ldap_conf
ldap_secret
nsswitch_conf
+netsvc_conf
EGREPPROG
CC
ac_ct_CC
--with-pic try to use only PIC/non-PIC objects [default=use
both]
--with-noexec=PATH fully qualified pathname of sudo_noexec.so
+ --with-netsvc[=PATH] path to netsvc.conf
Some influential environment variables:
CC C compiler command
+
timeout=5
esac
fi
-if test ${with_nsswitch-"yes"} != "no"; then
- cat >>confdefs.h <<EOF
-#define _PATH_NSSWITCH_CONF "${with_nsswitch-/etc/nsswitch.conf}"
-EOF
-
- nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
-else
- nsswitch_conf='/etc/nsswitch.conf'
-fi
# Check whether --with-ldap was given.
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 6216 "configure"' > conftest.$ac_ext
+ echo '#line 6210 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8075: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8069: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8079: \$? = $ac_status" >&5
+ echo "$as_me:8073: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8365: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8359: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8369: \$? = $ac_status" >&5
+ echo "$as_me:8363: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8469: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8463: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8473: \$? = $ac_status" >&5
+ echo "$as_me:8467: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 10829 "configure"
+#line 10823 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 10929 "configure"
+#line 10923 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
fi
+ # AIX analog of nsswitch.conf, enabled by default
+
+# Check whether --with-netsvc was given.
+if test "${with_netsvc+set}" = set; then
+ withval=$with_netsvc; case $with_netsvc in
+ no) ;;
+ yes) with_netsvc="/etc/netsvc.conf"
+ ;;
+ *) ;;
+ esac
+fi
+
+ if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
+ with_netsvc="/etc/netsvc.conf"
+ fi
+
# AIX-specific functions
for ac_func in getuserattr
done
+netsvc_conf='/etc/netsvc.conf'
+nsswitch_conf='/etc/nsswitch.conf'
+if test ${with_netsvc-"no"} != "no"; then
+ cat >>confdefs.h <<EOF
+#define _PATH_NETSVC_CONF "${with_netsvc-/etc/netsvc.conf}"
+EOF
+
+ netsvc_conf=${with_netsvc-/etc/netsvc.conf}
+elif test ${with_nsswitch-"yes"} != "no"; then
+ cat >>confdefs.h <<EOF
+#define _PATH_NSSWITCH_CONF "${with_nsswitch-/etc/nsswitch.conf}"
+EOF
+
+ nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
+fi
+
if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
for auth in $AUTH_EXCL_DEF; do
ldap_conf!$ldap_conf$ac_delim
ldap_secret!$ldap_secret$ac_delim
nsswitch_conf!$nsswitch_conf$ac_delim
+netsvc_conf!$netsvc_conf$ac_delim
EGREPPROG!$EGREPPROG$ac_delim
CC!$CC$ac_delim
ac_ct_CC!$ac_ct_CC$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 38; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 39; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
AC_SUBST(ldap_conf)
AC_SUBST(ldap_secret)
AC_SUBST(nsswitch_conf)
+AC_SUBST(netsvc_conf)
dnl
dnl Initial values for above
dnl
;;
*) ;;
esac])
-if test ${with_nsswitch-"yes"} != "no"; then
- SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
- nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
-else
- nsswitch_conf='/etc/nsswitch.conf'
-fi
AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
[case $with_ldap in
AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
fi
+ # AIX analog of nsswitch.conf, enabled by default
+ AC_ARG_WITH(netsvc, [ --with-netsvc[[=PATH]] path to netsvc.conf],
+ [case $with_netsvc in
+ no) ;;
+ yes) with_netsvc="/etc/netsvc.conf"
+ ;;
+ *) ;;
+ esac])
+ if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
+ with_netsvc="/etc/netsvc.conf"
+ fi
+
# AIX-specific functions
AC_CHECK_FUNCS(getuserattr)
SUDO_OBJS="$SUDO_OBJS aix.o"
AC_MSG_RESULT($sudo_cv___progname)
])
+dnl
+dnl nsswitch.conf and its equivalents
+dnl
+netsvc_conf='/etc/netsvc.conf'
+nsswitch_conf='/etc/nsswitch.conf'
+if test ${with_netsvc-"no"} != "no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
+ netsvc_conf=${with_netsvc-/etc/netsvc.conf}
+elif test ${with_nsswitch-"yes"} != "no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
+ nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
+fi
+
dnl
dnl Mutually exclusive auth checks come first, followed by
dnl non-exclusive ones. Note: passwd must be last of all!
#ifndef _PATH_NSSWITCH_CONF
#undef _PATH_NSSWITCH_CONF
#endif /* _PATH_NSSWITCH_CONF */
+
+#ifndef _PATH_NETSVC_CONF
+#undef _PATH_NETSVC_CONF
+#endif /* _PATH_NETSVC_CONF */
tq_foreach_fwd(snl, nss) {
validated = nss->lookup(nss, validated, pwflag);
- /* Handle [NOTFOUND=return] */
- if (!ISSET(validated, VALIDATE_OK) && nss->ret_notfound)
- break;
+ if (ISSET(validated, VALIDATE_OK)) {
+ /* Handle "= auth" in netsvc.conf */
+ if (nss->ret_if_found)
+ break;
+ } else {
+ /* Handle [NOTFOUND=return] */
+ if (nss->ret_if_notfound)
+ break;
+ }
}
if (safe_cmnd == NULL)
safe_cmnd = estrdup(user_cmnd);
#endif /* HAVE_UNISTD_H */
#include <pwd.h>
#include <grp.h>
+#include <ctype.h>
#include "sudo.h"
#include "lbuf.h"
got_match = TRUE;
} else if (strcasecmp(cp, "[NOTFOUND=return]") == 0 && got_match) {
/* NOTFOUND affects the most recent entry */
- tq_last(&snl)->ret_notfound = TRUE;
+ tq_last(&snl)->ret_if_notfound = TRUE;
got_match = FALSE;
} else
got_match = FALSE;
#else /* HAVE_LDAP && _PATH_NSSWITCH_CONF */
+# if defined(HAVE_LDAP) && defined(_PATH_NETSVC_CONF)
+
+/*
+ * Read in /etc/netsvc.conf (like nsswitch.conf on AIX)
+ * Returns a tail queue of matches.
+ */
+struct sudo_nss_list *
+sudo_read_nss()
+{
+ FILE *fp;
+ char *cp, *ep;
+ int saw_files = FALSE;
+ int saw_ldap = FALSE;
+ int got_match = FALSE;
+ static struct sudo_nss_list snl;
+
+ if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL)
+ goto nomatch;
+
+ while ((cp = sudo_parseln(fp)) != NULL) {
+ /* Skip blank or comment lines */
+ if (*cp == '\0')
+ continue;
+
+ /* Look for a line starting with "sudoers = " */
+ if (strncasecmp(cp, "sudoers", 7) != 0)
+ continue;
+ cp += 7;
+ while (isspace((unsigned char)*cp))
+ cp++;
+ if (*cp++ != '=')
+ continue;
+
+ /* Parse line */
+ for ((cp = strtok(cp, ",")); cp != NULL; (cp = strtok(NULL, ","))) {
+ /* Trim leading whitespace. */
+ while (isspace((unsigned char)*cp))
+ cp++;
+
+ if (!saw_files && strncasecmp(cp, "files", 5) == 0 &&
+ (isspace((unsigned char)cp[5]) || cp[5] == '\0')) {
+ tq_append(&snl, &sudo_nss_file);
+ got_match = TRUE;
+ ep = &cp[5];
+ } else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 &&
+ (isspace((unsigned char)cp[4]) || cp[4] == '\0')) {
+ tq_append(&snl, &sudo_nss_ldap);
+ got_match = TRUE;
+ ep = &cp[4];
+ } else {
+ got_match = FALSE;
+ }
+
+ /* check for = auth qualifier */
+ if (got_match && *ep) {
+ cp = ep;
+ while (isspace((unsigned char)*cp) || *cp == '=')
+ cp++;
+ if (strncasecmp(cp, "auth", 4) == 0 &&
+ (isspace((unsigned char)cp[4]) || cp[4] == '\0')) {
+ tq_last(&snl)->ret_if_found = TRUE;
+ }
+ }
+ }
+ /* Only parse the first "sudoers" line */
+ break;
+ }
+ fclose(fp);
+
+nomatch:
+ /* Default to files only if no matches */
+ if (tq_empty(&snl))
+ tq_append(&snl, &sudo_nss_file);
+
+ return(&snl);
+}
+
+# else /* !_PATH_NETSVC_CONF && !_PATH_NSSWITCH_CONF */
+
/*
* Non-nsswitch.conf version with hard-coded order.
*/
{
static struct sudo_nss_list snl;
-# ifdef HAVE_LDAP
+# ifdef HAVE_LDAP
tq_append(&snl, &sudo_nss_ldap);
-# endif
+# endif
tq_append(&snl, &sudo_nss_file);
return(&snl);
}
+# endif /* !HAVE_LDAP || !_PATH_NETSVC_CONF */
+
#endif /* HAVE_LDAP && _PATH_NSSWITCH_CONF */
/* Reset user_groups based on passwd entry. */
int (*display_bound_defaults) __P((struct sudo_nss *nss, struct passwd *, struct lbuf *));
int (*display_privs) __P((struct sudo_nss *nss, struct passwd *, struct lbuf *));
void *handle;
- int ret_notfound;
+ short ret_if_found;
+ short ret_if_notfound;
};
TQ_DECLARE(sudo_nss)
projects / sudo / commitdiff