From: Todd C. Miller Date: Thu, 22 Jul 1999 13:11:16 +0000 (+0000) Subject: regen X-Git-Tag: SUDO_1_6_0~196 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4c7239fd97f5ed0f2fb71337b405382b10b7a676;p=sudo regen --- diff --git a/configure b/configure index 4db06a9f5..ed54be27a 100755 --- a/configure +++ b/configure @@ -21,6 +21,8 @@ ac_help="$ac_help --with-libraries additional libraries to link with" ac_help="$ac_help --with-csops add CSOps standard options" +ac_help="$ac_help + --without-passwd no passwd/shadow file authentication" ac_help="$ac_help --with-skey enable S/Key support " ac_help="$ac_help @@ -32,7 +34,7 @@ ac_help="$ac_help ac_help="$ac_help --with-SecurID enable SecurID support" ac_help="$ac_help - --with-AuthSRV enable FWTK AuthSRV support" + --with-fwtk enable FWTK AuthSRV support" ac_help="$ac_help --with-kerb4 enable kerberos v4 support" ac_help="$ac_help @@ -122,8 +124,6 @@ ac_help="$ac_help --disable-shadow Never use shadow passwords" ac_help="$ac_help --disable-root-sudo don't allow root to run sudo" -ac_help="$ac_help - --disable-tgetpass Use the system getpass() instead of sudo's version" ac_help="$ac_help --enable-log-host Log the hostname in the log file" ac_help="$ac_help @@ -654,9 +654,8 @@ VISUDO_LIBS="" AFS_LIBS="" CPPFLAGS="" OSDEFS="" -DCE_OBJS="" +AUTH_OBJS="passwd.o" LIBOBJS="" -TGETPASS="tgetpass.o" MANTYPE="man" MAN_POSTINSTALL="" SUDOERS_MODE=0440 @@ -773,17 +772,43 @@ esac fi +# Check whether --with-passwd or --without-passwd was given. +if test "${with_passwd+set}" = set; then + withval="$with_passwd" + case $with_passwd in + yes) ;; + no) cat >> confdefs.h <<\EOF +#define WITHOUT_PASSWD 1 +EOF + + echo $ac_n "checking whether to check shadow/passwd file""... $ac_c" 1>&6 +echo "configure:786: checking whether to check shadow/passwd file" >&5 + echo "$ac_t""no" 1>&6 + AUTH_OBJS="" + ;; + *) echo "Sorry, --with-passwd does not take an argument." + exit 1 + ;; +esac +fi + + # Check whether --with-skey or --without-skey was given. if test "${with_skey+set}" = set; then withval="$with_skey" case $with_skey in - yes) cat >> confdefs.h <<\EOF + yes) if test -n "$with_opie"; then + echo "configure: warning: cannot use both S/Key and OPIE" 1>&2 + exit 1 + fi + cat >> confdefs.h <<\EOF #define HAVE_SKEY 1 EOF echo $ac_n "checking whether to try S/Key authentication""... $ac_c" 1>&6 -echo "configure:786: checking whether to try S/Key authentication" >&5 +echo "configure:810: checking whether to try S/Key authentication" >&5 echo "$ac_t""yes" 1>&6 + AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; no) ;; *) echo "Ignoring unknown argument to --with-skey: $with_skey" @@ -796,13 +821,18 @@ fi if test "${with_opie+set}" = set; then withval="$with_opie" case $with_opie in - yes) cat >> confdefs.h <<\EOF + yes) if test -n "$with_skey"; then + echo "configure: warning: cannot use both S/Key and OPIE" 1>&2 + exit 1 + fi + cat >> confdefs.h <<\EOF #define HAVE_OPIE 1 EOF echo $ac_n "checking whether to try NRL OPIE authentication""... $ac_c" 1>&6 -echo "configure:805: checking whether to try NRL OPIE authentication" >&5 +echo "configure:834: checking whether to try NRL OPIE authentication" >&5 echo "$ac_t""yes" 1>&6 + AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; no) ;; *) echo "Ignoring unknown argument to --with-opie: $with_opie" @@ -820,7 +850,7 @@ if test "${with_otp_only+set}" = set; then EOF echo $ac_n "checking whether to use OTP as the sole authentication method""... $ac_c" 1>&6 -echo "configure:824: checking whether to use OTP as the sole authentication method" >&5 +echo "configure:854: checking whether to use OTP as the sole authentication method" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -840,7 +870,7 @@ if test "${with_long_otp_prompt+set}" = set; then EOF echo $ac_n "checking whether to use a two line prompt for OTP authentication""... $ac_c" 1>&6 -echo "configure:844: checking whether to use a two line prompt for OTP authentication" >&5 +echo "configure:874: checking whether to use a two line prompt for OTP authentication" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -861,35 +891,39 @@ if test "${with_SecurID+set}" = set; then EOF echo $ac_n "checking whether to use SecurID for authentication""... $ac_c" 1>&6 -echo "configure:865: checking whether to use SecurID for authentication" >&5 +echo "configure:895: checking whether to use SecurID for authentication" >&5 echo "$ac_t""yes" 1>&6 + AUTH_OBJS="securid.o" ;; esac fi -# Check whether --with-AuthSRV or --without-AuthSRV was given. -if test "${with_AuthSRV+set}" = set; then - withval="$with_AuthSRV" - case $with_AuthSRV in +# Check whether --with-fwtk or --without-fwtk was given. +if test "${with_fwtk+set}" = set; then + withval="$with_fwtk" + case $with_fwtk in yes) cat >> confdefs.h <<\EOF -#define HAVE_AUTHSRV 1 +#define HAVE_FWTK 1 EOF echo $ac_n "checking whether to use FWTK AuthSRV for authentication""... $ac_c" 1>&6 -echo "configure:881: checking whether to use FWTK AuthSRV for authentication" >&5 +echo "configure:912: checking whether to use FWTK AuthSRV for authentication" >&5 echo "$ac_t""yes" 1>&6 + AUTH_OBJS="fwtk.o" ;; no) ;; *) cat >> confdefs.h <<\EOF -#define HAVE_AUTHSRV 1 +#define HAVE_FWTK 1 EOF echo $ac_n "checking whether to use FWTK AuthSRV for authentication""... $ac_c" 1>&6 -echo "configure:890: checking whether to use FWTK AuthSRV for authentication" >&5 +echo "configure:922: checking whether to use FWTK AuthSRV for authentication" >&5 echo "$ac_t""yes" 1>&6 - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with-AuthSRV}" - CPPFLAGS="${CPPFLAGS} -I${with-AuthSRV}" + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" + CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" + AUTH_OBJS="fwtk.o" + with_fwtk=yes ;; esac fi @@ -900,7 +934,7 @@ if test "${with_kerb4+set}" = set; then withval="$with_kerb4" case $with_kerb4 in yes) echo $ac_n "checking whether to try Kerberos 4 authentication""... $ac_c" 1>&6 -echo "configure:904: checking whether to try Kerberos 4 authentication" >&5 +echo "configure:938: checking whether to try Kerberos 4 authentication" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -916,7 +950,7 @@ if test "${with_kerb5+set}" = set; then withval="$with_kerb5" case $with_kerb5 in yes) echo $ac_n "checking whether to try Kerberos 5 authentication""... $ac_c" 1>&6 -echo "configure:920: checking whether to try Kerberos 5 authentication" >&5 +echo "configure:954: checking whether to try Kerberos 5 authentication" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -936,8 +970,9 @@ if test "${with_authenticate+set}" = set; then EOF echo $ac_n "checking whether to use AIX general authentication""... $ac_c" 1>&6 -echo "configure:940: checking whether to use AIX general authentication" >&5 +echo "configure:974: checking whether to use AIX general authentication" >&5 echo "$ac_t""yes" 1>&6 + AUTH_OBJS="authenticate.o" ;; no) ;; *) echo "Sorry, --with-authenticate does not take an argument." @@ -956,8 +991,9 @@ if test "${with_pam+set}" = set; then EOF echo $ac_n "checking whether to use PAM authentication""... $ac_c" 1>&6 -echo "configure:960: checking whether to use PAM authentication" >&5 +echo "configure:995: checking whether to use PAM authentication" >&5 echo "$ac_t""yes" 1>&6 + AUTH_OBJS="pam.o" ;; no) ;; *) echo "Sorry, --with-pam does not take an argument." @@ -976,8 +1012,9 @@ if test "${with_AFS+set}" = set; then EOF echo $ac_n "checking whether to try AFS (kerberos) authentication""... $ac_c" 1>&6 -echo "configure:980: checking whether to try AFS (kerberos) authentication" >&5 +echo "configure:1016: checking whether to try AFS (kerberos) authentication" >&5 echo "$ac_t""yes" 1>&6 + AUTH_OBJS="${AUTH_OBJS} afs.o" ;; no) ;; *) echo "Sorry, --with-AFS does not take an argument." @@ -996,8 +1033,9 @@ if test "${with_DCE+set}" = set; then EOF echo $ac_n "checking whether to try DCE (kerberos) authentication""... $ac_c" 1>&6 -echo "configure:1000: checking whether to try DCE (kerberos) authentication" >&5 +echo "configure:1037: checking whether to try DCE (kerberos) authentication" >&5 echo "$ac_t""yes" 1>&6 + AUTH_OBJS="${AUTH_OBJS} dce.o" ;; no) ;; *) echo "Sorry, --with-DCE does not take an argument." @@ -1008,7 +1046,7 @@ fi echo $ac_n "checking which message/lecture type sudo should use""... $ac_c" 1>&6 -echo "configure:1012: checking which message/lecture type sudo should use" >&5 +echo "configure:1050: checking which message/lecture type sudo should use" >&5 # Check whether --with-message or --without-message was given. if test "${with_message+set}" = set; then withval="$with_message" @@ -1041,7 +1079,7 @@ fi echo $ac_n "checking whether sudo should log via syslog or to a file""... $ac_c" 1>&6 -echo "configure:1045: checking whether sudo should log via syslog or to a file" >&5 +echo "configure:1083: checking whether sudo should log via syslog or to a file" >&5 # Check whether --with-logging or --without-logging was given. if test "${with_logging+set}" = set; then withval="$with_logging" @@ -1083,7 +1121,7 @@ fi echo $ac_n "checking which syslog facility sudo should log with""... $ac_c" 1>&6 -echo "configure:1087: checking which syslog facility sudo should log with" >&5 +echo "configure:1125: checking which syslog facility sudo should log with" >&5 # Check whether --with-logfac or --without-logfac was given. if test "${with_logfac+set}" = set; then withval="$with_logfac" @@ -1124,7 +1162,7 @@ fi echo $ac_n "checking how long a line in the log file should be""... $ac_c" 1>&6 -echo "configure:1128: checking how long a line in the log file should be" >&5 +echo "configure:1166: checking how long a line in the log file should be" >&5 # Check whether --with-loglen or --without-loglen was given. if test "${with_loglen+set}" = set; then withval="$with_loglen" @@ -1154,7 +1192,7 @@ fi echo $ac_n "checking whether sudo should ignore '.' or '' in \$PATH""... $ac_c" 1>&6 -echo "configure:1158: checking whether sudo should ignore '.' or '' in \$PATH" >&5 +echo "configure:1196: checking whether sudo should ignore '.' or '' in \$PATH" >&5 # Check whether --with-ignore-dot or --without-ignore-dot was given. if test "${with_ignore_dot+set}" = set; then withval="$with_ignore_dot" @@ -1177,7 +1215,7 @@ fi echo $ac_n "checking who should get the mail that sudo sends""... $ac_c" 1>&6 -echo "configure:1181: checking who should get the mail that sudo sends" >&5 +echo "configure:1219: checking who should get the mail that sudo sends" >&5 # Check whether --with-alertmail or --without-alertmail was given. if test "${with_alertmail+set}" = set; then withval="$with_alertmail" @@ -1216,7 +1254,7 @@ if test "${with_mailsubject+set}" = set; then EOF echo $ac_n "checking sudo mail subject""... $ac_c" 1>&6 -echo "configure:1220: checking sudo mail subject" >&5 +echo "configure:1258: checking sudo mail subject" >&5 echo "$ac_t""Using alert mail subject: $with_mailsubject" 1>&6 ;; esac @@ -1229,7 +1267,7 @@ fi echo $ac_n "checking whether to send mail when a user is not in sudoers""... $ac_c" 1>&6 -echo "configure:1233: checking whether to send mail when a user is not in sudoers" >&5 +echo "configure:1271: checking whether to send mail when a user is not in sudoers" >&5 # Check whether --with-mail-if-no-user or --without-mail-if-no-user was given. if test "${with_mail_if_no_user+set}" = set; then withval="$with_mail_if_no_user" @@ -1255,7 +1293,7 @@ fi echo $ac_n "checking whether to send mail when a user tries a disallowed command""... $ac_c" 1>&6 -echo "configure:1259: checking whether to send mail when a user tries a disallowed command" >&5 +echo "configure:1297: checking whether to send mail when a user tries a disallowed command" >&5 # Check whether --with-mail-if-noperms or --without-mail-if-noperms was given. if test "${with_mail_if_noperms+set}" = set; then withval="$with_mail_if_noperms" @@ -1278,7 +1316,7 @@ fi echo $ac_n "checking for bad password prompt""... $ac_c" 1>&6 -echo "configure:1282: checking for bad password prompt" >&5 +echo "configure:1320: checking for bad password prompt" >&5 # Check whether --with-passprompt or --without-passprompt was given. if test "${with_passprompt+set}" = set; then withval="$with_passprompt" @@ -1304,7 +1342,7 @@ fi echo $ac_n "checking for bad password message""... $ac_c" 1>&6 -echo "configure:1308: checking for bad password message" >&5 +echo "configure:1346: checking for bad password message" >&5 # Check whether --with-badpass-message or --without-badpass-message was given. if test "${with_badpass_message+set}" = set; then withval="$with_badpass_message" @@ -1330,7 +1368,7 @@ fi echo $ac_n "checking whether to expect fully qualified hosts in sudoers""... $ac_c" 1>&6 -echo "configure:1334: checking whether to expect fully qualified hosts in sudoers" >&5 +echo "configure:1372: checking whether to expect fully qualified hosts in sudoers" >&5 # Check whether --with-fqdn or --without-fqdn was given. if test "${with_fqdn+set}" = set; then withval="$with_fqdn" @@ -1440,7 +1478,7 @@ fi echo $ac_n "checking for umask programs should be run with""... $ac_c" 1>&6 -echo "configure:1444: checking for umask programs should be run with" >&5 +echo "configure:1482: checking for umask programs should be run with" >&5 # Check whether --with-umask or --without-umask was given. if test "${with_umask+set}" = set; then withval="$with_umask" @@ -1469,7 +1507,7 @@ fi echo $ac_n "checking for default user to run commands as""... $ac_c" 1>&6 -echo "configure:1473: checking for default user to run commands as" >&5 +echo "configure:1511: checking for default user to run commands as" >&5 # Check whether --with-runas-default or --without-runas-default was given. if test "${with_runas_default+set}" = set; then withval="$with_runas_default" @@ -1510,7 +1548,7 @@ if test "${with_exempt+set}" = set; then EOF echo $ac_n "checking for group to be exempt from password""... $ac_c" 1>&6 -echo "configure:1514: checking for group to be exempt from password" >&5 +echo "configure:1552: checking for group to be exempt from password" >&5 echo "$ac_t""$with_exempt" 1>&6 ;; esac @@ -1518,7 +1556,7 @@ fi echo $ac_n "checking for editor that visudo should use""... $ac_c" 1>&6 -echo "configure:1522: checking for editor that visudo should use" >&5 +echo "configure:1560: checking for editor that visudo should use" >&5 # Check whether --with-editor or --without-editor was given. if test "${with_editor+set}" = set; then withval="$with_editor" @@ -1545,7 +1583,7 @@ fi echo $ac_n "checking whether to obey EDITOR and VISUAL environment variables""... $ac_c" 1>&6 -echo "configure:1549: checking whether to obey EDITOR and VISUAL environment variables" >&5 +echo "configure:1587: checking whether to obey EDITOR and VISUAL environment variables" >&5 # Check whether --with-env-editor or --without-env-editor was given. if test "${with_env_editor+set}" = set; then withval="$with_env_editor" @@ -1568,7 +1606,7 @@ fi echo $ac_n "checking number of tries a user gets to enter their password""... $ac_c" 1>&6 -echo "configure:1572: checking number of tries a user gets to enter their password" >&5 +echo "configure:1610: checking number of tries a user gets to enter their password" >&5 # Check whether --with-passwd-tries or --without-passwd-tries was given. if test "${with_passwd_tries+set}" = set; then withval="$with_passwd_tries" @@ -1601,7 +1639,7 @@ fi echo $ac_n "checking time in minutes after which sudo will ask for a password again""... $ac_c" 1>&6 -echo "configure:1605: checking time in minutes after which sudo will ask for a password again" >&5 +echo "configure:1643: checking time in minutes after which sudo will ask for a password again" >&5 # Check whether --with-timeout or --without-timeout was given. if test "${with_timeout+set}" = set; then withval="$with_timeout" @@ -1637,7 +1675,7 @@ fi echo $ac_n "checking time in minutes after the password prompt will time out""... $ac_c" 1>&6 -echo "configure:1641: checking time in minutes after the password prompt will time out" >&5 +echo "configure:1679: checking time in minutes after the password prompt will time out" >&5 # Check whether --with-password-timeout or --without-password-timeout was given. if test "${with_password_timeout+set}" = set; then withval="$with_password_timeout" @@ -1673,7 +1711,7 @@ fi echo $ac_n "checking whether to use execvp or execv""... $ac_c" 1>&6 -echo "configure:1677: checking whether to use execvp or execv" >&5 +echo "configure:1715: checking whether to use execvp or execv" >&5 # Check whether --with-execv or --without-execv was given. if test "${with_execv+set}" = set; then withval="$with_execv" @@ -1696,7 +1734,7 @@ fi echo $ac_n "checking whether to use per-tty ticket files""... $ac_c" 1>&6 -echo "configure:1700: checking whether to use per-tty ticket files" >&5 +echo "configure:1738: checking whether to use per-tty ticket files" >&5 # Check whether --with-tty-tickets or --without-tty-tickets was given. if test "${with_tty_tickets+set}" = set; then withval="$with_tty_tickets" @@ -1719,7 +1757,7 @@ fi echo $ac_n "checking whether to include insults""... $ac_c" 1>&6 -echo "configure:1723: checking whether to include insults" >&5 +echo "configure:1761: checking whether to include insults" >&5 # Check whether --with-insults or --without-insults was given. if test "${with_insults+set}" = set; then withval="$with_insults" @@ -1830,7 +1868,7 @@ fi if test "$with_insults" = "yes"; then echo $ac_n "checking which insult sets to include""... $ac_c" 1>&6 -echo "configure:1834: checking which insult sets to include" >&5 +echo "configure:1872: checking which insult sets to include" >&5 i="" test "$with_goons_insults" = "yes" && i="goons ${i}" test "$with_hal_insults" = "yes" && i="hal ${i}" @@ -1840,7 +1878,7 @@ echo "configure:1834: checking which insult sets to include" >&5 fi echo $ac_n "checking whether to override the user's path""... $ac_c" 1>&6 -echo "configure:1844: checking whether to override the user's path" >&5 +echo "configure:1882: checking whether to override the user's path" >&5 # Check whether --with-secure-path or --without-secure-path was given. if test "${with_secure_path+set}" = set; then withval="$with_secure_path" @@ -1866,7 +1904,7 @@ fi echo $ac_n "checking whether to get ip addresses from the network interfaces""... $ac_c" 1>&6 -echo "configure:1870: checking whether to get ip addresses from the network interfaces" >&5 +echo "configure:1908: checking whether to get ip addresses from the network interfaces" >&5 # Check whether --with-interfaces or --without-interfaces was given. if test "${with_interfaces+set}" = set; then withval="$with_interfaces" @@ -1890,7 +1928,7 @@ fi echo $ac_n "checking whether to disable shadow password support""... $ac_c" 1>&6 -echo "configure:1894: checking whether to disable shadow password support" >&5 +echo "configure:1932: checking whether to disable shadow password support" >&5 # Check whether --enable-shadow or --disable-shadow was given. if test "${enable_shadow+set}" = set; then enableval="$enable_shadow" @@ -1911,7 +1949,7 @@ fi echo $ac_n "checking whether root should be allowed to use sudo""... $ac_c" 1>&6 -echo "configure:1915: checking whether root should be allowed to use sudo" >&5 +echo "configure:1953: checking whether root should be allowed to use sudo" >&5 # Check whether --enable-root-sudo or --disable-root-sudo was given. if test "${enable_root_sudo+set}" = set; then enableval="$enable_root_sudo" @@ -1934,33 +1972,8 @@ else fi -echo $ac_n "checking whether to use the system getpass function""... $ac_c" 1>&6 -echo "configure:1939: checking whether to use the system getpass function" >&5 -# Check whether --enable-tgetpass or --disable-tgetpass was given. -if test "${enable_tgetpass+set}" = set; then - enableval="$enable_tgetpass" - case "$enableval" in - yes) echo "$ac_t""no" 1>&6 - ;; - no) echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define USE_GETPASS 1 -EOF - - TGETPASS="" - ;; - *) echo "$ac_t""no" 1>&6 - echo "Ignoring unknown argument to --enable-tgetpass: $enableval" - ;; - esac - -else - echo "$ac_t""no" 1>&6 -fi - - echo $ac_n "checking whether to log the hostname in the log file""... $ac_c" 1>&6 -echo "configure:1964: checking whether to log the hostname in the log file" >&5 +echo "configure:1977: checking whether to log the hostname in the log file" >&5 # Check whether --enable-log-host or --disable-log-host was given. if test "${enable_log_host+set}" = set; then enableval="$enable_log_host" @@ -1984,7 +1997,7 @@ fi echo $ac_n "checking whether to wrap long lines in the log file""... $ac_c" 1>&6 -echo "configure:1988: checking whether to wrap long lines in the log file" >&5 +echo "configure:2001: checking whether to wrap long lines in the log file" >&5 # Check whether --enable-log-wrap or --disable-log-wrap was given. if test "${enable_log_wrap+set}" = set; then enableval="$enable_log_wrap" @@ -2017,7 +2030,7 @@ fi echo $ac_n "checking whether to invoke a shell if sudo is given no arguments""... $ac_c" 1>&6 -echo "configure:2021: checking whether to invoke a shell if sudo is given no arguments" >&5 +echo "configure:2034: checking whether to invoke a shell if sudo is given no arguments" >&5 # Check whether --enable-noargs-shell or --disable-noargs-shell was given. if test "${enable_noargs_shell+set}" = set; then enableval="$enable_noargs_shell" @@ -2041,7 +2054,7 @@ fi echo $ac_n "checking whether to set \$HOME to target user in shell mode""... $ac_c" 1>&6 -echo "configure:2045: checking whether to set \$HOME to target user in shell mode" >&5 +echo "configure:2058: checking whether to set \$HOME to target user in shell mode" >&5 # Check whether --enable-shell-sets-home or --disable-shell-sets-home was given. if test "${enable_shell_sets_home+set}" = set; then enableval="$enable_shell_sets_home" @@ -2065,7 +2078,7 @@ fi echo $ac_n "checking whether to disable 'command not found' messages""... $ac_c" 1>&6 -echo "configure:2069: checking whether to disable 'command not found' messages" >&5 +echo "configure:2082: checking whether to disable 'command not found' messages" >&5 # Check whether --enable-path_info or --disable-path_info was given. if test "${enable_path_info+set}" = set; then enableval="$enable_path_info" @@ -2091,7 +2104,7 @@ fi # Extract the first word of "egrep", so it can be a program name with args. set dummy egrep; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2095: checking for $ac_word" >&5 +echo "configure:2108: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_EGREPPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2126,7 +2139,7 @@ cross_compiling="no" # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2130: checking for $ac_word" >&5 +echo "configure:2143: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2155,7 +2168,7 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2159: checking for $ac_word" >&5 +echo "configure:2172: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2203,7 +2216,7 @@ fi fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:2207: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:2220: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -2213,11 +2226,11 @@ ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2234: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -2237,12 +2250,12 @@ if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:2241: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:2254: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:2246: checking whether we are using GNU C" >&5 +echo "configure:2259: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2251,7 +2264,7 @@ else yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:2255: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:2268: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -2266,7 +2279,7 @@ if test $ac_cv_prog_gcc = yes; then ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:2270: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:2283: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2296,7 +2309,7 @@ fi ac_cv_prog_cc_cross="no" cross_compiling="no" echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:2300: checking how to run the C preprocessor" >&5 +echo "configure:2313: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -2311,13 +2324,13 @@ else # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2321: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2334: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : @@ -2328,13 +2341,13 @@ else rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2338: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2351: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : @@ -2357,7 +2370,7 @@ fi echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 -echo "configure:2361: checking for POSIXized ISC" >&5 +echo "configure:2374: checking for POSIXized ISC" >&5 if test -d /etc/conf/kconfig.d && grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 then @@ -2381,7 +2394,7 @@ fi # Extract the first word of "uname", so it can be a program name with args. set dummy uname; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2385: checking for $ac_word" >&5 +echo "configure:2398: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_UNAMEPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2409,7 +2422,7 @@ fi # Extract the first word of "tr", so it can be a program name with args. set dummy tr; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2413: checking for $ac_word" >&5 +echo "configure:2426: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_TRPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2437,7 +2450,7 @@ fi # Extract the first word of "sed", so it can be a program name with args. set dummy sed; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2441: checking for $ac_word" >&5 +echo "configure:2454: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_SEDPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2465,7 +2478,7 @@ fi # Extract the first word of "nroff", so it can be a program name with args. set dummy nroff; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2469: checking for $ac_word" >&5 +echo "configure:2482: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_NROFFPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2520,7 +2533,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:2524: checking host system type" >&5 +echo "configure:2537: checking host system type" >&5 host_alias=$host case "$host_alias" in @@ -2549,7 +2562,7 @@ if test -n "$sudo_cv_prev_host"; then exit 1 else echo $ac_n "checking previous host type""... $ac_c" 1>&6 -echo "configure:2553: checking previous host type" >&5 +echo "configure:2566: checking previous host type" >&5 if eval "test \"`echo '$''{'sudo_cv_prev_host'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2584,12 +2597,12 @@ case "$host" in # check for password adjunct functions (shadow passwords) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getpwanam""... $ac_c" 1>&6 -echo "configure:2588: checking for getpwanam" >&5 +echo "configure:2601: checking for getpwanam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getpwanam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2629: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getpwanam=yes" else @@ -2632,12 +2645,12 @@ EOF for ac_func in issecure do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2636: checking for $ac_func" >&5 +echo "configure:2649: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2677: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2709,7 +2722,7 @@ EOF *-*-hiuxmpp*) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:2713: checking for getprpwnam in -lsec" >&5 +echo "configure:2726: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -2721,7 +2734,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2754,7 +2767,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:2758: checking for getprpwnam in -lsecurity" >&5 +echo "configure:2771: checking for getprpwnam in -lsecurity" >&5 if test -n ""; then ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -2766,7 +2779,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2794: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2812,7 +2825,7 @@ fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:2816: checking for getprpwnam in -lsec" >&5 +echo "configure:2829: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -2824,7 +2837,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2852: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2854,7 +2867,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then #define HAVE_GETPRPWNAM 1 EOF echo $ac_n "checking for iscomsec in -lsec""... $ac_c" 1>&6 -echo "configure:2858: checking for iscomsec in -lsec" >&5 +echo "configure:2871: checking for iscomsec in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'iscomsec | sed 'y% ./+-%___p_%'` else @@ -2866,7 +2879,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2894: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2943,12 +2956,12 @@ EOF for ac_func in getspwuid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2947: checking for $ac_func" >&5 +echo "configure:2960: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2988: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3048,7 +3061,7 @@ EOF SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement" echo $ac_n "checking whether to disable sia support on Digital UNIX""... $ac_c" 1>&6 -echo "configure:3052: checking whether to disable sia support on Digital UNIX" >&5 +echo "configure:3065: checking whether to disable sia support on Digital UNIX" >&5 # Check whether --enable-sia or --disable-sia was given. if test "${enable_sia+set}" = set; then enableval="$enable_sia" @@ -3072,12 +3085,12 @@ fi # unless overridden on the command line if test "$CHECKSIA" = "true"; then echo $ac_n "checking for sia_ses_init""... $ac_c" 1>&6 -echo "configure:3076: checking for sia_ses_init" >&5 +echo "configure:3089: checking for sia_ses_init" >&5 if eval "test \"`echo '$''{'ac_cv_func_sia_ses_init'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3117: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_sia_ses_init=yes" else @@ -3118,7 +3131,7 @@ if eval "test \"`echo '$ac_cv_func_'sia_ses_init`\" = yes"; then #define HAVE_SIA 1 EOF - if test -n "$with_skey" -o -n "$with_opie" -o -n "$with_otp_only" -o -n "$with_long_otp_prompt" -o -n "$with_SecurID" -o -n "$with_AuthSRV" -o -n "$with_kerb4" -o -n "$with_kerb5" -o -n "$with_pam" -o -n "$with_AFS" -o -n "$with_DCE"; then + if test -n "$with_skey" -o -n "$with_opie" -o -n "$with_otp_only" -o -n "$with_long_otp_prompt" -o -n "$with_SecurID" -o -n "$with_fwtk" -o -n "$with_kerb4" -o -n "$with_kerb5" -o -n "$with_pam" -o -n "$with_AFS" -o -n "$with_DCE"; then echo "Sorry, you cannot mix SIA and other authentication schemes. You can turn off SIA support via the --disable-sia option" exit 1 fi; CHECKSHADOW=false @@ -3129,7 +3142,7 @@ fi fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:3133: checking for getprpwnam in -lsecurity" >&5 +echo "configure:3146: checking for getprpwnam in -lsecurity" >&5 if test -n ""; then ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3141,7 +3154,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3169: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3176,9 +3189,14 @@ fi fi if test -n "$SECUREWARE"; then + AUTH_OBJS="${AUTH_OBJS} secureware.o" + cat >> confdefs.h <<\EOF +#define HAVE_GETPRPWNAM 1 +EOF + # 4.x and higher need -ldb too... echo $ac_n "checking for dbopen in -ldb""... $ac_c" 1>&6 -echo "configure:3182: checking for dbopen in -ldb" >&5 +echo "configure:3200: checking for dbopen in -ldb" >&5 if test -n ""; then ac_lib_var=`echo db'_'dbopen | sed 'y% ./+-%___p_%'` else @@ -3190,7 +3208,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldb $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3223: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3225,12 +3243,12 @@ fi for ac_func in dispcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3229: checking for $ac_func" >&5 +echo "configure:3247: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3275: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3278,9 +3296,9 @@ fi done echo $ac_n "checking for broken /usr/include/prot.h""... $ac_c" 1>&6 -echo "configure:3282: checking for broken /usr/include/prot.h" >&5 +echo "configure:3300: checking for broken /usr/include/prot.h" >&5 cat > conftest.$ac_ext < @@ -3291,7 +3309,7 @@ int main() { exit(0); ; return 0; } EOF -if { (eval echo configure:3295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3313: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* echo "$ac_t""no" 1>&6 else @@ -3303,6 +3321,8 @@ else fi rm -f conftest* + else + AUTH_OBJS="sia.o" fi ;; *-*-irix*) @@ -3334,7 +3354,7 @@ EOF # IRIX <= 4 needs -lsun if test "$OSREV" -le 4; then echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6 -echo "configure:3338: checking for getpwnam in -lsun" >&5 +echo "configure:3358: checking for getpwnam in -lsun" >&5 if test -n ""; then ac_lib_var=`echo sun'_'getpwnam | sed 'y% ./+-%___p_%'` else @@ -3346,7 +3366,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsun $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3381: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3383,12 +3403,12 @@ fi # Some Linux versions need to link with -lshadow if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:3387: checking for getspnam" >&5 +echo "configure:3407: checking for getspnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3435: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getspnam=yes" else @@ -3432,7 +3452,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6 -echo "configure:3436: checking for getspnam in -lshadow" >&5 +echo "configure:3456: checking for getspnam in -lshadow" >&5 if test -n ""; then ac_lib_var=`echo shadow'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3444,7 +3464,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lshadow $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3479: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3494,7 +3514,7 @@ EOF if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:3498: checking for getprpwnam in -lsec" >&5 +echo "configure:3518: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3506,7 +3526,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3547,7 +3567,7 @@ fi OS="ultrix" if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getauthuid in -lauth""... $ac_c" 1>&6 -echo "configure:3551: checking for getauthuid in -lauth" >&5 +echo "configure:3571: checking for getauthuid in -lauth" >&5 if test -n ""; then ac_lib_var=`echo auth'_'getauthuid | sed 'y% ./+-%___p_%'` else @@ -3559,7 +3579,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lauth $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3594: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3610,7 +3630,7 @@ fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3614: checking for getspnam in -lsec" >&5 +echo "configure:3634: checking for getspnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3622,7 +3642,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3657: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3662,7 +3682,7 @@ fi *-*-sco*) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lprot""... $ac_c" 1>&6 -echo "configure:3666: checking for getprpwnam in -lprot" >&5 +echo "configure:3686: checking for getprpwnam in -lprot" >&5 if test -n ""; then ac_lib_var=`echo prot'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3674,7 +3694,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lprot $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3714,7 +3734,7 @@ fi *-sequent-sysv*) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3718: checking for getspnam in -lsec" >&5 +echo "configure:3738: checking for getspnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3726,7 +3746,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3761: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3785,12 +3805,12 @@ esac if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:3789: checking for getspnam" >&5 +echo "configure:3809: checking for getspnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3837: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getspnam=yes" else @@ -3838,12 +3858,12 @@ fi fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam""... $ac_c" 1>&6 -echo "configure:3842: checking for getprpwnam" >&5 +echo "configure:3862: checking for getprpwnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getprpwnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3890: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getprpwnam=yes" else @@ -3887,7 +3907,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:3891: checking for getprpwnam in -lsec" >&5 +echo "configure:3911: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3899,7 +3919,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3934: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3932,7 +3952,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:3936: checking for getprpwnam in -lsecurity" >&5 +echo "configure:3956: checking for getprpwnam in -lsecurity" >&5 if test -n ""; then ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3944,7 +3964,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3977,7 +3997,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lprot""... $ac_c" 1>&6 -echo "configure:3981: checking for getprpwnam in -lprot" >&5 +echo "configure:4001: checking for getprpwnam in -lprot" >&5 if test -n ""; then ac_lib_var=`echo prot'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3989,7 +4009,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lprot $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4024: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4033,13 +4053,13 @@ fi if test $ac_cv_prog_gcc = yes; then echo $ac_n "checking whether ${CC-cc} needs -traditional""... $ac_c" 1>&6 -echo "configure:4037: checking whether ${CC-cc} needs -traditional" >&5 +echo "configure:4057: checking whether ${CC-cc} needs -traditional" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc_traditional'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_pattern="Autoconf.*'x'" cat > conftest.$ac_ext < Autoconf TIOCGETP @@ -4057,7 +4077,7 @@ rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then cat > conftest.$ac_ext < Autoconf TCGETA @@ -4079,12 +4099,12 @@ echo "$ac_t""$ac_cv_prog_gcc_traditional" 1>&6 fi echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:4083: checking for working const" >&5 +echo "configure:4103: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4157: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -4158,7 +4178,7 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4162: checking for $ac_word" >&5 +echo "configure:4182: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4189,7 +4209,7 @@ test -n "$YACC" || YACC="yacc" if test -z "$with_sendmail"; then echo $ac_n "checking for sendmail""... $ac_c" 1>&6 -echo "configure:4193: checking for sendmail" >&5 +echo "configure:4213: checking for sendmail" >&5 if test -f "/usr/sbin/sendmail"; then echo "$ac_t""/usr/sbin/sendmail" 1>&6 cat >> confdefs.h <<\EOF @@ -4232,7 +4252,7 @@ fi fi echo $ac_n "checking for mv""... $ac_c" 1>&6 -echo "configure:4236: checking for mv" >&5 +echo "configure:4256: checking for mv" >&5 if test -f "/usr/bin/mv"; then echo "$ac_t""/usr/bin/mv" 1>&6 cat >> confdefs.h <<\EOF @@ -4262,7 +4282,7 @@ else fi echo $ac_n "checking for bourne shell""... $ac_c" 1>&6 -echo "configure:4266: checking for bourne shell" >&5 +echo "configure:4286: checking for bourne shell" >&5 if test -f "/bin/sh"; then echo "$ac_t""/bin/sh" 1>&6 cat >> confdefs.h <<\EOF @@ -4316,7 +4336,7 @@ else fi echo $ac_n "checking for vi""... $ac_c" 1>&6 -echo "configure:4320: checking for vi" >&5 +echo "configure:4340: checking for vi" >&5 if test -f "/usr/bin/vi"; then echo "$ac_t""/usr/bin/vi" 1>&6 cat >> confdefs.h <<\EOF @@ -4352,12 +4372,12 @@ else fi echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:4356: checking for ANSI C header files" >&5 +echo "configure:4376: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -4365,7 +4385,7 @@ else #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4369: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4389: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4382,7 +4402,7 @@ rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -4400,7 +4420,7 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -4421,7 +4441,7 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -4432,7 +4452,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } EOF -if { (eval echo configure:4436: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4456: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then : else @@ -4460,12 +4480,12 @@ for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:4464: checking for $ac_hdr that defines DIR" >&5 +echo "configure:4484: checking for $ac_hdr that defines DIR" >&5 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include <$ac_hdr> @@ -4473,7 +4493,7 @@ int main() { DIR *dirp = 0; ; return 0; } EOF -if { (eval echo configure:4477: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4497: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=yes" else @@ -4498,7 +4518,7 @@ done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:4502: checking for opendir in -ldir" >&5 +echo "configure:4522: checking for opendir in -ldir" >&5 if test -n ""; then ac_lib_var=`echo dir'_'opendir | sed 'y% ./+-%___p_%'` else @@ -4510,7 +4530,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldir $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4543,7 +4563,7 @@ fi else echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:4547: checking for opendir in -lx" >&5 +echo "configure:4567: checking for opendir in -lx" >&5 if test -n ""; then ac_lib_var=`echo x'_'opendir | sed 'y% ./+-%___p_%'` else @@ -4555,7 +4575,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lx $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4590: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4592,17 +4612,17 @@ for ac_hdr in string.h strings.h unistd.h malloc.h paths.h utime.h fnmatch.h net do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4596: checking for $ac_hdr" >&5 +echo "configure:4616: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4606: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4626: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4633,17 +4653,17 @@ if test "$OS" != "ultrix"; then do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4637: checking for $ac_hdr" >&5 +echo "configure:4657: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4647: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4667: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4673,17 +4693,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4677: checking for $ac_hdr" >&5 +echo "configure:4697: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4687: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4707: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4706,12 +4726,12 @@ EOF for ac_func in tcgetattr do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4710: checking for $ac_func" >&5 +echo "configure:4730: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4758: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4765,12 +4785,12 @@ done fi echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:4769: checking for mode_t" >&5 +echo "configure:4789: checking for mode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4798,12 +4818,12 @@ EOF fi echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:4802: checking for uid_t in sys/types.h" >&5 +echo "configure:4822: checking for uid_t in sys/types.h" >&5 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF @@ -4832,12 +4852,12 @@ EOF fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:4836: checking for size_t" >&5 +echo "configure:4856: checking for size_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4867,12 +4887,12 @@ EOF fi echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 -echo "configure:4871: checking for ssize_t" >&5 +echo "configure:4891: checking for ssize_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_ssize_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4902,12 +4922,12 @@ EOF fi echo $ac_n "checking for dev_t""... $ac_c" 1>&6 -echo "configure:4906: checking for dev_t" >&5 +echo "configure:4926: checking for dev_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_dev_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4937,12 +4957,12 @@ EOF fi echo $ac_n "checking for ino_t""... $ac_c" 1>&6 -echo "configure:4941: checking for ino_t" >&5 +echo "configure:4961: checking for ino_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_ino_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -4972,9 +4992,9 @@ EOF fi echo $ac_n "checking for full void implementation""... $ac_c" 1>&6 -echo "configure:4976: checking for full void implementation" >&5 +echo "configure:4996: checking for full void implementation" >&5 cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:5006: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define VOID void @@ -5002,7 +5022,7 @@ fi rm -f conftest* echo $ac_n "checking max length of uid_t""... $ac_c" 1>&6 -echo "configure:5006: checking max length of uid_t" >&5 +echo "configure:5026: checking max length of uid_t" >&5 if eval "test \"`echo '$''{'sudo_cv_uid_t_len'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5011,7 +5031,7 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < #include @@ -5032,7 +5052,7 @@ main() { exit(0); } EOF -if { (eval echo configure:5036: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5056: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_uid_t_len=`cat conftestdata` else @@ -5055,7 +5075,7 @@ EOF echo $ac_n "checking for sa_len field in struct sockaddr""... $ac_c" 1>&6 -echo "configure:5059: checking for sa_len field in struct sockaddr" >&5 +echo "configure:5079: checking for sa_len field in struct sockaddr" >&5 if eval "test \"`echo '$''{'sudo_cv_sock_sa_len'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5063,7 +5083,7 @@ else sudo_cv_sock_sa_len=no else cat > conftest.$ac_ext < #include @@ -5073,7 +5093,7 @@ s.sa_len = 0; exit(0); } EOF -if { (eval echo configure:5077: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5097: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_sock_sa_len=yes else @@ -5098,12 +5118,12 @@ fi case "$DEFS" in *"RETSIGTYPE"*) ;; *) echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:5102: checking return type of signal handlers" >&5 +echo "configure:5122: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -5120,7 +5140,7 @@ int main() { int i; ; return 0; } EOF -if { (eval echo configure:5124: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:5144: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else @@ -5142,12 +5162,12 @@ esac for ac_func in strchr strrchr memcpy memset sysconf sigaction tzset strcasecmp seteuid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5146: checking for $ac_func" >&5 +echo "configure:5166: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5194: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5198,12 +5218,12 @@ if test -n "$SECUREWARE"; then for ac_func in bigcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5202: checking for $ac_func" >&5 +echo "configure:5222: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5253,12 +5273,12 @@ done for ac_func in set_auth_parameters do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5257: checking for $ac_func" >&5 +echo "configure:5277: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5305: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5308,12 +5328,12 @@ done for ac_func in initprivs do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5312: checking for $ac_func" >&5 +echo "configure:5332: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5360: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5363,12 +5383,12 @@ done fi if test -z "$BROKEN_GETCWD"; then echo $ac_n "checking for getcwd""... $ac_c" 1>&6 -echo "configure:5367: checking for getcwd" >&5 +echo "configure:5387: checking for getcwd" >&5 if eval "test \"`echo '$''{'ac_cv_func_getcwd'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5415: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getcwd=yes" else @@ -5416,12 +5436,12 @@ fi fi echo $ac_n "checking for waitpid""... $ac_c" 1>&6 -echo "configure:5420: checking for waitpid" >&5 +echo "configure:5440: checking for waitpid" >&5 if eval "test \"`echo '$''{'ac_cv_func_waitpid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5468: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_waitpid=yes" else @@ -5467,12 +5487,12 @@ else for ac_func in wait3 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5471: checking for $ac_func" >&5 +echo "configure:5491: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5519: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5522,12 +5542,12 @@ done fi echo $ac_n "checking for innetgr""... $ac_c" 1>&6 -echo "configure:5526: checking for innetgr" >&5 +echo "configure:5546: checking for innetgr" >&5 if eval "test \"`echo '$''{'ac_cv_func_innetgr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5574: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_innetgr=yes" else @@ -5570,12 +5590,12 @@ EOF for ac_func in getdomainname do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5574: checking for $ac_func" >&5 +echo "configure:5594: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5627,12 +5647,12 @@ else fi echo $ac_n "checking for lsearch""... $ac_c" 1>&6 -echo "configure:5631: checking for lsearch" >&5 +echo "configure:5651: checking for lsearch" >&5 if eval "test \"`echo '$''{'ac_cv_func_lsearch'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5679: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_lsearch=yes" else @@ -5676,7 +5696,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for lsearch in -lcompat""... $ac_c" 1>&6 -echo "configure:5680: checking for lsearch in -lcompat" >&5 +echo "configure:5700: checking for lsearch in -lcompat" >&5 if test -n ""; then ac_lib_var=`echo compat'_'lsearch | sed 'y% ./+-%___p_%'` else @@ -5688,7 +5708,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcompat $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5723: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5716,17 +5736,17 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_safe=`echo "search.h" | sed 'y%./+-%__p_%'` echo $ac_n "checking for search.h""... $ac_c" 1>&6 -echo "configure:5720: checking for search.h" >&5 +echo "configure:5740: checking for search.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:5730: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:5750: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -5759,12 +5779,12 @@ fi fi echo $ac_n "checking for setenv""... $ac_c" 1>&6 -echo "configure:5763: checking for setenv" >&5 +echo "configure:5783: checking for setenv" >&5 if eval "test \"`echo '$''{'ac_cv_func_setenv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5811: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_setenv=yes" else @@ -5808,12 +5828,12 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for putenv""... $ac_c" 1>&6 -echo "configure:5812: checking for putenv" >&5 +echo "configure:5832: checking for putenv" >&5 if eval "test \"`echo '$''{'ac_cv_func_putenv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5860: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_putenv=yes" else @@ -5862,12 +5882,12 @@ fi fi echo $ac_n "checking for utime""... $ac_c" 1>&6 -echo "configure:5866: checking for utime" >&5 +echo "configure:5886: checking for utime" >&5 if eval "test \"`echo '$''{'ac_cv_func_utime'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5914: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_utime=yes" else @@ -5909,7 +5929,7 @@ if eval "test \"`echo '$ac_cv_func_'utime`\" = yes"; then EOF echo $ac_n "checking for POSIX utime""... $ac_c" 1>&6 -echo "configure:5913: checking for POSIX utime" >&5 +echo "configure:5933: checking for POSIX utime" >&5 if eval "test \"`echo '$''{'sudo_cv_func_utime_posix'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5918,7 +5938,7 @@ if test "$cross_compiling" = yes; then sudo_cv_func_utime_posix=no else cat > conftest.$ac_ext < #include @@ -5930,7 +5950,7 @@ utime("conftestdata", &ut); exit(0); } EOF -if { (eval echo configure:5934: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5954: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_func_utime_posix=yes else @@ -5952,104 +5972,327 @@ EOF fi -echo $ac_n "checking whether utime accepts a null argument""... $ac_c" 1>&6 -echo "configure:5957: checking whether utime accepts a null argument" >&5 -if eval "test \"`echo '$''{'ac_cv_func_utime_null'+set}'`\" = set"; then +else + echo "$ac_t""no" 1>&6 +LIBOBJS="$LIBOBJS utime.o" +fi + +echo $ac_n "checking for working fnmatch""... $ac_c" 1>&6 +echo "configure:5982: checking for working fnmatch" >&5 +if eval "test \"`echo '$''{'sudo_cv_func_fnmatch'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else rm -f conftestdata; > conftestdata -# Sequent interprets utime(file, 0) to mean use start of epoch. Wrong. if test "$cross_compiling" = yes; then - ac_cv_func_utime_null=no + sudo_cv_func_fnmatch=no else cat > conftest.$ac_ext < -#include main() { -struct stat s, t; -exit(!(stat ("conftestdata", &s) == 0 && utime("conftestdata", (long *)0) == 0 -&& stat("conftestdata", &t) == 0 && t.st_mtime >= s.st_mtime -&& t.st_mtime - s.st_mtime < 120)); +exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", 0)); } EOF -if { (eval echo configure:5978: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5997: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then - ac_cv_func_utime_null=yes + sudo_cv_func_fnmatch=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* - ac_cv_func_utime_null=no + sudo_cv_func_fnmatch=no fi rm -fr conftest* fi rm -f core core.* *.core fi - -echo "$ac_t""$ac_cv_func_utime_null" 1>&6 -if test $ac_cv_func_utime_null = yes; then +echo "$ac_t""$sudo_cv_func_fnmatch" 1>&6 +if test $sudo_cv_func_fnmatch = yes; then cat >> confdefs.h <<\EOF -#define HAVE_UTIME_NULL 1 +#define HAVE_FNMATCH 1 EOF +else + LIBOBJS="$LIBOBJS fnmatch.o" fi +for ac_func in strerror +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6024: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6052: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 -LIBOBJS="$LIBOBJS utime.o" +LIBOBJS="$LIBOBJS ${ac_func}.o" fi +done -echo $ac_n "checking for working fnmatch""... $ac_c" 1>&6 -echo "configure:6007: checking for working fnmatch" >&5 -if eval "test \"`echo '$''{'sudo_cv_func_fnmatch'+set}'`\" = set"; then + +echo $ac_n "checking for snprintf""... $ac_c" 1>&6 +echo "configure:6079: checking for snprintf" >&5 +if eval "test \"`echo '$''{'ac_cv_func_snprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else - rm -f conftestdata; > conftestdata -if test "$cross_compiling" = yes; then - sudo_cv_func_fnmatch=no + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char snprintf(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_snprintf) || defined (__stub___snprintf) +choke me +#else +snprintf(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_snprintf=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_snprintf=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'snprintf`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_SNPRINTF 1 +EOF + +else + echo "$ac_t""no" 1>&6 +NEED_SNPRINTF=1 +fi + +echo $ac_n "checking for vsnprintf""... $ac_c" 1>&6 +echo "configure:6131: checking for vsnprintf" >&5 +if eval "test \"`echo '$''{'ac_cv_func_vsnprintf'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char vsnprintf(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_vsnprintf) || defined (__stub___vsnprintf) +choke me +#else +vsnprintf(); +#endif + +; return 0; } EOF -if { (eval echo configure:6022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then - sudo_cv_func_fnmatch=yes +if { (eval echo configure:6159: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_vsnprintf=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 - rm -fr conftest* - sudo_cv_func_fnmatch=no + rm -rf conftest* + eval "ac_cv_func_vsnprintf=no" fi -rm -fr conftest* +rm -f conftest* fi -rm -f core core.* *.core +if eval "test \"`echo '$ac_cv_func_'vsnprintf`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_VSNPRINTF 1 +EOF + +else + echo "$ac_t""no" 1>&6 +NEED_SNPRINTF=1 fi -echo "$ac_t""$sudo_cv_func_fnmatch" 1>&6 -if test $sudo_cv_func_fnmatch = yes; then + +echo $ac_n "checking for asprintf""... $ac_c" 1>&6 +echo "configure:6183: checking for asprintf" >&5 +if eval "test \"`echo '$''{'ac_cv_func_asprintf'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char asprintf(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_asprintf) || defined (__stub___asprintf) +choke me +#else +asprintf(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6211: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_asprintf=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_asprintf=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'asprintf`\" = yes"; then + echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF -#define HAVE_FNMATCH 1 +#define HAVE_ASPRINTF 1 EOF else - LIBOBJS="$LIBOBJS fnmatch.o" + echo "$ac_t""no" 1>&6 +NEED_SNPRINTF=1 +fi + +echo $ac_n "checking for vasprintf""... $ac_c" 1>&6 +echo "configure:6235: checking for vasprintf" >&5 +if eval "test \"`echo '$''{'ac_cv_func_vasprintf'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char vasprintf(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_vasprintf) || defined (__stub___vasprintf) +choke me +#else +vasprintf(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6263: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_vasprintf=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_vasprintf=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'vasprintf`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_VASPRINTF 1 +EOF + +else + echo "$ac_t""no" 1>&6 +NEED_SNPRINTF=1 fi +if test -n "$NEED_SNPRINTF"; then + LIBOBJS="$LIBOBJS snprintf.o" +fi if test -z "$LIB_CRYPT"; then echo $ac_n "checking for crypt""... $ac_c" 1>&6 -echo "configure:6048: checking for crypt" >&5 +echo "configure:6291: checking for crypt" >&5 if eval "test \"`echo '$''{'ac_cv_func_crypt'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6319: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_crypt=yes" else @@ -6090,7 +6333,7 @@ if eval "test \"`echo '$ac_cv_func_'crypt`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:6094: checking for crypt in -lcrypt" >&5 +echo "configure:6337: checking for crypt in -lcrypt" >&5 if test -n ""; then ac_lib_var=`echo crypt'_'crypt | sed 'y% ./+-%___p_%'` else @@ -6102,7 +6345,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6360: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6132,7 +6375,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lcrypt_d""... $ac_c" 1>&6 -echo "configure:6136: checking for crypt in -lcrypt_d" >&5 +echo "configure:6379: checking for crypt in -lcrypt_d" >&5 if test -n ""; then ac_lib_var=`echo crypt_d'_'crypt | sed 'y% ./+-%___p_%'` else @@ -6144,7 +6387,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt_d $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6402: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6174,7 +6417,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for ufc in -lcrypt""... $ac_c" 1>&6 -echo "configure:6178: checking for ufc in -lcrypt" >&5 +echo "configure:6421: checking for ufc in -lcrypt" >&5 if test -n ""; then ac_lib_var=`echo crypt'_'ufc | sed 'y% ./+-%___p_%'` else @@ -6186,7 +6429,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6444: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6225,12 +6468,12 @@ fi fi echo $ac_n "checking for socket""... $ac_c" 1>&6 -echo "configure:6229: checking for socket" >&5 +echo "configure:6472: checking for socket" >&5 if eval "test \"`echo '$''{'ac_cv_func_socket'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6500: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_socket=yes" else @@ -6271,7 +6514,7 @@ if eval "test \"`echo '$ac_cv_func_'socket`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:6275: checking for socket in -lsocket" >&5 +echo "configure:6518: checking for socket in -lsocket" >&5 if test -n ""; then ac_lib_var=`echo socket'_'socket | sed 'y% ./+-%___p_%'` else @@ -6283,7 +6526,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6313,7 +6556,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for socket in -linet""... $ac_c" 1>&6 -echo "configure:6317: checking for socket in -linet" >&5 +echo "configure:6560: checking for socket in -linet" >&5 if test -n ""; then ac_lib_var=`echo inet'_'socket | sed 'y% ./+-%___p_%'` else @@ -6325,7 +6568,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6583: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6356,7 +6599,7 @@ else echo "$ac_t""no" 1>&6 echo "configure: warning: unable to find socket() trying -lsocket -lnsl" 1>&2 echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:6360: checking for socket in -lsocket" >&5 +echo "configure:6603: checking for socket in -lsocket" >&5 if test -n "-lnsl"; then ac_lib_var=`echo socket'_'socket-lnsl | sed 'y% ./+-%___p_%'` else @@ -6368,7 +6611,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket -lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6626: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6406,12 +6649,12 @@ fi fi echo $ac_n "checking for inet_addr""... $ac_c" 1>&6 -echo "configure:6410: checking for inet_addr" >&5 +echo "configure:6653: checking for inet_addr" >&5 if eval "test \"`echo '$''{'ac_cv_func_inet_addr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6681: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_inet_addr=yes" else @@ -6452,7 +6695,7 @@ if eval "test \"`echo '$ac_cv_func_'inet_addr`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for inet_addr in -lnsl""... $ac_c" 1>&6 -echo "configure:6456: checking for inet_addr in -lnsl" >&5 +echo "configure:6699: checking for inet_addr in -lnsl" >&5 if test -n ""; then ac_lib_var=`echo nsl'_'inet_addr | sed 'y% ./+-%___p_%'` else @@ -6464,7 +6707,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6722: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6494,7 +6737,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for inet_addr in -linet""... $ac_c" 1>&6 -echo "configure:6498: checking for inet_addr in -linet" >&5 +echo "configure:6741: checking for inet_addr in -linet" >&5 if test -n ""; then ac_lib_var=`echo inet'_'inet_addr | sed 'y% ./+-%___p_%'` else @@ -6506,7 +6749,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6764: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6537,7 +6780,7 @@ else echo "$ac_t""no" 1>&6 echo "configure: warning: unable to find socket() trying -lsocket -lnsl" 1>&2 echo $ac_n "checking for inet_addr in -lsocket""... $ac_c" 1>&6 -echo "configure:6541: checking for inet_addr in -lsocket" >&5 +echo "configure:6784: checking for inet_addr in -lsocket" >&5 if test -n "-lnsl"; then ac_lib_var=`echo socket'_'inet_addr-lnsl | sed 'y% ./+-%___p_%'` else @@ -6549,7 +6792,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket -lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6587,12 +6830,12 @@ fi fi echo $ac_n "checking for syslog""... $ac_c" 1>&6 -echo "configure:6591: checking for syslog" >&5 +echo "configure:6834: checking for syslog" >&5 if eval "test \"`echo '$''{'ac_cv_func_syslog'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6862: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_syslog=yes" else @@ -6633,7 +6876,7 @@ if eval "test \"`echo '$ac_cv_func_'syslog`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for syslog in -lsocket""... $ac_c" 1>&6 -echo "configure:6637: checking for syslog in -lsocket" >&5 +echo "configure:6880: checking for syslog in -lsocket" >&5 if test -n ""; then ac_lib_var=`echo socket'_'syslog | sed 'y% ./+-%___p_%'` else @@ -6645,7 +6888,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6903: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6675,7 +6918,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for syslog in -lnsl""... $ac_c" 1>&6 -echo "configure:6679: checking for syslog in -lnsl" >&5 +echo "configure:6922: checking for syslog in -lnsl" >&5 if test -n ""; then ac_lib_var=`echo nsl'_'syslog | sed 'y% ./+-%___p_%'` else @@ -6687,7 +6930,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6945: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6717,7 +6960,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for syslog in -linet""... $ac_c" 1>&6 -echo "configure:6721: checking for syslog in -linet" >&5 +echo "configure:6964: checking for syslog in -linet" >&5 if test -n ""; then ac_lib_var=`echo inet'_'syslog | sed 'y% ./+-%___p_%'` else @@ -6729,7 +6972,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6770,19 +7013,19 @@ if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works # for constant arguments. Useless! echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 -echo "configure:6774: checking for working alloca.h" >&5 +echo "configure:7017: checking for working alloca.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { char *p = alloca(2 * sizeof(int)); ; return 0; } EOF -if { (eval echo configure:6786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7029: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_header_alloca_h=yes else @@ -6803,12 +7046,12 @@ EOF fi echo $ac_n "checking for alloca""... $ac_c" 1>&6 -echo "configure:6807: checking for alloca" >&5 +echo "configure:7050: checking for alloca" >&5 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7078: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_func_alloca_works=yes else @@ -6863,12 +7106,12 @@ EOF echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 -echo "configure:6867: checking whether alloca needs Cray hooks" >&5 +echo "configure:7110: checking whether alloca needs Cray hooks" >&5 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6897: checking for $ac_func" >&5 +echo "configure:7140: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7168: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6948,7 +7191,7 @@ done fi echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 -echo "configure:6952: checking stack direction for C alloca" >&5 +echo "configure:7195: checking stack direction for C alloca" >&5 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6956,7 +7199,7 @@ else ac_cv_c_stack_direction=0 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:7222: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_c_stack_direction=1 else @@ -7000,7 +7243,7 @@ fi if test "$with_kerb5" = "yes"; then echo $ac_n "checking for krb5_get_init_creds_opt in -lkrb5""... $ac_c" 1>&6 -echo "configure:7004: checking for krb5_get_init_creds_opt in -lkrb5" >&5 +echo "configure:7247: checking for krb5_get_init_creds_opt in -lkrb5" >&5 if test -n ""; then ac_lib_var=`echo krb5'_'krb5_get_init_creds_opt | sed 'y% ./+-%___p_%'` else @@ -7012,7 +7255,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lkrb5 $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7270: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7044,6 +7287,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then EOF SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" + AUTH_OBJS="${AUTH_OBJS} kerb5.o" else echo "$ac_t""no" 1>&6 @@ -7081,21 +7325,21 @@ EOF if test "$with_kerb5" = "yes"; then echo $ac_n "checking for -lkrb4""... $ac_c" 1>&6 -echo "configure:7085: checking for -lkrb4" >&5 +echo "configure:7329: checking for -lkrb4" >&5 if eval "test \"`echo '$''{'ac_cv_lib_krb4'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lkrb4 $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7343: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_lib_krb4=yes else @@ -7116,21 +7360,21 @@ else fi echo $ac_n "checking for -ldes""... $ac_c" 1>&6 -echo "configure:7120: checking for -ldes" >&5 +echo "configure:7364: checking for -ldes" >&5 if eval "test \"`echo '$''{'ac_cv_lib_des'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldes $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7378: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_lib_des=yes else @@ -7151,21 +7395,21 @@ fi SUDO_LIBS="${SUDO_LIBS} -ldes425 -lkrb5 -lcrypto -lcom_err" else echo $ac_n "checking for -ldes""... $ac_c" 1>&6 -echo "configure:7155: checking for -ldes" >&5 +echo "configure:7399: checking for -ldes" >&5 if eval "test \"`echo '$''{'ac_cv_lib_des'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldes $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7413: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_lib_des=yes else @@ -7185,6 +7429,7 @@ else SUDO_LIBS="${SUDO_LIBS} -lkrb" fi + AUTH_OBJS="${AUTH_OBJS} kerb4.o" fi fi @@ -7279,7 +7524,7 @@ if test -n "$with_SecurID" -a "$with_SecurID" != "no"; then fi fi -if test "$with_AuthSRV" = "yes"; then +if test "$with_fwtk" = "yes"; then SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall" fi @@ -7288,7 +7533,7 @@ if test "$with_authenticate" = "yes"; then fi echo $ac_n "checking for log file location""... $ac_c" 1>&6 -echo "configure:7292: checking for log file location" >&5 +echo "configure:7537: checking for log file location" >&5 if test -n "$with_logpath"; then echo "$ac_t""$with_logpath" 1>&6 cat >> confdefs.h <&6 -echo "configure:7322: checking for timestamp file location" >&5 +echo "configure:7567: checking for timestamp file location" >&5 if test -n "$with_timedir"; then echo "$ac_t""$with_timedir" 1>&6 cat >> confdefs.h <> confdefs.h <<\EOF +#define NO_PASSWD 1 +EOF + + echo "configure: warning: no user authentication will be performed" 1>&2 +fi + test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' trap '' 1 2 15 @@ -7481,9 +7734,8 @@ s%@SUDO_LIBS@%$SUDO_LIBS%g s%@VISUDO_LIBS@%$VISUDO_LIBS%g s%@AFS_LIBS@%$AFS_LIBS%g s%@OSDEFS@%$OSDEFS%g -s%@DCE_OBJS@%$DCE_OBJS%g +s%@AUTH_OBJS@%$AUTH_OBJS%g s%@LIBOBJS@%$LIBOBJS%g -s%@TGETPASS@%$TGETPASS%g s%@MANTYPE@%$MANTYPE%g s%@MAN_POSTINSTALL@%$MAN_POSTINSTALL%g s%@SUDOERS_MODE@%$SUDOERS_MODE%g diff --git a/sudo.cat b/sudo.cat index 28660ba75..8867a5200 100644 --- a/sudo.cat +++ b/sudo.cat @@ -1,14 +1,14 @@ -sudo(8) MAINTENANCE COMMANDS sudo(8) +.::sudo(8) MAINTENANCE COMMANDS .::sudo(8) NNNNAAAAMMMMEEEE sudo - execute a command as the superuser SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS - ssssuuuuddddoooo ----VVVV | ----hhhh | ----llll | ----vvvv | ----kkkk | ----ssss | ----HHHH | [ ----bbbb ] | [ ----rrrr + ssssuuuuddddoooo ----VVVV | ----hhhh | ----llll | ----vvvv | ----kkkk | ----KKKK | ----ssss | ----HHHH | [ ----bbbb ] | [ ----rrrr realm ] | [ ----pppp prompt ] [ ----uuuu username/#uid] _c_o_m_m_a_n_d DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN @@ -50,26 +50,32 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS installation time and defaults to 5 minutes) but does not run a command. - -k The -k (_k_i_l_l) option to ssssuuuuddddoooo removes the user's - timestamp file, thus requiring the user's password the - next time ssssuuuuddddoooo is run. This option does not require a - password and was added to allow a user to revoke ssssuuuuddddoooo - permissions from a .logout file. + -k The -k (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's + timestamp file by setting the time on it to the epoch. + The next time ssssuuuuddddoooo is run a password will be required. + This option does not require a password and was added + to allow a user to revoke ssssuuuuddddoooo permissions from a + .logout file. + - -b The -b (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the given - command in the background. Note that if you use the -17/Feb/99 1.6 1 +22/Jul/1999 1.6 1 -sudo(8) MAINTENANCE COMMANDS sudo(8) +.::sudo(8) MAINTENANCE COMMANDS .::sudo(8) + -K The -K (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's + timestamp file entirely. This option does not require + a password. + + -b The -b (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the given + command in the background. Note that if you use the -b option you cannot use shell job control to manipulate the command. @@ -118,23 +124,25 @@ RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEES SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTEEEESSSS ssssuuuuddddoooo tries to be safe when executing external commands. Variables that control how dynamic loading and binding is - done can be used to subvert the program that ssssuuuuddddoooo runs. - To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), - and LIBPATH (AIX only) environment variables are removed - from the environment passed on to all commands executed. - ssssuuuuddddoooo will also remove the IFS, ENV, BASH_ENV, KRB_CONF and - KRB5_CONFIG variables as they too can pose a threat. -17/Feb/99 1.6 2 +22/Jul/1999 1.6 2 + +.::sudo(8) MAINTENANCE COMMANDS .::sudo(8) -sudo(8) MAINTENANCE COMMANDS sudo(8) + done can be used to subvert the program that ssssuuuuddddoooo runs. + To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), + and LIBPATH (AIX only) environment variables are removed + from the environment passed on to all commands executed. + ssssuuuuddddoooo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, + KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS and HOSTALIASES + variables as they too can pose a threat. To prevent command spoofing, ssssuuuuddddoooo checks "." and "" (both denoting current directory) last when searching for a @@ -143,11 +151,11 @@ sudo(8) MAINTENANCE COMMANDS sudo(8) variable is _n_o_t modified and is passed unchanged to the program that ssssuuuuddddoooo executes. - For security reasons, if your OS supports shared - libraries, ssssuuuuddddoooo should always be statically linked unless - the dynamic loader disables user-defined library search - paths for setuid programs. (Most modern dynamic loaders - do this.) + For security reasons, if your OS supports shared libraries + and does not disable user-defined library search paths for + setuid programs (most do), you should either use a linker + option that disables this behavior or link ssssuuuuddddoooo + statically. ssssuuuuddddoooo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o or _/_t_m_p_/_._o_d_u_s by default) and ignore the @@ -164,20 +172,36 @@ sudo(8) MAINTENANCE COMMANDS sudo(8) inaccessible by any other user the user placing files there would be unable to get them back out. To get around this issue you can use a directory that is not world- - writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance). + writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) + or create /tmp/.odus with the appropriate owner (root) and + permissions (0700) in the system startup files. sudo will not honor timestamp files set far in the future. Timestamp files with a date greater than current_time + 2 - * TIMEOUT will be ignored and sudo complain about a - "preposterous stampfile date". This is done to keep a - user from creating his/her own timestamp file with a bogus - date. + * TIMEOUT will be ignored and sudo will log and complain. + This is done to keep a user from creating his/her own + timestamp file with a bogus date on system that allow + users to give away files. FFFFIIIILLLLEEEESSSS /etc/sudoers file of authorized users. EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT VVVVAAAARRRRIIIIAAAABBBBLLLLEEEESSSS + + + + + +22/Jul/1999 1.6 3 + + + + + +.::sudo(8) MAINTENANCE COMMANDS .::sudo(8) + + PATH Set to a sane value if SECURE_PATH is set SHELL Used to determine shell to run with -s option USER Set to the target user (root unless the -u option @@ -192,27 +216,15 @@ EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT V SUDO_PS1 If set, PS1 will be set to its value - -17/Feb/99 1.6 3 - - - - - -sudo(8) MAINTENANCE COMMANDS sudo(8) - - AAAAUUUUTTTTHHHHOOOORRRRSSSS Many people have worked on ssssuuuuddddoooo over the years, this version consists of code written primarily by: - Jeff Nieusma - David Hieb Todd Miller Chris Jepeway - See the HISTORY file in the ssssuuuuddddoooo distribution for more - details. + See the HISTORY file in the ssssuuuuddddoooo distribution for a short + history of ssssuuuuddddoooo. Please send all bugs, comments, and changes to sudo- bugs@courtesan.com. @@ -221,13 +233,8 @@ DDDDIIIISSSSCCCCLLLLAAAAIIIIMMMMEEEERRRR This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - PURPOSE. See the GNU General Public License for more - details. - - You should have received a copy of the GNU General Public - License along with this program; if not, write to the Free - Software Foundation, Inc., 675 Mass Ave, Cambridge, MA - 02139, USA. + PURPOSE. See the LICENSE file distributed with sudo for + more details. CCCCAAAAVVVVEEEEAAAATTTTSSSS There is no easy way to prevent a user from gaining a root @@ -252,20 +259,13 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO +22/Jul/1999 1.6 4 - - -17/Feb/99 1.6 4 - - - - - -sudo(8) MAINTENANCE COMMANDS sudo(8) +.::sudo(8) MAINTENANCE COMMANDS .::sudo(8) @@ -325,6 +325,6 @@ sudo(8) MAINTENANCE COMMANDS sudo(8) -17/Feb/99 1.6 5 +22/Jul/1999 1.6 5 diff --git a/sudo.html b/sudo.html index cc19b2b18..27e3175ab 100644 --- a/sudo.html +++ b/sudo.html @@ -1,11 +1,10 @@ - - - sudo - execute a command as the superuser +<HTML> +<HEAD> +<TITLE>Sudo Manual + + - - - - + @@ -29,183 +28,117 @@

-

NAME - -

-sudo - execute a command as the superuser - - +

NAME

+sudo - execute a command as the superuser

-

SYNOPSIS - -

-sudo -V | -h | -l | -v | -k | -s | -H | [ -b ] | [ -r realm ] | [ -p prompt ] [ -u username/#uid] command - - +

SYNOPSIS

+

+sudo -V | -h | -l | -v | -k | -K | -s | -H | [ -b ] | [ -r realm ] | [ -p prompt ] [ -u username/#uid] command -

-

DESCRIPTION - -

+

DESCRIPTION

+

sudo allows a permitted user to execute a command -as the superuser (real and effective uid and gid are set to and root's group as set in the passwd file respectively). - +as the superuser (real and effective uid and gid are set to 0 and root's group as set in the passwd file respectively).

- sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag a user can update the time stamp without running a command. The password prompt itself will also time out if the user's password is not entered with N minutes (again, this is defined at installation time and defaults to 5 minutes). -

- If an unauthorized user executes sudo, mail will be sent from the user to the local authorities (defined at installation time). -

- sudo was designed to log via the 4.3 BSD syslog(3) facility but can log to a file instead if so desired (or to both syslog and a file). - -

-

-

OPTIONS - -

-sudo accepts the following command line options: - - +

OPTIONS

+sudo accepts the following command line options:

-
-V - -
+
-V
+

The -V (version) option causes sudo to print the version number and exit. - +

-l

- -

-l - -
The -l (list) option will list out the allowed and forbidden commands for the user on the current host. - +
-h

- -

-h - -
The -h (help) option causes sudo to print the version of sudo and a usage message before exiting. - +
-v

- -

-v - -
If given the -v (validate) option, sudo will update the user's timestamp file, prompting for the user's password if necessary. This extends the sudo timeout to for another N minutes (where N is defined at installation time and defaults to 5 minutes) but does not run a command. - +
-k

+The -k (kill) option to sudo invalidates the user's timestamp file by setting the time on it to the +epoch. The next time sudo is run a password will be required. This option does not require a password +and was added to allow a user to revoke sudo permissions from a .logout file. -

-k - -
-The -k (kill) option to sudo removes the user's timestamp file, thus requiring the user's password the -next time sudo is run. This option does not require a password and was added to allow a -user to revoke sudo permissions from a .logout file. - - +
-K

+The -K (sure kill) option to sudo removes the user's timestamp file entirely. This option does not require a +password. -

-b - -
+
-b
+

The -b (background) option tells sudo to run the given command in the background. Note that if you use the -b option you cannot use shell job control to manipulate the command. - +

-r

- -

-r - -
The -r (realm) option is only available if sudo was configured with Kerberos version 5 support. It allows the user to specify a Kerberos realm other than the system default to use when authenticating the user via Kerberos. - +
-p

- -

-p - -
The -p (prompt) option allows you to override the default password prompt and use a custom one. If the password prompt contains the %u escape, %u will be replaced by the user's login name. Similarly, %h will be replaced by the local hostname. - +
-u

- -

-u - -
The -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a username, use ``#uid''. - +
-s

- -

-s - -
The -s (shell) option runs the shell specified by the SHELL environment variable if it is set or the shell as specified in passwd(5). - +
-H

- -

-H - -
The -H (HOME) option sets the HOME environment variable to the homedir of the target user (root by default) as specified in passwd(5). - +
--

- -

-- - -
The -- flag indicates that sudo should stop processing command line arguments. It is most useful in conjunction with the -s flag. - -

-

-

RETURN VALUES - -

+

RETURN VALUES

+

sudo quits with an exit value of 1 if there is a configuration/permission problem or if sudo cannot execute the given command. In the latter case the error string is printed to stderr via perror(3). If sudo cannot stat(2) one or more entries in the user's PATH the @@ -216,39 +149,29 @@ The most common reason for stat(3) to return ``permission denied'' is if you are running an automounter and one of the directories in your PATH is on a machine that is currently unreachable. - -

-

-

SECURITY NOTES - -

+

SECURITY NOTES

+

sudo tries to be safe when executing external commands. Variables that control how dynamic loading and binding is done can be used to subvert the program that sudo runs. To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on to all commands executed. sudo will also remove the IFS, -ENV, BASH_ENV, KRB_CONF and KRB5_CONFIG variables as they too can pose a threat. - +ENV, BASH_ENV, KRB_CONF, KRB5_CONFIG, LOCALDOMAIN, +RES_OPTIONS and HOSTALIASES variables as they too can pose a threat.

- To prevent command spoofing, sudo checks ``.'' and ``'' (both denoting current directory) last when searching for a command in the user's PATH (if one or both are in the PATH). Note, however, that the actual PATH environment variable is not modified and is passed unchanged to the program that sudo executes. -

- -For security reasons, if your OS supports shared libraries, sudo -should always be statically linked unless the dynamic loader disables -user-defined library search paths for setuid programs. (Most modern dynamic -loaders do this.) - +For security reasons, if your OS supports shared libraries and does not +disable user-defined library search paths for setuid programs (most do), +you should either use a linker option that disables this behavior or link sudo statically.

- sudo will check the ownership of its timestamp directory (/var/run/sudo or /tmp/.odus by default) and ignore the directory's contents if it is not owned by root and only read, writable, and executable by root. On systems that allow users to give files away to root (via chown), if the timestamp directory is @@ -258,35 +181,26 @@ done is to ``hide'' files by putting them in the timestamp dir. This is unlikely to happen since once the timestamp dir is owned by root and inaccessible by any other user the user placing files there would be unable to get them back out. To get around this issue you can use a directory that -is not world-writable for the timestamps (/var/adm/sudo for instance). - +is not world-writable for the timestamps (/var/adm/sudo for instance) or create /tmp/.odus with the appropriate owner (root) and +permissions (0700) in the system startup files.

- sudo will not honor timestamp files set far in the future. Timestamp files with a date greater than current_time + 2 * TIMEOUT -will be ignored and sudo complain about a ``preposterous stampfile date''. -This is done to keep a user from creating his/her own timestamp file with a -bogus date. - - -

+will be ignored and sudo will log and complain. This is done to keep a user +from creating his/her own timestamp file with a bogus date on system that +allow users to give away files.

-

FILES - -

+

FILES

+

 /etc/sudoers           file of authorized users.
- -

-

-

ENVIRONMENT VARIABLES - -

+

ENVIRONMENT VARIABLES

+

 PATH                   Set to a sane value if SECURE_PATH is set
  SHELL                  Used to determine shell to run with -s option
  USER                   Set to the target user (root unless the -u option
@@ -300,92 +214,53 @@ bogus date.
  SUDO_GID               Set to the gid of the user who invoked sudo
  SUDO_PS1               If set, PS1 will be set to its value
- -

-

-

AUTHORS - -

+

AUTHORS

+

Many people have worked on sudo over the years, this version consists of code written primarily by: -

- -

        Jeff Nieusma
-        David Hieb
-        Todd Miller
+
        Todd Miller
         Chris Jepeway
 

-
 

-
-See the HISTORY file in the sudo distribution for more details.
-
+See the HISTORY file in the sudo distribution for a short history of sudo.
 
 

-
 Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
-
-
-

+HREF="mailto:sudo-bugs@courtesan.com.">sudo-bugs@courtesan.com.
 
 

 

-
DISCLAIMER
-
-

+
DISCLAIMER

+

 This program is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-more details.
-
-
-

-
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc., 675
-Mass Ave, Cambridge, MA 02139, USA.
-
-
-

+FITNESS FOR A PARTICULAR PURPOSE. See the LICENSE file distributed with
+sudo for more details.
 
 

 

-
CAVEATS
-
-

+
CAVEATS

+

 There is no easy way to prevent a user from gaining a root shell if that
 user has access to commands allowing shell escapes.
 
-
 

-
 If users have sudo ALL there is nothing to prevent them from creating their
 own program that gives them a root shell regardless of any '!' elements in
 the user specification.
 
-
 

-
 Running shell scripts via sudo can expose the same kernel bugs that make setuid shell scripts unsafe on
 some operating systems.
 
-
-

-
 

 

-
SEE ALSO
-
-

-sudoers(5), visudo(8), su(1).
-
+
SEE ALSO

 

+sudoers(5), visudo(8), su(1).
+
 
-
-    
-
-    
+
diff --git a/sudo.man b/sudo.man
index e640a88b4..ef4de8b26 100644
--- a/sudo.man
+++ b/sudo.man
@@ -2,8 +2,8 @@
 ''' $RCSfile$$Revision$$Date$
 '''
 ''' $Log$
-''' Revision 1.32  1999/04/05 20:57:23  millert
-''' Crank version to 1.6 and combine copyright statements
+''' Revision 1.33  1999/07/22 13:10:46  millert
+''' regen
 '''
 '''
 .de Sh
@@ -96,7 +96,7 @@
 .nr % 0
 .rr F
 .\}
-.TH sudo 8 "1.6" "17/Feb/99" "MAINTENANCE COMMANDS"
+.TH .::sudo 8 "1.6" "22/Jul/1999" "MAINTENANCE COMMANDS"
 .UC
 .if n .hy 0
 .if n .na
@@ -193,7 +193,7 @@
 .SH "NAME"
 sudo \- execute a command as the superuser
 .SH "SYNOPSIS"
-\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-v\fR | \fB\-k\fR | \fB\-s\fR | \fB\-H\fR |
+\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \fB\-H\fR |
 [ \fB\-b\fR ] | [ \fB\-r\fR realm ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
 .SH "DESCRIPTION"
 \fBsudo\fR allows a permitted user to execute a \fIcommand\fR
@@ -230,10 +230,14 @@ This extends the \fBsudo\fR timeout to for another N minutes
 (where N is defined at installation time and defaults to 5
 minutes) but does not run a command.
 .Ip "-k" 4
-The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR removes the user's timestamp
-file, thus requiring the user's password the next time \fBsudo\fR is run.
-This option does not require a password and was added to
-allow a user to revoke \fBsudo\fR permissions from a .logout file.
+The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
+file by setting the time on it to the epoch.  The next time \fBsudo\fR is
+run a password will be required.  This option does not require a password
+and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
+file.
+.Ip "-K" 4
+The \f(CW-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
+file entirely.  This option does not require a password.
 .Ip "-b" 4
 The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
 command in the background.  Note that if you use the \f(CW-b\fR
@@ -283,8 +287,8 @@ to subvert the program that \fBsudo\fR runs.  To combat this the
 \f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX
 only) environment variables are removed from the environment passed
 on to all commands executed.  \fBsudo\fR will also remove the \f(CWIFS\fR,
-\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR and \f(CWKRB5_CONFIG\fR variables as
-they too can pose a threat.
+\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR, \f(CWKRB5_CONFIG\fR, \f(CWLOCALDOMAIN\fR,
+\f(CWRES_OPTIONS\fR and \f(CWHOSTALIASES\fR variables as they too can pose a threat.
 .PP
 To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting
 current directory) last when searching for a command in the user's
@@ -292,10 +296,10 @@ PATH (if one or both are in the PATH).  Note, however, that the
 actual PATH environment variable is \fInot\fR modified and is passed
 unchanged to the program that \fBsudo\fR executes.
 .PP
-For security reasons, if your OS supports shared libraries, \fBsudo\fR
-should always be statically linked unless the dynamic loader disables
-user-defined library search paths for setuid programs.  (Most modern
-dynamic loaders do this.)
+For security reasons, if your OS supports shared libraries and does
+not disable user-defined library search paths for setuid programs
+(most do), you should either use a linker option that disables this
+behavior or link \fBsudo\fR statically.
 .PP
 \fBsudo\fR will check the ownership of its timestamp directory
 (\fI/var/run/sudo\fR or \fI/tmp/.odus\fR by default) and ignore the
@@ -311,13 +315,14 @@ since once the timestamp dir is owned by root and inaccessible by
 any other user the user placing files there would be unable to get
 them back out.  To get around this issue you can use a directory
 that is not world-writable for the timestamps (\fI/var/adm/sudo\fR for
-instance).
+instance) or create /tmp/.odus with the appropriate owner (root) and
+permissions (0700) in the system startup files.
 .PP
 \f(CWsudo\fR will not honor timestamp files set far in the future.
 Timestamp files with a date greater than current_time + 2 * \f(CWTIMEOUT\fR
-will be ignored and sudo complain about a \*(L"preposterous stampfile
-date\*(R".  This is done to keep a user from creating his/her own
-timestamp file with a bogus date.
+will be ignored and sudo will log and complain.  This is done to
+keep a user from creating his/her own timestamp file with a bogus
+date on system that allow users to give away files.
 .SH "FILES"
 .PP
 .Vb 1
@@ -343,24 +348,19 @@ timestamp file with a bogus date.
 Many people have worked on \fBsudo\fR over the years, this
 version consists of code written primarily by:
 .PP
-.Vb 4
-\&        Jeff Nieusma
-\&        David Hieb
+.Vb 2
 \&        Todd Miller
 \&        Chris Jepeway
 .Ve
-See the HISTORY file in the \fBsudo\fR distribution for more details.
+See the HISTORY file in the \fBsudo\fR distribution for a short history
+of \fBsudo\fR.
 .PP
 Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
 .SH "DISCLAIMER"
 This program is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-General Public License for more details.
-.PP
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-675 Mass Ave, Cambridge, MA 02139, USA.
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the LICENSE
+file distributed with sudo for more details.
 .SH "CAVEATS"
 There is no easy way to prevent a user from gaining a root shell if
 that user has access to commands allowing shell escapes.
@@ -375,7 +375,7 @@ that make setuid shell scripts unsafe on some operating systems.
 \fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1).
 
 .rn }` ''
-.IX Title "sudo 8"
+.IX Title ".::sudo 8"
 .IX Name "sudo - execute a command as the superuser"
 
 .IX Header "NAME"
@@ -396,6 +396,8 @@ that make setuid shell scripts unsafe on some operating systems.
 
 .IX Item "-k"
 
+.IX Item "-K"
+
 .IX Item "-b"
 
 .IX Item "-r"
diff --git a/sudoers.html b/sudoers.html
index 2207a1f5e..abaa56140 100644
--- a/sudoers.html
+++ b/sudoers.html
@@ -1,11 +1,10 @@
-     
-	 
-	    sudoers - list of which users may execute what as root
+<HTML>
+<HEAD>
+<TITLE>Sudoers Manual
+
+
 
- 
-	
-
-	
+
 
 
 
@@ -45,19 +44,14 @@
 

 

 

-
NAME
-
-

-sudoers - list of which users may execute what as root
-
-
+
NAME

 

+sudoers - list of which users may execute what as root
 
 

 

-
DESCRIPTION
-
-

+
DESCRIPTION

+

 The sudoers file is composed of an optional host alias section, an optional command
 alias section and the user specification section. All command or host
 aliases need to start with their respective keywords (ie: Host_Alias,
@@ -66,243 +60,184 @@ of a user, the logical union of the entries will be used. Note that if
 there is an entry that denies access to a command that is followed by an
 entry that grants access the user will be allowed to run the command.
 
-
-

-
 

 

-
user specification format:
-
-

+
user specification format:

+

 
  user access_group [: access_group] ...
 

-
 

-
 
    access_group ::= host-list = [(runas-list)] [NOPASSWD:] [op]cmnd_type
                      [,[(user-list)] [NOPASSWD|PASSWD:] [op]cmnd_type] ... 
        cmnd_type ::= a command OR a command alias.
               op ::= the logical "!" NOT operator.
 

-
-

-
 

 

-
host alias section format:
-
-

+
host alias section format:

+

 
  Host_Alias HOSTALIAS = host-list
 

-
 

-
 
      Host_Alias ::= a keyword.
        HOSTALIAS ::= an upper-case alias name.
        host-list ::= a comma separated list of hosts, netgroups,
                      ip addresses, networks.  A logical "!"
                      NOT operator may be prefixed to any of these.
 

-
-

-
 

 

-
user alias section format:
-
-

+
user alias section format:

+

 
  User_Alias USERALIAS = user-list
 

-
 

-
 
      User_Alias ::= a keyword.
        USERALIAS ::= an upper-case alias name.
        user-list ::= a comma separated list of users, groups, netgroups.
                      A logical "!" NOT operator may be prefixed to any
                      of these.
 

-
-

-
 

 

-
runas alias section format:
-
-

+
runas alias section format:

+

 
  Runas_Alias RUNASALIAS = runas-list
 

-
 

-
 
      Runas_Alias ::= a keyword.
        RUNASALIAS ::= an upper-case alias name.
        runas-list ::= a comma separated list of users, groups, netgroups.
                       A logical "!" NOT operator may be prefixed to any
                       of these.
 

-
-

-
 

 

-
command alias section format:
-
-

+
command alias section format:

+

 
  Cmnd_Alias CMNDALIAS = cmnd-list
 

-
 

-
 
      Cmnd_Alias ::= a keyword.
        CMNDALIAS ::= an upper-case alias name.
        cmnd-list ::= a comma separated list commands.
                      A logical "!" NOT operator may be prefixed to any
                      of these.
 

-
-

-
 

 

-
command specification:
-
-

+
command specification:

+

 
  path arg1 arg2 .. argn = command
 

-
 

-
 
            path ::= a fully qualified pathname.
        arg[1..n] ::= optional command line arguments.
 

-
-

-
 

 

-
persistence of modifiers
+
persistence of modifiers

+

+When a runas-list is specified for an access_group, it affects all commands in the access_group. For example, given:
 
-

-When a runas-list is specified for an access_group, it affects all commands in the access_group. For example, given: oper bigserver = (root, sysadm) /usr/bin/kill,
-/bin/rm User oper will be able to run /usr/bin/kill and /bin/rm
+

+
    oper bigserver = (root, sysadm) /usr/bin/kill, /bin/rm
+

+

+User oper will be able to run /usr/bin/kill and /bin/rm
 as root or sysadm on the machine, bigserver. The
 runas-list is ``sticky'' across entries in the comma-separated
-access_group. You can override the runas-list with another one, at which point the new runas-list becomes the default for that access_group. For example, given: oper bigserver = (root, sysadm) /usr/bin/kill, (root)
-/bin/rm, \ /bin/rmdir User oper can still run /usr/bin/kill as root or sysadm but can only run /bin/rm and /bin/rmdir as root.
-
+access_group. You can override the runas-list with another one, at which point the new runas-list becomes the default for that access_group. For example, given:
 
 

+
    oper bigserver = (root, sysadm) /usr/bin/kill, (root) /bin/rm, \
+        /bin/rmdir
+

+

+User oper can still run /usr/bin/kill as root or sysadm but can only run /bin/rm and /bin/rmdir as root.
 
+

 Similarly, the NOPASSWD modifier is also persistent across an
-access_group. For example given: oper bigserver = NOPASSWD: /usr/bin/kill, /bin/rm,
-/bin/rmdir User oper will be able to run /usr/bin/kill, /bin/rm, and
-/bin/rmdir as root without a password. If we change that to: oper bigserver = NOPASSWD:
-/usr/bin/kill, PASSWD: /bin/rm, /bin/rmdir User oper can still run /usr/bin/kill without a password but must give a password to run /bin/rm and /bin/rmdir.
+access_group. For example given:
 
+

+
    oper bigserver = NOPASSWD: /usr/bin/kill, /bin/rm, /bin/rmdir
+

+

+User oper will be able to run /usr/bin/kill, /bin/rm, and
+/bin/rmdir as root without a password. If we change that to:
 
 

+
    oper bigserver = NOPASSWD: /usr/bin/kill, PASSWD: /bin/rm, /bin/rmdir
+

+

+User oper can still run /usr/bin/kill without a password but must give a password to run /bin/rm and /bin/rmdir.
 
 

 

-
wildcards (aka meta characters):
-
-

+
wildcards (aka meta characters):

+

 sudo allows shell-style wildcards along with command arguments in the sudoers file. Wildcard matching is done via the POSIX
 
 fnmatch(3) routine.
 
-
-

-
 
    
-
  • 
+
  • 
+
    
 Matches any set of zero or more characters.
 
-
+
    ?
    
 
    
-
-
    ?
-
-
    
 Matches any single character.
 
-
+
    [...]
    
 
    
-
-
    [...]
-
-
    
 Matches any character in the specified range.
 
-
+
    [!...]
    
 
    
-
-
    [!...]
-
-
    
 Matches any character not in the specified range.
 
-
+
    \x
    
 
    
-
-
    \x
-
-
    
 For any character ``x'', evaluates to ``x''. This is used to escape special
 characters such as: ``*'', ``?'', ``['', and ``}''.
 
-
-
    
-
 

 

 

-
exceptions to wildcard rules:
-
-

-The following exceptions apply to the above rules:
-
-
+
exceptions to wildcard rules:

 

+The following exceptions apply to the above rules:
 
 

-
""
-
-

-If the empty string "" is the only command line argument in the
-sudoers entry it means that command may take no arguments.
-
-
+
""

 

+If the empty string "" is the only command line argument in the
+sudoers entry it means that command may take no arguments.
 
 

 

 

-
other special characters and reserved words:
-
-

+
other special characters and reserved words:

+

 Text after a pound sign (#) is considered a comment. Words that begin with a percent sign (%) are assumed to be UN*X groups (%staff refers to users in the group staff). Words that begin with a plus sign (+) are assumed to be netgroups (+cshosts refers to the netgroup cshosts). Long lines can be newline escaped with the backslash \ character.
 
-
 

-
 The reserved word NOPASSWD indicates that a user need not enter a password for the command listed in
 that entry. The
 NOPASSWD modifier is persistent across entries in a user-list
 and can be reversed with the PASSWD modifier.
 
-
 

-
 The reserved alias ALL can be used for both {Host,User,Cmnd}_Alias.
 DO NOT define an alias of ALL, it will NOT be used. Note that ALL implies the entire universe of hosts/users/commands. You can subtract
-elements from the universe by using the syntax: user
-host=ALL,!ALIAS1,!/sbin/halt...
-
+elements from the universe by using the syntax:
 
 

-
+
   user  host=ALL,!ALIAS1,!/sbin/halt...
+

+

 Commands may have optional command line arguments. If they do, then the
 arguments in the sudoers file must exactly match those on the command line. It is also possible to
 have a command's arguments span multiple lines as long as the line
@@ -310,14 +245,10 @@ continuance character ``\'' is used. The following characters must be
 escaped with a ``\'' if used in command arguments: ``,'', ``:'', ``='',
 ``\''.
 
-
-

-
 

 

-
EXAMPLES
-
-

+
EXAMPLES

+

 
    # Host alias specification
     Host_Alias  HUB=houdini:\
                 REMOTE=merlin,kodiakthorn,spirit
@@ -326,22 +257,16 @@ escaped with a ``\'' if used in command arguments: ``,'', ``:'', ``='',
     Host_Alias  CSNETS=128.138.243.0,128.138.204.0,\
                        128.138.205.192
 

-
 

-
 
    # User alias specification
     User_Alias  FULLTIME=millert,dowdy,mikef
     User_Alias  PARTTIME=juola,mccreary,tor
 

-
 

-
 
    # Runas alias specification
     Runas_Alias OP=root,operator
 

-
 

-
 
    # Command alias specification
     Cmnd_Alias  LPCS=/usr/sbin/lpc,/usr/bin/lprm
     Cmnd_Alias  SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh
@@ -349,9 +274,7 @@ escaped with a ``\'' if used in command arguments: ``,'', ``:'', ``='',
     Cmnd_Alias  MISC=/bin/rm,/bin/cat:\
                 SHUTDOWN=/sbin/halt,/sbin/shutdown
 

-
 

-
 
    # User specification
     FULLTIME    ALL=(ALL) NOPASSWD: ALL
     %wheel      ALL=ALL
@@ -367,14 +290,10 @@ escaped with a ``\'' if used in command arguments: ``,'', ``:'', ``='',
                 kodiakthorn=NOPASSWD: ALL
     steve       CSNETS=(operator) /usr/op_commands/
 

-
-

-
 

 

-
Host Alias specifications:
-
-

+
Host Alias specifications:

+

 The are four host aliases. The first actually contains two aliases. It sets HUB to be houdini and REMOTE
 to the three machines merlin, kodiakthorn and spirit. Similarly, SERVERS is set to the machines houdini, merlin,
 kodiakthorn and spirit. The CSNETS alias will match any host on the 128.138.243.0, 128.138.204.0, or
@@ -382,164 +301,94 @@ to the three machines merlin, kodiakthorn and sp
 these are network addresses, not ip addresses. Unless an explicit netmask is given, the local netmask
 is used to determine whether or not the current host belongs to a network.
 
-
-

-
 

 

-
User Alias specifications:
-
-

+
User Alias specifications:

+

 The two user aliases simply groups the FULLTIME and
 PARTTIME folks into two separate aliases.
 
-
-

-
 

 

-
Command alias specifications:
-
-

+
Command alias specifications:

+

 Command aliases are lists of commands with or without associated command
 line arguments. The entries above should be self-explanatory.
 
-
-

-
 

 

-
User specifications:
-
-

+
User specifications:

 

-
FULLTIME
-
-

+
FULLTIME

+

 Full-time sysadmins in the FULLTIME alias may run any command on any host as any user without a password.
 
-
+
%wheel

 

-
-
%wheel
-
-

 Any user in the UN*X group wheel may run any command on any host.
 
-
+
PARTTIME

 

-
-
PARTTIME
-
-

 Part-time sysadmins in the PARTTIME alias may run any command except those in the SHELLS and SU aliases on any host.
 
-
+
+interns

 

-
-
+interns
-
-

 Any user in the netgroup interns may run any command except those in the SHELLS and SU aliases on any host that is in the openlabs netgroup.
 
-
+
britt

 

-
-
britt
-
-

 The user britt may run commands in the SHUTDOWN alias on the REMOTE machines and commands in the LPCS alias on any machine.
 
-
+
jimbo

 

-
-
jimbo
-
-

 The user jimbo may su to any user save root on the machines on CUNETS (which is explicitly listed as a class B network).
 
-
+
nieusma

 

-
-
nieusma
-
-

 The user nieusma may run commands in the SHUTDOWN alias as well as /sbin/reboot on the SERVER machines and any command except those in the SHELLS alias on the HUB
 machines.
 
-
+
jill

 

-
-
jill
-
-

 The user jill may run /sbin/shutdown -h now or
 /sbin/shutdown -r now as well as the commands in the
 MISC alias on houdini.
 
-
+
markm

 

-
-
markm
-
-

 The user markm may run any command on the HUB machines except /sbin/shutdown, /sbin/halt, and commands listed in the MISC alias.
 
-
+
davehieb

 

-
-
davehieb
-
-

 The user davehieb may run any command on merlin as any user in the Runas_Alias OP (ie: root or operator). He may also run /sbin/halt on the SERVERS and any command on kodiakthorn (no password required on kodiakthorn).
 
-
+
steve

 

-
-
steve
-
-

 The user steve may run any command in the /usr/op_commands/
 directory as user operator on the machines on CSNETS.
 
-
-

-
 

 

 

-
CAVEATS
-
-

+
CAVEATS

+

 The sudoers file should always be edited by the visudo
 command which locks the file and does grammatical checking. It is
 imperative that the sudoers be free of syntax errors since sudo will not run with a syntactically
 incorrect sudoers file.
 
-
-

-
 

 

-
FILES
-
-

+
FILES

+

 
 /etc/sudoers           file of authorized users.
  /etc/netgroup          list of network groups.
 

-
-

-
 

 

-
SEE ALSO
-
-

-sudo(8), visudo(8), su(1), fnmatch(3).
-
+
SEE ALSO

 

+sudo(8), visudo(8), su(1), fnmatch(3).
+
 
-
-    
-
-    
+
diff --git a/visudo.cat b/visudo.cat
index 85c0f5e89..a6e8f2b70 100644
--- a/visudo.cat
+++ b/visudo.cat
@@ -1,7 +1,7 @@
 
 
 
-visudo(8)              MAINTENANCE COMMANDS             visudo(8)
+.::visudo(8)           MAINTENANCE COMMANDS          .::visudo(8)
 
 
 NNNNAAAAMMMMEEEE
@@ -61,13 +61,13 @@ FFFFIIIILLLLEEEESSSS
 
 
 
-28/Mar/99                      1.6                              1
+22/Jul/1999                    1.6                              1
 
 
 
 
 
-visudo(8)              MAINTENANCE COMMANDS             visudo(8)
+.::visudo(8)           MAINTENANCE COMMANDS          .::visudo(8)
 
 
 EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT VVVVAAAARRRRIIIIAAAABBBBLLLLEEEESSSS
@@ -94,13 +94,8 @@ DDDDIIIISSSSCCCCLLLLAAAAIIIIMMMMEEEERRRR
        This program is distributed in the hope that it will be
        useful, but WITHOUT ANY WARRANTY; without even the implied
        warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-       PURPOSE.  See the GNU General Public License for more
-       details.
-
-       You should have received a copy of the GNU General Public
-       License along with this program; if not, write to the Free
-       Software Foundation, Inc., 675 Mass Ave, Cambridge, MA
-       02139, USA.
+       PURPOSE.  See the LICENSE file distributed with sudo for
+       more details.
 
 CCCCAAAAVVVVEEEEAAAATTTTSSSS
        Due to the syntax of the _s_u_d_o_e_r_s file, there is no way for
@@ -127,13 +122,18 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO
 
 
 
-28/Mar/99                      1.6                              2
 
 
 
 
 
-visudo(8)              MAINTENANCE COMMANDS             visudo(8)
+22/Jul/1999                    1.6                              2
+
+
+
+
+
+.::visudo(8)           MAINTENANCE COMMANDS          .::visudo(8)
 
 
 
@@ -193,6 +193,6 @@ visudo(8)              MAINTENANCE COMMANDS             visudo(8)
 
 
 
-28/Mar/99                      1.6                              3
+22/Jul/1999                    1.6                              3
 
 
diff --git a/visudo.html b/visudo.html
index e93205e95..7fbc65263 100644
--- a/visudo.html
+++ b/visudo.html
@@ -1,11 +1,10 @@
-     
-	 
-	    visudo - edit the sudoers file
+<HTML>
+<HEAD>
+<TITLE>Visudo Manual
+
+
 
- 
-	
-
-	
+
 
 
 
@@ -29,38 +28,27 @@
 

 

 

-
NAME
-
-

-visudo - edit the sudoers file
-
-
+
NAME

 

+visudo - edit the sudoers file
 
 

 

-
SYNOPSIS
-
-

-visudo [ -V ]
-
-
+
SYNOPSIS

 

+visudo [ -V ]
 
 

 

-
DESCRIPTION
-
-

+
DESCRIPTION

+

 visudo edits the sudoers file in a safe fashion, analogous to vipw(8).  visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and
 checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again
 later. In the default configuration, the vi(1) editor is used,
 but there is a compile time option to allow use of whatever editor the
 environment variables EDITOR or VISUAL are set to.
 
-
 

-
 visudo parses the sudoers file after the edit and will not save the changes if there is a syntax
 error. Upon finding an error, a message will be printed stating the line
 number(s) that the error occurred on and the user will receive
@@ -71,159 +59,88 @@ believes there to be a parse error, so will sudo and no one wil
 a short help message. When editing the sudoers file after a parse error has been detected the cursor will be placed on the
 line where the error occurred (if the editor supports this feature).
 
-
-

-
 

 

-
OPTIONS
-
-

-visudo accepts the following command line option:
-
-
+
OPTIONS

 

+visudo accepts the following command line option:
 
 

-
-V
-
-

-The -V (version) option causes visudo to print the version number and exit.
-
-
+
-V

 

+The -V (version) option causes visudo to print the version number and exit.
 
 

 

 

-
ERRORS
-
-

+
ERRORS

 

-
sudoers file busy, try again later.
-
-

+
sudoers file busy, try again later.

+

 Either someone is currently editing the sudoers file or there is a stale sudoers lock file (/etc/stmp by default) that you
 need to delete.
 
-
+
/etc/stmp: Permission denied

 

-
-
/etc/stmp: Permission denied
-
-

 You didn't run visudo as root.
 
-
+
Can't find you in the passwd database

 

-
-
Can't find you in the passwd database
-
-

 Your userid does not appear in the passwd file.
 
-
+
FILES

 

-
-
FILES
-
-

 
 /etc/sudoers           file of authorized users.
  /etc/stmp              lock file for visudo.
 

-
+
ENVIRONMENT VARIABLES

 

-
-
ENVIRONMENT VARIABLES
-
-

 The following are used only if visudo was compiled with the
 ENV_EDITOR option:
 
-
 

-
 
 EDITOR                 Used by visudo as the editor to use.
  VISUAL                 Used by visudo if EDITOR is not set.
 

-
+
AUTHOR

 

-
-
AUTHOR
-
-

 Many people have worked on sudo over the years, this version of
 visudo was written by:
 
-
 

-
 
 Todd Miller            <Todd.Miller@courtesan.com>
 

-
 

-
 See the HISTORY file in the sudo distribution for more details.
 
-
 

-
 Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
-
+HREF="mailto:sudo-bugs@courtesan.com.">sudo-bugs@courtesan.com.
 
+
DISCLAIMER

 

-
-
DISCLAIMER
-
-

 This program is distributed in the hope that it will be useful, but WITHOUT
 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-more details.
-
-
-

-
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc., 675
-Mass Ave, Cambridge, MA 02139, USA.
-
+FITNESS FOR A PARTICULAR PURPOSE. See the LICENSE file distributed with
+sudo for more details.
 
+
CAVEATS

 

-
-
CAVEATS
-
-

 Due to the syntax of the sudoers file, there is no way for visudo to tell the difference between a mistyped {Host,User,Cmnd}_Alias and a user
 or host name.
 
-
 

-
 There is no easy way to prevent a user from gaining a root shell if the
 editor used by visudo allows shell escapes.
 
-
+
BUGS

 

-
-
BUGS
-
-

 The -V flag gives the version of the sudo package rather than the individual visudo program.
 
-
+
SEE ALSO

 

-
-
SEE ALSO
-
-

 sudo(8), vipw(8).
-
-

-
-

 
-    
+
 
-    
+
diff --git a/visudo.man b/visudo.man
index ec54bebb9..68fc9886c 100644
--- a/visudo.man
+++ b/visudo.man
@@ -2,8 +2,8 @@
 ''' $RCSfile$$Revision$$Date$
 '''
 ''' $Log$
-''' Revision 1.6  1999/04/05 20:57:24  millert
-''' Crank version to 1.6 and combine copyright statements
+''' Revision 1.7  1999/07/22 13:10:46  millert
+''' regen
 '''
 '''
 .de Sh
@@ -96,7 +96,7 @@
 .nr % 0
 .rr F
 .\}
-.TH visudo 8 "1.6" "28/Mar/99" "MAINTENANCE COMMANDS"
+.TH .::visudo 8 "1.6" "22/Jul/1999" "MAINTENANCE COMMANDS"
 .UC
 .if n .hy 0
 .if n .na
@@ -259,12 +259,8 @@ Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
 .SH "DISCLAIMER"
 This program is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-General Public License for more details.
-.Sp
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-675 Mass Ave, Cambridge, MA 02139, USA.
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the LICENSE
+file distributed with sudo for more details.
 .SH "CAVEATS"
 Due to the syntax of the \fIsudoers\fR file, there is no way
 for \fBvisudo\fR to tell the difference between a mistyped
@@ -279,7 +275,7 @@ the individual \fBvisudo\fR program.
 \fIsudo\fR\|(8), \fIvipw\fR\|(8).
 
 .rn }` ''
-.IX Title "visudo 8"
+.IX Title ".::visudo 8"
 .IX Name "visudo - edit the sudoers file"
 
 .IX Header "NAME"