ldap_conf=/etc/ldap.conf
ldap_secret=/etc/ldap.secret
netsvc_conf=/etc/netsvc.conf
-noexec_file=/usr/local/libexec/sudo_noexec.so
+noexec_file=/usr/local/libexec/sudo/sudo_noexec.so
nsswitch_conf=/etc/nsswitch.conf
secure_path="not set"
-PLUGINDIR=/usr/local/libexec
+PLUGINDIR=/usr/local/libexec/sudo
#
# End initial values for man page substitution
#
+#
+# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
+# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
+# off an extraneous "/sudo" from libexecdir.
+#
+case "$libexecdir" in
+ */sudo)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&5
+$as_echo "$as_me: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&2;}
+ libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
+ ;;
+esac
+
# Check whether --with-otp-only was given.
*) ;;
esac
else
- with_plugindir="$libexecdir"
+ with_plugindir="$libexecdir/sudo"
fi
# Check whether --with-noexec was given.
if test "${with_noexec+set}" = set; then :
withval=$with_noexec; case $with_noexec in
- yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
+ yes) with_noexec="$libexecdir/sudo/sudo_noexec$_shrext"
;;
no) ;;
*) ;;
esac
else
- with_noexec="$libexecdir/sudo_noexec$_shrext"
+ with_noexec="$libexecdir/sudo/sudo_noexec$_shrext"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_noexec" >&5
fi
if test X"$with_selinux" != X"no"; then
- sesh_file="$libexecdir/sesh"
+ sesh_file="$libexecdir/sudo/sesh"
_sesh_file=
while test X"$sesh_file" != X"$_sesh_file"; do
_sesh_file="$sesh_file"
ldap_conf=/etc/ldap.conf
ldap_secret=/etc/ldap.secret
netsvc_conf=/etc/netsvc.conf
-noexec_file=/usr/local/libexec/sudo_noexec.so
+noexec_file=/usr/local/libexec/sudo/sudo_noexec.so
nsswitch_conf=/etc/nsswitch.conf
secure_path="not set"
-PLUGINDIR=/usr/local/libexec
+PLUGINDIR=/usr/local/libexec/sudo
#
# End initial values for man page substitution
#
dnl
AC_CONFIG_LIBOBJ_DIR(compat)
+#
+# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
+# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
+# off an extraneous "/sudo" from libexecdir.
+#
+case "$libexecdir" in
+ */sudo)
+ AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory])
+ libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
+ ;;
+esac
+
dnl
dnl Deprecated --with options (these all warn or generate an error)
dnl
no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
;;
*) ;;
-esac], [with_plugindir="$libexecdir"])
+esac], [with_plugindir="$libexecdir/sudo"])
AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])],
[case $with_man in
AC_MSG_CHECKING(path to sudo_noexec.so)
AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
[case $with_noexec in
- yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
+ yes) with_noexec="$libexecdir/sudo/sudo_noexec$_shrext"
;;
no) ;;
*) ;;
-esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
+esac], [with_noexec="$libexecdir/sudo/sudo_noexec$_shrext"])
AC_MSG_RESULT($with_noexec)
NOEXECFILE="sudo_noexec$_shrext"
NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
- sesh_file="$libexecdir/sesh"
+ sesh_file="$libexecdir/sudo/sesh"
_sesh_file=
while test X"$sesh_file" != X"$_sesh_file"; do
_sesh_file="$sesh_file"
Notes on upgrading from an older release
========================================
+o Upgrading from a version prior to 1.8.7:
+
+ Sudo now stores its libexec files in a "sudo" subdirectory
+ instead of in libexec itself. For backwards compatibility, if
+ the plugin is not found in the default plugin directory, sudo
+ will check the parent directory default directory ends in "/sudo".
+
o Upgrading from a version prior to 1.8.2:
When matching Unix groups in the sudoers file, sudo will now
# Note, must indent with tabs, not spaces due to IFS trickery
# XXX - SuSE uses secure path but only for env_reset
configure_opts="--prefix=/usr
- --libexecdir=/usr/$libexec/sudo
+ --libexecdir=/usr/$libexec
--with-logging=syslog
--with-logfac=auth
--with-all-insults
--disable-setresuid
--with-sendmail=/usr/sbin/sendmail
--mandir=/usr/share/man
- --libexecdir=/usr/lib/sudo
+ --libexecdir=/usr/lib
--with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
$configure_opts"
;;
install-dirs:
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \
- $(DESTDIR)$(noexecdir)
+ $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir)
install-binaries: install-dirs $(PROGS)
$(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 04755 sudo $(DESTDIR)$(bindir)/sudo
rm -f $(DESTDIR)$(bindir)/sudoedit
ln -s sudo $(DESTDIR)$(bindir)/sudoedit
- if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 sesh $(DESTDIR)$(libexecdir)/sesh; fi
+ if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 sesh $(DESTDIR)$(libexecdir)/sudo/sesh; fi
install-doc:
uninstall:
-rm -f $(DESTDIR)$(bindir)/sudo $(DESTDIR)$(bindir)/sudoedit \
- $(DESTDIR)$(libexecdir)/sesh \
+ $(DESTDIR)$(libexecdir)/sudo/sesh \
$(DESTDIR)$(noexecdir)/$(noexecfile)
check:
void *handle;
char path[PATH_MAX];
bool rval = false;
+ int status;
debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN)
if (info->path[0] == '/') {
warningx(_("%s: %s"), info->path, strerror(ENAMETOOLONG));
goto done;
}
+ status = stat(path, &sb);
} else {
if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR,
info->path) >= sizeof(path)) {
strerror(ENAMETOOLONG));
goto done;
}
+ /* Try parent dir for compatibility with old plugindir default. */
+ if ((status = stat(path, &sb)) != 0) {
+ char *cp = strrchr(path, '/');
+ if (cp > path + 4 && cp[-5] == '/' && cp[-4] == 's' &&
+ cp[-3] == 'u' && cp[-2] == 'd' && cp[-1] == 'o') {
+ int serrno = errno;
+ strlcpy(cp - 4, info->path, sizeof(path) - (cp - 4 - path));
+ if ((status = stat(path, &sb)) != 0)
+ errno = serrno;
+ }
+ }
}
- if (stat(path, &sb) != 0) {
+ if (status != 0) {
warningx(_("error in %s, line %d while loading plugin `%s'"),
_PATH_SUDO_CONF, info->lineno, info->symbol_name);
- warning("%s", path);
+ warning("%s%s", _PATH_SUDO_PLUGIN_DIR, info->path);
goto done;
}
if (sb.st_uid != ROOT_UID) {
$sbindir/visudo 0755
$bindir/sudoreplay 0755
$includedir/sudo_plugin.h 0644
- $libexecdir/* $shlib_mode optional
+ $libexecdir/sudo/ 0755
+ $libexecdir/sudo/sesh 0755 optional,ignore-others
+ $libexecdir/sudo/* $shlib_mode optional
$sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
$timedir/ 0700 root:
$docdir/ 0755
projects / sudo / commitdiff