_user(runas_pw); +#endif /* HAVE_PAM */ + +#ifdef HAVE_LOGIN_CAP_H + if (def_flag(I_USE_LOGINCLASS)) { + /* + * We don't have setusercontext() set the user since we + * may only want to set the effective uid. Depending on + * sudoers and/or command line arguments we may not want + * setusercontext() to call initgroups(). + */ + flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; + if (!def_flag(I_PRESERVE_GROUPS)) + flags |= LOGIN_SETGROUP; + else if (setgid(runas_pw->pw_gid)) + perror("cannot set gid to runas gid"); + error = setusercontext(lc, runas_pw, + runas_pw->pw_uid, flags); + if (error) + perror("unable to set user context"); + } else +#endif /* HAVE_LOGIN_CAP_H */ + { + if (setgid(runas_pw->pw_gid)) + perror("cannot set gid to runas gid"); +#ifdef HAVE_INITGROUPS + /* + * Initialize group vector unless asked not to. + */ + if (!def_flag(I_PRESERVE_GROUPS) && + initgroups(*user_runas, runas_pw->pw_gid) < 0) + perror("cannot set group vector"); +#endif /* HAVE_INITGROUPS */ + } + } +} + +static void +fatal(str) + char *str; +{ + + if (str) + perror(str); + exit(1); +} Index: usr.bin/sudo/sudo.8 =================================================================== RCS file: /cvs/src/usr.bin/sudo/sudo.8,v retrieving revision 1.6 diff -u -r1.6 sudo.8 --- usr.bin/sudo/sudo.8 17 Sep 2001 23:49:21 -0000 1.6 +++ usr.bin/sudo/sudo.8 17 Jan 2002 01:05:35 -0000 @@ -1,28 +1,9 @@ -.rn '' }` -''' $RCSfile: sudo.8,v $$Revision: 1.6 $$Date: 2001/09/17 23:49:21 $ -''' -''' $Log: sudo.8,v $ -''' Revision 1.6 2001/09/17 23:49:21 pjanzen -''' Typo and grammar fixes, one from PR/2058 (Dennis Schwarz); ok millert@ -''' -''' Revision 1.5 2000/11/21 17:58:44 millert -''' A few updates from the sudo developement tree: -''' - Add bsd authentication support (currently disabled) -''' - Always check setenv() return value -''' - Fix umask disabling -''' -''' Revision 1.4 2000/04/10 02:28:36 millert -''' Remove extra backslash, noted by marc@snafu.org -''' -''' Revision 1.3 2000/03/27 03:44:38 millert -''' sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list -''' of changes. -''' -''' Revision 1.3 2000/03/27 03:26:23 millert -''' Use 8 and 5 in the man page bodies as well. -''' -''' -.de Sh +.\" Automatically generated by Pod::Man version 1.15 +.\" Wed Jan 16 16:36:09 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading .br .if t .Sp .ne 5 @@ -30,150 +11,106 @@ \fB\\$1\fR .PP .. -.de Sp +.de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. -.de Ip +.de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. -.de Vb +.de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. -.de Ve +.de Ve \" End verbatim text .ft R .fi .. -''' -''' -''' Set up \*(-- to give an unbreakable dash; -''' string Tr holds user defined translation string. -''' Bell System Logo is used as a dummy character. -''' +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> .tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ -.ds -- \(*W- -.ds PI pi -.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -.ds L" "" -.ds R" "" -''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of -''' \*(L" and \*(R", except that they are used on ".xx" lines, -''' such as .IP and .SH, which do another additional levels of -''' double-quote interpretation -.ds M" """ -.ds S" """ -.ds N" """"" -.ds T" """"" -.ds L' ' -.ds R' ' -.ds M' ' -.ds S' ' -.ds N' ' -.ds T' ' +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` +. ds C' 'br\} .el\{\ -.ds -- \(em\| -.tr \*(Tr -.ds L" `` -.ds R" '' -.ds M" `` -.ds S" '' -.ds N" `` -.ds T" '' -.ds L' ` -.ds R' ' -.ds M' ` -.ds S' ' -.ds N' ` -.ds T' ' -.ds PI \(*p +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' 'br\} -.\" If the F register is turned on, we'll generate -.\" index entries out stderr for the following things: -.\" TH Title -.\" SH Header -.\" Sh Subsection -.\" Ip Item -.\" X<> Xref (embedded -.\" Of course, you have to process the output yourself -.\" in some meaningful fashion. -.if \nF \{ -.de IX -.tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -.nr % 0 -.rr F +. nr % 0 +. rr F .\} -.TH sudo 8 "1.6.3" "26/Mar/2000" "MAINTENANCE COMMANDS" -.UC -.if n .hy 0 +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 .if n .na -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.de CQ \" put $1 in typewriter font -.ft CW -'if n "\c -'if t \\&\\$1\c -'if n \\&\\$1\c -'if n \&" -\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 -'.ft R -.. -.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 -. \" AM - accent mark definitions +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. .bd B 3 -. \" fudge factors for nroff and troff +. \" fudge factors for nroff and troff .if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP .\} .if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& .\} -. \" simple accents for nroff and troff +. \" simple accents for nroff and troff .if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds ? ? -. ds ! ! -. ds / -. ds q +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / .\} .if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' -. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} -. \" troff and (daisy-wheel) nroff accents +. \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] -.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' -.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' -.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' @@ -181,105 +118,118 @@ .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E -.ds oe o\h'-(\w'o'u*4/10)'e -.ds Oe O\h'-(\w'O'u*4/10)'E -. \" corrections for vroff +. \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) +. \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ -. ds : e -. ds 8 ss -. ds v \h'-1'\o'\(aa\(ga' -. ds _ \h'-1'^ -. ds . \h'-1'. -. ds 3 3 -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -. ds oe oe -. ds Oe OE +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE .\} .rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "sudo 8" +.TH sudo 8 "1.6.5" "January 16, 2002" "MAINTENANCE COMMANDS" +.UC .SH "NAME" sudo \- execute a command as another user .SH "SYNOPSIS" -\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | -[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-c\fR \fIclass\fR|\fI-\fR ] -[ \fB\-a\fR \fIauth_type\fR ] -[ \fB\-u\fR username/#uid ] \fIcommand\fR +.IX Header "SYNOPSIS" +\&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | +[ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ] +[ \fB\-c\fR \fIclass\fR|\fI-\fR ] [ \fB\-a\fR \fIauth_type\fR ] +[ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR .SH "DESCRIPTION" -\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the -superuser or another user, as specified in the sudoers file. The -real and effective uid and gid are set to match those of the target -user as specified in the passwd file (the group vector is also -initialized when the target user is not root). By default, \fBsudo\fR -requires that users authenticate themselves with a password -(NOTE: this is the user's password, not the root password). Once -a user has been authenticated, a timestamp is updated and the -user may then use sudo without a password for a short period of time -(five minutes by default). -.PP -\fBsudo\fR determines who is an authorized user by consulting the -file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user -can update the time stamp without running a \fIcommand.\fR -The password prompt itself will also time out if the user's password is -not entered with N minutes (again, this is defined at configure -time and defaults to 5 minutes). -.PP -If a user that is not listed in the \fIsudoers\fR file tries to run -a command via \fBsudo\fR, mail is sent to the proper authorities, -as defined at configure time (defaults to root). Note that the -mail will not be sent if an unauthorized user tries to run sudo -with the \f(CW-l\fR or \f(CW-v\fR flags. This allows users to determine -for themselves whether or not they are allowed to use \fBsudo\fR. +.IX Header "DESCRIPTION" +\&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the +superuser or another user, as specified in the \fIsudoers\fR file. +The real and effective uid and gid are set to match those of the +target user as specified in the passwd file (the group vector is +also initialized when the target user is not root). By default, +\&\fBsudo\fR requires that users authenticate themselves with a password +(\s-1NOTE:\s0 by default this is the user's password, not the root password). +Once a user has been authenticated, a timestamp is updated and the +user may then use sudo without a password for a short period of +time (\f(CW\*(C`5\*(C'\fR minutes unless overridden in \fIsudoers\fR). +.PP +\&\fBsudo\fR determines who is an authorized user by consulting the file +\&\fI/etc/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user +can update the time stamp without running a \fIcommand.\fR The password +prompt itself will also time out if the user's password is not +entered within \f(CW\*(C`5\*(C'\fR minutes (unless overridden via +\&\fIsudoers\fR). +.PP +If a user who is not listed in the \fIsudoers\fR file tries to run a +command via \fBsudo\fR, mail is sent to the proper authorities, as +defined at configure time or the \fIsudoers\fR file (defaults to root). +Note that the mail will not be sent if an unauthorized user tries +to run sudo with the \fB\-l\fR or \fB\-v\fR flags. This allows users to +determine for themselves whether or not they are allowed to use +\&\fBsudo\fR. .PP -\fBsudo\fR can log both successful and unsuccessful attempts (as well +\&\fBsudo\fR can log both successful and unsuccessful attempts (as well as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR -will log via \fIsyslog\fR\|(3) but this is changeable at configure time. +will log via \fIsyslog\fR\|(3) but this is changeable at configure time +or via the \fIsudoers\fR file. .SH "OPTIONS" -\fBsudo\fR accepts the following command line options: -.Ip "-V" 4 -The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the -version number and exit. -.Ip "-l" 4 -The \f(CW-l\fR (\fIlist\fR) option will list out the allowed (and +.IX Header "OPTIONS" +\&\fBsudo\fR accepts the following command line options: +.Ip "\-V" 4 +.IX Item "-V" +The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the +version number and exit. If the invoking user is already root +the \fB\-V\fR option will print out a list of the defaults \fBsudo\fR +was compiled with as well as the machine's local network addresses. +.Ip "\-l" 4 +.IX Item "-l" +The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and forbidden) commands for the user on the current host. -.Ip "-L" 4 -The \f(CW-L\fR (\fIlist\fR defaults) option will list out the parameters +.Ip "\-L" 4 +.IX Item "-L" +The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters that may be set in a \fIDefaults\fR line along with a short description for each. This option is useful in conjunction with \fIgrep\fR\|(1). -.Ip "-h" 4 -The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. -.Ip "-v" 4 -If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the +.Ip "\-h" 4 +.IX Item "-h" +The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. +.Ip "\-v" 4 +.IX Item "-v" +If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the user's timestamp, prompting for the user's password if necessary. -This extends the \fBsudo\fR timeout to for another N minutes -(where N is defined at installation time and defaults to 5 -minutes) but does not run a command. -.Ip "-k" 4 -The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp +This extends the \fBsudo\fR timeout for another \f(CW\*(C`5\*(C'\fR minutes +(or whatever the timeout is set to in \fIsudoers\fR) but does not run +a command. +.Ip "\-k" 4 +.IX Item "-k" +The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp by setting the time on it to the epoch. The next time \fBsudo\fR is run a password will be required. This option does not require a password and was added to allow a user to revoke \fBsudo\fR permissions from a .logout file. -.Ip "-K" 4 -The \f(CW-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp -entirely. This option does not require a password. -.Ip "-b" 4 -The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given -command in the background. Note that if you use the \f(CW-b\fR -option you cannot use shell job control to manipulate the command. -.Ip "-p" 4 -The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default +.Ip "\-K" 4 +.IX Item "-K" +The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp +entirely. Likewise, this option does not require a password. +.Ip "\-b" 4 +.IX Item "-b" +The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given +command in the background. Note that if you use the \fB\-b\fR +option you cannot use shell job control to manipulate the process. +.Ip "\-p" 4 +.IX Item "-p" +The \fB\-p\fR (\fIprompt\fR) option allows you to override the default password prompt and use a custom one. If the password prompt -contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced with the user's -login name. Similarly, \f(CW%h\fR will be replaced with the local +contains the \f(CW\*(C`%u\*(C'\fR escape, \f(CW\*(C`%u\*(C'\fR will be replaced with the user's +login name. Similarly, \f(CW\*(C`%h\*(C'\fR will be replaced with the local hostname. .Ip "\-c" 4 .IX Item "-c" @@ -302,65 +252,89 @@ entry in /etc/login.conf. This option is only available on systems that support \s-1BSD\s0 authentication where \fBsudo\fR has been configured with the \-\-with-bsdauth option. -.Ip "-u" 4 -The \f(CW-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command +.Ip "\-u" 4 +.IX Item "-u" +The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a -\fIusername\fR, use \*(L"#uid\*(R". -.Ip "-s" 4 -The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR +\&\fIusername\fR, use \fI#uid\fR. +.Ip "\-s" 4 +.IX Item "-s" +The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR environment variable if it is set or the shell as specified in \fIpasswd\fR\|(5). -.Ip "-H" 4 -The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable +.Ip "\-H" 4 +.IX Item "-H" +The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable to the homedir of the target user (root by default) as specified -in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR. -.Ip "-S" 4 -The \f(CW-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from +in \fIpasswd\fR\|(5). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR. +.Ip "\-P" 4 +.IX Item "-P" +The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to preserve +the user's group vector unaltered. By default, \fBsudo\fR will initialize +the group vector to the list of groups the target user is in. +The real and effective group IDs, however, are still set to match +the target user. +.Ip "\-S" 4 +.IX Item "-S" +The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from standard input instead of the terminal device. -.Ip "--" 4 -The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command -line arguments. It is most useful in conjunction with the \f(CW-s\fR flag. +.Ip "\-\-" 4 +The \fB\--\fR flag indicates that \fBsudo\fR should stop processing command +line arguments. It is most useful in conjunction with the \fB\-s\fR flag. .SH "RETURN VALUES" -\fBsudo\fR quits with an exit value of 1 if there is a +.IX Header "RETURN VALUES" +Upon successful execution of a program, the return value from \fBsudo\fR +will simply be the return value of the program that was executed. +.PP +Otherwise, \fBsudo\fR quits with an exit value of 1 if there is a configuration/permission problem or if \fBsudo\fR cannot execute the given command. In the latter case the error string is printed to stderr. If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's -\f(CWPATH\fR an error is printed on stderr. (If the directory does not +\&\f(CW\*(C`PATH\*(C'\fR an error is printed on stderr. (If the directory does not exist or if it is not really a directory, the entry is ignored and no error is printed.) This should not happen under normal circumstances. The most common reason for \fIstat\fR\|(2) to return -\*(L"permission denied\*(R" is if you are running an automounter and one -of the directories in your \f(CWPATH\fR is on a machine that is currently +\&\*(L"permission denied\*(R" is if you are running an automounter and one +of the directories in your \f(CW\*(C`PATH\*(C'\fR is on a machine that is currently unreachable. .SH "SECURITY NOTES" -\fBsudo\fR tries to be safe when executing external commands. Variables +.IX Header "SECURITY NOTES" +\&\fBsudo\fR tries to be safe when executing external commands. Variables that control how dynamic loading and binding is done can be used to subvert the program that \fBsudo\fR runs. To combat this the -\f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX +\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0 only) environment variables are removed from the environment passed -on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR, -\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR, \f(CWKRB5_CONFIG\fR, \f(CWLOCALDOMAIN\fR, -\f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a -threat. +on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR, +\&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRBCONFDIR\*(C'\fR, \f(CW\*(C`KRBTKFILE\*(C'\fR, +\&\f(CW\*(C`KRB5_CONFIG\*(C'\fR, \f(CW\*(C`LOCALDOMAIN\*(C'\fR, \f(CW\*(C`RES_OPTIONS\*(C'\fR, \f(CW\*(C`HOSTALIASES\*(C'\fR, +\&\f(CW\*(C`NLSPATH\*(C'\fR, \f(CW\*(C`PATH_LOCALE\*(C'\fR, \f(CW\*(C`TERMINFO\*(C'\fR, \f(CW\*(C`TERMINFO_DIRS\*(C'\fR and +\&\f(CW\*(C`TERMPATH\*(C'\fR variables as they too can pose a threat. If the +\&\f(CW\*(C`TERMCAP\*(C'\fR variable is set and is a pathname, it too is ignored. +Additionally, if the \f(CW\*(C`LC_*\*(C'\fR or \f(CW\*(C`LANGUAGE\*(C'\fR variables contain the +\&\f(CW\*(C`/\*(C'\fR or \f(CW\*(C`%\*(C'\fR characters, they are ignored. If \fBsudo\fR has been +compiled with SecurID support, the \f(CW\*(C`VAR_ACE\*(C'\fR, \f(CW\*(C`USR_ACE\*(C'\fR and +\&\f(CW\*(C`DLC_ACE\*(C'\fR variables are cleared as well. The list of environment +variables that \fBsudo\fR clears is contained in the output of +\&\f(CW\*(C`sudo \-V\*(C'\fR when run as root. .PP -To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting +To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting current directory) last when searching for a command in the user's -PATH (if one or both are in the PATH). Note, however, that the -actual \f(CWPATH\fR environment variable is \fInot\fR modified and is passed +\&\s-1PATH\s0 (if one or both are in the \s-1PATH\s0). Note, however, that the +actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed unchanged to the program that \fBsudo\fR executes. .PP -For security reasons, if your OS supports shared libraries and does +For security reasons, if your \s-1OS\s0 supports shared libraries and does not disable user-defined library search paths for setuid programs (most do), you should either use a linker option that disables this behavior or link \fBsudo\fR statically. .PP -\fBsudo\fR will check the ownership of its timestamp directory +\&\fBsudo\fR will check the ownership of its timestamp directory (\fI/var/run/sudo\fR by default) and ignore the directory's contents if it is not owned by root and only writable by root. On systems that allow non-root users to give away files via \fIchown\fR\|(2), if the timestamp directory is located in a directory writable by anyone (e.g.: \fI/tmp\fR), it is possible for a user to create the timestamp directory before -\fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and +\&\fBsudo\fR is run. However, because \fBsudo\fR checks the ownership and mode of the directory and its contents, the only damage that can be done is to \*(L"hide\*(R" files by putting them in the timestamp dir. This is unlikely to happen since once the timestamp dir is owned @@ -371,12 +345,22 @@ with the appropriate owner (root) and permissions (0700) in the system startup files. .PP -\fBsudo\fR will not honor timestamps set far in the future. -Timestamps with a date greater than current_time + 2 * \f(CWTIMEOUT\fR +\&\fBsudo\fR will not honor timestamps set far in the future. +Timestamps with a date greater than current_time + 2 * \f(CW\*(C`TIMEOUT\*(C'\fR will be ignored and sudo will log and complain. This is done to keep a user from creating his/her own timestamp with a bogus -date on system that allow users to give away files. +date on systems that allow users to give away files. +.PP +Please note that \fBsudo\fR will only log the command it explicitly +runs. If a user runs a command such as \f(CW\*(C`sudo su\*(C'\fR or \f(CW\*(C`sudo sh\*(C'\fR, +subsequent commands run from that shell will \fInot\fR be logged, nor +will \fBsudo\fR's access control affect them. The same is true for +commands that offer shell escapes (including most editors). Because +of this, care must be taken when giving users access to commands +via \fBsudo\fR to verify that the command does not inadvertantly give +the user an effective root shell. .SH "EXAMPLES" +.IX Header "EXAMPLES" Note: the following examples assume suitable \fIsudoers\fR\|(5) entries. .PP To get a file listing of an unreadable directory: @@ -402,13 +386,14 @@ .Ve To make a usage listing of the directories in the /home partition. Note that this runs the commands in a sub-shell -to make the \f(CWcd\fR and file redirection work. +to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. .PP .Vb 1 \& % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" .Ve .SH "ENVIRONMENT" -\fBsudo\fR utilizes the following environment variables: +.IX Header "ENVIRONMENT" +\&\fBsudo\fR utilizes the following environment variables: .PP .Vb 13 \& PATH Set to a sane value if SECURE_PATH is set @@ -426,101 +411,46 @@ \& SUDO_PS1 If set, PS1 will be set to its value .Ve .SH "FILES" -.PP +.IX Header "FILES" .Vb 2 \& /etc/sudoers List of who can run what \& /var/run/sudo Directory containing timestamps .Ve .SH "AUTHORS" -Many people have worked on \fBsudo\fR over the years. This +.IX Header "AUTHORS" +Many people have worked on \fBsudo\fR over the years; this version consists of code written primarily by: .PP .Vb 2 \& Todd Miller \& Chris Jepeway .Ve -See the HISTORY file in the \fBsudo\fR distribution for a short history +See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit +http://www.sudo.ws/sudo/history.html for a short history of \fBsudo\fR. .SH "BUGS" +.IX Header "BUGS" If you feel you have found a bug in sudo, please submit a bug report -at http://www.courtesan.com/sudo/bugs/ +at http://www.sudo.ws/sudo/bugs/ .SH "DISCLAIMER" -\fBSudo\fR is provided ``AS IS'\*(R' and any express or implied warranties, +.IX Header "DISCLAIMER" +\&\fBSudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. -See the LICENSE file distributed with \fBsudo\fR for complete details. +See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details. .SH "CAVEATS" +.IX Header "CAVEATS" There is no easy way to prevent a user from gaining a root shell if that user has access to commands allowing shell escapes. .PP -If users have sudo \f(CWALL\fR there is nothing to prevent them from creating -their own program that gives them a root shell regardless of any \*(L'!\*(R' +If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from creating +their own program that gives them a root shell regardless of any '!' elements in the user specification. .PP Running shell scripts via \fBsudo\fR can expose the same kernel bugs that make setuid shell scripts unsafe on some operating systems -(if your OS supports the /dev/fd/ directory, setuid shell scripts +(if your \s-1OS\s0 supports the /dev/fd/ directory, setuid shell scripts are generally safe). .SH "SEE ALSO" -\fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1). - -.rn }` '' -.IX Title "sudo 8" -.IX Name "sudo - execute a command as another user" - -.IX Header "NAME" - -.IX Header "SYNOPSIS" - -.IX Header "DESCRIPTION" - -.IX Header "OPTIONS" - -.IX Item "-V" - -.IX Item "-l" - -.IX Item "-L" - -.IX Item "-h" - -.IX Item "-v" - -.IX Item "-k" - -.IX Item "-K" - -.IX Item "-b" - -.IX Item "-p" - -.IX Item "-u" - -.IX Item "-s" - -.IX Item "-H" - -.IX Item "-S" - -.IX Item "--" - -.IX Header "RETURN VALUES" - -.IX Header "SECURITY NOTES" - -.IX Header "EXAMPLES" - -.IX Header "ENVIRONMENT" - -.IX Header "FILES" - -.IX Header "AUTHORS" - -.IX Header "BUGS" - -.IX Header "DISCLAIMER" - -.IX Header "CAVEATS" - .IX Header "SEE ALSO" - +\&\fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(5), \fIpasswd\fR\|(5), \fIvisudo\fR\|(8), \fIgrep\fR\|(1), \fIsu\fR\|(1). Index: usr.bin/sudo/sudo.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/sudo.c,v retrieving revision 1.10 diff -u -r1.10 sudo.c --- usr.bin/sudo/sudo.c 23 Aug 2001 21:46:17 -0000 1.10 +++ usr.bin/sudo/sudo.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994-1996,1998-2000 Todd C. Miller + * Copyright (c) 1993-1996,1998-2002 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -39,34 +39,44 @@ #include "config.h" +#include +#include +#include +#include +#ifdef HAVE_SETRLIMIT +# include +# include +#endif #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include #include #include #include #include -#include -#include -#include #include #include -#ifdef HAVE_SETRLIMIT -#include -#include -#endif #if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS) # ifdef __hpux # undef MAXINT @@ -87,38 +97,26 @@ #include "interfaces.h" #include "version.h" -#ifndef STDC_HEADERS -extern char *getenv __P((char *)); -#endif /* STDC_HEADERS */ - #ifndef lint -static const char rcsid[] = "$Sudo: sudo.c,v 1.278 2000/03/24 20:13:12 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo.c,v 1.318 2002/01/15 23:43:59 millert Exp $"; #endif /* lint */ /* - * Local type declarations - */ -struct env_table { - char *name; - int len; -}; - -/* * Prototypes */ -static int parse_args __P((void)); -static void usage __P((int)); -static void usage_excl __P((int)); -static void check_sudoers __P((void)); static int init_vars __P((int)); -static void set_loginclass __P((struct passwd *)); -static void add_env __P((int)); -static void clean_env __P((char **, struct env_table *)); +static int parse_args __P((void)); +static void check_sudoers __P((void)); static void initial_setup __P((void)); +static void set_loginclass __P((struct passwd *)); +static void usage __P((int)); +static void usage_excl __P((int)); static struct passwd *get_authpw __P((void)); -extern struct passwd *sudo_getpwuid __P((uid_t)); -extern struct passwd *sudo_getpwnam __P((const char *)); extern void list_matches __P((void)); +extern char **rebuild_env __P((int, char **)); +extern char **zero_env __P((char **)); +extern struct passwd *sudo_getpwnam __P((const char *)); +extern struct passwd *sudo_getpwuid __P((uid_t)); /* * Globals @@ -134,7 +132,6 @@ int num_interfaces; int tgetpass_flags; extern int errorlineno; -static char *runas_homedir = NULL; /* XXX */ #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) static struct rlimit corelimit; #endif /* RLIMIT_CORE */ @@ -144,51 +141,24 @@ #ifdef HAVE_BSD_AUTH_H char *login_style; #endif /* HAVE_BSD_AUTH_H */ - -/* - * Table of "bad" envariables to remove and len for strncmp() - */ -static struct env_table badenv_table[] = { - { "IFS=", 4 }, - { "LOCALDOMAIN=", 12 }, - { "RES_OPTIONS=", 12 }, - { "HOSTALIASES=", 12 }, - { "LD_", 3 }, - { "_RLD", 4 }, -#ifdef __hpux - { "SHLIB_PATH=", 11 }, -#endif /* __hpux */ -#ifdef _AIX - { "LIBPATH=", 8 }, -#endif /* _AIX */ -#ifdef HAVE_KERB4 - { "KRB_CONF", 8 }, -#endif /* HAVE_KERB4 */ -#ifdef HAVE_KERB5 - { "KRB5_CONFIG", 11 }, -#endif /* HAVE_KERB5 */ - { "ENV=", 4 }, - { "BASH_ENV=", 9 }, - { (char *) NULL, 0 } -}; +void (*set_perms) __P((int, int)); int -main(argc, argv) +main(argc, argv, envp) int argc; char **argv; + char **envp; { int validated; int fd; int cmnd_status; int sudo_mode; -#ifdef POSIX_SIGNALS - sigset_t set, oset; -#else - int omask; -#endif /* POSIX_SIGNALS */ - extern char **environ; + int pwflag; + char **new_environ; + sigaction_t sa; extern int printmatches; + extern char **environ; /* Must be done as the first thing... */ #if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS) @@ -198,6 +168,9 @@ # endif #endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ + /* Zero out the environment. */ + environ = zero_env(envp); + Argv = argv; Argc = argc; @@ -207,28 +180,21 @@ } /* - * Block signals so the user cannot interrupt us at some point and - * avoid the logging. + * Ignore keyboard-generated signals so the user cannot interrupt + * us at some point and avoid the logging. */ -#ifdef POSIX_SIGNALS - (void) sigemptyset(&set); - (void) sigaddset(&set, SIGINT); - (void) sigaddset(&set, SIGQUIT); - (void) sigaddset(&set, SIGTSTP); - (void) sigprocmask(SIG_BLOCK, &set, &oset); -#else - omask = sigblock(sigmask(SIGINT)|sigmask(SIGQUIT)|sigmask(SIGTSTP)); -#endif /* POSIX_SIGNALS */ + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sa.sa_handler = SIG_IGN; + (void) sigaction(SIGINT, &sa, NULL); + (void) sigaction(SIGQUIT, &sa, NULL); + (void) sigaction(SIGTSTP, &sa, NULL); /* * Setup signal handlers, turn off core dumps, and close open files. */ initial_setup(); - - /* - * Set the prompt based on $SUDO_PROMPT (can be overridden by `-p') - */ - user_prompt = getenv("SUDO_PROMPT"); + setpwent(); /* Parse our arguments. */ sudo_mode = parse_args(); @@ -236,6 +202,10 @@ /* Setup defaults data structures. */ init_defaults(); + /* Load the list of local ip addresses and netmasks. */ + load_interfaces(); + + pwflag = 0; if (sudo_mode & MODE_SHELL) user_cmnd = "shell"; else @@ -246,6 +216,8 @@ putchar('\n'); dump_auth_methods(); dump_defaults(); + dump_interfaces(); + dump_badenv(); } exit(0); break; @@ -254,10 +226,12 @@ break; case MODE_VALIDATE: user_cmnd = "validate"; + pwflag = I_VERIFYPW_I; break; case MODE_KILL: case MODE_INVALIDATE: user_cmnd = "kill"; + pwflag = -1; break; case MODE_LISTDEFS: list_options(); @@ -265,6 +239,7 @@ break; case MODE_LIST: user_cmnd = "list"; + pwflag = I_LISTPW_I; printmatches = 1; break; } @@ -273,18 +248,44 @@ if (user_cmnd == NULL && NewArgc == 0) usage(1); - clean_env(environ, badenv_table); - cmnd_status = init_vars(sudo_mode); - /* At this point, ruid == euid == 0 */ - check_sudoers(); /* check mode/owner on _PATH_SUDOERS */ - add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */ - /* Validate the user but don't search for pseudo-commands. */ - validated = sudoers_lookup(sudo_mode); + validated = sudoers_lookup(pwflag); + + /* + * If we have POSIX saved uids and the stay_setuid flag was not set, + * set the real, effective and saved uids to 0 and use set_perms_fallback() + * instead of set_perms_posix(). + */ +#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION) + if (!def_flag(I_STAY_SETUID) && set_perms == set_perms_posix) { + if (setuid(0)) { + perror("setuid(0)"); + exit(1); + } + set_perms = set_perms_fallback; + } +#endif + + /* + * Look up runas user passwd struct. If we are given a uid then + * there may be no corresponding passwd(5) entry (which is OK). + */ + if (**user_runas == '#') { + runas_pw = sudo_getpwuid(atoi(*user_runas + 1)); + if (runas_pw == NULL) { + runas_pw = emalloc(sizeof(struct passwd)); + (void) memset((VOID *)runas_pw, 0, sizeof(struct passwd)); + runas_pw->pw_uid = atoi(*user_runas + 1); + } + } else { + runas_pw = sudo_getpwnam(*user_runas); + if (runas_pw == NULL) + log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", *user_runas); + } /* This goes after the sudoers parse since we honor sudoers options. */ if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { @@ -303,12 +304,17 @@ exit(1); } + /* If given the -P option, set the "preserve_groups" flag. */ + if (sudo_mode & MODE_PRESERVE_GROUPS) + def_flag(I_PRESERVE_GROUPS) = TRUE; + /* If no command line args and "set_home" is not set, error out. */ if ((sudo_mode & MODE_IMPLIED_SHELL) && !def_flag(I_SHELL_NOARGS)) usage(1); - /* May need to set $HOME to target user. */ - if ((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME)) + /* May need to set $HOME to target user if we are running a command. */ + if ((sudo_mode & MODE_RUN) && (def_flag(I_ALWAYS_SET_HOME) || + ((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME)))) sudo_mode |= MODE_RESET_HOME; /* Bail if a tty is required and we don't have one. */ @@ -326,6 +332,9 @@ if (!(validated & FLAG_NOPASS)) check_user(); + /* Build up custom environment that avoids any nasty bits. */ + new_environ = rebuild_env(sudo_mode, envp); + if (validated & VALIDATE_OK) { /* Finally tell the user if the command did not exist. */ if (cmnd_status == NOT_FOUND_DOT) { @@ -348,29 +357,26 @@ /* This *must* have been set if we got a match but... */ if (safe_cmnd == NULL) { log_error(MSG_ONLY, - "internal error, cmnd_safe never got set for %s; %s", + "internal error, safe_cmnd never got set for %s; %s", user_cmnd, "please report this error at http://courtesan.com/sudo/bugs/"); } - if (def_ival(I_LOGFACSTR)) - closelog(); + /* Reset signal handlers before we exec. */ + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sa.sa_handler = SIG_DFL; + (void) sigaction(SIGINT, &sa, NULL); + (void) sigaction(SIGQUIT, &sa, NULL); + (void) sigaction(SIGTSTP, &sa, NULL); - /* Reset signal mask before we exec. */ -#ifdef POSIX_SIGNALS - (void) sigprocmask(SIG_SETMASK, &oset, NULL); -#else - (void) sigsetmask(omask); -#endif /* POSIX_SIGNALS */ + /* Close the password file */ + endpwent(); /* Override user's umask if configured to do so. */ if (def_ival(I_UMASK) != 0777) (void) umask(def_mode(I_UMASK)); - /* Replace the PATH envariable with a secure one. */ - if (def_str(I_SECURE_PATH) && !user_is_exempt()) - sudo_setenv("PATH", def_str(I_SECURE_PATH)); - /* Restore coredumpsize resource limit. */ #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) (void) setrlimit(RLIMIT_CORE, &corelimit); @@ -379,9 +385,8 @@ /* Become specified user or root. */ set_perms(PERM_RUNAS, sudo_mode); - /* Set $HOME for `sudo -H'. Only valid at PERM_RUNAS. */ - if ((sudo_mode & MODE_RESET_HOME) && runas_homedir) - sudo_setenv("HOME", runas_homedir); + /* Install the new environment. */ + environ = new_environ; #ifndef PROFILING if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) @@ -396,7 +401,7 @@ */ (void) fprintf(stderr, "%s: unable to exec %s: %s\n", Argv[0], safe_cmnd, strerror(errno)); - exit(-1); + exit(127); } else if ((validated & FLAG_NO_USER) || (validated & FLAG_NO_HOST)) { log_auth(validated, 1); exit(1); @@ -438,6 +443,7 @@ int sudo_mode; { char *p, thost[MAXHOSTNAMELEN]; + int nohostname, rval; /* Sanity check command from user. */ if (user_cmnd == NULL && strlen(NewArgv[0]) >= MAXPATHLEN) { @@ -461,20 +467,22 @@ * "host" is the (possibly fully-qualified) hostname and * "shost" is the unqualified form of the hostname. */ - if ((gethostname(thost, sizeof(thost)))) { - user_host = "localhost"; - log_error(USE_ERRNO|MSG_ONLY, "can't get hostname"); - } else - user_host = estrdup(thost); - if (def_flag(I_FQDN)) - set_fqdn(); + nohostname = gethostname(thost, sizeof(thost)); + if (nohostname) + user_host = user_shost = "localhost"; else { - if ((p = strchr(user_host, '.'))) { - *p = '\0'; - user_shost = estrdup(user_host); - *p = '.'; - } else { + user_host = estrdup(thost); + if (def_flag(I_FQDN)) { + /* Defer call to set_fqdn() until log_error() is safe. */ user_shost = user_host; + } else { + if ((p = strchr(user_host, '.'))) { + *p = '\0'; + user_shost = estrdup(user_host); + *p = '.'; + } else { + user_shost = user_host; + } } } @@ -503,10 +511,21 @@ log_error(0, "uid %ld does not exist in the passwd file!", (long) pw.pw_uid); } + if (user_shell == NULL || *user_shell == '\0') + user_shell = sudo_user.pw->pw_shell; /* It is now safe to use log_error() and set_perms() */ /* + * Must defer set_fqdn() until it is safe to call log_error() + */ + if (def_flag(I_FQDN)) + set_fqdn(); + + if (nohostname) + log_error(USE_ERRNO|MSG_ONLY, "can't get hostname"); + + /* * Get current working directory. Try as user, fall back to root. */ set_perms(PERM_USER, sudo_mode); @@ -521,12 +540,6 @@ set_perms(PERM_ROOT, sudo_mode); /* - * Load the list of local ip addresses and netmasks into - * the interfaces array. - */ - load_interfaces(); - - /* * If we were given the '-s' option (run shell) we need to redo * NewArgv and NewArgc. */ @@ -550,10 +563,43 @@ set_loginclass(sudo_user.pw); /* Resolve the path and return. */ - if ((sudo_mode & MODE_RUN)) - return(find_path(NewArgv[0], &user_cmnd)); - else - return(FOUND); + if ((sudo_mode & MODE_RUN)) { + /* XXX - should call this as runas user, not root. */ + rval = find_path(NewArgv[0], &user_cmnd, user_path); + if (rval != FOUND) { + /* Failed as root, try as invoking user. */ + set_perms(PERM_USER, sudo_mode); + rval = find_path(NewArgv[0], &user_cmnd, user_path); + set_perms(PERM_ROOT, sudo_mode); + } + + /* set user_args */ + if (NewArgc > 1) { + char *to, **from; + size_t size; + + /* If MODE_SHELL not set then NewArgv is contiguous so just count */ + if (!(sudo_mode & MODE_SHELL)) { + size = (size_t) (NewArgv[NewArgc-1] - NewArgv[1]) + + strlen(NewArgv[NewArgc-1]) + 1; + } else { + for (size = 0, from = NewArgv + 1; *from; from++) + size += strlen(*from) + 1; + } + + /* alloc and copy. */ + to = user_args = (char *) emalloc(size); + for (from = NewArgv + 1; *from; from++) { + (void) strcpy(to, *from); + to += strlen(*from); + *to++ = ' '; + } + *--to = '\0'; + } + } else + rval = FOUND; + + return(rval); } /* @@ -623,7 +669,7 @@ usage(1); login_class = NewArgv[1]; - def_flag(I_LOGINCLASS) = TRUE; + def_flag(I_USE_LOGINCLASS) = TRUE; /* Shift Argv over and adjust Argc. */ NewArgc--; @@ -684,6 +730,9 @@ case 'H': rval |= MODE_RESET_HOME; break; + case 'P': + rval |= MODE_PRESERVE_GROUPS; + break; case 'S': tgetpass_flags |= TGP_STDIN; break; @@ -713,70 +762,6 @@ } /* - * Add sudo-specific variables into the environment. - * Sets ``cmnd_args'' as a side effect. - */ -static void -add_env(contiguous) - int contiguous; -{ - char idstr[MAX_UID_T_LEN + 1]; - size_t size; - char *buf; - - /* Add the SUDO_COMMAND envariable (cmnd + args). */ - size = strlen(user_cmnd) + 1; - if (NewArgc > 1) { - char *to, **from; - - if (contiguous) { - size += (size_t) (NewArgv[NewArgc-1] - NewArgv[1]) + - strlen(NewArgv[NewArgc-1]) + 1; - } else { - for (from = &NewArgv[1]; *from; from++) - size += strlen(*from) + 1; - } - - buf = (char *) emalloc(size); - - /* - * Copy the command and it's arguments info buf. - */ - (void) strcpy(buf, user_cmnd); - to = buf + strlen(user_cmnd); - for (from = &NewArgv[1]; *from; from++) { - *to++ = ' '; - (void) strcpy(to, *from); - to += strlen(*from); - } - } else { - buf = user_cmnd; - } - sudo_setenv("SUDO_COMMAND", buf); - if (NewArgc > 1) - free(buf); - - /* Grab a pointer to the flat arg string from the environment. */ - if (NewArgc > 1 && (user_args = getenv("SUDO_COMMAND"))) { - if ((user_args = strchr(user_args, ' '))) - user_args++; - else - user_args = NULL; - } - - /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */ - sudo_setenv("SUDO_USER", user_name); - (void) sprintf(idstr, "%ld", (long) user_uid); - sudo_setenv("SUDO_UID", idstr); - (void) sprintf(idstr, "%ld", (long) user_gid); - sudo_setenv("SUDO_GID", idstr); - - /* Set PS1 if SUDO_PS1 is set. */ - if ((buf = getenv("SUDO_PS1"))) - sudo_setenv("PS1", buf); -} - -/* * Sanity check sudoers mode/owner/type. * Leaves a file pointer to the sudoers file open in ``fp''. */ @@ -858,177 +843,8 @@ } /* - * Remove environment variables that match the entries in badenv_table. - */ -static void -clean_env(envp, badenv_table) - char **envp; - struct env_table *badenv_table; -{ - struct env_table *bad; - char **cur; - - /* - * Remove any envars that match entries in badenv_table. - */ - for (cur = envp; *cur; cur++) { - for (bad = badenv_table; bad->name; bad++) { - if (strncmp(*cur, bad->name, bad->len) == 0) { - /* Got a match so remove it. */ - char **move; - - for (move = cur; *move; move++) - *move = *(move + 1); - - cur--; - - break; - } - } - } -} - -/* - * Set real and effective uids and gids based on perm. - */ -void -set_perms(perm, sudo_mode) - int perm; - int sudo_mode; -{ - struct passwd *pw; - - /* - * First, set real & effective uids to root. - * If perm is PERM_ROOT then we don't need to do anything else. - */ - if (setuid(0)) { - perror("setuid(0)"); - exit(1); - } - - switch (perm) { - case PERM_USER: - (void) setgid(user_gid); - - if (seteuid(user_uid)) { - perror("seteuid(user_uid)"); - exit(1); - } - break; - - case PERM_FULL_USER: - (void) setgid(user_gid); - - if (setuid(user_uid)) { - perror("setuid(user_uid)"); - exit(1); - } - break; - - case PERM_RUNAS: - /* XXX - add group/gid support */ - if (**user_runas == '#') { - if (setuid(atoi(*user_runas + 1))) { - (void) fprintf(stderr, - "%s: cannot set uid to %s: %s\n", - Argv[0], *user_runas, strerror(errno)); - exit(1); - } - } else { - if (!(pw = getpwnam(*user_runas))) { - (void) fprintf(stderr, - "%s: no passwd entry for %s!\n", - Argv[0], *user_runas); - exit(1); - } - - /* Set $USER and $LOGNAME to target user */ - if (def_flag(I_LOGNAME)) { - sudo_setenv("USER", pw->pw_name); - sudo_setenv("LOGNAME", pw->pw_name); - } - -#ifdef HAVE_LOGIN_CAP_H - if (def_flag(I_LOGINCLASS)) { - /* - * setusercontext() will set uid/gid/etc - * for us so no need to do it below. - */ - if (setusercontext(lc, pw, pw->pw_uid, - LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY)) - log_error( - NO_MAIL|USE_ERRNO|MSG_ONLY, - "setusercontext() failed for login class %s", - login_class); - else - break; - } -#endif /* HAVE_LOGIN_CAP_H */ - - if (setgid(pw->pw_gid)) { - (void) fprintf(stderr, - "%s: cannot set gid to %ld: %s\n", - Argv[0], (long) pw->pw_gid, - strerror(errno)); - exit(1); - } -#ifdef HAVE_INITGROUPS - /* - * Initialize group vector only if are - * going to run as a non-root user. - */ - if (strcmp(*user_runas, "root") != 0 && - initgroups(*user_runas, pw->pw_gid) - == -1) { - (void) fprintf(stderr, - "%s: cannot set group vector: %s\n", - Argv[0], strerror(errno)); - exit(1); - } -#endif /* HAVE_INITGROUPS */ - if (setuid(pw->pw_uid)) { - (void) fprintf(stderr, - "%s: cannot set uid to %ld: %s\n", - Argv[0], (long) pw->pw_uid, - strerror(errno)); - exit(1); - } - if (sudo_mode & MODE_RESET_HOME) - runas_homedir = pw->pw_dir; - } - break; - - case PERM_SUDOERS: - if (setgid(SUDOERS_GID)) { - perror("setgid(SUDOERS_GID)"); - exit(1); - } - - /* - * If SUDOERS_UID == 0 and SUDOERS_MODE - * is group readable we use a non-zero - * uid in order to avoid NFS lossage. - * Using uid 1 is a bit bogus but should - * work on all OS's. - */ - if (SUDOERS_UID == 0) { - if ((SUDOERS_MODE & 040) && seteuid(1)) { - perror("seteuid(1)"); - exit(1); - } - } else { - if (seteuid(SUDOERS_UID)) { - perror("seteuid(SUDOERS_UID)"); - exit(1); - } - } - break; - } -} - -/* * Close all open files (except std*) and turn off core dumps. + * Also sets the set_perms() pointer to the correct function. */ static void initial_setup() @@ -1037,9 +853,7 @@ #ifdef HAVE_SETRLIMIT struct rlimit rl; #endif -#ifdef POSIX_SIGNALS - struct sigaction sa; -#endif + sigaction_t sa; #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) /* @@ -1069,13 +883,18 @@ (void) close(fd); /* Catch children as they die... */ -#ifdef POSIX_SIGNALS - (void) memset((VOID *)&sa, 0, sizeof(sa)); + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; sa.sa_handler = reapchild; (void) sigaction(SIGCHLD, &sa, NULL); -#else - (void) signal(SIGCHLD, reapchild); -#endif /* POSIX_SIGNALS */ + + /* Set set_perms pointer to the correct function */ +#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION) + if (sysconf(_SC_SAVED_IDS) == 1 && sysconf(_SC_VERSION) >= 199009) + set_perms = set_perms_posix; + else +#endif + set_perms = set_perms_fallback; } #ifdef HAVE_LOGIN_CAP_H @@ -1111,7 +930,8 @@ lc = login_getclass(login_class); if (!lc || !lc->lc_class || strcmp(lc->lc_class, login_class) != 0) { log_error(errflags, "unknown login class: %s", login_class); - lc = login_getclass(NULL); /* Fall back on default login class */ + if (!lc) + lc = login_getclass(NULL); /* needed for login_getstyle() later */ } } #else @@ -1131,17 +951,15 @@ struct hostent *hp; char *p; - if (def_flag(I_FQDN)) { - if (!(hp = gethostbyname(user_host))) { - log_error(USE_ERRNO|MSG_ONLY|NO_EXIT, - "unable to lookup %s via gethostbyname()", user_host); - } else { - free(user_host); - user_host = estrdup(hp->h_name); - } + if (!(hp = gethostbyname(user_host))) { + log_error(MSG_ONLY|NO_EXIT, + "unable to lookup %s via gethostbyname()", user_host); + } else { + if (user_shost != user_host) + free(user_shost); + free(user_host); + user_host = estrdup(hp->h_name); } - if (user_shost != user_host) - free(user_shost); if ((p = strchr(user_host, '.'))) { *p = '\0'; user_shost = estrdup(user_host); @@ -1164,9 +982,9 @@ if ((pw = sudo_getpwuid(0)) == NULL) log_error(0, "uid 0 does not exist in the passwd file!"); } else if (def_ival(I_RUNASPW)) { - if ((pw = sudo_getpwnam(def_str(I_RUNAS_DEF))) == NULL) + if ((pw = sudo_getpwnam(def_str(I_RUNAS_DEFAULT))) == NULL) log_error(0, "user %s does not exist in the passwd file!", - def_str(I_RUNAS_DEF)); + def_str(I_RUNAS_DEFAULT)); } else if (def_ival(I_TARGETPW)) { if (**user_runas == '#') { if ((pw = sudo_getpwuid(atoi(*user_runas + 1))) == NULL) @@ -1204,7 +1022,7 @@ { (void) fprintf(stderr, "usage: sudo -V | -h | -L | -l | -v | -k | -K | %s", - "[-H] [-S] [-b] [-p prompt]\n [-u username/#uid] "); + "[-H] [-P] [-S] [-b] [-p prompt]\n [-u username/#uid] "); #ifdef HAVE_LOGIN_CAP_H (void) fprintf(stderr, "[-c class] "); #endif Index: usr.bin/sudo/sudo.h =================================================================== RCS file: /cvs/src/usr.bin/sudo/sudo.h,v retrieving revision 1.6 diff -u -r1.6 sudo.h --- usr.bin/sudo/sudo.h 21 Nov 2000 17:58:44 -0000 1.6 +++ usr.bin/sudo/sudo.h 17 Jan 2002 01:05:35 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994-1996,1998-2000 Todd C. Miller + * Copyright (c) 1993-1996,1998-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: sudo.h,v 1.172 2000/03/07 04:29:46 millert Exp $ + * $Sudo: sudo.h,v 1.184 2002/01/16 21:27:09 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -47,6 +47,9 @@ */ struct sudo_user { struct passwd *pw; + struct passwd *_runas_pw; + char *path; + char *shell; char *tty; char cwd[MAXPATHLEN]; char *host; @@ -90,27 +93,29 @@ /* * Various modes sudo can be in (based on arguments) in octal */ -#define MODE_RUN 00001 -#define MODE_VALIDATE 00002 -#define MODE_INVALIDATE 00004 -#define MODE_KILL 00010 -#define MODE_VERSION 00020 -#define MODE_HELP 00040 -#define MODE_LIST 00100 -#define MODE_LISTDEFS 00200 -#define MODE_BACKGROUND 00400 -#define MODE_SHELL 01000 -#define MODE_IMPLIED_SHELL 02000 -#define MODE_RESET_HOME 04000 +#define MODE_RUN 000001 +#define MODE_VALIDATE 000002 +#define MODE_INVALIDATE 000004 +#define MODE_KILL 000010 +#define MODE_VERSION 000020 +#define MODE_HELP 000040 +#define MODE_LIST 000100 +#define MODE_LISTDEFS 000200 +#define MODE_BACKGROUND 000400 +#define MODE_SHELL 001000 +#define MODE_IMPLIED_SHELL 002000 +#define MODE_RESET_HOME 004000 +#define MODE_PRESERVE_GROUPS 010000 /* * Used with set_perms() */ #define PERM_ROOT 0x00 -#define PERM_USER 0x01 -#define PERM_FULL_USER 0x02 -#define PERM_SUDOERS 0x03 -#define PERM_RUNAS 0x04 +#define PERM_FULL_ROOT 0x01 +#define PERM_USER 0x02 +#define PERM_FULL_USER 0x03 +#define PERM_SUDOERS 0x04 +#define PERM_RUNAS 0x05 /* * Shortcuts for sudo_user contents. @@ -119,18 +124,20 @@ #define user_passwd (sudo_user.pw->pw_passwd) #define user_uid (sudo_user.pw->pw_uid) #define user_gid (sudo_user.pw->pw_gid) -#define user_shell (sudo_user.pw->pw_shell) #define user_dir (sudo_user.pw->pw_dir) +#define user_shell (sudo_user.shell) #define user_tty (sudo_user.tty) #define user_cwd (sudo_user.cwd) #define user_runas (sudo_user.runas) #define user_cmnd (sudo_user.cmnd) #define user_args (sudo_user.cmnd_args) +#define user_path (sudo_user.path) #define user_prompt (sudo_user.prompt) #define user_host (sudo_user.host) #define user_shost (sudo_user.shost) #define safe_cmnd (sudo_user.cmnd_safe) #define login_class (sudo_user.class_name) +#define runas_pw (sudo_user._runas_pw) /* * We used to use the system definition of PASS_MAX or _PASSWD_LEN, @@ -173,9 +180,6 @@ #ifndef HAVE_GETCWD char *getcwd __P((char *, size_t size)); #endif -#if !defined(HAVE_PUTENV) && !defined(HAVE_SETENV) -int putenv __P((const char *)); -#endif #ifndef HAVE_SNPRINTF int snprintf __P((char *, size_t, const char *, ...)); #endif @@ -192,13 +196,13 @@ int strcasecmp __P((const char *, const char *)); #endif char *sudo_goodpath __P((const char *)); -void sudo_setenv __P((char *, char *)); char *tgetpass __P((const char *, int, int)); -int find_path __P((char *, char **)); +int find_path __P((char *, char **, char *)); void check_user __P((void)); void verify_user __P((struct passwd *, char *)); int sudoers_lookup __P((int)); -void set_perms __P((int, int)); +void set_perms_posix __P((int, int)); +void set_perms_fallback __P((int, int)); void remove_timestamp __P((int)); int check_secureware __P((char *)); void sia_attempt_auth __P((void)); @@ -210,13 +214,16 @@ char *estrdup __P((const char *)); int easprintf __P((char **, const char *, ...)); int evasprintf __P((char **, const char *, va_list)); +void dump_badenv __P((void)); void dump_defaults __P((void)); void dump_auth_methods __P((void)); +void init_envtables __P((void)); int lock_file __P((int, int)); int touch __P((char *, time_t)); int user_is_exempt __P((void)); void set_fqdn __P((void)); char *sudo_getepw __P((struct passwd *)); +int pam_prep_user __P((struct passwd *)); YY_DECL; /* Only provide extern declarations outside of sudo.c. */ @@ -228,6 +235,8 @@ extern char **Argv; extern FILE *sudoers_fp; extern int tgetpass_flags; + +extern void (*set_perms) __P((int, int)); #endif extern int errno; Index: usr.bin/sudo/sudo_setenv.c =================================================================== RCS file: usr.bin/sudo/sudo_setenv.c diff -N usr.bin/sudo/sudo_setenv.c --- usr.bin/sudo/sudo_setenv.c 21 Nov 2000 17:58:44 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,100 +0,0 @@ -/* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * 4. Products derived from this software may not be called "Sudo" nor - * may "Sudo" appear in their names without specific prior written - * permission from the author. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "config.h" - -#include -#ifdef STDC_HEADERS -#include -#endif /* STDC_HEADERS */ -#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) -#include -#endif /* HAVE_MALLOC_H && !STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ -#include -#include - -#include "sudo.h" - -#ifndef STDC_HEADERS -#ifdef HAVE_PUTENV -extern int putenv __P((const char *)); -#endif /* HAVE_PUTENV */ -#ifdef HAVE_SETENV -extern int setenv __P((char *, char *, int)); -#endif /* HAVE_SETENV */ -#endif /* !STDC_HEADERS */ - -#ifndef lint -static const char rcsid[] = "$Sudo: sudo_setenv.c,v 1.41 2000/09/14 20:48:58 millert Exp $"; -#endif /* lint */ - - -/* - * Add a string of the form "var=val" to the environment. Exits if it is - * unable to expand the current environent. - */ -void -sudo_setenv(var, val) - char *var; - char *val; -{ - -#ifdef HAVE_SETENV - if (setenv(var, val, 1) == -1) { - (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); - exit(1); - } -#else - char *envstring, *tmp; - - envstring = tmp = (char *) malloc(strlen(var) + strlen(val) + 2); - if (envstring == NULL) { - (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); - exit(1); - } - - while ((*tmp++ = *var++)) - ; - - *(tmp-1) = '='; - - while ((*tmp++ = *val++)) - ; - - putenv(envstring); -#endif /* HAVE_SETENV */ -} Index: usr.bin/sudo/sudoers =================================================================== RCS file: /cvs/src/usr.bin/sudo/sudoers,v retrieving revision 1.2 diff -u -r1.2 sudoers --- usr.bin/sudo/sudoers 16 Aug 2001 14:34:54 -0000 1.2 +++ usr.bin/sudo/sudoers 16 Jan 2002 19:09:15 -0000 @@ -11,6 +11,8 @@ # Cmnd alias specification +# Defaults specification + # User privilege specification root ALL=(ALL) ALL Index: usr.bin/sudo/sudoers.5 =================================================================== RCS file: /cvs/src/usr.bin/sudo/sudoers.5,v retrieving revision 1.8 diff -u -r1.8 sudoers.5 --- usr.bin/sudo/sudoers.5 28 Sep 2001 06:46:25 -0000 1.8 +++ usr.bin/sudo/sudoers.5 17 Jan 2002 01:05:35 -0000 @@ -1,27 +1,9 @@ -.rn '' }` -''' $RCSfile: sudoers.5,v $$Revision: 1.8 $$Date: 2001/09/28 06:46:25 $ -''' -''' $Log: sudoers.5,v $ -''' Revision 1.8 2001/09/28 06:46:25 jufi -''' -''' semicolon -> colon -''' detected by mihaak@lecturax.tmfweb.nl -''' -''' Revision 1.7 2001/09/17 23:49:21 pjanzen -''' Typo and grammar fixes, one from PR/2058 (Dennis Schwarz); ok millert@ -''' -''' Revision 1.6 2001/01/09 18:15:31 krw -''' Typos: 'eg.' -> 'e.g.' -''' -''' Revision 1.5 2000/03/27 03:44:39 millert -''' sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list -''' of changes. -''' -''' Revision 1.5 2000/03/27 03:26:23 millert -''' Use 8 and 5 in the man page bodies as well. -''' -''' -.de Sh +.\" Automatically generated by Pod::Man version 1.15 +.\" Wed Jan 16 16:36:10 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading .br .if t .Sp .ne 5 @@ -29,150 +11,106 @@ \fB\\$1\fR .PP .. -.de Sp +.de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. -.de Ip +.de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. -.de Vb +.de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. -.de Ve +.de Ve \" End verbatim text .ft R .fi .. -''' -''' -''' Set up \*(-- to give an unbreakable dash; -''' string Tr holds user defined translation string. -''' Bell System Logo is used as a dummy character. -''' +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> .tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ -.ds -- \(*W- -.ds PI pi -.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -.ds L" "" -.ds R" "" -''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of -''' \*(L" and \*(R", except that they are used on ".xx" lines, -''' such as .IP and .SH, which do another additional levels of -''' double-quote interpretation -.ds M" """ -.ds S" """ -.ds N" """"" -.ds T" """"" -.ds L' ' -.ds R' ' -.ds M' ' -.ds S' ' -.ds N' ' -.ds T' ' +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` +. ds C' 'br\} .el\{\ -.ds -- \(em\| -.tr \*(Tr -.ds L" `` -.ds R" '' -.ds M" `` -.ds S" '' -.ds N" `` -.ds T" '' -.ds L' ` -.ds R' ' -.ds M' ` -.ds S' ' -.ds N' ` -.ds T' ' -.ds PI \(*p +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' 'br\} -.\" If the F register is turned on, we'll generate -.\" index entries out stderr for the following things: -.\" TH Title -.\" SH Header -.\" Sh Subsection -.\" Ip Item -.\" X<> Xref (embedded -.\" Of course, you have to process the output yourself -.\" in some meaningful fashion. -.if \nF \{ -.de IX -.tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -.nr % 0 -.rr F +. nr % 0 +. rr F .\} -.TH sudoers 5 "1.6.3" "26/Mar/2000" "FILE FORMATS" -.UC -.if n .hy 0 +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 .if n .na -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.de CQ \" put $1 in typewriter font -.ft CW -'if n "\c -'if t \\&\\$1\c -'if n \\&\\$1\c -'if n \&" -\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 -'.ft R -.. -.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 -. \" AM - accent mark definitions +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. .bd B 3 -. \" fudge factors for nroff and troff +. \" fudge factors for nroff and troff .if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP .\} .if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& .\} -. \" simple accents for nroff and troff +. \" simple accents for nroff and troff .if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds ? ? -. ds ! ! -. ds / -. ds q +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / .\} .if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' -. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} -. \" troff and (daisy-wheel) nroff accents +. \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] -.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' -.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' -.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' @@ -180,42 +118,41 @@ .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E -.ds oe o\h'-(\w'o'u*4/10)'e -.ds Oe O\h'-(\w'O'u*4/10)'E -. \" corrections for vroff +. \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) +. \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ -. ds : e -. ds 8 ss -. ds v \h'-1'\o'\(aa\(ga' -. ds _ \h'-1'^ -. ds . \h'-1'. -. ds 3 3 -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -. ds oe oe -. ds Oe OE +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE .\} .rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "sudoers 5" +.TH sudoers 5 "1.6.5" "January 16, 2002" "MAINTENANCE COMMANDS" +.UC .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" +.IX Header "DESCRIPTION" The \fIsudoers\fR file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what). The grammar of \fIsudoers\fR -will be described below in Extended Backus-Naur Form (EBNF). -Don't despair if you don't know what EBNF is; it is fairly +will be described below in Extended Backus-Naur Form (\s-1EBNF\s0). +Don't despair if you don't know what \s-1EBNF\s0 is; it is fairly simple, and the definitions below are annotated. .Sh "Quick guide to \s-1EBNF\s0" -\s-1EBNF\s0 is a concise and exact way of describing the grammar of a language. +.IX Subsection "Quick guide to EBNF" +\&\s-1EBNF\s0 is a concise and exact way of describing the grammar of a language. Each \s-1EBNF\s0 definition is made up of \fIproduction rules\fR. E.g., .PP .Vb 1 @@ -226,13 +163,16 @@ operators, which many readers will recognize from regular expressions. Do not, however, confuse them with \*(L"wildcard\*(R" characters, which have different meanings. -.Ip "\f(CW?\fR" 8 +.Ip "\f(CW\*(C`?\*(C'\fR" 8 +.IX Item "?" Means that the preceding symbol (or group of symbols) is optional. That is, it may appear once or not at all. -.Ip "\f(CW*\fR" 8 +.Ip "\f(CW\*(C`*\*(C'\fR" 8 +.IX Item "*" Means that the preceding symbol (or group of symbols) may appear zero or more times. -.Ip "\f(CW+\fR" 8 +.Ip "\f(CW\*(C`+\*(C'\fR" 8 +.IX Item "+" Means that the preceding symbol (or group of symbols) may appear one or more times. .PP @@ -240,20 +180,21 @@ we will use single quotes ('') to designate what is a verbatim character string (as opposed to a symbol name). .Sh "Aliases" -There are four kinds of aliases: \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR, -\f(CWHost_Alias\fR and \f(CWCmnd_Alias\fR. +.IX Subsection "Aliases" +There are four kinds of aliases: \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, +\&\f(CW\*(C`Host_Alias\*(C'\fR and \f(CW\*(C`Cmnd_Alias\*(C'\fR. .PP .Vb 4 -\& Alias ::= 'User_Alias' = User_Alias (':' User_Alias)* | -\& 'Runas_Alias' = Runas_Alias (':' Runas_Alias)* | -\& 'Host_Alias' = Host_Alias (':' Host_Alias)* | -\& 'Cmnd_Alias' = Cmnd_Alias (':' Cmnd_Alias)* +\& Alias ::= 'User_Alias' User_Alias (':' User_Alias)* | +\& 'Runas_Alias' Runas_Alias (':' Runas_Alias)* | +\& 'Host_Alias' Host_Alias (':' Host_Alias)* | +\& 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)* .Ve .Vb 1 \& User_Alias ::= NAME '=' User_List .Ve .Vb 1 -\& Runas_Alias ::= NAME '=' Runas_User_List +\& Runas_Alias ::= NAME '=' Runas_List .Ve .Vb 1 \& Host_Alias ::= NAME '=' Host_List @@ -269,9 +210,9 @@ .Vb 1 \& Alias_Type NAME = item1, item2, ... .Ve -where \fIAlias_Type\fR is one of \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR, \f(CWHost_Alias\fR, -or \f(CWCmnd_Alias\fR. A \f(CWNAME\fR is a string of uppercase letters, numbers, -and the underscore characters ('_'). A \f(CWNAME\fR \fBmust\fR start with an +where \fIAlias_Type\fR is one of \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, \f(CW\*(C`Host_Alias\*(C'\fR, +or \f(CW\*(C`Cmnd_Alias\*(C'\fR. A \f(CW\*(C`NAME\*(C'\fR is a string of uppercase letters, numbers, +and the underscore characters ('_'). A \f(CW\*(C`NAME\*(C'\fR \fBmust\fR start with an uppercase letter. It is possible to put several alias definitions of the same type on a single line, joined by a colon (':'). E.g., .PP @@ -284,18 +225,17 @@ \& User_List ::= User | \& User ',' User_List .Ve -.Vb 5 +.Vb 4 \& User ::= '!'* username | -\& '!'* '#'uid | \& '!'* '%'group | \& '!'* '+'netgroup | \& '!'* User_Alias .Ve -A \f(CWUser_List\fR is made up of one or more usernames, uids -(prefixed with \*(L'#'), System groups (prefixed with \*(L'%'), -netgroups (prefixed with \*(L'+') and other aliases. Each list -item may be prefixed with one or more \*(L'!\*(R' operators. An odd number -of \*(L'!\*(R' operators negate the value of the item; an even number +A \f(CW\*(C`User_List\*(C'\fR is made up of one or more usernames, uids +(prefixed with '#'), System groups (prefixed with '%'), +netgroups (prefixed with '+') and other aliases. Each list +item may be prefixed with one or more '!' operators. An odd number +of '!' operators negate the value of the item; an even number just cancel each other out. .PP .Vb 2 @@ -309,9 +249,9 @@ \& '!'* +netgroup | \& '!'* Runas_Alias .Ve -Likewise, a \f(CWRunas_List\fR has the same possible elements -as a \f(CWUser_List\fR, except that it can include a \f(CWRunas_Alias\fR, -instead of a \f(CWUser_Alias\fR. +A \f(CW\*(C`Runas_List\*(C'\fR is similar to a \f(CW\*(C`User_List\*(C'\fR except that it can +also contain uids (prefixed with '#') and instead of \f(CW\*(C`User_Alias\*(C'\fRes +it can contain \f(CW\*(C`Runas_Alias\*(C'\fRes. .PP .Vb 2 \& Host_List ::= Host | @@ -324,15 +264,15 @@ \& '!'* '+'netgroup | \& '!'* Host_Alias .Ve -A \f(CWHost_List\fR is made up of one or more hostnames, \s-1IP\s0 addresses, -network numbers, netgroups (prefixed with \*(L'+') and other aliases. -Again, the value of an item may be negated with the \*(L'!\*(R' operator. +A \f(CW\*(C`Host_List\*(C'\fR is made up of one or more hostnames, \s-1IP\s0 addresses, +network numbers, netgroups (prefixed with '+') and other aliases. +Again, the value of an item may be negated with the '!' operator. If you do not specify a netmask with a network number, the netmask of the host's ethernet \fIinterface\fR\|(s) will be used when matching. The netmask may be specified either in dotted quad notation (e.g. 255.255.255.0) or \s-1CIDR\s0 notation (number of bits, e.g. 24). A hostname -may include shell-style wildcards (see `Wildcards\*(R' section below), -but unless the \f(CWhostname\fR command on your machine returns the fully +may include shell-style wildcards (see `Wildcards' section below), +but unless the \f(CW\*(C`hostname\*(C'\fR command on your machine returns the fully qualified hostname, you'll need to use the \fIfqdn\fR option for wildcards to be useful. .PP @@ -350,25 +290,26 @@ \& '!'* directory | \& '!'* Cmnd_Alias .Ve -A \f(CWCmnd_List\fR is a list of one or more commandnames, directories, and other +A \f(CW\*(C`Cmnd_List\*(C'\fR is a list of one or more commandnames, directories, and other aliases. A commandname is a fully qualified filename which may include -shell-style wildcards (see `Wildcards\*(R' section below). A simple +shell-style wildcards (see `Wildcards' section below). A simple filename allows the user to run the command with any arguments he/she -wishes. However, you may also command line arguments (including wildcards). -Alternately, you can specify \f(CW""\fR to indicate that the command +wishes. However, you may also specify command line arguments (including +wildcards). Alternately, you can specify \f(CW\*(C`""\*(C'\fR to indicate that the command may only be run \fBwithout\fR command line arguments. A directory is a -fully qualified pathname ending in a \*(L'/\*(R'. When you specify a directory -in a \f(CWCmnd_List\fR, the user will be able to run any file within that directory +fully qualified pathname ending in a '/'. When you specify a directory +in a \f(CW\*(C`Cmnd_List\*(C'\fR, the user will be able to run any file within that directory (but not in any subdirectories therein). .PP -If a \f(CWCmnd\fR has associated command line arguments, then the arguments -in the \f(CWCmnd\fR must match exactly those given by the user on the command line +If a \f(CW\*(C`Cmnd\*(C'\fR has associated command line arguments, then the arguments +in the \f(CW\*(C`Cmnd\*(C'\fR must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following -characters must be escaped with a \*(L'\e\*(R' if they are used in command -arguments: \*(L',\*(R', \*(L':\*(R', \*(L'=\*(R', \*(L'\e\*(R'. +characters must be escaped with a '\e' if they are used in command +arguments: ',', ':', '=', '\e'. .Sh "Defaults" +.IX Subsection "Defaults" Certain configuration options may be changed from their default -values at runtime via one or more \f(CWDefault_Entry\fR lines. These +values at runtime via one or more \f(CW\*(C`Default_Entry\*(C'\fR lines. These may affect all users on any host, all users on a specific host, or just a specific user. When multiple entries match, they are applied in order. Where there are conflicting values, the last @@ -382,261 +323,403 @@ .Vb 1 \& Default_Entry ::= Default_Type Parameter_List .Ve -.Vb 2 +.Vb 4 \& Parameter ::= Parameter '=' Value || +\& Parameter '+=' Value || +\& Parameter '-=' Value || \& '!'* Parameter || .Ve -Parameters may be \fBflags\fR, \fBinteger\fR values, or \fBstrings\fR. Flags -are implicitly boolean and can be turned off via the \*(L'!\*(R' operator. -Some integer and string parameters may also be used in a boolean -context to disable them. Values may be enclosed in double quotes -(\f(CW"\fR) when they contain multiple words. Special characters may -be escaped with a backslash (\f(CW\e\fR). +Parameters may be \fBflags\fR, \fBinteger\fR values, \fBstrings\fR, or \fBlists\fR. +Flags are implicitly boolean and can be turned off via the '!' +operator. Some integer, string and list parameters may also be +used in a boolean context to disable them. Values may be enclosed +in double quotes (\f(CW\*(C`"\*(C'\fR) when they contain multiple words. Special +characters may be escaped with a backslash (\f(CW\*(C`\e\*(C'\fR). +.PP +Lists have two additional assignment operators, \f(CW\*(C`+=\*(C'\fR and \f(CW\*(C`\-=\*(C'\fR. +These operators are used to add to and delete from a list respectively. +It is not an error to use the \f(CW\*(C`\-=\*(C'\fR operator to remove an element +that does not exist in a list. +.PP +Note that since the \fIsudoers\fR file is parsed in order the best place +to put the Defaults section is after the Host, User, and Cmnd aliases +but before the user specifications. .PP -\fBFlags\fR: +\&\fBFlags\fR: .Ip "long_otp_prompt" 12 +.IX Item "long_otp_prompt" When validating with a One Time Password scheme (\fBS/Key\fR or \fB\s-1OPIE\s0\fR), a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but -some people find it more convenient. This flag is off by default. +some people find it more convenient. This flag is \fIoff\fR +by default. .Ip "ignore_dot" 12 -If set, \fBsudo\fR will ignore \*(L'.\*(R' or \*(L'\*(R' (current dir) in \f(CW$PATH\fR; -the \f(CW$PATH\fR itself is not modified. This flag is off by default. +.IX Item "ignore_dot" +If set, \fBsudo\fR will ignore '.' or '' (current dir) in the \f(CW\*(C`PATH\*(C'\fR +environment variable; the \f(CW\*(C`PATH\*(C'\fR itself is not modified. This +flag is \fIoff\fR by default. .Ip "mail_always" 12 +.IX Item "mail_always" Send mail to the \fImailto\fR user every time a users runs \fBsudo\fR. -This flag is off by default. +This flag is \fIoff\fR by default. +.Ip "mail_badpass" 12 +.IX Item "mail_badpass" +Send mail to the \fImailto\fR user if the user running sudo does not +enter the correct password. This flag is \fIoff\fR by default. .Ip "mail_no_user" 12 +.IX Item "mail_no_user" If set, mail will be sent to the \fImailto\fR user if the invoking -user is not in the \fIsudoers\fR file. This flag is on by default. +user is not in the \fIsudoers\fR file. This flag is \fIon\fR +by default. .Ip "mail_no_host" 12 +.IX Item "mail_no_host" If set, mail will be sent to the \fImailto\fR user if the invoking user exists in the \fIsudoers\fR file, but is not allowed to run -commands on the current host. This flag is off by default. +commands on the current host. This flag is \fIoff\fR by default. .Ip "mail_no_perms" 12 +.IX Item "mail_no_perms" If set, mail will be sent to the \fImailto\fR user if the invoking user allowed to use \fBsudo\fR but the command they are trying is not -listed in their \fIsudoers\fR file entry. This flag is off by default. +listed in their \fIsudoers\fR file entry. This flag is \fIoff\fR +by default. .Ip "tty_tickets" 12 +.IX Item "tty_tickets" If set, users must authenticate on a per-tty basis. Normally, -\fBsudo\fR uses a directory in the ticket dir with the same name as +\&\fBsudo\fR uses a directory in the ticket dir with the same name as the user running it. With this flag enabled, \fBsudo\fR will use a file named for the tty the user is logged in on in that directory. -This flag is off by default. +This flag is \fIoff\fR by default. .Ip "lecture" 12 +.IX Item "lecture" If set, a user will receive a short lecture the first time he/she -runs \fBsudo\fR. This flag is on by default. +runs \fBsudo\fR. This flag is \fIon\fR by default. .Ip "authenticate" 12 +.IX Item "authenticate" If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default -may be overridden via the \f(CWPASSWD\fR and \f(CWNOPASSWD\fR tags. -This flag is on by default. +may be overridden via the \f(CW\*(C`PASSWD\*(C'\fR and \f(CW\*(C`NOPASSWD\*(C'\fR tags. +This flag is \fIon\fR by default. .Ip "root_sudo" 12 +.IX Item "root_sudo" If set, root is allowed to run \fBsudo\fR too. Disabling this prevents users from \*(L"chaining\*(R" \fBsudo\fR commands to get a root shell by doing something -like \f(CW"sudo sudo /bin/sh"\fR. -This flag is on by default. +like \f(CW\*(C`"sudo sudo /bin/sh"\*(C'\fR. +This flag is \fIon\fR by default. .Ip "log_host" 12 +.IX Item "log_host" If set, the hostname will be logged in the (non-syslog) \fBsudo\fR log file. -This flag is off by default. +This flag is \fIoff\fR by default. .Ip "log_year" 12 +.IX Item "log_year" If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR log file. -This flag is off by default. +This flag is \fIoff\fR by default. .Ip "shell_noargs" 12 +.IX Item "shell_noargs" If set and \fBsudo\fR is invoked with no arguments it acts as if the -\f(CW-s\fR flag had been given. That is, it runs a shell as root (the -shell is determined by the \f(CWSHELL\fR environment variable if it is +\&\fB\-s\fR flag had been given. That is, it runs a shell as root (the +shell is determined by the \f(CW\*(C`SHELL\*(C'\fR environment variable if it is set, falling back on the shell listed in the invoking user's -/etc/passwd entry if not). This flag is off by default. +/etc/passwd entry if not). This flag is \fIoff\fR by default. .Ip "set_home" 12 -If set and \fBsudo\fR is invoked with the \f(CW-s\fR flag the \f(CWHOME\fR +.IX Item "set_home" +If set and \fBsudo\fR is invoked with the \fB\-s\fR flag the \f(CW\*(C`HOME\*(C'\fR environment variable will be set to the home directory of the target -user (which is root unless the \f(CW-u\fR option is used). This effectively -makes the \f(CW-s\fR flag imply \f(CW-H\fR. This flag is off by default. +user (which is root unless the \fB\-u\fR option is used). This effectively +makes the \fB\-s\fR flag imply \fB\-H\fR. This flag is \fIoff\fR by default. +.Ip "always_set_home" 12 +.IX Item "always_set_home" +If set, \fBsudo\fR will set the \f(CW\*(C`HOME\*(C'\fR environment variable to the home +directory of the target user (which is root unless the \fB\-u\fR option is used). +This effectively means that the \fB\-H\fR flag is always implied. +This flag is \fIoff\fR by default. .Ip "path_info" 12 +.IX Item "path_info" Normally, \fBsudo\fR will tell the user when a command could not be -found in their \f(CW$PATH\fR. Some sites may wish to disable this as -it could be used to gather information on the location of executables -that the normal user does not have access to. The disadvantage is -that if the executable is simply not in the user's \f(CW$PATH\fR, \fBsudo\fR -will tell the user that they are not allowed to run it, which can -be confusing. This flag is off by default. +found in their \f(CW\*(C`PATH\*(C'\fR environment variable. Some sites may wish +to disable this as it could be used to gather information on the +location of executables that the normal user does not have access +to. The disadvantage is that if the executable is simply not in +the user's \f(CW\*(C`PATH\*(C'\fR, \fBsudo\fR will tell the user that they are not +allowed to run it, which can be confusing. This flag is \fIoff\fR by +default. +.Ip "preserve_groups" 12 +.IX Item "preserve_groups" +By default \fBsudo\fR will initialize the group vector to the list of +groups the target user is in. When \fIpreserve_groups\fR is set, the +user's existing group vector is left unaltered. The real and +effective group IDs, however, are still set to match the target +user. This flag is \fIoff\fR by default. .Ip "fqdn" 12 +.IX Item "fqdn" Set this flag if you want to put fully qualified hostnames in the -\fIsudoers\fR file. I.e.: instead of myhost you would use myhost.mydomain.edu. +\&\fIsudoers\fR file. I.e.: instead of myhost you would use myhost.mydomain.edu. You may still use the short form if you wish (and even mix the two). Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example if the machine is not plugged into the network). Also note that you must use the host's official name as \s-1DNS\s0 knows it. That is, -you may not use a host alias (\f(CWCNAME\fR entry) due to performance +you may not use a host alias (\f(CW\*(C`CNAME\*(C'\fR entry) due to performance issues and the fact that there is no way to get all aliases from -\s-1DNS\s0. If your machine's hostname (as returned by the \f(CWhostname\fR +\&\s-1DNS\s0. If your machine's hostname (as returned by the \f(CW\*(C`hostname\*(C'\fR command) is already fully qualified you shouldn't need to set -\fIfqfn\fR. This flag is off by default. +\&\fIfqdn\fR. This flag is \fIoff\fR by default. .Ip "insults" 12 +.IX Item "insults" If set, \fBsudo\fR will insult users when they enter an incorrect -password. This flag is off by default. +password. This flag is \fIon\fR by default. .Ip "requiretty" 12 +.IX Item "requiretty" If set, \fBsudo\fR will only run when the user is logged in to a real -tty. This will disallow things like \f(CW"rsh somehost sudo ls"\fR since -\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn +tty. This will disallow things like \f(CW\*(C`"rsh somehost sudo ls"\*(C'\fR since +\&\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn of echo when there is no tty present, some sites may with to set this flag to prevent a user from entering a visible password. This -flag is off by default. +flag is \fIoff\fR by default. .Ip "env_editor" 12 -If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 environment -falling back on the default editor. Note that this may create a -security hole as most editors allow a user to get a shell (which -would be a root shell and not be logged). +.IX Item "env_editor" +If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 +environment variables before falling back on the default editor list. +Note that this may create a security hole as it allows the user to +run any arbitrary command as root without logging. A safer alternative +is to place a colon-separated list of editors in the \f(CW\*(C`editor\*(C'\fR +variable. \fBvisudo\fR will then only use the \s-1EDITOR\s0 or \s-1VISUAL\s0 if +they match a value specified in \f(CW\*(C`editor\*(C'\fR. This flag is \f(CW\*(C`on\*(C'\fR by +default. .Ip "rootpw" 12 +.IX Item "rootpw" If set, \fBsudo\fR will prompt for the root password instead of the password -of the invoking user. +of the invoking user. This flag is \fIoff\fR by default. .Ip "runaspw" 12 +.IX Item "runaspw" If set, \fBsudo\fR will prompt for the password of the user defined by the -\fIrunas_default\fR option (defaults to root) instead of the password -of the invoking user. +\&\fIrunas_default\fR option (defaults to \f(CW\*(C`root\*(C'\fR) instead of the password +of the invoking user. This flag is \fIoff\fR by default. .Ip "targetpw" 12 +.IX Item "targetpw" If set, \fBsudo\fR will prompt for the password of the user specified by -the \f(CW-u\fR flag (defaults to root) instead of the password of the -invoking user. +the \fB\-u\fR flag (defaults to \f(CW\*(C`root\*(C'\fR) instead of the password of the +invoking user. This flag is \fIoff\fR by default. .Ip "set_logname" 12 -Normally, \fBsudo\fR will set the \f(CWLOGNAME\fR and \f(CWUSER\fR environment variables -to the name of the target user (usually root unless the \f(CW-u\fR flag is given). +.IX Item "set_logname" +Normally, \fBsudo\fR will set the \f(CW\*(C`LOGNAME\*(C'\fR and \f(CW\*(C`USER\*(C'\fR environment variables +to the name of the target user (usually root unless the \fB\-u\fR flag is given). However, since some programs (including the \s-1RCS\s0 revision control system) -use \f(CWLOGNAME\fR to determine the real identity of the user, it may be desirable +use \f(CW\*(C`LOGNAME\*(C'\fR to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname option. +.Ip "stay_setuid" 12 +.IX Item "stay_setuid" +Normally, when \fBsudo\fR executes a command the real and effective +UIDs are set to the target user (root by default). This option +changes that behavior such that the real \s-1UID\s0 is left as the invoking +user's \s-1UID\s0. In other words, this makes \fBsudo\fR act as a setuid +wrapper. This can be useful on systems that disable some potentially +dangerous functionality when a program is run setuid. Note, however, +that this means that sudo will run with the real uid of the invoking +user which may allow that user to kill \fBsudo\fR before it can log a +failure, depending on how your \s-1OS\s0 defines the interaction between +signals and setuid processes. +.Ip "env_reset" 12 +.IX Item "env_reset" +If set, \fBsudo\fR will reset the environment to only contain the +following variables: \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`TERM\*(C'\fR, +and \f(CW\*(C`USER\*(C'\fR (in addition to the \f(CW\*(C`SUDO_*\*(C'\fR variables). +Of these, only \f(CW\*(C`TERM\*(C'\fR is copied unaltered from the old environment. +The other variables are set to default values (possibly modified +by the value of the \fIset_logname\fR option). If \fBsudo\fR was compiled +with the \f(CW\*(C`SECURE_PATH\*(C'\fR option, its value will be used for the \f(CW\*(C`PATH\*(C'\fR +environment variable. +Other variables may be preserved with the \fIenv_keep\fR option. +.Ip "use_loginclass" 12 +.IX Item "use_loginclass" +If set, \fBsudo\fR will apply the defaults specified for the target user's +login class if one exists. Only available if \fBsudo\fR is configured with +the \-\-with-logincap option. This flag is \fIoff\fR by default. .PP -\fBIntegers\fR: +\&\fBIntegers\fR: .Ip "passwd_tries" 12 +.IX Item "passwd_tries" The number of tries a user gets to enter his/her password before -\fBsudo\fR logs the failure and exits. The default is 3. +\&\fBsudo\fR logs the failure and exits. The default is \f(CW\*(C`3\*(C'\fR. .PP -\fBIntegers that can be used in a boolean context\fR: +\&\fBIntegers that can be used in a boolean context\fR: .Ip "loglinelen" 12 +.IX Item "loglinelen" Number of characters per line for the file log. This value is used to decide when to wrap lines for nicer log files. This has no effect on the syslog log file, only the file log. The default is -80 (use 0 or negate to disable word wrap). +\&\f(CW\*(C`80\*(C'\fR (use 0 or negate the option to disable word wrap). .Ip "timestamp_timeout" 12 -Number of minutes that can elapse before \fBsudo\fR will ask for a passwd -again. The default is 5. Set this to 0 to always prompt for a password. +.IX Item "timestamp_timeout" +Number of minutes that can elapse before \fBsudo\fR will ask for a +passwd again. The default is \f(CW\*(C`5\*(C'\fR. Set this to \f(CW\*(C`0\*(C'\fR to always +prompt for a password. +If set to a value less than \f(CW\*(C`0\*(C'\fR the user's timestamp will never +expire. This can be used to allow users to create or delete their +own timestamps via \f(CW\*(C`sudo \-v\*(C'\fR and \f(CW\*(C`sudo \-k\*(C'\fR respectively. .Ip "passwd_timeout" 12 +.IX Item "passwd_timeout" Number of minutes before the \fBsudo\fR password prompt times out. -The default is 5, set this to 0 for no password timeout. +The default is \f(CW\*(C`5\*(C'\fR, set this to \f(CW\*(C`0\*(C'\fR for no password timeout. .Ip "umask" 12 -Umask to use when running the root command. Set this to 0777 to -not override the user's umask. The default is 0022. +.IX Item "umask" +Umask to use when running the command. Negate this option or set +it to 0777 to preserve the user's umask. The default is \f(CW\*(C`0022\*(C'\fR. .PP -\fBStrings\fR: +\&\fBStrings\fR: .Ip "mailsub" 12 -Subject of the mail sent to the \fImailto\fR user. The escape \f(CW%h\fR +.IX Item "mailsub" +Subject of the mail sent to the \fImailto\fR user. The escape \f(CW\*(C`%h\*(C'\fR will expand to the hostname of the machine. -Default is \*(L"*** \s-1SECURITY\s0 information for \f(CW%h\fR ***\*(R". +Default is \f(CW\*(C`*** SECURITY information for %h ***\*(C'\fR. .Ip "badpass_message" 12 +.IX Item "badpass_message" Message that is displayed if a user enters an incorrect password. -The default is \*(L"Sorry, try again.\*(R" unless insults are enabled. +The default is \f(CW\*(C`Sorry, try again.\*(C'\fR unless insults are enabled. .Ip "timestampdir" 12 +.IX Item "timestampdir" The directory in which \fBsudo\fR stores its timestamp files. -The default is \fI@\s-1TIMEDIR\s0@\fR. +The default is \fI/var/run/sudo\fR. .Ip "passprompt" 12 +.IX Item "passprompt" The default prompt to use when asking for a password; can be overridden -via the \f(CW-p\fR option or the \f(CWSUDO_PROMPT\fR environment variable. Supports +via the \fB\-p\fR option or the \f(CW\*(C`SUDO_PROMPT\*(C'\fR environment variable. Supports two escapes: \*(L"%u\*(R" expands to the user's login name and \*(L"%h\*(R" expands -to the local hostname. The default value is \*(L"Password:\*(R". +to the local hostname. The default value is \f(CW\*(C`Password:\*(C'\fR. .Ip "runas_default" 12 -The default user to run commands as if the \f(CW-u\fR flag is not specified -on the command line. This defaults to \*(L"root\*(R". +.IX Item "runas_default" +The default user to run commands as if the \fB\-u\fR flag is not specified +on the command line. This defaults to \f(CW\*(C`root\*(C'\fR. .Ip "syslog_goodpri" 12 +.IX Item "syslog_goodpri" Syslog priority to use when user authenticates successfully. -Defaults to \*(L"notice\*(R". +Defaults to \f(CW\*(C`notice\*(C'\fR. .Ip "syslog_badpri" 12 +.IX Item "syslog_badpri" Syslog priority to use when user authenticates unsuccessfully. -Defaults to \*(L"alert\*(R". +Defaults to \f(CW\*(C`alert\*(C'\fR. .Ip "editor" 12 -Path to the editor to be used by \fBvisudo\fR. The default is the path -to vi on your system. +.IX Item "editor" +A colon (':') separated list of editors allowed to be used with +\&\fBvisudo\fR. \fBvisudo\fR will choose the editor that matches the user's +\&\s-1USER\s0 environment variable if possible, or the first editor in the +list that exists and is executable. The default is the path to vi +on your system. .PP -\fBStrings that can be used in a boolean context\fR: +\&\fBStrings that can be used in a boolean context\fR: .Ip "logfile" 12 +.IX Item "logfile" Path to the \fBsudo\fR log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. .Ip "syslog" 12 +.IX Item "syslog" Syslog facility if syslog is being used for logging (negate to -disable syslog logging). Defaults to \*(L"local2\*(R". +disable syslog logging). Defaults to \f(CW\*(C`authpriv\*(C'\fR. .Ip "mailerpath" 12 +.IX Item "mailerpath" Path to mail program used to send warning mail. Defaults to the path to sendmail found at configure time. .Ip "mailerflags" 12 -Flags to use when invoking mailer. Defaults to \f(CW-t\fR. +.IX Item "mailerflags" +Flags to use when invoking mailer. Defaults to \fB\-t\fR. .Ip "mailto" 12 -Address to send warning and error mail to. Defaults to \*(L"root\*(R". +.IX Item "mailto" +Address to send warning and error mail to. The address should +be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against sudo +interpreting the \f(CW\*(C`@\*(C'\fR sign. Defaults to \f(CW\*(C`root\*(C'\fR. .Ip "exempt_group" 12 +.IX Item "exempt_group" Users in this group are exempt from password and \s-1PATH\s0 requirements. This is not set by default. -.Ip "secure_path" 12 -Path used for every command run from \fBsudo\fR. If you don't trust the -people running \fBsudo\fR to have a sane \f(CWPATH\fR environment variable you may -want to use this. Another use is if you want to have the \*(L"root path\*(R" -be separate from the \*(L"user path.\*(R" This is not set by default. .Ip "verifypw" 12 -This option controls when a password will be required when a -user runs \fBsudo\fR with \fB\-v\fR. It has the following possible values: +.IX Item "verifypw" +This option controls when a password will be required when a user runs +\&\fBsudo\fR with the \fB\-v\fR flag. It has the following possible values: +.RS 12 +.Ip "all" 8 +.IX Item "all" +All the user's \fIsudoers\fR entries for the current host must have +the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password. +.Ip "any" 8 +.IX Item "any" +At least one of the user's \fIsudoers\fR entries for the current host +must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password. +.Ip "never" 8 +.IX Item "never" +The user need never enter a password to use the \fB\-v\fR flag. +.Ip "always" 8 +.IX Item "always" +The user must always enter a password to use the \fB\-v\fR flag. +.RE +.RS 12 .Sp -.Vb 3 -\& all All the user's I entries for the -\& current host must have the C -\& flag set to avoid entering a password. -.Ve -.Vb 4 -\& any At least one of the user's I entries -\& for the current host must have the -\& C flag set to avoid entering a -\& password. -.Ve -.Vb 2 -\& never The user need never enter a password to use -\& the B<-v> flag. -.Ve -.Vb 2 -\& always The user must always enter a password to use -\& the B<-v> flag. -.Ve -The default value is `all\*(R'. +The default value is `all'. +.RE .Ip "listpw" 12 +.IX Item "listpw" This option controls when a password will be required when a user runs \fBsudo\fR with the \fB\-l\fR. It has the following possible values: +.RS 12 +.Ip "all" 8 +.IX Item "all" +All the user's \fIsudoers\fR entries for the current host must have +the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password. +.Ip "any" 8 +.IX Item "any" +At least one of the user's \fIsudoers\fR entries for the current host +must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password. +.Ip "never" 8 +.IX Item "never" +The user need never enter a password to use the \fB\-l\fR flag. +.Ip "always" 8 +.IX Item "always" +The user must always enter a password to use the \fB\-l\fR flag. +.RE +.RS 12 .Sp -.Vb 3 -\& all All the user's I entries for the -\& current host must have the C -\& flag set to avoid entering a password. -.Ve -.Vb 4 -\& any At least one of the user's I entries -\& for the current host must have the -\& C flag set to avoid entering a -\& password. -.Ve -.Vb 2 -\& never The user need never enter a password to use -\& the B<-l> flag. -.Ve -.Vb 2 -\& always The user must always enter a password to use -\& the B<-l> flag. -.Ve -The default value is `any\*(R'. +The default value is `any'. +.RE +.PP +\&\fBLists that can be used in a boolean context\fR: +.Ip "env_check" 12 +.IX Item "env_check" +Environment variables to be removed from the user's environment if +the variable's value contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters. This can +be used to guard against printf-style format vulnerabilties in +poorly-written programs. The argument may be a double-quoted, +space-separated list or a single value without double-quotes. The +list can be replaced, added to, deleted from, or disabled by using +the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators respectively. The default +list of environment variable to check is printed when \fBsudo\fR is +run by root with the \fI\-V\fR option. +.Ip "env_delete" 12 +.IX Item "env_delete" +Environment variables to be removed from the user's environment. +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. The list can be replaced, added +to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and +\&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of environment +variable to remove is printed when \fBsudo\fR is run by root with the +\&\fI\-V\fR option. +.Ip "env_keep" 12 +.IX Item "env_keep" +Environment variables to be preserved in the user's environment +when the \fIenv_reset\fR option is in effect. This allows fine-grained +control over the environment \fBsudo\fR\-spawned processes will receive. +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. The list can be replaced, added +to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and +\&\f(CW\*(C`!\*(C'\fR operators respectively. This list has no default members. .PP When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values for the syslog facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0 supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, -\fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following +\&\fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, -\fBerr\fR, \fBinfo\fR, \fBnotice\fR, and \fBwarning\fR. +\&\fBerr\fR, \fBinfo\fR, \fBnotice\fR, and \fBwarning\fR. .Sh "User Specification" -.PP +.IX Subsection "User Specification" .Vb 2 -\& User_Spec ::= User_list Host_List '=' User_List Cmnd_Spec_List \e +\& User_Spec ::= User_list Host_List '=' Cmnd_Spec_List \e \& (':' User_Spec)* .Ve .Vb 2 @@ -655,22 +738,23 @@ .PP Let's break that down into its constituent parts: .Sh "Runas_Spec" -A \f(CWRunas_Spec\fR is simply a \f(CWRunas_List\fR (as defined above) +.IX Subsection "Runas_Spec" +A \f(CW\*(C`Runas_Spec\*(C'\fR is simply a \f(CW\*(C`Runas_List\*(C'\fR (as defined above) enclosed in a set of parentheses. If you do not specify a -\f(CWRunas_Spec\fR in the user specification, a default \f(CWRunas_Spec\fR -of \fBroot\fR will be used. A \f(CWRunas_Spec\fR sets the default for +\&\f(CW\*(C`Runas_Spec\*(C'\fR in the user specification, a default \f(CW\*(C`Runas_Spec\*(C'\fR +of \fBroot\fR will be used. A \f(CW\*(C`Runas_Spec\*(C'\fR sets the default for commands that follow it. What this means is that for the entry: .PP .Vb 1 \& dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who .Ve The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and -\fI/usr/bin/lprm\fR -- but only as \fBoperator\fR. E.g., +\&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR. E.g., .PP .Vb 1 \& sudo -u operator /bin/ls. .Ve -It is also possible to override a \f(CWRunas_Spec\fR later on in an +It is also possible to override a \f(CW\*(C`Runas_Spec\*(C'\fR later on in an entry. If we modify the entry like so: .PP .Vb 1 @@ -679,47 +763,54 @@ Then user \fBdgb\fR is now allowed to run \fI/bin/ls\fR as \fBoperator\fR, but \fI/bin/kill\fR and \fI/usr/bin/lprm\fR as \fBroot\fR. .Sh "\s-1NOPASSWD\s0 and \s-1PASSWD\s0" +.IX Subsection "NOPASSWD and PASSWD" By default, \fBsudo\fR requires that a user authenticate him or herself before running a command. This behavior can be modified via the -\f(CWNOPASSWD\fR tag. Like a \f(CWRunas_Spec\fR, the \f(CWNOPASSWD\fR tag sets -a default for the commands that follow it in the \f(CWCmnd_Spec_List\fR. -Conversely, the \f(CWPASSWD\fR tag can be used to reverse things. +\&\f(CW\*(C`NOPASSWD\*(C'\fR tag. Like a \f(CW\*(C`Runas_Spec\*(C'\fR, the \f(CW\*(C`NOPASSWD\*(C'\fR tag sets +a default for the commands that follow it in the \f(CW\*(C`Cmnd_Spec_List\*(C'\fR. +Conversely, the \f(CW\*(C`PASSWD\*(C'\fR tag can be used to reverse things. For example: .PP .Vb 1 \& ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm .Ve would allow the user \fBray\fR to run \fI/bin/kill\fR, \fI/bin/ls\fR, and -\fI/usr/bin/lprm\fR as root on the machine rushmore as \fBroot\fR without +\&\fI/usr/bin/lprm\fR as root on the machine rushmore as \fBroot\fR without authenticating himself. If we only want \fBray\fR to be able to run \fI/bin/kill\fR without a password the entry would be: .PP .Vb 1 \& ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm .Ve -Note, however, that the \f(CWPASSWD\fR tag has no effect on users who are +Note, however, that the \f(CW\*(C`PASSWD\*(C'\fR tag has no effect on users who are in the group specified by the exempt_group option. .PP -By default, if the \f(CWNOPASSWD\fR tag is applied to any of the entries +By default, if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is applied to any of the entries for a user on the current host, he or she will be able to run -\f(CWsudo -l\fR without a password. Additionally, a user may only run -\f(CWsudo -v\fR without a password if the \f(CWNOPASSWD\fR tag is present +\&\f(CW\*(C`sudo \-l\*(C'\fR without a password. Additionally, a user may only run +\&\f(CW\*(C`sudo \-v\*(C'\fR without a password if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is present for all a user's entries that pertain to the current host. This behavior may be overridden via the verifypw and listpw options. .Sh "Wildcards (aka meta characters):" -\fBsudo\fR allows shell-style \fIwildcards\fR to be used in pathnames +.IX Subsection "Wildcards (aka meta characters):" +\&\fBsudo\fR allows shell-style \fIwildcards\fR to be used in pathnames as well as command line arguments in the \fIsudoers\fR file. Wildcard -matching is done via the \fB\s-1POSIX\s0\fR \f(CWfnmatch(3)\fR routine. Note that +matching is done via the \fB\s-1POSIX\s0\fR \f(CW\*(C`fnmatch(3)\*(C'\fR routine. Note that these are \fInot\fR regular expressions. -.Ip "\f(CW*\fR" 8 +.Ip "\f(CW\*(C`*\*(C'\fR" 8 +.IX Item "*" Matches any set of zero or more characters. -.Ip "\f(CW?\fR" 8 +.Ip "\f(CW\*(C`?\*(C'\fR" 8 +.IX Item "?" Matches any single character. -.Ip "\f(CW[...]\fR" 8 +.Ip "\f(CW\*(C`[...]\*(C'\fR" 8 +.IX Item "[...]" Matches any character in the specified range. -.Ip "\f(CW[!...]\fR" 8 +.Ip "\f(CW\*(C`[!...]\*(C'\fR" 8 +.IX Item "[!...]" Matches any character \fBnot\fR in the specified range. -.Ip "\f(CW\ex\fR" 8 +.Ip "\f(CW\*(C`\ex\*(C'\fR" 8 +.IX Item "x" For any character \*(L"x\*(R", evaluates to \*(L"x\*(R". This is used to escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"}\*(R". .PP @@ -731,14 +822,18 @@ .Vb 1 \& /usr/bin/* .Ve -match \f(CW/usr/bin/who\fR but not \f(CW/usr/bin/X11/xterm\fR. +match \f(CW\*(C`/usr/bin/who\*(C'\fR but not \f(CW\*(C`/usr/bin/X11/xterm\*(C'\fR. .Sh "Exceptions to wildcard rules:" +.IX Subsection "Exceptions to wildcard rules:" The following exceptions apply to the above rules: -.Ip \f(CW""\fR 8 -If the empty string \f(CW""\fR is the only command line argument in the -\fIsudoers\fR entry it means that command is not allowed to be run +.if n .Ip "\f(CW""""""""\fR" 8 +.el .Ip "\f(CW``''\fR" 8 +.IX Item """"" +If the empty string \f(CW\*(C`""\*(C'\fR is the only command line argument in the +\&\fIsudoers\fR entry it means that command is not allowed to be run with \fBany\fR arguments. .Sh "Other special characters and reserved words:" +.IX Subsection "Other special characters and reserved words:" The pound sign ('#') is used to indicate a comment (unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a uid). Both the @@ -747,29 +842,30 @@ .PP The reserved word \fB\s-1ALL\s0\fR is a built in \fIalias\fR that always causes a match to succeed. It can be used wherever one might otherwise -use a \f(CWCmnd_Alias\fR, \f(CWUser_Alias\fR, \f(CWRunas_Alias\fR, or \f(CWHost_Alias\fR. +use a \f(CW\*(C`Cmnd_Alias\*(C'\fR, \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, or \f(CW\*(C`Host_Alias\*(C'\fR. You should not try to define your own \fIalias\fR called \fB\s-1ALL\s0\fR as the built in alias will be used in preference to your own. Please note that using \fB\s-1ALL\s0\fR can be dangerous since in a command context, it allows the user to run \fBany\fR command on the system. .PP -An exclamation point (\*(R'!') can be used as a logical \fInot\fR operator -both in an \fIalias\fR and in front of a \f(CWCmnd\fR. This allows one to -exclude certain values. Note, however, that using a \f(CW!\fR in -conjunction with the built in \f(CWALL\fR alias to allow a user to +An exclamation point ('!') can be used as a logical \fInot\fR operator +both in an \fIalias\fR and in front of a \f(CW\*(C`Cmnd\*(C'\fR. This allows one to +exclude certain values. Note, however, that using a \f(CW\*(C`!\*(C'\fR in +conjunction with the built in \f(CW\*(C`ALL\*(C'\fR alias to allow a user to run \*(L"all but a few\*(R" commands rarely works as intended (see \s-1SECURITY\s0 -\s-1NOTES\s0 below). +\&\s-1NOTES\s0 below). .PP -Long lines can be continued with a backslash (\*(R'\e') as the last +Long lines can be continued with a backslash ('\e') as the last character on the line. .PP Whitespace between elements in a list as well as special syntactic -characters in a \fIUser Specification\fR ('=\*(R', \*(L':\*(R', \*(L'(\*(R', \*(L')') is optional. +characters in a \fIUser Specification\fR ('=', ':', '(', ')') is optional. .PP -The following characters must be escaped with a backslash (\*(R'\e') when +The following characters must be escaped with a backslash ('\e') when used as part of a word (e.g. a username or hostname): -\&'@\*(R', \*(L'!\*(R', \*(L'=\*(R', \*(L':\*(R', \*(L',\*(R', \*(L'(\*(R', \*(L')\*(R', \*(L'\e\*(R'. +\&'@', '!', '=', ':', ',', '(', ')', '\e'. .SH "EXAMPLES" +.IX Header "EXAMPLES" Below are example \fIsudoers\fR entries. Admittedly, some of these are a bit contrived. First, we define our \fIaliases\fR: .PP @@ -810,15 +906,15 @@ \& Cmnd_Alias SU = /usr/bin/su .Ve Here we override some of the compiled in default values. We want -\fBsudo\fR to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases. +\&\fBsudo\fR to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases. We don't want to subject the full time staff to the \fBsudo\fR lecture, and user \fBmillert\fR need not give a password. In addition, on the -machines in the \fISERVERS\fR \f(CWHost_Alias\fR, we keep an additional +machines in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, we keep an additional local log file and make sure we log the year in each log line since the log entries will be kept around for several years. .PP .Vb 5 -\& # Override builtin defaults +\& # Override built in defaults \& Defaults syslog=auth \& Defaults:FULLTIMERS !lecture \& Defaults:millert !authenticate @@ -845,23 +941,23 @@ .Ve Part time sysadmins (\fBbostley\fR, \fBjwfox\fR, and \fBcrawl\fR) may run any command on any host but they must authenticate themselves first -(since the entry lacks the \f(CWNOPASSWD\fR tag). +(since the entry lacks the \f(CW\*(C`NOPASSWD\*(C'\fR tag). .PP .Vb 1 \& jack CSNETS = ALL .Ve -The user \fBjack\fR may run any command on the machines in the \fICSNETS\fR alias -(the networks \f(CW128.138.243.0\fR, \f(CW128.138.204.0\fR, and \f(CW128.138.242.0\fR). -Of those networks, only <128.138.204.0> has an explicit netmask (in -CIDR notation) indicating it is a class C network. For the other -networks in \fICSNETS\fR, the local machine's netmask will be used +The user \fBjack\fR may run any command on the machines in the \fI\s-1CSNETS\s0\fR alias +(the networks \f(CW\*(C`128.138.243.0\*(C'\fR, \f(CW\*(C`128.138.204.0\*(C'\fR, and \f(CW\*(C`128.138.242.0\*(C'\fR). +Of those networks, only \f(CW\*(C`128.138.204.0\*(C'\fR has an explicit netmask (in +\&\s-1CIDR\s0 notation) indicating it is a class C network. For the other +networks in \fI\s-1CSNETS\s0\fR, the local machine's netmask will be used during matching. .PP .Vb 1 \& lisa CUNETS = ALL .Ve -The user \fBlisa\fR may run any command on any host in the \fICUNETS\fR alias -(the class B network \f(CW128.138.0.0\fR). +The user \fBlisa\fR may run any command on any host in the \fI\s-1CUNETS\s0\fR alias +(the class B network \f(CW\*(C`128.138.0.0\*(C'\fR). .PP .Vb 2 \& operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\e @@ -881,20 +977,20 @@ \& pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root .Ve The user \fBpete\fR is allowed to change anyone's password except for -root on the \fIHPPA\fR machines. Note that this assumes \fIpasswd\fR\|(1) +root on the \fI\s-1HPPA\s0\fR machines. Note that this assumes \fIpasswd\fR\|(1) does not take multiple usernames on the command line. .PP .Vb 1 \& bob SPARC = (OP) ALL : SGI = (OP) ALL .Ve -The user \fBbob\fR may run anything on the \fISPARC\fR and \fISGI\fR machines -as any user listed in the \fIOP\fR \f(CWRunas_Alias\fR (\fBroot\fR and \fBoperator\fR). +The user \fBbob\fR may run anything on the \fI\s-1SPARC\s0\fR and \fI\s-1SGI\s0\fR machines +as any user listed in the \fI\s-1OP\s0\fR \f(CW\*(C`Runas_Alias\*(C'\fR (\fBroot\fR and \fBoperator\fR). .PP .Vb 1 \& jim +biglab = ALL .Ve The user \fBjim\fR may run any command on machines in the \fIbiglab\fR netgroup. -\fBSudo\fR knows that \*(L"biglab\*(R" is a netgroup due to the \*(L'+\*(R' prefix. +\&\fBSudo\fR knows that \*(L"biglab\*(R" is a netgroup due to the '+' prefix. .PP .Vb 1 \& +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser @@ -906,27 +1002,27 @@ .Vb 1 \& fred ALL = (DB) NOPASSWD: ALL .Ve -The user \fBfred\fR can run commands as any user in the \fIDB\fR \f(CWRunas_Alias\fR +The user \fBfred\fR can run commands as any user in the \fI\s-1DB\s0\fR \f(CW\*(C`Runas_Alias\*(C'\fR (\fBoracle\fR or \fBsybase\fR) without giving a password. .PP .Vb 1 \& john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* .Ve -On the \fIALPHA\fR machines, user \fBjohn\fR may su to anyone except root +On the \fI\s-1ALPHA\s0\fR machines, user \fBjohn\fR may su to anyone except root but he is not allowed to give \fIsu\fR\|(1) any flags. .PP .Vb 1 \& jen ALL, !SERVERS = ALL .Ve The user \fBjen\fR may run any command on any machine except for those -in the \fISERVERS\fR \f(CWHost_Alias\fR (master, mail, www and ns). +in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR (master, mail, www and ns). .PP .Vb 1 \& jill SERVERS = /usr/bin/, !SU, !SHELLS .Ve -For any machine in the \fISERVERS\fR \f(CWHost_Alias\fR, \fBjill\fR may run +For any machine in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, \fBjill\fR may run any commands in the directory /usr/bin/ except for those commands -belonging to the \fISU\fR and \fISHELLS\fR \f(CWCmnd_Aliases\fR. +belonging to the \fI\s-1SU\s0\fR and \fI\s-1SHELLS\s0\fR \f(CW\*(C`Cmnd_Aliases\*(C'\fR. .PP .Vb 1 \& steve CSNETS = (operator) /usr/local/op_commands/ @@ -943,7 +1039,7 @@ .Vb 1 \& WEBMASTERS www = (www) ALL, (root) /usr/bin/su www .Ve -On the host www, any user in the \fIWEBMASTERS\fR \f(CWUser_Alias\fR (will, +On the host www, any user in the \fI\s-1WEBMASTERS\s0\fR \f(CW\*(C`User_Alias\*(C'\fR (will, wendy, and wim), may run any command as user www (which owns the web pages) or simply \fIsu\fR\|(1) to www. .PP @@ -951,13 +1047,14 @@ \& ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e \& /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM .Ve -Any user may mount or unmount a CD\-ROM on the machines in the CDROM -\f(CWHost_Alias\fR (orion, perseus, hercules) without entering a password. +Any user may mount or unmount a \s-1CD-ROM\s0 on the machines in the \s-1CDROM\s0 +\&\f(CW\*(C`Host_Alias\*(C'\fR (orion, perseus, hercules) without entering a password. This is a bit tedious for users to type, so it is a prime candidate for encapsulating in a shell script. .SH "SECURITY NOTES" -It is generally not effective to \*(L"subtract\*(R" commands from \f(CWALL\fR -using the \*(L'!\*(R' operator. A user can trivially circumvent this +.IX Header "SECURITY NOTES" +It is generally not effective to \*(L"subtract\*(R" commands from \f(CW\*(C`ALL\*(C'\fR +using the '!' operator. A user can trivially circumvent this by copying the desired command to a different name and then executing that. For example: .PP @@ -965,11 +1062,12 @@ \& bill ALL = ALL, !SU, !SHELLS .Ve Doesn't really prevent \fBbill\fR from running the commands listed in -\fISU\fR or \fISHELLS\fR since he can simply copy those commands to a +\&\fI\s-1SU\s0\fR or \fI\s-1SHELLS\s0\fR since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). .SH "CAVEATS" +.IX Header "CAVEATS" The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR command which locks the file and does grammatical checking. It is imperative that \fIsudoers\fR be free of syntax errors since \fBsudo\fR @@ -978,159 +1076,15 @@ When using netgroups of machines (as opposed to users), if you store fully qualified hostnames in the netgroup (as is usually the case), you either need to have the machine's hostname be fully qualified -as returned by the \f(CWhostname\fR command or use the \fIfqdn\fR option in -\fIsudoers\fR. +as returned by the \f(CW\*(C`hostname\*(C'\fR command or use the \fIfqdn\fR option in +\&\fIsudoers\fR. .SH "FILES" -.PP +.IX Header "FILES" .Vb 3 \& /etc/sudoers List of who can run what \& /etc/group Local groups file \& /etc/netgroup List of network groups .Ve .SH "SEE ALSO" -\fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3). - -.rn }` '' -.IX Title "sudoers 5" -.IX Name "sudoers - list of which users may execute what" - -.IX Header "NAME" - -.IX Header "DESCRIPTION" - -.IX Subsection "Quick guide to \s-1EBNF\s0" - -.IX Item "\f(CW?\fR" - -.IX Item "\f(CW*\fR" - -.IX Item "\f(CW+\fR" - -.IX Subsection "Aliases" - -.IX Subsection "Defaults" - -.IX Item "long_otp_prompt" - -.IX Item "ignore_dot" - -.IX Item "mail_always" - -.IX Item "mail_no_user" - -.IX Item "mail_no_host" - -.IX Item "mail_no_perms" - -.IX Item "tty_tickets" - -.IX Item "lecture" - -.IX Item "authenticate" - -.IX Item "root_sudo" - -.IX Item "log_host" - -.IX Item "log_year" - -.IX Item "shell_noargs" - -.IX Item "set_home" - -.IX Item "path_info" - -.IX Item "fqdn" - -.IX Item "insults" - -.IX Item "requiretty" - -.IX Item "env_editor" - -.IX Item "rootpw" - -.IX Item "runaspw" - -.IX Item "targetpw" - -.IX Item "set_logname" - -.IX Item "passwd_tries" - -.IX Item "loglinelen" - -.IX Item "timestamp_timeout" - -.IX Item "passwd_timeout" - -.IX Item "umask" - -.IX Item "mailsub" - -.IX Item "badpass_message" - -.IX Item "timestampdir" - -.IX Item "passprompt" - -.IX Item "runas_default" - -.IX Item "syslog_goodpri" - -.IX Item "syslog_badpri" - -.IX Item "editor" - -.IX Item "logfile" - -.IX Item "syslog" - -.IX Item "mailerpath" - -.IX Item "mailerflags" - -.IX Item "mailto" - -.IX Item "exempt_group" - -.IX Item "secure_path" - -.IX Item "verifypw" - -.IX Item "listpw" - -.IX Subsection "User Specification" - -.IX Subsection "Runas_Spec" - -.IX Subsection "\s-1NOPASSWD\s0 and \s-1PASSWD\s0" - -.IX Subsection "Wildcards (aka meta characters):" - -.IX Item "\f(CW*\fR" - -.IX Item "\f(CW?\fR" - -.IX Item "\f(CW[...]\fR" - -.IX Item "\f(CW[!...]\fR" - -.IX Item "\f(CW\ex\fR" - -.IX Subsection "Exceptions to wildcard rules:" - -.IX Item \f(CW""\fR - -.IX Subsection "Other special characters and reserved words:" - -.IX Header "EXAMPLES" - -.IX Header "SECURITY NOTES" - -.IX Header "CAVEATS" - -.IX Header "FILES" - .IX Header "SEE ALSO" - +\&\fIrsh\fR\|(1), \fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3). Index: usr.bin/sudo/testsudoers.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/testsudoers.c,v retrieving revision 1.4 diff -u -r1.4 testsudoers.c --- usr.bin/sudo/testsudoers.c 27 Mar 2000 03:44:39 -0000 1.4 +++ usr.bin/sudo/testsudoers.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2000 Todd C. Miller + * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. * * This code is derived from software contributed by Chris Jepeway @@ -37,19 +37,29 @@ #include "config.h" +#include +#include +#include +#include #include #ifdef STDC_HEADERS # include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -# include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H # include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -# include -#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #ifdef HAVE_FNMATCH # include #endif /* HAVE_FNMATCH_H */ @@ -59,13 +69,9 @@ #include #include #include -#include -#include -#include #include #include #include -#include #include #include "sudo.h" @@ -77,9 +83,17 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -static const char rcsid[] = "$Sudo: testsudoers.c,v 1.71 2000/03/23 04:38:22 millert Exp $"; +static const char rcsid[] = "$Sudo: testsudoers.c,v 1.75 2001/12/15 02:27:17 millert Exp $"; #endif /* lint */ + +/* + * Prototypes + */ +void init_parser __P((void)); +void dumpaliases __P((void)); +void set_perms_dummy __P((int, int)); + /* * Globals */ @@ -89,16 +103,11 @@ int num_interfaces; struct interface *interfaces; struct sudo_user sudo_user; +void (*set_perms) __P((int, int)) = set_perms_dummy; extern int clearaliases; extern int pedantic; /* - * Prototypes for external functions - */ -void init_parser __P((void)); -void dumpaliases __P((void)); - -/* * Returns TRUE if "s" has shell meta characters in it, * else returns FALSE. */ @@ -190,8 +199,13 @@ addr.s_addr = inet_addr(n); if (strchr(m, '.')) mask.s_addr = inet_addr(m); - else - mask.s_addr = (1 << atoi(m)) - 1; /* XXX - better way? */ + else { + i = 32 - atoi(m); + mask.s_addr = 0xffffffff; + mask.s_addr >>= i; + mask.s_addr <<= i; + mask.s_addr = htonl(mask.s_addr); + } *(m - 1) = '/'; for (i = 0; i < num_interfaces; i++) @@ -298,7 +312,7 @@ } void -set_perms(i, j) +set_perms_dummy(i, j) int i, j; { return; @@ -306,6 +320,12 @@ void set_fqdn() +{ + return; +} + +void +init_envtables() { return; } Index: usr.bin/sudo/tgetpass.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/tgetpass.c,v retrieving revision 1.6 diff -u -r1.6 tgetpass.c --- usr.bin/sudo/tgetpass.c 13 Aug 2000 21:58:52 -0000 1.6 +++ usr.bin/sudo/tgetpass.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2000 Todd C. Miller + * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,52 +34,72 @@ #include "config.h" -#include -#ifdef STDC_HEADERS -#include -#endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ -#ifdef HAVE_STRING_H -#include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include #include +#include #ifdef HAVE_SYS_BSDTYPES_H -#include +# include #endif /* HAVE_SYS_BSDTYPES_H */ #ifdef HAVE_SYS_SELECT_H -#include +# include #endif /* HAVE_SYS_SELECT_H */ #include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif +#endif /* HAVE_STRING_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#include #include #include #include #ifdef HAVE_TERMIOS_H -#include -#else -#ifdef HAVE_TERMIO_H -#include +# include #else -#include -#include -#endif /* HAVE_TERMIO_H */ +# ifdef HAVE_TERMIO_H +# include +# else +# include +# include +# endif /* HAVE_TERMIO_H */ #endif /* HAVE_TERMIOS_H */ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: tgetpass.c,v 1.95 2000/02/27 03:48:56 millert Exp $"; +static const char rcsid[] = "$Sudo: tgetpass.c,v 1.103 2001/12/17 23:56:47 millert Exp $"; #endif /* lint */ #ifndef TCSASOFT -#define TCSASOFT 0 -#endif /* TCSASOFT */ +# define TCSASOFT 0 +#endif +#ifndef ECHONL +# define ECHONL 0 +#endif + +#ifndef _POSIX_VDISABLE +# ifdef VDISABLE +# define _POSIX_VDISABLE VDISABLE +# else +# define _POSIX_VDISABLE 0 +# endif +#endif /* * Abstract method of getting at the term flags. @@ -96,7 +116,7 @@ # define TERM termio # define tflags c_lflag # define term_getattr(f, t) ioctl(f, TCGETA, t) -# define term_setattr(f, t) ioctl(f, TCSETA, t) +# define term_setattr(f, t) ioctl(f, TCSETAF, t) # else # define TERM sgttyb # define tflags sg_flags @@ -105,7 +125,10 @@ # endif /* HAVE_TERMIO_H */ #endif /* HAVE_TERMIOS_H */ +static volatile sig_atomic_t signo; + static char *tgetline __P((int, char *, size_t, int)); +static void handler __P((int)); /* * Like getpass(3) but with timeout and echo flags. @@ -116,10 +139,14 @@ int timeout; int flags; { - struct TERM term, oterm; - int input, output; + sigaction_t sa, saveint, savehup, savequit, saveterm; + sigaction_t savetstp, savettin, savettou; static char buf[SUDO_PASS_MAX + 1]; + int input, output, save_errno; + struct TERM term, oterm; + char *pass; +restart: /* Open /dev/tty for reading/writing if possible else use stdin/stderr. */ if ((flags & TGP_STDIN) || (input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) { @@ -130,28 +157,72 @@ if (prompt) (void) write(output, prompt, strlen(prompt)); - /* Turn echo off/on as specified by flags. */ - (void) term_getattr(input, &oterm); - (void) memcpy(&term, &oterm, sizeof(term)); - if ((flags & TGP_ECHO) && !(term.tflags & ECHO)) - term.tflags |= ECHO; - else if (!(flags & TGP_ECHO) && (term.tflags & ECHO)) - term.tflags &= ~ECHO; - (void) term_setattr(input, &term); + /* + * Catch signals that would otherwise cause the user to end + * up with echo turned off in the shell. Don't worry about + * things like SIGALRM and SIGPIPE for now. + */ + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; /* don't restart system calls */ + sa.sa_handler = handler; + (void) sigaction(SIGINT, &sa, &saveint); + (void) sigaction(SIGHUP, &sa, &savehup); + (void) sigaction(SIGQUIT, &sa, &savequit); + (void) sigaction(SIGTERM, &sa, &saveterm); + (void) sigaction(SIGTSTP, &sa, &savetstp); + (void) sigaction(SIGTTIN, &sa, &savettin); + (void) sigaction(SIGTTOU, &sa, &savettou); - buf[0] = '\0'; - tgetline(input, buf, sizeof(buf), timeout); + /* Turn echo off/on as specified by flags. */ + if (term_getattr(input, &oterm) == 0) { + (void) memcpy(&term, &oterm, sizeof(term)); + if (!(flags & TGP_ECHO)) + term.tflags &= ~(ECHO | ECHONL); +#ifdef VSTATUS + term.c_cc[VSTATUS] = _POSIX_VDISABLE; +#endif + (void) term_setattr(input, &term); + } else { + memset(&term, 0, sizeof(term)); + memset(&oterm, 0, sizeof(oterm)); + } - /* Restore old tty flags. */ - (void) term_setattr(input, &oterm); + pass = tgetline(input, buf, sizeof(buf), timeout); + save_errno = errno; - if (!(flags & TGP_ECHO)) + if (!(term.tflags & ECHO)) (void) write(output, "\n", 1); + /* Restore old tty settings and signals. */ + if (memcmp(&term, &oterm, sizeof(term)) != 0) + (void) term_setattr(input, &oterm); + (void) sigaction(SIGINT, &saveint, NULL); + (void) sigaction(SIGHUP, &savehup, NULL); + (void) sigaction(SIGQUIT, &savequit, NULL); + (void) sigaction(SIGTERM, &saveterm, NULL); + (void) sigaction(SIGTSTP, &savetstp, NULL); + (void) sigaction(SIGTTIN, &savettin, NULL); + (void) sigaction(SIGTTOU, &savettou, NULL); if (input != STDIN_FILENO) (void) close(input); - return(buf); + /* + * If we were interrupted by a signal, resend it to ourselves + * now that we have restored the signal handlers. + */ + if (signo) { + kill(getpid(), signo); + switch (signo) { + case SIGTSTP: + case SIGTTIN: + case SIGTTOU: + signo = 0; + goto restart; + } + } + + errno = save_errno; + return(pass); } /* @@ -164,15 +235,17 @@ size_t bufsiz; int timeout; { - size_t left; - int n; fd_set *readfds = NULL; struct timeval tv; - char c; + size_t left; char *cp; + char c; + int n; - if (bufsiz == 0) + if (bufsiz == 0) { + errno = EINVAL; return(NULL); /* sanity */ + } cp = buf; left = bufsiz; @@ -195,10 +268,12 @@ /* Make sure there is something to read (or timeout) */ while ((n = select(fd + 1, readfds, 0, 0, &tv)) == -1 && - errno == EINTR) + errno == EAGAIN) ; - if (n == 0) - return(NULL); /* timeout */ + if (n <= 0) { + free(readfds); + return(NULL); /* timeout or interrupt */ + } /* Read a character, exit loop on error, EOF or EOL */ n = read(fd, &c, 1); @@ -209,10 +284,17 @@ free(readfds); } else { /* Keep reading until out of space, EOF, error, or newline */ + n = -1; while (--left && (n = read(fd, &c, 1)) == 1 && c != '\n' && c != '\r') *cp++ = c; } *cp = '\0'; - return(cp == buf ? NULL : buf); + return(n == -1 ? NULL : buf); +} + +static void handler(s) + int s; +{ + signo = s; } Index: usr.bin/sudo/version.h =================================================================== RCS file: /cvs/src/usr.bin/sudo/version.h,v retrieving revision 1.10 diff -u -r1.10 version.h --- usr.bin/sudo/version.h 2 Mar 2001 14:39:44 -0000 1.10 +++ usr.bin/sudo/version.h 17 Jan 2002 16:54:46 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2000 Todd C. Miller + * Copyright (c) 1996, 1998-2002 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,12 +31,12 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: version.h,v 1.58 2000/02/16 00:07:28 millert Exp $ + * $Sudo: version.h,v 1.60 2002/01/16 21:26:27 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.3p7"; +static const char version[] = "1.6.5p1"; #endif /* _SUDO_VERSION_H */ Index: usr.bin/sudo/visudo.8 =================================================================== RCS file: /cvs/src/usr.bin/sudo/visudo.8,v retrieving revision 1.4 diff -u -r1.4 visudo.8 --- usr.bin/sudo/visudo.8 17 Sep 2001 23:49:21 -0000 1.4 +++ usr.bin/sudo/visudo.8 17 Jan 2002 01:05:35 -0000 @@ -1,19 +1,9 @@ -.rn '' }` -''' $RCSfile: visudo.8,v $$Revision: 1.4 $$Date: 2001/09/17 23:49:21 $ -''' -''' $Log: visudo.8,v $ -''' Revision 1.4 2001/09/17 23:49:21 pjanzen -''' Typo and grammar fixes, one from PR/2058 (Dennis Schwarz); ok millert@ -''' -''' Revision 1.3 2000/03/27 03:44:39 millert -''' sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list -''' of changes. -''' -''' Revision 1.4 2000/03/27 03:26:24 millert -''' Use 8 and 5 in the man page bodies as well. -''' -''' -.de Sh +.\" Automatically generated by Pod::Man version 1.15 +.\" Wed Jan 16 16:36:10 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading .br .if t .Sp .ne 5 @@ -21,150 +11,106 @@ \fB\\$1\fR .PP .. -.de Sp +.de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. -.de Ip +.de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. -.de Vb +.de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. -.de Ve +.de Ve \" End verbatim text .ft R .fi .. -''' -''' -''' Set up \*(-- to give an unbreakable dash; -''' string Tr holds user defined translation string. -''' Bell System Logo is used as a dummy character. -''' +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> .tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ -.ds -- \(*W- -.ds PI pi -.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -.ds L" "" -.ds R" "" -''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of -''' \*(L" and \*(R", except that they are used on ".xx" lines, -''' such as .IP and .SH, which do another additional levels of -''' double-quote interpretation -.ds M" """ -.ds S" """ -.ds N" """"" -.ds T" """"" -.ds L' ' -.ds R' ' -.ds M' ' -.ds S' ' -.ds N' ' -.ds T' ' +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` +. ds C' 'br\} .el\{\ -.ds -- \(em\| -.tr \*(Tr -.ds L" `` -.ds R" '' -.ds M" `` -.ds S" '' -.ds N" `` -.ds T" '' -.ds L' ` -.ds R' ' -.ds M' ` -.ds S' ' -.ds N' ` -.ds T' ' -.ds PI \(*p +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' 'br\} -.\" If the F register is turned on, we'll generate -.\" index entries out stderr for the following things: -.\" TH Title -.\" SH Header -.\" Sh Subsection -.\" Ip Item -.\" X<> Xref (embedded -.\" Of course, you have to process the output yourself -.\" in some meaningful fashion. -.if \nF \{ -.de IX -.tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -.nr % 0 -.rr F +. nr % 0 +. rr F .\} -.TH visudo 8 "1.6.3" "26/Mar/2000" "MAINTENANCE COMMANDS" -.UC -.if n .hy 0 +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 .if n .na -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.de CQ \" put $1 in typewriter font -.ft CW -'if n "\c -'if t \\&\\$1\c -'if n \\&\\$1\c -'if n \&" -\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 -'.ft R -.. -.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 -. \" AM - accent mark definitions +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. .bd B 3 -. \" fudge factors for nroff and troff +. \" fudge factors for nroff and troff .if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP .\} .if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& .\} -. \" simple accents for nroff and troff +. \" simple accents for nroff and troff .if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds ? ? -. ds ! ! -. ds / -. ds q +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / .\} .if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' -. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} -. \" troff and (daisy-wheel) nroff accents +. \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] -.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' -.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' -.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' @@ -172,157 +118,157 @@ .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E -.ds oe o\h'-(\w'o'u*4/10)'e -.ds Oe O\h'-(\w'O'u*4/10)'E -. \" corrections for vroff +. \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) +. \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ -. ds : e -. ds 8 ss -. ds v \h'-1'\o'\(aa\(ga' -. ds _ \h'-1'^ -. ds . \h'-1'. -. ds 3 3 -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -. ds oe oe -. ds Oe OE +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE .\} .rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "visudo 8" +.TH visudo 8 "1.6.5" "January 16, 2002" "MAINTENANCE COMMANDS" +.UC .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" -\fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ] +.IX Header "SYNOPSIS" +\&\fBvisudo\fR [ \fB\-c\fR ] [ \fB\-f\fR \fIsudoers\fR ] [ \fB\-q\fR ] [ \fB\-s\fR ] [ \fB\-V\fR ] .SH "DESCRIPTION" -\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to -\fIvipw\fR\|(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple +.IX Header "DESCRIPTION" +\&\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to +\&\fIvipw\fR\|(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the \fIsudoers\fR file is currently being -edited you will receive a message to try again later. In the -default configuration, the \fIvi\fR\|(1) editor is used, but there is -a compile-time option to allow use of whatever editor the -environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to. +edited you will receive a message to try again later. +.PP +There is a hard-coded list of editors that \fBvisudo\fR will use set +at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR +\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on +your system, as determined by the \fIconfigure\fR script. Normally, +\&\fBvisudo\fR does not honor the \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR environment +variables unless they contain an editor in the aforementioned editors +list. However, if \fBvisudo\fR is configured with the \fI\*(--with-enveditor\fR +flag or the \fIenveditor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, +\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR. +Note that this can be a security hole since it allows the user to +execute any program they wish simply by setting \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR. .PP -\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will +\&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will not save the changes if there is a syntax error. Upon finding an error, \fBvisudo\fR will print a message stating the line \fInumber\fR\|(s) -that the error occurred on and the user will receive the -\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R" +where the error occurred and the user will receive the +\&\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R" to re-edit the \fIsudoers\fR file, \*(L"x\*(R" to exit without saving the changes, or \*(L"Q\*(R" to quit and save changes. The -\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR +\&\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR believes there to be a parse error, so will \fBsudo\fR and no one -will be able to use \fBsudo\fR again until the error is fixed. -Any other command at this prompt will print a short help message. -If \*(L"e\*(R" is typed to edit the \fIsudoers\fR file after a parse error -has been detected, the cursor will be placed on the line where the error -occurred (if the editor supports this feature). +will be able to \fBsudo\fR again until the error is fixed. +If \*(L"e\*(R" is typed to edit the \fIsudoers\fR file after a parse error +has been detected, the cursor will be placed on the line where the +error occurred (if the editor supports this feature). .SH "OPTIONS" -\fBvisudo\fR accepts the following command line options: -.Ip "-s" 4 +.IX Header "OPTIONS" +\&\fBvisudo\fR accepts the following command line options: +.Ip "\-c" 4 +.IX Item "-c" +Enable \fBcheck-only\fR mode. The existing \fIsudoers\fR file will be +checked for syntax and a message will be printed to the +standard output detailing the status of \fIsudoers\fR. +If the syntax check completes successfully, \fBvisudo\fR will +exit with a value of 0. If a syntax error is encountered, +\&\fBvisudo\fR will exit with a value of 1. +.Ip "\-f" 4 +.IX Item "-f" +Specify and alternate \fIsudoers\fR file location. With this option +\&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice, +instead of the default, \f(CW@sysconfdir\fR@/sudoers. The lock file used +is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it. +.Ip "\-q" 4 +.IX Item "-q" +Enable \fBquiet\fR mode. In this mode details about syntax errors +are not printed. This option is only useful when combined with +the \fB\-c\fR flag. +.Ip "\-s" 4 +.IX Item "-s" Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is used before it is defined, \fBvisudo\fR will consider this a parse error. Note that it is not possible to differentiate between an -alias and a hostname or username that consists solely of upper case +alias and a hostname or username that consists solely of uppercase letters, digits, and the underscore ('_') character. -.Ip "-V" 4 -The \f(CW-V\fR (version) option causes \fBvisudo\fR to print its version number +.Ip "\-V" 4 +.IX Item "-V" +The \fB\-V\fR (version) option causes \fBvisudo\fR to print its version number and exit. .SH "ERRORS" +.IX Header "ERRORS" .Ip "sudoers file busy, try again later." 4 +.IX Item "sudoers file busy, try again later." Someone else is currently editing the \fIsudoers\fR file. .Ip "/etc/sudoers.tmp: Permission denied" 4 +.IX Item "/etc/sudoers.tmp: Permission denied" You didn't run \fBvisudo\fR as root. .Ip "Can't find you in the passwd database" 4 +.IX Item "Can't find you in the passwd database" Your userid does not appear in the system passwd file. .Ip "Warning: undeclared Alias referenced near ..." 4 +.IX Item "Warning: undeclared Alias referenced near ..." Either you are using a {User,Runas,Host,Cmnd}_Alias before defining it or you have a user or hostname listed that -consists solely of upper case letters, digits, and the +consists solely of uppercase letters, digits, and the underscore ('_') character. If the latter, you can ignore the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict) mode these are errors, not warnings. .SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" The following environment variables are used only if \fBvisudo\fR -was configured with the \fI--with-env-editor\fR option: +was configured with the \fI\*(--with-env-editor\fR option: .PP .Vb 2 -\& EDITOR Invoked by visudo as the editor -\& VISUAL Invoked by visudo if EDITOR is not set +\& EDITOR Invoked by visudo as the editor to use +\& VISUAL Used Invoked visudo if EDITOR is not set .Ve .SH "FILES" -.PP +.IX Header "FILES" .Vb 2 \& /etc/sudoers List of who can run what \& /etc/sudoers.tmp Lock file for visudo .Ve .SH "AUTHOR" -Many people have worked on \fIsudo\fR over the years. This version of -\fBvisudo\fR was written by: +.IX Header "AUTHOR" +Many people have worked on \fIsudo\fR over the years; this version of +\&\fBvisudo\fR was written by: .PP .Vb 1 \& Todd Miller .Ve -See the HISTORY file in the sudo distribution for more details. +See the \s-1HISTORY\s0 file in the sudo distribution or visit +http://www.sudo.ws/sudo/history.html for more details. .SH "BUGS" +.IX Header "BUGS" If you feel you have found a bug in sudo, please submit a bug report -at http://www.courtesan.com/sudo/bugs/ +at http://www.sudo.ws/sudo/bugs/ .SH "DISCLAIMER" -\fBVisudo\fR is provided ``AS IS'\*(R' and any express or implied warranties, +.IX Header "DISCLAIMER" +\&\fBVisudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. -See the LICENSE file distributed with \fBsudo\fR for complete details. +See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details. .SH "CAVEATS" +.IX Header "CAVEATS" There is no easy way to prevent a user from gaining a root shell if the editor used by \fBvisudo\fR allows shell escapes. .SH "SEE ALSO" -\fIsudo\fR\|(8), \fIvipw\fR\|(8). - -.rn }` '' -.IX Title "visudo 8" -.IX Name "visudo - edit the sudoers file" - -.IX Header "NAME" - -.IX Header "SYNOPSIS" - -.IX Header "DESCRIPTION" - -.IX Header "OPTIONS" - -.IX Item "-s" - -.IX Item "-V" - -.IX Header "ERRORS" - -.IX Item "sudoers file busy, try again later." - -.IX Item "/etc/sudoers.tmp: Permission denied" - -.IX Item "Can't find you in the passwd database" - -.IX Item "Warning: undeclared Alias referenced near ..." - -.IX Header "ENVIRONMENT" - -.IX Header "FILES" - -.IX Header "AUTHOR" - -.IX Header "BUGS" - -.IX Header "DISCLAIMER" - -.IX Header "CAVEATS" - .IX Header "SEE ALSO" - +\&\fIvi\fR\|(1), \fIsudo\fR\|(8), \fIvipw\fR\|(8). Index: usr.bin/sudo/visudo.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/visudo.c,v retrieving revision 1.9 diff -u -r1.9 visudo.c --- usr.bin/sudo/visudo.c 19 Jan 2001 17:58:19 -0000 1.9 +++ usr.bin/sudo/visudo.c 17 Jan 2002 16:54:46 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2000 Todd C. Miller + * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -38,50 +38,42 @@ #include "config.h" +#include +#include +#include +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif +#endif /* HAVE_STRING_H */ #ifdef HAVE_UNISTD_H #include #endif /* HAVE_UNISTD_H */ -#ifdef HAVE_STRING_H -#include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) -#include -#endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include #include #include #include #include #include -#include -#include -#include -#include #include "sudo.h" #include "version.h" -#ifndef STDC_HEADERS -#ifndef __GNUC__ /* gcc has its own malloc */ -extern char *malloc __P((size_t)); -#endif /* __GNUC__ */ -extern char *getenv __P((const char *)); -extern int stat __P((const char *, struct stat *)); -#endif /* !STDC_HEADERS */ - -#if defined(POSIX_SIGNALS) && !defined(SA_RESETHAND) -#define SA_RESETHAND 0 -#endif /* POSIX_SIGNALS && !SA_RESETHAND */ - #ifndef lint -static const char rcsid[] = "$Sudo: visudo.c,v 1.126 2000/03/23 04:38:22 millert Exp $"; +static const char rcsid[] = "$Sudo: visudo.c,v 1.146 2002/01/17 15:35:54 millert Exp $"; #endif /* lint */ /* @@ -91,6 +83,8 @@ static char whatnow __P((void)); static RETSIGTYPE Exit __P((int)); static void setup_signals __P((void)); +static int run_command __P((char *, char **)); +static int check_syntax __P((int)); int command_matches __P((char *, char *, char *, char *)); int addr_matches __P((char *)); int hostname_matches __P((char *, char *, char *)); @@ -105,6 +99,11 @@ extern FILE *yyin, *yyout; extern int errorlineno; extern int pedantic; +extern int quiet; + +/* For getopt(3) */ +extern char *optarg; +extern int optind; /* * Globals @@ -115,7 +114,6 @@ struct sudo_user sudo_user; int parse_error = FALSE; - int main(argc, argv) int argc; @@ -123,9 +121,14 @@ { char buf[MAXPATHLEN*2]; /* buffer used for copying files */ char *Editor; /* editor to use */ + char *UserEditor; /* editor user wants to use */ + char *EditorPath; /* colon-separated list of editors */ + char *av[4]; /* argument vector for run_command */ + int checkonly; /* only check existing file? */ int sudoers_fd; /* sudoers file descriptor */ int stmp_fd; /* stmp file descriptor */ int n; /* length parameter */ + int ch; /* getopt char */ time_t now; /* time now */ struct stat stmp_sb, sudoers_sb; /* to check for changes */ @@ -140,16 +143,33 @@ /* * Arg handling. */ - while (--argc) { - if (!strcmp(argv[argc], "-V")) { - (void) printf("visudo version %s\n", version); - exit(0); - } else if (!strcmp(argv[argc], "-s")) { - pedantic++; /* strict mode */ - } else { - usage(); + checkonly = 0; + while ((ch = getopt(argc, argv, "Vcf:sq")) != -1) { + switch (ch) { + case 'V': + (void) printf("visudo version %s\n", version); + exit(0); + case 'c': + checkonly++; /* check mode */ + break; + case 'f': + sudoers = optarg; /* sudoers file path */ + easprintf(&stmp, "%s.tmp", optarg); + break; + case 's': + pedantic++; /* strict mode */ + break; + case 'q': + quiet++; /* quiet mode */ + break; + default: + usage(); } } + argc -= optind; + argv += optind; + if (argc) + usage(); /* Mock up a fake sudo_user struct. */ user_host = user_shost = user_cmnd = ""; @@ -162,6 +182,9 @@ /* Setup defaults data structures. */ init_defaults(); + if (checkonly) + exit(check_syntax(quiet)); + /* * Open sudoers, lock it and stat it. * sudoers_fd must remain open throughout in order to hold the lock. @@ -170,7 +193,7 @@ if (sudoers_fd == -1) { (void) fprintf(stderr, "%s: %s: %s\n", Argv[0], sudoers, strerror(errno)); - Exit(-1); + exit(1); } if (!lock_file(sudoers_fd, SUDO_TLOCK)) { (void) fprintf(stderr, "%s: sudoers file busy, try again later.\n", @@ -184,7 +207,7 @@ #endif (void) fprintf(stderr, "%s: can't stat %s: %s\n", Argv[0], sudoers, strerror(errno)); - Exit(-1); + exit(1); } /* @@ -224,34 +247,128 @@ (void) close(stmp_fd); /* - * If we are allowing EDITOR and VISUAL envariables set Editor - * base on whichever exists... + * Check EDITOR and VISUAL environment variables to see which editor + * the user wants to use (we may not end up using it though). + * If the path is not fully-qualified, make it so and check that + * the specified executable actually exists. + */ + if ((UserEditor = getenv("EDITOR")) == NULL || *UserEditor == '\0') + UserEditor = getenv("VISUAL"); + if (UserEditor && *UserEditor == '\0') + UserEditor = NULL; + else if (UserEditor) { + if (find_path(UserEditor, &Editor, getenv("PATH")) == FOUND) { + UserEditor = Editor; + } else { + if (def_flag(I_ENV_EDITOR)) { + /* If we are honoring $EDITOR this is a fatal error. */ + (void) fprintf(stderr, + "%s: specified editor (%s) doesn't exist!\n", + Argv[0], UserEditor); + Exit(-1); + } else { + /* Otherwise, just ignore $EDITOR. */ + UserEditor = NULL; + } + } + } + + /* + * See if we can use the user's choice of editors either because + * we allow any $EDITOR or because $EDITOR is in the allowable list. */ - if (!def_flag(I_ENV_EDITOR) || - (!(Editor = getenv("EDITOR")) && !(Editor = getenv("VISUAL")))) - Editor = estrdup(def_str(I_EDITOR)); + Editor = EditorPath = NULL; + if (def_flag(I_ENV_EDITOR) && UserEditor) + Editor = UserEditor; + else if (UserEditor) { + struct stat editor_sb; + struct stat user_editor_sb; + char *base, *userbase; + + if (stat(UserEditor, &user_editor_sb) != 0) { + /* Should never happen since we already checked above. */ + (void) fprintf(stderr, "%s: unable to stat editor (%s): %s\n", + Argv[0], UserEditor, strerror(errno)); + Exit(-1); + } + EditorPath = estrdup(def_str(I_EDITOR)); + Editor = strtok(EditorPath, ":"); + do { + /* + * Both Editor and UserEditor should be fully qualified but + * check anyway... + */ + if ((base = strrchr(Editor, '/')) == NULL) + continue; + if ((userbase = strrchr(UserEditor, '/')) == NULL) { + Editor = NULL; + break; + } + base++, userbase++; + + /* + * We compare the basenames first and then use stat to match + * for sure. + */ + if (strcmp(base, userbase) == 0) { + if (stat(Editor, &editor_sb) == 0 && S_ISREG(editor_sb.st_mode) + && (editor_sb.st_mode & 0000111) && + editor_sb.st_dev == user_editor_sb.st_dev && + editor_sb.st_ino == user_editor_sb.st_ino) + break; + } + } while ((Editor = strtok(NULL, ":"))); + } /* - * Edit the temp file and parse it (for sanity checking) + * Can't use $EDITOR, try each element of I_EDITOR until we + * find one that exists, is regular, and is executable. */ - do { - /* - * Build up a buffer to execute - */ - if (strlen(Editor) + strlen(stmp) + 30 > sizeof(buf)) { - (void) fprintf(stderr, "%s: Buffer too short (line %d).\n", - Argv[0], __LINE__); + if (Editor == NULL || *Editor == '\0') { + if (EditorPath != NULL) + free(EditorPath); + EditorPath = estrdup(def_str(I_EDITOR)); + Editor = strtok(EditorPath, ":"); + do { + if (sudo_goodpath(Editor)) + break; + } while ((Editor = strtok(NULL, ":"))); + + /* Bleah, none of the editors existed! */ + if (Editor == NULL || *Editor == '\0') { + (void) fprintf(stderr, "%s: no editor found (editor path = %s)\n", + Argv[0], def_str(I_EDITOR)); Exit(-1); } - if (parse_error == TRUE) - (void) sprintf(buf, "%s +%d %s", Editor, errorlineno, stmp); + } + + /* + * Edit the temp file and parse it (for sanity checking) + */ + do { + char linestr[64]; + + /* Build up argument vector for the command */ + if ((av[0] = strrchr(Editor, '/')) != NULL) + av[0]++; else - (void) sprintf(buf, "%s %s", Editor, stmp); + av[0] = Editor; + n = 1; + if (parse_error == TRUE) { + (void) snprintf(linestr, sizeof(linestr), "+%d", errorlineno); + av[n++] = linestr; + } + av[n++] = stmp; + av[n++] = NULL; - /* Do the edit -- some SYSV editors exit with 1 instead of 0 */ + /* + * Do the edit: + * We cannot check the editor's exit value against 0 since + * XPG4 specifies that vi's exit value is a function of the + * number of errors during editing (?!?!). + */ now = time(NULL); - n = system(buf); - if (n != -1 && ((n >> 8) == 0 || (n >> 8) == 1)) { + if (run_command(Editor, av) != -1) { /* * Sanity checks. */ @@ -298,8 +415,8 @@ } } else { (void) fprintf(stderr, - "%s: Editor (%s) failed with exit status %d, %s unchanged.\n", - Argv[0], Editor, n, sudoers); + "%s: Editor (%s) failed, %s unchanged.\n", Argv[0], + Editor, sudoers); Exit(-1); } @@ -352,31 +469,26 @@ */ if (rename(stmp, sudoers)) { if (errno == EXDEV) { - char *tmpbuf; - (void) fprintf(stderr, "%s: %s and %s not on the same filesystem, using mv to rename.\n", Argv[0], stmp, sudoers); - /* Allocate just enough space for tmpbuf */ - n = sizeof(char) * (strlen(_PATH_MV) + strlen(stmp) + - strlen(sudoers) + 4); - if ((tmpbuf = (char *) malloc(n)) == NULL) { - (void) fprintf(stderr, - "%s: Cannot alocate memory, %s unchanged: %s\n", - Argv[0], sudoers, strerror(errno)); - Exit(-1); - } + /* Build up argument vector for the command */ + if ((av[0] = strrchr(_PATH_MV, '/')) != NULL) + av[0]++; + else + av[0] = _PATH_MV; + av[1] = stmp; + av[2] = sudoers; + av[3] = NULL; - /* Build up command and execute it */ - (void) sprintf(tmpbuf, "%s %s %s", _PATH_MV, stmp, sudoers); - if (system(tmpbuf)) { + /* And run it... */ + if (run_command(_PATH_MV, av)) { (void) fprintf(stderr, - "%s: Command failed: '%s', %s unchanged.\n", - Argv[0], tmpbuf, sudoers); + "%s: Command failed: '%s %s %s', %s unchanged.\n", + Argv[0], _PATH_MV, stmp, sudoers, sudoers); Exit(-1); } - free(tmpbuf); } else { (void) fprintf(stderr, "%s: Error renaming %s, %s unchanged: %s\n", Argv[0], stmp, sudoers, strerror(errno)); @@ -435,6 +547,18 @@ return; } +int +user_is_exempt() +{ + return(TRUE); +} + +void +init_envtables() +{ + return; +} + /* * Assuming a parse error occurred, prompt the user for what they want * to do now. Returns the first letter of their choice. @@ -473,49 +597,116 @@ static void setup_signals() { -#ifdef POSIX_SIGNALS - struct sigaction action; /* POSIX signal structure */ -#endif /* POSIX_SIGNALS */ + sigaction_t sa; /* * Setup signal handlers to cleanup nicely. */ -#ifdef POSIX_SIGNALS - (void) memset((VOID *)&action, 0, sizeof(action)); - action.sa_handler = Exit; - action.sa_flags = SA_RESETHAND; - (void) sigaction(SIGTERM, &action, NULL); - (void) sigaction(SIGHUP, &action, NULL); - (void) sigaction(SIGINT, &action, NULL); - (void) sigaction(SIGQUIT, &action, NULL); + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sa.sa_handler = Exit; + (void) sigaction(SIGTERM, &sa, NULL); + (void) sigaction(SIGHUP, &sa, NULL); + (void) sigaction(SIGINT, &sa, NULL); + (void) sigaction(SIGQUIT, &sa, NULL); +} + +static int +run_command(path, argv) + char *path; + char **argv; +{ + int status; + pid_t pid; + sigset_t set, oset; + + (void) sigemptyset(&set); + (void) sigaddset(&set, SIGCHLD); + (void) sigprocmask(SIG_BLOCK, &set, &oset); + + switch (pid = fork()) { + case -1: + (void) fprintf(stderr, + "%s: unable to run %s: %s\n", Argv[0], path, strerror(errno)); + Exit(-1); + break; /* NOTREACHED */ + case 0: + (void) sigprocmask(SIG_SETMASK, &oset, NULL); + execv(path, argv); + (void) fprintf(stderr, + "%s: unable to run %s: %s\n", Argv[0], path, strerror(errno)); + _exit(127); + break; /* NOTREACHED */ + } + +#ifdef sudo_waitpid + pid = sudo_waitpid(pid, &status, 0); #else - (void) signal(SIGTERM, Exit); - (void) signal(SIGHUP, Exit); - (void) signal(SIGINT, Exit); - (void) signal(SIGQUIT, Exit); -#endif /* POSIX_SIGNALS */ + pid = wait(&status); +#endif + + (void) sigprocmask(SIG_SETMASK, &oset, NULL); + + /* XXX - should use WEXITSTATUS() */ + return(pid == -1 ? -1 : (status >> 8)); +} + +static int +check_syntax(quiet) + int quiet; +{ + + if ((yyin = fopen(sudoers, "r")) == NULL) { + if (!quiet) + (void) fprintf(stderr, "%s: unable to open %s: %s\n", Argv[0], + sudoers, strerror(errno)); + exit(1); + } + yyout = stdout; + init_parser(); + if (yyparse() && parse_error != TRUE) { + if (!quiet) + (void) fprintf(stderr, + "%s: failed to parse %s file, unknown error.\n", + Argv[0], sudoers); + parse_error = TRUE; + } + if (!quiet){ + if (parse_error) + (void) printf("parse error in %s near line %d\n", sudoers, + errorlineno); + else + (void) printf("%s file parsed OK\n", sudoers); + } + + return(parse_error == TRUE); } /* * Unlink the sudoers temp file (if it exists) and exit. * Used in place of a normal exit() and as a signal handler. - * A positive parameter is considered to be a signal and is reported. + * A positive parameter indicates we were called as a signal handler. */ static RETSIGTYPE Exit(sig) int sig; { - (void) unlink(stmp); + char *emsg = " exiting due to signal.\n"; - if (sig > 0) /* XXX signal race */ - (void) fprintf(stderr, "%s exiting, caught signal %d.\n", Argv[0], sig); + (void) unlink(stmp); - exit(-sig); /* XXX for signal case, should be _exit() */ + if (sig > 0) { + write(STDERR_FILENO, Argv[0], strlen(Argv[0])); + write(STDERR_FILENO, emsg, sizeof(emsg) - 1); + _exit(-sig); + } + exit(-sig); } static void usage() { - (void) fprintf(stderr, "usage: %s [-s] [-V]\n", Argv[0]); + (void) fprintf(stderr, "usage: %s [-c] [-f sudoers] [-q] [-s] [-V]\n", + Argv[0]); exit(1); } Index: usr.bin/sudo/auth/afs.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/afs.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 afs.c --- usr.bin/sudo/auth/afs.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/auth/afs.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999, 2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,21 +34,27 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include @@ -58,7 +64,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: afs.c,v 1.5 1999/08/14 15:36:45 millert Exp $"; +static const char rcsid[] = "$Sudo: afs.c,v 1.6 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ int Index: usr.bin/sudo/auth/aix_auth.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/aix_auth.c,v retrieving revision 1.2 diff -u -r1.2 aix_auth.c --- usr.bin/sudo/auth/aix_auth.c 27 Mar 2000 03:44:39 -0000 1.2 +++ usr.bin/sudo/auth/aix_auth.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,28 +34,34 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include "sudo.h" #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: aix_auth.c,v 1.8 2000/02/27 03:49:05 millert Exp $"; +static const char rcsid[] = "$Sudo: aix_auth.c,v 1.11 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ int @@ -67,8 +73,8 @@ char *message, *pass; int reenter = 1; - pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags); - if (authenticate(pw->pw_name, pass, &reenter, &message) == 0) + pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); + if (pass && authenticate(pw->pw_name, pass, &reenter, &message) == 0) return(AUTH_SUCCESS); else return(AUTH_FAILURE); Index: usr.bin/sudo/auth/bsdauth.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/bsdauth.c,v retrieving revision 1.1 diff -u -r1.1 bsdauth.c --- usr.bin/sudo/auth/bsdauth.c 21 Nov 2000 17:58:45 -0000 1.1 +++ usr.bin/sudo/auth/bsdauth.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Todd C. Miller + * Copyright (c) 2000-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,22 +34,28 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include -#include -#include #include #include @@ -59,7 +65,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: bsdauth.c,v 1.3 2000/10/30 03:45:11 millert Exp $"; +static const char rcsid[] = "$Sudo: bsdauth.c,v 1.6 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ extern char *login_style; /* from sudo.c */ @@ -122,10 +128,10 @@ * S/Key. */ if ((s = auth_challenge(as)) == NULL) { - pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags); + pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); } else { - pass = tgetpass(s, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags); - if (!pass || *pass == '\0') { + pass = tgetpass(s, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); + if (pass && *pass == '\0') { if ((prompt = strrchr(s, '\n'))) prompt++; else @@ -139,16 +145,16 @@ while (isspace(prompt[len]) || prompt[len] == ':') prompt[len--] = '\0'; easprintf(&s, "%s [echo on]: ", prompt); - pass = tgetpass(s, def_ival(I_PW_TIMEOUT) * 60, + pass = tgetpass(s, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags | TGP_ECHO); free(s); } } - if (!pass || *pass == '\0') - nil_pw = 1; /* empty password */ + if (!pass || *pass == '\0') /* ^C or empty password */ + nil_pw = 1; - authok = auth_userresponse(as, pass, 1); + authok = pass ? auth_userresponse(as, pass, 1) : 0; /* restore old signal handler */ (void)signal(SIGCHLD, childkiller); Index: usr.bin/sudo/auth/dce.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/dce.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 dce.c --- usr.bin/sudo/auth/dce.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/auth/dce.c 16 Jan 2002 19:09:15 -0000 @@ -1,6 +1,6 @@ /* - * Copyright (c) 1996, 1998, 1999 Todd C. Miller - * All rights reserved. + * Copyright (c) 1996, 1998, 1999, 2001 + * Todd C. Miller . All rights reserved. * * This code is derived from software contributed by Jeff Earickson * of Colby College, Waterville, ME @@ -48,21 +48,27 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include @@ -73,7 +79,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: dce.c,v 1.7 1999/08/31 09:39:17 millert Exp $"; +static const char rcsid[] = "$Sudo: dce.c,v 1.8 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ static int check_dce_status __P((error_status_t, char *)); Index: usr.bin/sudo/auth/fwtk.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/fwtk.c,v retrieving revision 1.2 diff -u -r1.2 fwtk.c --- usr.bin/sudo/auth/fwtk.c 27 Mar 2000 03:44:39 -0000 1.2 +++ usr.bin/sudo/auth/fwtk.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,21 +34,27 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include @@ -58,7 +64,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: fwtk.c,v 1.10 2000/02/27 03:49:06 millert Exp $"; +static const char rcsid[] = "$Sudo: fwtk.c,v 1.14 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ int @@ -118,16 +124,23 @@ /* Get the password/response from the user. */ if (strncmp(resp, "challenge ", 10) == 0) { (void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]); - pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60, - tgetpass_flags | TGP_ECHO); + pass = tgetpass(buf, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); + if (pass && *pass == '\0') { + pass = tgetpass("Response [echo on]: ", + def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags | TGP_ECHO); + } } else if (strncmp(resp, "password", 8) == 0) { - pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags); + pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, + tgetpass_flags); } else { (void) fprintf(stderr, "%s: %s\n", Argv[0], resp); return(AUTH_FATAL); } - if (!pass || *pass == '\0') - nil_pw = 1; /* empty password */ + if (!pass) { /* ^C or error */ + nil_pw = 1; + return(AUTH_FAILURE); + } else if (*pass == '\0') /* empty password */ + nil_pw = 1; /* Send the user's response to the server */ (void) snprintf(buf, sizeof(buf), "response '%s'", pass); Index: usr.bin/sudo/auth/kerb4.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/kerb4.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 kerb4.c --- usr.bin/sudo/auth/kerb4.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/auth/kerb4.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999, 2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,21 +34,27 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include @@ -56,7 +62,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: kerb4.c,v 1.5 1999/08/14 15:36:46 millert Exp $"; +static const char rcsid[] = "$Sudo: kerb4.c,v 1.6 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ int Index: usr.bin/sudo/auth/kerb5.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/kerb5.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 kerb5.c --- usr.bin/sudo/auth/kerb5.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/auth/kerb5.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999, 2001 Todd C. Miller * All rights reserved. * * This code is derived from software contributed by Frank Cusack @@ -37,21 +37,27 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include @@ -59,7 +65,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: kerb5.c,v 1.10 1999/10/13 02:34:55 millert Exp $"; +static const char rcsid[] = "$Sudo: kerb5.c,v 1.11 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ static int verify_krb_v5_tgt __P((krb5_context, krb5_ccache, char *)); Index: usr.bin/sudo/auth/pam.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/pam.c,v retrieving revision 1.4 diff -u -r1.4 pam.c --- usr.bin/sudo/auth/pam.c 27 Mar 2000 03:44:39 -0000 1.4 +++ usr.bin/sudo/auth/pam.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,21 +34,30 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include @@ -57,13 +66,17 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: pam.c,v 1.15 2000/02/27 03:49:06 millert Exp $"; +static const char rcsid[] = "$Sudo: pam.c,v 1.23 2001/12/31 17:18:12 millert Exp $"; #endif /* lint */ static int sudo_conv __P((int, PAM_CONST struct pam_message **, struct pam_response **, VOID *)); static char *def_prompt; +#ifndef PAM_DATA_SILENT +#define PAM_DATA_SILENT 0 +#endif + int pam_init(pw, promptp, auth) struct passwd *pw; @@ -80,6 +93,9 @@ "unable to initialize PAM"); return(AUTH_FATAL); } + if (strcmp(user_tty, "unknown")) + (void) pam_set_item(pamh, PAM_TTY, user_tty); + auth->data = (VOID *) pamh; return(AUTH_SUCCESS); } @@ -96,17 +112,19 @@ def_prompt = prompt; /* for sudo_conv */ - /* PAM_SILENT prevents error messages from going to syslog(3) */ - if ((error = pam_authenticate(pamh, PAM_SILENT)) == PAM_SUCCESS) - return(AUTH_SUCCESS); - - /* Any error other than PAM_AUTH_ERR or PAM_MAXTRIES is probably fatal. */ - if (error != PAM_AUTH_ERR && error != PAM_MAXTRIES) { - if ((s = pam_strerror(pamh, error))) - log_error(NO_EXIT|NO_MAIL, "pam_authenticate: %s\n", s); - return(AUTH_FATAL); + /* PAM_SILENT prevents the authentication service from generating output. */ + error = pam_authenticate(pamh, PAM_SILENT); + switch (error) { + case PAM_SUCCESS: + return(AUTH_SUCCESS); + case PAM_AUTH_ERR: + case PAM_MAXTRIES: + return(AUTH_FAILURE); + default: + if ((s = pam_strerror(pamh, error))) + log_error(NO_EXIT|NO_MAIL, "pam_authenticate: %s", s); + return(AUTH_FATAL); } - return(AUTH_FAILURE); } int @@ -115,13 +133,61 @@ sudo_auth *auth; { pam_handle_t *pamh = (pam_handle_t *) auth->data; + int status = PAM_DATA_SILENT; - if (pam_end(pamh, (auth->status == AUTH_SUCCESS)) == PAM_SUCCESS) + /* Convert AUTH_FOO -> PAM_FOO as best we can. */ + /* XXX - store real value somewhere in auth->data and use it */ + switch (auth->status) { + case AUTH_SUCCESS: + status |= PAM_SUCCESS; + break; + case AUTH_FAILURE: + status |= PAM_AUTH_ERR; + break; + case AUTH_FATAL: + default: + status |= PAM_ABORT; + break; + } + + if (pam_end(pamh, status) == PAM_SUCCESS) return(AUTH_SUCCESS); else return(AUTH_FAILURE); } +int +pam_prep_user(pw) + struct passwd *pw; +{ + struct pam_conv pam_conv; + pam_handle_t *pamh; + const char *s; + int error; + + /* We need to setup a new PAM session for the user we are changing *to*. */ + pam_conv.conv = sudo_conv; + if (pam_start("sudo", pw->pw_name, &pam_conv, &pamh) != PAM_SUCCESS) { + log_error(USE_ERRNO|NO_EXIT|NO_MAIL, + "unable to initialize PAM"); + return(AUTH_FATAL); + } + (void) pam_set_item(pamh, PAM_RUSER, user_name); + if (strcmp(user_tty, "unknown")) + (void) pam_set_item(pamh, PAM_TTY, user_tty); + + /* Set credentials (may include resource limits, device ownership, etc). */ + if ((error = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { + if ((s = pam_strerror(pamh, error))) + log_error(NO_EXIT|NO_MAIL, "pam_setcred: %s", s); + } + + if (pam_end(pamh, error) != PAM_SUCCESS) + return(AUTH_FAILURE); + + return(error == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE); +} + /* * ``Conversation function'' for PAM. */ @@ -152,8 +218,8 @@ p = pm->msg; /* Read the password. */ pr->resp = estrdup((char *) tgetpass(p, - def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags)); - if (*pr->resp == '\0') + def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags)); + if (pr->resp == NULL || *pr->resp == '\0') nil_pw = 1; /* empty password */ break; case PAM_TEXT_INFO: Index: usr.bin/sudo/auth/passwd.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/passwd.c,v retrieving revision 1.2 diff -u -r1.2 passwd.c --- usr.bin/sudo/auth/passwd.c 27 Mar 2000 03:44:39 -0000 1.2 +++ usr.bin/sudo/auth/passwd.c 17 Jan 2002 16:54:46 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,32 +34,51 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include "sudo.h" #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: passwd.c,v 1.7 2000/03/23 00:27:41 millert Exp $"; +static const char rcsid[] = "$Sudo: passwd.c,v 1.11 2002/01/17 15:56:15 millert Exp $"; #endif /* lint */ #define DESLEN 13 #define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',') + +int +passwd_init(pw, promptp, auth) + struct passwd *pw; + char **promptp; + sudo_auth *auth; +{ +#ifdef HAVE_SKEYACCESS + if (skeyaccess(pw, user_tty, NULL, NULL) == 0) + return(AUTH_FAILURE); +#endif + return(AUTH_SUCCESS); +} int passwd_verify(pw, pass, auth) Index: usr.bin/sudo/auth/rfc1938.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/rfc1938.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 rfc1938.c --- usr.bin/sudo/auth/rfc1938.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/auth/rfc1938.c 16 Jan 2002 19:09:15 -0000 @@ -1,6 +1,6 @@ /* - * Copyright (c) 1994-1996,1998-1999 Todd C. Miller - * All rights reserved. + * Copyright (c) 1994-1996, 1998-1999, 2001 + * Todd C. Miller . All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -34,21 +34,27 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #if defined(HAVE_SKEY) @@ -67,7 +73,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: rfc1938.c,v 1.8 1999/10/07 21:21:07 millert Exp $"; +static const char rcsid[] = "$Sudo: rfc1938.c,v 1.9 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ int Index: usr.bin/sudo/auth/secureware.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/secureware.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 secureware.c --- usr.bin/sudo/auth/secureware.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/auth/secureware.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 1999 Todd C. Miller + * Copyright (c) 1998, 1999, 2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,21 +34,27 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #ifdef __hpux # undef MAXINT @@ -62,7 +68,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: secureware.c,v 1.7 1999/08/22 09:59:28 millert Exp $"; +static const char rcsid[] = "$Sudo: secureware.c,v 1.8 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ int Index: usr.bin/sudo/auth/securid.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/securid.c,v retrieving revision 1.2 diff -u -r1.2 securid.c --- usr.bin/sudo/auth/securid.c 10 Dec 1999 06:45:12 -0000 1.2 +++ usr.bin/sudo/auth/securid.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * This code is derived from software contributed by Giles Todd @@ -37,21 +37,27 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include @@ -62,7 +68,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: securid.c,v 1.6 1999/12/02 20:21:31 millert Exp $"; +static const char rcsid[] = "$Sudo: securid.c,v 1.8 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ union config_record configure; @@ -76,8 +82,11 @@ static struct SD_CLIENT sd_dat; /* SecurID data block */ auth->data = (VOID *) &sd_dat; /* For method-specific data */ - creadcfg(); /* Only read config file once */ - return(AUTH_SUCCESS); + + if (creadcfg() == 0) + return(AUTH_SUCCESS); + else + return(AUTH_FATAL); } int @@ -89,9 +98,10 @@ struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data; /* Re-initialize SecurID every time. */ - if (sd_init(sd) == 0) + if (sd_init(sd) == 0) { + strcpy(sd->username, pw->pw_name); return(AUTH_SUCCESS); - else { + } else { (void) fprintf(stderr, "%s: Cannot contact SecurID server\n", Argv[0]); return(AUTH_FATAL); } @@ -104,8 +114,11 @@ sudo_auth *auth; { struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data; + int rval; - if (sd_auth(sd) == ACM_OK) + rval = sd_auth(sd); + sd_close(); + if (rval == ACM_OK) return(AUTH_SUCCESS); else return(AUTH_FAILURE); Index: usr.bin/sudo/auth/sia.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/sia.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 sia.c --- usr.bin/sudo/auth/sia.c 18 Nov 1999 16:29:01 -0000 1.1.1.1 +++ usr.bin/sudo/auth/sia.c 16 Jan 2002 19:09:15 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * This code is derived from software contributed by Spider Boardman @@ -36,21 +36,27 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include @@ -58,7 +64,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: sia.c,v 1.8 1999/10/07 21:21:07 millert Exp $"; +static const char rcsid[] = "$Sudo: sia.c,v 1.10 2001/12/14 19:52:53 millert Exp $"; #endif /* lint */ static int sudo_collect __P((int, int, uchar_t *, int, prompt_t *)); @@ -80,8 +86,8 @@ switch (rendition) { case SIAFORM: case SIAONELINER: - if (timeout <= 0 || timeout > def_ival(I_PW_TIMEOUT) * 60) - timeout = def_ival(I_PW_TIMEOUT) * 60; + if (timeout <= 0 || timeout > def_ival(I_PASSWD_TIMEOUT) * 60) + timeout = def_ival(I_PASSWD_TIMEOUT) * 60; /* * Substitute custom prompt if a) the sudo prompt is not "Password:" * and b) the SIA prompt is "Password:" (so we know it is safe). Index: usr.bin/sudo/auth/sudo_auth.c =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/sudo_auth.c,v retrieving revision 1.4 diff -u -r1.4 sudo_auth.c --- usr.bin/sudo/auth/sudo_auth.c 5 Jun 2000 14:01:16 -0000 1.4 +++ usr.bin/sudo/auth/sudo_auth.c 16 Jan 2002 19:09:16 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,30 +34,40 @@ #include "config.h" +#include +#include #include #ifdef STDC_HEADERS -#include +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif #endif /* STDC_HEADERS */ -#ifdef HAVE_UNISTD_H -#include -#endif /* HAVE_UNISTD_H */ #ifdef HAVE_STRING_H -#include +# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +# include +# endif +# include +#else +# ifdef HAVE_STRINGS_H +# include +# endif #endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -#include -#endif /* HAVE_STRINGS_H */ -#include -#include +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ #include #include +#include #include "sudo.h" #include "sudo_auth.h" #include "insults.h" #ifndef lint -static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.19 2000/03/06 19:42:21 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.25 2001/12/14 19:52:54 millert Exp $"; #endif /* lint */ sudo_auth auth_switch[] = { @@ -65,7 +75,7 @@ AUTH_STANDALONE #else # ifndef WITHOUT_PASSWD - AUTH_ENTRY(0, "passwd", NULL, NULL, passwd_verify, NULL) + AUTH_ENTRY(0, "passwd", passwd_init, NULL, passwd_verify, NULL) # endif # if defined(HAVE_GETPRPWNAM) && !defined(WITHOUT_PASSWD) AUTH_ENTRY(0, "secureware", secureware_init, NULL, secureware_verify, NULL) @@ -99,11 +109,19 @@ struct passwd *pw; char *prompt; { - short counter = def_ival(I_PW_TRIES) + 1; - short success = AUTH_FAILURE; - short status; + int counter = def_ival(I_PASSWD_TRIES) + 1; + int success = AUTH_FAILURE; + int status; + int flags; char *p; sudo_auth *auth; + sigaction_t sa, osa; + + /* Enable suspend during password entry. */ + sigemptyset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + sa.sa_handler = SIG_DFL; + (void) sigaction(SIGTSTP, &sa, &osa); /* Make sure we have at least one auth method. */ if (auth_switch[0].name == NULL) @@ -156,14 +174,14 @@ #ifdef AUTH_STANDALONE p = prompt; #else - p = (char *) tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, + p = (char *) tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); if (!p || *p == '\0') nil_pw = 1; #endif /* AUTH_STANDALONE */ /* Call authentication functions. */ - for (auth = auth_switch; auth->name; auth++) { + for (auth = auth_switch; p && auth->name; auth++) { if (!IS_CONFIGURED(auth)) continue; @@ -179,12 +197,13 @@ goto cleanup; } #ifndef AUTH_STANDALONE - (void) memset(p, 0, strlen(p)); + if (p) + (void) memset(p, 0, strlen(p)); #endif /* Exit loop on nil password, but give it a chance to match first. */ if (nil_pw) { - if (counter == def_ival(I_PW_TRIES)) + if (counter == def_ival(I_PASSWD_TRIES)) exit(1); else break; @@ -211,14 +230,20 @@ switch (success) { case AUTH_SUCCESS: + (void) sigaction(SIGTSTP, &osa, NULL); return; case AUTH_FAILURE: - log_error(NO_MAIL, "%d incorrect password attempt%s", - def_ival(I_PW_TRIES) - counter, - (def_ival(I_PW_TRIES) - counter == 1) ? "" : "s"); + if (def_flag(I_MAIL_BADPASS) || def_flag(I_MAIL_ALWAYS)) + flags = 0; + else + flags = NO_MAIL; + log_error(flags, "%d incorrect password attempt%s", + def_ival(I_PASSWD_TRIES) - counter, + (def_ival(I_PASSWD_TRIES) - counter == 1) ? "" : "s"); case AUTH_FATAL: exit(1); } + /* NOTREACHED */ } void @@ -231,7 +256,7 @@ (void) fprintf(fp, "%s\n", INSULT); else #endif - (void) fprintf(fp, "%s\n", def_str(I_BADPASS_MSG)); + (void) fprintf(fp, "%s\n", def_str(I_BADPASS_MESSAGE)); } void Index: usr.bin/sudo/auth/sudo_auth.h =================================================================== RCS file: /cvs/src/usr.bin/sudo/auth/sudo_auth.h,v retrieving revision 1.2 diff -u -r1.2 sudo_auth.h --- usr.bin/sudo/auth/sudo_auth.h 21 Nov 2000 17:58:45 -0000 1.2 +++ usr.bin/sudo/auth/sudo_auth.h 16 Jan 2002 19:09:16 -0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Todd C. Miller + * Copyright (c) 1999-2001 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: sudo_auth.h,v 1.17 2000/10/29 22:30:22 millert Exp $ + * $Sudo: sudo_auth.h,v 1.19 2001/12/14 19:55:01 millert Exp $ */ #ifndef SUDO_AUTH_H @@ -80,6 +80,7 @@ int bsdauth_cleanup __P((struct passwd *pw, sudo_auth *auth)); /* Prototypes for normal methods */ +int passwd_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); int passwd_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); int secureware_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); int secureware_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));