--disable-root-mailer Don't run the mailer as root, run as the user
--disable-setreuid Don't try to use the setreuid() function
--disable-setresuid Don't try to use the setresuid() function
- --disable-saved-ids Don't try to use POSIX saved ids
--disable-shadow Never use shadow passwords
--disable-root-sudo Don't allow root to run sudo
--enable-log-host Log the hostname in the log file
fi;
-echo "$as_me:$LINENO: checking whether to disable use of POSIX saved ids" >&5
-echo $ECHO_N "checking whether to disable use of POSIX saved ids... $ECHO_C" >&6
-# Check whether --enable-saved-ids or --disable-saved-ids was given.
-if test "${enable_saved_ids+set}" = set; then
- enableval="$enable_saved_ids"
- case "$enableval" in
- yes) echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- ;;
- no) echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- cat >>confdefs.h <<\_ACEOF
-#define NO_SAVED_IDS 1
-_ACEOF
-
- ;;
- *) echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-saved-ids: $enableval" >&5
-echo "$as_me: WARNING: Ignoring unknown argument to --enable-saved-ids: $enableval" >&2;}
- ;;
- esac
-
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi;
-
echo "$as_me:$LINENO: checking whether to disable shadow password support" >&5
echo $ECHO_N "checking whether to disable shadow password support... $ECHO_C" >&6
# Check whether --enable-shadow or --disable-shadow was given.
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 5549 "configure"' > conftest.$ac_ext
+ echo '#line 5520 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
# Provide some information about the compiler.
-echo "$as_me:6778:" \
+echo "$as_me:6749:" \
"checking for Fortran 77 compiler version" >&5
ac_compiler=`set X $ac_compile; echo $2`
{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7809: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7780: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7813: \$? = $ac_status" >&5
+ echo "$as_me:7784: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8041: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8012: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8045: \$? = $ac_status" >&5
+ echo "$as_me:8016: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8108: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8079: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8112: \$? = $ac_status" >&5
+ echo "$as_me:8083: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 10194 "configure"
+#line 10165 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 10292 "configure"
+#line 10263 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:12448: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:12419: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:12452: \$? = $ac_status" >&5
+ echo "$as_me:12423: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:12515: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:12486: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:12519: \$? = $ac_status" >&5
+ echo "$as_me:12490: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 13805 "configure"
+#line 13776 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 13903 "configure"
+#line 13874 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:14725: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:14696: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:14729: \$? = $ac_status" >&5
+ echo "$as_me:14700: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:14792: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:14763: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:14796: \$? = $ac_status" >&5
+ echo "$as_me:14767: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16726: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16697: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:16730: \$? = $ac_status" >&5
+ echo "$as_me:16701: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16958: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16929: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:16962: \$? = $ac_status" >&5
+ echo "$as_me:16933: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:17025: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16996: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:17029: \$? = $ac_status" >&5
+ echo "$as_me:17000: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 19111 "configure"
+#line 19082 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 19209 "configure"
+#line 19180 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
fi
done
-
-for ac_func in seteuid
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-char (*f) () = $ac_func;
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-int
-main ()
-{
-return f != $ac_func;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-eval "$as_ac_var=no"
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-else
- cat >>confdefs.h <<\_ACEOF
-#define NO_SAVED_IDS 1
-_ACEOF
-
-fi
-done
-
if test -z "$SKIP_SETRESUID"; then
for ac_func in setresuid
-
-
static void runas_setup __P((void));
static void fatal __P((char *, int));
-#if !defined(HAVE_SETRESUID) && !defined(HAVE_SETREUID) && \
- !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION)
-/*
- * Set real and effective uids and gids based on perm.
- * Since we have POSIX saved IDs we can get away with just
- * toggling the effective uid/gid unless we are headed for an exec().
- */
-void
-set_perms_posix(perm)
- int perm;
-{
- int error;
-
- switch (perm) {
- case PERM_ROOT:
- if (seteuid(ROOT_UID))
- fatal("seteuid(ROOT_UID) failed, your operating system may have broken POSIX saved ID support\nTry running configure with --disable-saved-ids", 0);
- break;
-
- case PERM_FULL_ROOT:
- /* headed for exec() */
- (void) seteuid(ROOT_UID);
- if (setuid(ROOT_UID))
- fatal("setuid(ROOT_UID)", 1);
- break;
-
- case PERM_USER:
- (void) setegid(user_gid);
- if (seteuid(user_uid))
- fatal("seteuid(user_uid)", 1);
- break;
-
- case PERM_FULL_USER:
- /* headed for exec() */
- (void) setgid(user_gid);
- if (setuid(user_uid))
- fatal("setuid(user_uid)", 1);
- break;
-
- case PERM_RUNAS:
- if (seteuid(runas_pw->pw_uid))
- fatal("unable to change to runas uid", 1);
- break;
-
- case PERM_FULL_RUNAS:
- /* headed for exec(), assume euid == ROOT_UID */
- runas_setup();
- if (def_stay_setuid)
- error = seteuid(runas_pw->pw_uid);
- else
- error = setuid(runas_pw->pw_uid);
- if (error)
- fatal("unable to change to runas uid", 1);
- break;
-
- case PERM_SUDOERS:
- /* assume euid == ROOT_UID, ruid == user */
- if (setegid(SUDOERS_GID))
- fatal("unable to change to sudoers gid", 1);
-
- /*
- * If SUDOERS_UID == ROOT_UID and SUDOERS_MODE
- * is group readable we use a non-zero
- * uid in order to avoid NFS lossage.
- * Using uid 1 is a bit bogus but should
- * work on all OS's.
- */
- if (SUDOERS_UID == ROOT_UID) {
- if ((SUDOERS_MODE & 040) && seteuid(1))
- fatal("seteuid(1)", 1);
- } else {
- if (seteuid(SUDOERS_UID))
- fatal("seteuid(SUDOERS_UID)", 1);
- }
- break;
- case PERM_TIMESTAMP:
- if (seteuid(timestamp_uid))
- fatal("seteuid(timestamp_uid)", 1);
- break;
-
- }
-}
-#endif /* !NO_SAVED_IDS && _SC_SAVED_IDS && _SC_VERSION */
-
#ifdef HAVE_SETRESUID
/*
* Set real and effective and saved uids and gids based on perm.
* This version of set_perms() works fine with the "stay_setuid" option.
*/
void
-set_perms_suid(perm)
+set_perms(perm)
int perm;
{
int error;
* This version of set_perms() works fine with the "stay_setuid" option.
*/
void
-set_perms_suid(perm)
+set_perms(perm)
int perm;
{
int error;
}
}
-# else
-# ifdef HAVE_SETREUID
-
-/*
- * Set real and effective uids and gids based on perm.
- * NOTE: does not support the "stay_setuid" option.
- */
-void
-set_perms_nosuid(perm)
- int perm;
-{
-
- /*
- * Since we only have setuid() and seteuid() we have to set
- * real and effective uids to ROOT_UID initially.
- */
- if (setuid(ROOT_UID))
- fatal("setuid(ROOT_UID)", 1);
-
- switch (perm) {
- case PERM_USER:
- (void) setegid(user_gid);
- if (seteuid(user_uid))
- fatal("seteuid(user_uid)", 1);
- break;
-
- case PERM_FULL_USER:
- /* headed for exec() */
- (void) setgid(user_gid);
- if (setuid(user_uid))
- fatal("setuid(user_uid)", 1);
- break;
-
- case PERM_RUNAS:
- if (seteuid(runas_pw->pw_uid))
- fatal("unable to change to runas uid", 1);
- break;
-
- case PERM_FULL_RUNAS:
- /* headed for exec(), assume euid == ROOT_UID */
- runas_setup();
- if (setuid(runas_pw->pw_uid))
- fatal("unable to change to runas uid", 1);
- break;
-
- case PERM_SUDOERS:
- /* assume euid == ROOT_UID, ruid == user */
- if (setegid(SUDOERS_GID))
- fatal("unable to change to sudoers gid", 1);
-
- /*
- * If SUDOERS_UID == ROOT_UID and SUDOERS_MODE
- * is group readable we use a non-zero
- * uid in order to avoid NFS lossage.
- * Using uid 1 is a bit bogus but should
- * work on all OS's.
- */
- if (SUDOERS_UID == ROOT_UID) {
- if ((SUDOERS_MODE & 040) && seteuid(1))
- fatal("seteuid(1)", 1);
- } else {
- if (seteuid(SUDOERS_UID))
- fatal("seteuid(SUDOERS_UID)", 1);
- }
- break;
- case PERM_TIMESTAMP:
- if (seteuid(timestamp_uid))
- fatal("seteuid(timestamp_uid)", 1);
- break;
- }
-}
-
-# else
+# else /* !HAVE_SETRESUID && !HAVE_SETREUID */
/*
* Set uids and gids based on perm via setuid() and setgid().
* Also, SUDOERS_UID and SUDOERS_GID are not used.
*/
void
-set_perms_nosuid(perm)
+set_perms(perm)
int perm;
{
break;
}
}
-# endif /* HAVE_SETEUID */
# endif /* HAVE_SETREUID */
#endif /* HAVE_SETRESUID */
projects / sudo / commitdiff