enable_path_info
enable_env_debug
enable_warnings
+enable_admin_flag
with_selinux
enable_gss_krb5_ccache_name
enable_shared
--disable-path-info Print 'command not allowed' not 'command not found'
--enable-env-debug Whether to enable environment debugging.
--enable-warnings Whether to enable compiler warnings
+ --enable-admin-flag Whether to create a Ubuntu-style admin flag file
--enable-gss-krb5-ccache-name
Use GSS-API to set the Kerberos V cred cache name
--enable-shared[=PKGS] build shared libraries [default=yes]
fi
+# Check whether --enable-admin-flag was given.
+if test "${enable_admin_flag+set}" = set; then :
+ enableval=$enable_admin_flag; case "$enableval" in
+ yes) $as_echo "#define USE_ADMIN_FLAG 1" >>confdefs.h
+
+ ;;
+ no) ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-admin-flag: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-admin-flag: $enableval" >&2;}
+ ;;
+ esac
+
+fi
+
+
# Check whether --with-selinux was given.
if test "${with_selinux+set}" = set; then :
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:6570: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:6587: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:6573: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:6590: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:6576: output\"" >&5)
+ (eval echo "\"\$as_me:6593: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 7781 "configure"' > conftest.$ac_ext
+ echo '#line 7798 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9174: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9191: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9178: \$? = $ac_status" >&5
+ echo "$as_me:9195: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9513: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9530: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9517: \$? = $ac_status" >&5
+ echo "$as_me:9534: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9618: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9635: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9622: \$? = $ac_status" >&5
+ echo "$as_me:9639: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9673: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9690: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9677: \$? = $ac_status" >&5
+ echo "$as_me:9694: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12040 "configure"
+#line 12057 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12136 "configure"
+#line 12153 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
+
esac
])
+AC_ARG_ENABLE(admin-flag,
+[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
+[ case "$enableval" in
+ yes) AC_DEFINE(USE_ADMIN_FLAG)
+ ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
+ ;;
+ esac
+])
+
AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
[case $with_selinux in
yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
+AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
static void set_runaspw __P((char *));
static void show_version __P((void));
static struct passwd *get_authpw __P((void));
+static void create_admin_success_flag __P((void));
extern int sudo_edit __P((int, char **, char **));
int run_command __P((const char *path, char *argv[], char *envp[], uid_t uid, int dowait)); /* XXX should be in sudo.h */
}
if (ISSET(validated, VALIDATE_OK)) {
+ /* Create Ubuntu-style dot file to indicate sudo was successful. */
+ create_admin_success_flag();
+
/* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) {
audit_failure(NewArgv, "command in current directory");
}
exit(0);
}
+
+#ifdef USE_ADMIN_FLAG
+static void
+create_admin_success_flag()
+{
+ struct stat statbuf;
+ char flagfile[PATH_MAX];
+ int fd, n;
+
+ /* Check whether the user is in the admin group. */
+ if (!user_in_group(sudo_user.pw, "admin"))
+ return;
+
+ /* Build path to flag file. */
+ n = snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful",
+ user_dir);
+ if (n <= 0 || n >= sizeof(flagfile))
+ return;
+
+ /* Create admin flag file if it doesn't already exist. */
+ set_perms(PERM_USER);
+ if (stat(flagfile, &statbuf) == 0) {
+ set_perms(PERM_ROOT);
+ return;
+ }
+
+ fd = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644);
+ close(fd);
+ set_perms(PERM_ROOT);
+}
+#else /* !USE_ADMIN_FLAG */
+static void
+create_admin_success_flag()
+{
+ /* STUB */
+}
+#endif /* USE_ADMIN_FLAG */
projects / sudo / commitdiff