From: Todd C. Miller Date: Sun, 13 Aug 2000 21:09:22 +0000 (+0000) Subject: Substitute values from configure into man pages. X-Git-Tag: SUDO_1_6_4~264 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fafefc1df984d04a3da062415132547271c07dd7;p=sudo Substitute values from configure into man pages. --- diff --git a/aclocal.m4 b/aclocal.m4 index a04fda5c4..0637bac5e 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -139,15 +139,15 @@ AC_DEFUN(SUDO_TIMEDIR, [AC_MSG_CHECKING(for timestamp file location) if test -n "$with_timedir"; then AC_MSG_RESULT($with_timedir) AC_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$with_timedir") - TIMEDIR="$with_timedir" + timedir="$with_timedir" elif test -d "/var/run"; then AC_MSG_RESULT(/var/run/sudo) AC_DEFINE(_PATH_SUDO_TIMEDIR, "/var/run/sudo") - TIMEDIR="/var/run/sudo" + timedir="/var/run/sudo" else AC_MSG_RESULT(/tmp/.odus) AC_DEFINE(_PATH_SUDO_TIMEDIR, "/tmp/.odus") - TIMEDIR="/tmp/.odus" + timedir="/tmp/.odus" fi ])dnl diff --git a/configure b/configure index 3bea1c43d..66f2b291d 100755 --- a/configure +++ b/configure @@ -58,27 +58,27 @@ ac_help="$ac_help ac_help="$ac_help --with-logging log via syslog, file, or both" ac_help="$ac_help - --with-logfac syslog facility to log with (default is local2)" + --with-logfac syslog facility to log with (default is $logfac)" ac_help="$ac_help - --with-goodpri syslog priority for commands (def is notice)" + --with-goodpri syslog priority for commands (def is $goodpri)" ac_help="$ac_help - --with-badpri syslog priority for failures (def is alert)" + --with-badpri syslog priority for failures (def is $badpri)" ac_help="$ac_help --with-logpath path to the sudo log file" ac_help="$ac_help - --with-loglen maximum length of a log file line (default is 80)" + --with-loglen maximum length of a log file line (default is $loglen)" ac_help="$ac_help --with-ignore-dot ignore '.' in the PATH" -ac_help="$ac_help - --with-mailto who should get sudo mail (default is "root")" -ac_help="$ac_help - --with-mailsubject subject of sudo mail" ac_help="$ac_help --without-mail-if-no-user do not send mail if user not in sudoers" ac_help="$ac_help --with-mail-if-no-host send mail if user in sudoers but not for this host" ac_help="$ac_help --with-mail-if-noperms send mail if user not allowed to run command" +ac_help="$ac_help + --with-mailto who should get sudo mail (default is "$mailto")" +ac_help="$ac_help + --with-mailsubject subject of sudo mail" ac_help="$ac_help --with-passprompt default password prompt" ac_help="$ac_help @@ -97,7 +97,7 @@ ac_help="$ac_help ac_help="$ac_help --with-sudoers-gid gid that owns sudoers file (defaults to 0)" ac_help="$ac_help - --with-umask umask with which the prog should run (default is 0022) + --with-umask umask with which the prog should run (default is $sudo_umask) --without-umask Preserves the umask of the user invoking sudo." ac_help="$ac_help --with-runas-default User to run commands as (default is "root"" @@ -108,11 +108,11 @@ ac_help="$ac_help ac_help="$ac_help --with-env-editor Use the environment variable EDITOR for visudo" ac_help="$ac_help - --with-passwd-tries number of tries to enter password (default is 3)" + --with-passwd-tries number of tries to enter password (default is $passwd_tries)" ac_help="$ac_help - --with-timeout minutes before sudo asks for passwd again (def is 5)" + --with-timeout minutes before sudo asks for passwd again (def is $timeout)" ac_help="$ac_help - --with-password-timeout passwd prompt timeout in minutes (default is 5)" + --with-password-timeout passwd prompt timeout in minutes (default is $password_timeout)" ac_help="$ac_help --with-execv use execv() instead of execvp()" ac_help="$ac_help @@ -665,6 +665,51 @@ echo "Configuring Sudo version 1.6.3" + + + + + + + + + + + + + + + + + + + + + + +timeout=5 +password_timeout=5 +sudo_umask=0022 +passprompt="Password:" +long_otp_prompt=off +lecture=on +logfac=local2 +goodpri=notice +badpri=alert +loglen=80 +ignore_dot=off +mail_no_user=on +mail_no_host=off +mail_no_perms=off +mailto=root +mailsub='*** SECURITY information for %h ***' +badpass_message='Sorry, try again.' +fqdn=off +runas_default=root +env_editor=off +passwd_tries=3 +tty_tickets=off +insults=off PROGS="sudo visudo" test -n "$MANTYPE" || MANTYPE="man" test -n "$mansrcdir" || mansrcdir="." @@ -807,7 +852,7 @@ if test "${with_csops+set}" = set; then yes) echo 'Adding CSOps standard options' CHECKSIA=false with_ignore_dot=yes - with_insults=yes + insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes @@ -829,7 +874,7 @@ if test "${with_passwd+set}" = set; then EOF echo $ac_n "checking whether to use shadow/passwd file authentication""... $ac_c" 1>&6 -echo "configure:833: checking whether to use shadow/passwd file authentication" >&5 +echo "configure:878: checking whether to use shadow/passwd file authentication" >&5 echo "$ac_t""no" 1>&6 ;; *) { echo "configure: error: "Sorry, --with-passwd does not take an argument."" 1>&2; exit 1; } @@ -850,7 +895,7 @@ if test "${with_skey+set}" = set; then EOF echo $ac_n "checking whether to try S/Key authentication""... $ac_c" 1>&6 -echo "configure:854: checking whether to try S/Key authentication" >&5 +echo "configure:899: checking whether to try S/Key authentication" >&5 echo "$ac_t""yes" 1>&6 AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; @@ -873,7 +918,7 @@ if test "${with_opie+set}" = set; then EOF echo $ac_n "checking whether to try NRL OPIE authentication""... $ac_c" 1>&6 -echo "configure:877: checking whether to try NRL OPIE authentication" >&5 +echo "configure:922: checking whether to try NRL OPIE authentication" >&5 echo "$ac_t""yes" 1>&6 AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; @@ -893,10 +938,12 @@ if test "${with_long_otp_prompt+set}" = set; then EOF echo $ac_n "checking whether to use a two line prompt for OTP authentication""... $ac_c" 1>&6 -echo "configure:897: checking whether to use a two line prompt for OTP authentication" >&5 +echo "configure:942: checking whether to use a two line prompt for OTP authentication" >&5 echo "$ac_t""yes" 1>&6 + long_otp_prompt=on + ;; + no) long_otp_prompt=off ;; - no) ;; *) { echo "configure: error: "--with-long-otp-prompt does not take an argument."" 1>&2; exit 1; } ;; esac @@ -913,7 +960,7 @@ if test "${with_SecurID+set}" = set; then EOF echo $ac_n "checking whether to use SecurID for authentication""... $ac_c" 1>&6 -echo "configure:917: checking whether to use SecurID for authentication" >&5 +echo "configure:964: checking whether to use SecurID for authentication" >&5 echo "$ac_t""yes" 1>&6 with_passwd=no AUTH_OBJS="securid.o" @@ -931,7 +978,7 @@ if test "${with_fwtk+set}" = set; then EOF echo $ac_n "checking whether to use FWTK AuthSRV for authentication""... $ac_c" 1>&6 -echo "configure:935: checking whether to use FWTK AuthSRV for authentication" >&5 +echo "configure:982: checking whether to use FWTK AuthSRV for authentication" >&5 echo "$ac_t""yes" 1>&6 with_passwd=no AUTH_OBJS="fwtk.o" @@ -942,7 +989,7 @@ echo "configure:935: checking whether to use FWTK AuthSRV for authentication" >& EOF echo $ac_n "checking whether to use FWTK AuthSRV for authentication""... $ac_c" 1>&6 -echo "configure:946: checking whether to use FWTK AuthSRV for authentication" >&5 +echo "configure:993: checking whether to use FWTK AuthSRV for authentication" >&5 echo "$ac_t""yes" 1>&6 SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" @@ -959,7 +1006,7 @@ if test "${with_kerb4+set}" = set; then withval="$with_kerb4" case $with_kerb4 in yes) echo $ac_n "checking whether to try Kerberos 4 authentication""... $ac_c" 1>&6 -echo "configure:963: checking whether to try Kerberos 4 authentication" >&5 +echo "configure:1010: checking whether to try Kerberos 4 authentication" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -974,7 +1021,7 @@ if test "${with_kerb5+set}" = set; then withval="$with_kerb5" case $with_kerb5 in yes) echo $ac_n "checking whether to try Kerberos 5 authentication""... $ac_c" 1>&6 -echo "configure:978: checking whether to try Kerberos 5 authentication" >&5 +echo "configure:1025: checking whether to try Kerberos 5 authentication" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -993,7 +1040,7 @@ if test "${with_authenticate+set}" = set; then EOF echo $ac_n "checking whether to use AIX general authentication""... $ac_c" 1>&6 -echo "configure:997: checking whether to use AIX general authentication" >&5 +echo "configure:1044: checking whether to use AIX general authentication" >&5 echo "$ac_t""yes" 1>&6 with_passwd=no AUTH_OBJS="aix_auth.o" @@ -1014,7 +1061,7 @@ if test "${with_pam+set}" = set; then EOF echo $ac_n "checking whether to use PAM authentication""... $ac_c" 1>&6 -echo "configure:1018: checking whether to use PAM authentication" >&5 +echo "configure:1065: checking whether to use PAM authentication" >&5 echo "$ac_t""yes" 1>&6 with_passwd=no AUTH_OBJS="pam.o" @@ -1035,7 +1082,7 @@ if test "${with_AFS+set}" = set; then EOF echo $ac_n "checking whether to try AFS (kerberos) authentication""... $ac_c" 1>&6 -echo "configure:1039: checking whether to try AFS (kerberos) authentication" >&5 +echo "configure:1086: checking whether to try AFS (kerberos) authentication" >&5 echo "$ac_t""yes" 1>&6 AUTH_OBJS="${AUTH_OBJS} afs.o" ;; @@ -1055,7 +1102,7 @@ if test "${with_DCE+set}" = set; then EOF echo $ac_n "checking whether to try DCE (kerberos) authentication""... $ac_c" 1>&6 -echo "configure:1059: checking whether to try DCE (kerberos) authentication" >&5 +echo "configure:1106: checking whether to try DCE (kerberos) authentication" >&5 echo "$ac_t""yes" 1>&6 AUTH_OBJS="${AUTH_OBJS} dce.o" ;; @@ -1075,7 +1122,7 @@ if test "${with_logincap+set}" = set; then EOF echo $ac_n "checking whether to try BSD login capabilities database""... $ac_c" 1>&6 -echo "configure:1079: checking whether to try BSD login capabilities database" >&5 +echo "configure:1126: checking whether to try BSD login capabilities database" >&5 echo "$ac_t""yes" 1>&6 ;; no) ;; @@ -1086,29 +1133,32 @@ fi echo $ac_n "checking whether to lecture users the first time they run sudo""... $ac_c" 1>&6 -echo "configure:1090: checking whether to lecture users the first time they run sudo" >&5 +echo "configure:1137: checking whether to lecture users the first time they run sudo" >&5 # Check whether --with-lecture or --without-lecture was given. if test "${with_lecture+set}" = set; then withval="$with_lecture" case $with_lecture in - yes|short) echo "$ac_t""yes" 1>&6 + yes|short) lecture=on ;; - no|none) cat >> confdefs.h <<\EOF -#define NO_LECTURE 1 -EOF - - echo "$ac_t""no" 1>&6 + no|none) lecture=off ;; *) { echo "configure: error: "unknown argument to --with-lecture: $with_lecture"" 1>&2; exit 1; } ;; esac -else - echo "$ac_t""yes" 1>&6 fi +if test "$lecture" = "on"; then + echo "$ac_t""yes" 1>&6 +else + cat >> confdefs.h <<\EOF +#define NO_LECTURE 1 +EOF + + echo "$ac_t""no" 1>&6 +fi echo $ac_n "checking whether sudo should log via syslog or to a file by default""... $ac_c" 1>&6 -echo "configure:1112: checking whether sudo should log via syslog or to a file by default" >&5 +echo "configure:1162: checking whether sudo should log via syslog or to a file by default" >&5 # Check whether --with-logging or --without-logging was given. if test "${with_logging+set}" = set; then withval="$with_logging" @@ -1147,7 +1197,7 @@ fi echo $ac_n "checking which syslog facility sudo should log with""... $ac_c" 1>&6 -echo "configure:1151: checking which syslog facility sudo should log with" >&5 +echo "configure:1201: checking which syslog facility sudo should log with" >&5 # Check whether --with-logfac or --without-logfac was given. if test "${with_logfac+set}" = set; then withval="$with_logfac" @@ -1156,25 +1206,21 @@ if test "${with_logfac+set}" = set; then ;; no) { echo "configure: error: "--without-logfac not supported."" 1>&2; exit 1; } ;; - authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) cat >> confdefs.h <&6 + authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; *) { echo "configure: error: "$with_logfac is not a supported syslog facility."" 1>&2; exit 1; } ;; esac -else - cat >> confdefs.h <&6 fi +cat >> confdefs.h <&6 echo $ac_n "checking at which syslog priority to log commands""... $ac_c" 1>&6 -echo "configure:1178: checking at which syslog priority to log commands" >&5 +echo "configure:1224: checking at which syslog priority to log commands" >&5 # Check whether --with-goodpri or --without-goodpri was given. if test "${with_goodpri+set}" = set; then withval="$with_goodpri" @@ -1183,25 +1229,22 @@ if test "${with_goodpri+set}" = set; then ;; no) { echo "configure: error: "--without-goodpri not supported."" 1>&2; exit 1; } ;; - alert|crit|debug|emerg|err|info|notice|warning) cat >> confdefs.h <&6 + alert|crit|debug|emerg|err|info|notice|warning) + goodpri=$with_goodpri ;; *) { echo "configure: error: "$with_goodpri is not a supported syslog priority."" 1>&2; exit 1; } ;; esac -else - cat >> confdefs.h <&6 fi +cat >> confdefs.h <&6 echo $ac_n "checking at which syslog priority to log failures""... $ac_c" 1>&6 -echo "configure:1205: checking at which syslog priority to log failures" >&5 +echo "configure:1248: checking at which syslog priority to log failures" >&5 # Check whether --with-badpri or --without-badpri was given. if test "${with_badpri+set}" = set; then withval="$with_badpri" @@ -1210,22 +1253,19 @@ if test "${with_badpri+set}" = set; then ;; no) { echo "configure: error: "--without-badpri not supported."" 1>&2; exit 1; } ;; - alert|crit|debug|emerg|err|info|notice|warning) cat >> confdefs.h <&6 + alert|crit|debug|emerg|err|info|notice|warning) + badpri=$with_badpri ;; *) { echo "configure: error: $with_badpri is not a supported syslog priority." 1>&2; exit 1; } ;; esac -else - cat >> confdefs.h <&6 fi +cat >> confdefs.h <&6 # Check whether --with-logpath or --without-logpath was given. if test "${with_logpath+set}" = set; then @@ -1240,7 +1280,7 @@ fi echo $ac_n "checking how long a line in the log file should be""... $ac_c" 1>&6 -echo "configure:1244: checking how long a line in the log file should be" >&5 +echo "configure:1284: checking how long a line in the log file should be" >&5 # Check whether --with-loglen or --without-loglen was given. if test "${with_loglen+set}" = set; then withval="$with_loglen" @@ -1249,166 +1289,163 @@ if test "${with_loglen+set}" = set; then ;; no) { echo "configure: error: "--without-loglen not supported."" 1>&2; exit 1; } ;; - [0-9]*) cat >> confdefs.h <&6 + [0-9]*) loglen=$with_loglen ;; *) { echo "configure: error: "you must enter a number, not $with_loglen"" 1>&2; exit 1; } ;; esac -else - cat >> confdefs.h <<\EOF -#define MAXLOGFILELEN 80 -EOF - echo "$ac_t""80" 1>&6 fi +cat >> confdefs.h <&6 echo $ac_n "checking whether sudo should ignore '.' or '' in \$PATH""... $ac_c" 1>&6 -echo "configure:1271: checking whether sudo should ignore '.' or '' in \$PATH" >&5 +echo "configure:1307: checking whether sudo should ignore '.' or '' in \$PATH" >&5 # Check whether --with-ignore-dot or --without-ignore-dot was given. if test "${with_ignore_dot+set}" = set; then withval="$with_ignore_dot" case $with_ignore_dot in - yes) cat >> confdefs.h <<\EOF -#define IGNORE_DOT_PATH 1 -EOF - - echo "$ac_t""yes" 1>&6 + yes) ignore_dot=on ;; - no) echo "$ac_t""no" 1>&6 + no) ignore_dot=off ;; *) { echo "configure: error: "--with-ignore-dot does not take an argument."" 1>&2; exit 1; } ;; esac -else - echo "$ac_t""no" 1>&6 -fi - - -echo $ac_n "checking who should get the mail that sudo sends""... $ac_c" 1>&6 -echo "configure:1293: checking who should get the mail that sudo sends" >&5 -# Check whether --with-mailto or --without-mailto was given. -if test "${with_mailto+set}" = set; then - withval="$with_mailto" - case $with_mailto in - yes) { echo "configure: error: "must give --with-mailto an argument."" 1>&2; exit 1; } - ;; - no) { echo "configure: error: "--without-mailto not supported."" 1>&2; exit 1; } - ;; - *) cat >> confdefs.h <&6 - ;; -esac -else - cat >> confdefs.h <<\EOF -#define MAILTO "root" -EOF - echo "$ac_t""root" 1>&6 fi - -# Check whether --with-mailsubject or --without-mailsubject was given. -if test "${with_mailsubject+set}" = set; then - withval="$with_mailsubject" - case $with_mailsubject in - yes) { echo "configure: error: "must give --with-mailsubject an argument."" 1>&2; exit 1; } - ;; - no) echo "Sorry, --without-mailsubject not supported." - ;; - *) cat >> confdefs.h <> confdefs.h <<\EOF +#define IGNORE_DOT_PATH 1 EOF - echo $ac_n "checking sudo mail subject""... $ac_c" 1>&6 -echo "configure:1330: checking sudo mail subject" >&5 - echo "$ac_t""Using alert mail subject: $with_mailsubject" 1>&6 - ;; -esac + echo "$ac_t""yes" 1>&6 else - cat >> confdefs.h <<\EOF -#define MAILSUBJECT "*** SECURITY information for %h ***" -EOF - + echo "$ac_t""no" 1>&6 fi - echo $ac_n "checking whether to send mail when a user is not in sudoers""... $ac_c" 1>&6 -echo "configure:1343: checking whether to send mail when a user is not in sudoers" >&5 +echo "configure:1332: checking whether to send mail when a user is not in sudoers" >&5 # Check whether --with-mail-if-no-user or --without-mail-if-no-user was given. if test "${with_mail_if_no_user+set}" = set; then withval="$with_mail_if_no_user" case $with_mail_if_no_user in - yes) cat >> confdefs.h <<\EOF -#define SEND_MAIL_WHEN_NO_USER 1 -EOF - - echo "$ac_t""yes" 1>&6 + yes) mail_no_user=on ;; - no) echo "$ac_t""no" 1>&6 + no) mail_no_user=off ;; - *) { echo "configure: error: "unknown argument to --with-mail-if-no-user: $with_mail_if_no_user"" 1>&2; exit 1; } + *) { echo "configure: error: "--with-mail-if-no-user does not take an argument."" 1>&2; exit 1; } ;; esac -else - cat >> confdefs.h <<\EOF +fi + +if test "$mail_no_user" = "on"; then + cat >> confdefs.h <<\EOF #define SEND_MAIL_WHEN_NO_USER 1 EOF - echo "$ac_t""yes" 1>&6 -fi + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi echo $ac_n "checking whether to send mail when user listed but not for this host""... $ac_c" 1>&6 -echo "configure:1368: checking whether to send mail when user listed but not for this host" >&5 +echo "configure:1357: checking whether to send mail when user listed but not for this host" >&5 # Check whether --with-mail-if-no-host or --without-mail-if-no-host was given. if test "${with_mail_if_no_host+set}" = set; then withval="$with_mail_if_no_host" case $with_mail_if_no_host in - yes) cat >> confdefs.h <<\EOF -#define SEND_MAIL_WHEN_NO_HOST 1 -EOF - - echo "$ac_t""yes" 1>&6 + yes) mail_no_host=on ;; - no) echo "$ac_t""no" 1>&6 + no) mail_no_host=off ;; - *) { echo "configure: error: "unknown argument to --with-mail-if-no-host: $with_mail_if_no_host"" 1>&2; exit 1; } + *) { echo "configure: error: "--with-mail-if-no-host does not take an argument."" 1>&2; exit 1; } ;; esac -else - echo "$ac_t""no" 1>&6 fi +if test "$mail_no_host" = "on"; then + cat >> confdefs.h <<\EOF +#define SEND_MAIL_WHEN_NO_HOST 1 +EOF + + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi echo $ac_n "checking whether to send mail when a user tries a disallowed command""... $ac_c" 1>&6 -echo "configure:1390: checking whether to send mail when a user tries a disallowed command" >&5 +echo "configure:1382: checking whether to send mail when a user tries a disallowed command" >&5 # Check whether --with-mail-if-noperms or --without-mail-if-noperms was given. if test "${with_mail_if_noperms+set}" = set; then withval="$with_mail_if_noperms" case $with_mail_if_noperms in - yes) cat >> confdefs.h <<\EOF + yes) mail_noperms=on + ;; + no) mail_noperms=off + ;; + *) { echo "configure: error: "--with-mail-if-noperms does not take an argument."" 1>&2; exit 1; } + ;; +esac +fi + +if test "$mail_noperms" = "on"; then + cat >> confdefs.h <<\EOF #define SEND_MAIL_WHEN_NOT_OK 1 EOF - echo "$ac_t""yes" 1>&6 + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +echo $ac_n "checking who should get the mail that sudo sends""... $ac_c" 1>&6 +echo "configure:1407: checking who should get the mail that sudo sends" >&5 +# Check whether --with-mailto or --without-mailto was given. +if test "${with_mailto+set}" = set; then + withval="$with_mailto" + case $with_mailto in + yes) { echo "configure: error: "must give --with-mailto an argument."" 1>&2; exit 1; } ;; - no) echo "$ac_t""no" 1>&6 + no) { echo "configure: error: "--without-mailto not supported."" 1>&2; exit 1; } ;; - *) { echo "configure: error: "unknown argument to --with-mail-if-noperms: $with_mail_if_noperms"" 1>&2; exit 1; } + *) mailto=$with_mailto ;; esac -else - echo "$ac_t""no" 1>&6 fi +cat >> confdefs.h <&6 + +# Check whether --with-mailsubject or --without-mailsubject was given. +if test "${with_mailsubject+set}" = set; then + withval="$with_mailsubject" + case $with_mailsubject in + yes) { echo "configure: error: "must give --with-mailsubject an argument."" 1>&2; exit 1; } + ;; + no) echo "Sorry, --without-mailsubject not supported." + ;; + *) mailsub="$with_mailsubject" + echo $ac_n "checking sudo mail subject""... $ac_c" 1>&6 +echo "configure:1437: checking sudo mail subject" >&5 + echo "$ac_t""Using alert mail subject: $mailsub" 1>&6 + ;; +esac +fi + +cat >> confdefs.h <&6 -echo "configure:1412: checking for bad password prompt" >&5 +echo "configure:1449: checking for bad password prompt" >&5 # Check whether --with-passprompt or --without-passprompt was given. if test "${with_passprompt+set}" = set; then withval="$with_passprompt" @@ -1417,23 +1454,18 @@ if test "${with_passprompt+set}" = set; then ;; no) echo "Sorry, --without-passprompt not supported." ;; - *) cat >> confdefs.h <&6 - ;; + *) passprompt="$with_passprompt" esac -else - cat >> confdefs.h <<\EOF -#define PASSPROMPT "Password:" -EOF - echo "$ac_t""Password:" 1>&6 fi +echo "$ac_t""$passprompt" 1>&6 +cat >> confdefs.h <&6 -echo "configure:1437: checking for bad password message" >&5 +echo "configure:1469: checking for bad password message" >&5 # Check whether --with-badpass-message or --without-badpass-message was given. if test "${with_badpass_message+set}" = set; then withval="$with_badpass_message" @@ -1442,42 +1474,41 @@ if test "${with_badpass_message+set}" = set; then ;; no) echo "Sorry, --without-badpass-message not supported." ;; - *) cat >> confdefs.h <&6 + *) badpass_message="$with_badpass_message" ;; esac -else - cat >> confdefs.h <<\EOF -#define INCORRECT_PASSWORD "Sorry, try again." -EOF - echo "$ac_t""Sorry, try again." 1>&6 fi +cat >> confdefs.h <&6 echo $ac_n "checking whether to expect fully qualified hosts in sudoers""... $ac_c" 1>&6 -echo "configure:1462: checking whether to expect fully qualified hosts in sudoers" >&5 +echo "configure:1490: checking whether to expect fully qualified hosts in sudoers" >&5 # Check whether --with-fqdn or --without-fqdn was given. if test "${with_fqdn+set}" = set; then withval="$with_fqdn" case $with_fqdn in - yes) cat >> confdefs.h <<\EOF -#define FQDN 1 -EOF - - echo "$ac_t""yes" 1>&6 + yes) fqdn=on ;; - no) echo "$ac_t""no" 1>&6 + no) fqdn=off ;; *) { echo "configure: error: "--with-fqdn does not take an argument."" 1>&2; exit 1; } ;; esac -else - echo "$ac_t""no" 1>&6 fi +if test "$fqdn" = "on"; then + cat >> confdefs.h <<\EOF +#define FQDN 1 +EOF + + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi # Check whether --with-timedir or --without-timedir was given. if test "${with_timedir+set}" = set; then @@ -1558,7 +1589,7 @@ fi echo $ac_n "checking for umask programs should be run with""... $ac_c" 1>&6 -echo "configure:1562: checking for umask programs should be run with" >&5 +echo "configure:1593: checking for umask programs should be run with" >&5 # Check whether --with-umask or --without-umask was given. if test "${with_umask+set}" = set; then withval="$with_umask" @@ -1566,26 +1597,32 @@ if test "${with_umask+set}" = set; then yes) { echo "configure: error: "must give --with-umask an argument."" 1>&2; exit 1; } ;; no) echo "$ac_t""user" 1>&6 + sudo_umask=0777 ;; [0-9]*) cat >> confdefs.h <&6 + sudo_umask=$with_umask ;; *) { echo "configure: error: "you must enter a numeric mask."" 1>&2; exit 1; } ;; esac -else - cat >> confdefs.h <<\EOF -#define SUDO_UMASK 0022 -EOF - echo "$ac_t""0022" 1>&6 fi +cat >> confdefs.h <&6 +else + echo "$ac_t""$sudo_umask" 1>&6 +fi echo $ac_n "checking for default user to run commands as""... $ac_c" 1>&6 -echo "configure:1589: checking for default user to run commands as" >&5 +echo "configure:1626: checking for default user to run commands as" >&5 # Check whether --with-runas-default or --without-runas-default was given. if test "${with_runas_default+set}" = set; then withval="$with_runas_default" @@ -1594,20 +1631,16 @@ if test "${with_runas_default+set}" = set; then ;; no) { echo "configure: error: "--without-runas-default not supported."" 1>&2; exit 1; } ;; - *) cat >> confdefs.h <&6 + *) runas_default="$with_runas_default" ;; esac -else - cat >> confdefs.h <<\EOF -#define RUNAS_DEFAULT "root" -EOF - echo "$ac_t""root" 1>&6 fi +cat >> confdefs.h <&6 # Check whether --with-exempt or --without-exempt was given. if test "${with_exempt+set}" = set; then @@ -1622,7 +1655,7 @@ if test "${with_exempt+set}" = set; then EOF echo $ac_n "checking for group to be exempt from password""... $ac_c" 1>&6 -echo "configure:1626: checking for group to be exempt from password" >&5 +echo "configure:1659: checking for group to be exempt from password" >&5 echo "$ac_t""$with_exempt" 1>&6 ;; esac @@ -1630,7 +1663,7 @@ fi echo $ac_n "checking for editor that visudo should use""... $ac_c" 1>&6 -echo "configure:1634: checking for editor that visudo should use" >&5 +echo "configure:1667: checking for editor that visudo should use" >&5 # Check whether --with-editor or --without-editor was given. if test "${with_editor+set}" = set; then withval="$with_editor" @@ -1655,195 +1688,166 @@ fi echo $ac_n "checking whether to obey EDITOR and VISUAL environment variables""... $ac_c" 1>&6 -echo "configure:1659: checking whether to obey EDITOR and VISUAL environment variables" >&5 +echo "configure:1692: checking whether to obey EDITOR and VISUAL environment variables" >&5 # Check whether --with-env-editor or --without-env-editor was given. if test "${with_env_editor+set}" = set; then withval="$with_env_editor" case $with_env_editor in - yes) cat >> confdefs.h <<\EOF -#define ENV_EDITOR 1 -EOF - - echo "$ac_t""yes" 1>&6 + yes) env_editor=on ;; - no) echo "$ac_t""no" 1>&6 + no) env_editor=off ;; *) { echo "configure: error: "--with-env-editor does not take an argument."" 1>&2; exit 1; } ;; esac -else - echo "$ac_t""no" 1>&6 fi +if test "$env_editor" = "on"; then + cat >> confdefs.h <<\EOF +#define ENV_EDITOR 1 +EOF + + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi echo $ac_n "checking number of tries a user gets to enter their password""... $ac_c" 1>&6 -echo "configure:1681: checking number of tries a user gets to enter their password" >&5 +echo "configure:1717: checking number of tries a user gets to enter their password" >&5 # Check whether --with-passwd-tries or --without-passwd-tries was given. if test "${with_passwd_tries+set}" = set; then withval="$with_passwd_tries" case $with_passwd_tries in - yes) cat >> confdefs.h <<\EOF -#define TRIES_FOR_PASSWORD 3 -EOF - - echo "$ac_t""3" 1>&6 - ;; + yes) ;; no) { echo "configure: error: "--without-editor not supported."" 1>&2; exit 1; } ;; - [1-9]*) cat >> confdefs.h <&6 + [1-9]*) passwd_tries=$with_passwd_tries ;; *) { echo "configure: error: "you must enter the numer of tries, > 0"" 1>&2; exit 1; } ;; esac -else - cat >> confdefs.h <<\EOF -#define TRIES_FOR_PASSWORD 3 -EOF - echo "$ac_t""3" 1>&6 fi +cat >> confdefs.h <&6 echo $ac_n "checking time in minutes after which sudo will ask for a password again""... $ac_c" 1>&6 -echo "configure:1712: checking time in minutes after which sudo will ask for a password again" >&5 +echo "configure:1739: checking time in minutes after which sudo will ask for a password again" >&5 # Check whether --with-timeout or --without-timeout was given. if test "${with_timeout+set}" = set; then withval="$with_timeout" echo $with_timeout; case $with_timeout in - yes) cat >> confdefs.h <<\EOF -#define TIMEOUT 5 -EOF - - echo "$ac_t""5" 1>&6 - ;; - no) cat >> confdefs.h <<\EOF -#define TIMEOUT 0 -EOF - - echo "$ac_t""no timeout" 1>&6 + yes) ;; + no) timeout=0 ;; - [0-9]*) cat >> confdefs.h <&6 + [0-9]*) timeout=$with_timeout ;; *) { echo "configure: error: "you must enter the numer of minutes."" 1>&2; exit 1; } ;; esac -else - cat >> confdefs.h <<\EOF -#define TIMEOUT 5 -EOF - echo "$ac_t""5" 1>&6 fi +cat >> confdefs.h <&6 echo $ac_n "checking time in minutes after the password prompt will time out""... $ac_c" 1>&6 -echo "configure:1747: checking time in minutes after the password prompt will time out" >&5 +echo "configure:1761: checking time in minutes after the password prompt will time out" >&5 # Check whether --with-password-timeout or --without-password-timeout was given. if test "${with_password_timeout+set}" = set; then withval="$with_password_timeout" case $with_password_timeout in - yes) cat >> confdefs.h <<\EOF -#define PASSWORD_TIMEOUT 5 -EOF - - echo "$ac_t""5" 1>&6 + yes) ;; + no) password_timeout=0 ;; - no) cat >> confdefs.h <<\EOF -#define PASSWORD_TIMEOUT 0 -EOF - - echo "$ac_t""no timeout" 1>&6 - ;; - [0-9]*) cat >> confdefs.h <&6 + [0-9]*) password_timeout=$with_password_timeout ;; *) { echo "configure: error: "you must enter the numer of minutes."" 1>&2; exit 1; } ;; esac -else - cat >> confdefs.h <<\EOF -#define PASSWORD_TIMEOUT 5 -EOF - echo "$ac_t""5" 1>&6 fi +cat >> confdefs.h <&6 -echo $ac_n "checking whether to use execvp or execv""... $ac_c" 1>&6 -echo "configure:1782: checking whether to use execvp or execv" >&5 # Check whether --with-execv or --without-execv was given. if test "${with_execv+set}" = set; then withval="$with_execv" case $with_execv in - yes) cat >> confdefs.h <<\EOF + yes) echo $ac_n "checking whether to use execvp or execv""... $ac_c" 1>&6 +echo "configure:1787: checking whether to use execvp or execv" >&5 + echo "$ac_t""execv" 1>&6 + cat >> confdefs.h <<\EOF #define USE_EXECV 1 EOF - echo "$ac_t""execv" 1>&6 - ;; - no) echo "$ac_t""execvp" 1>&6 ;; + no) ;; *) { echo "configure: error: "--with-execv does not take an argument."" 1>&2; exit 1; } ;; esac -else - echo "$ac_t""execvp" 1>&6 fi echo $ac_n "checking whether to use per-tty ticket files""... $ac_c" 1>&6 -echo "configure:1804: checking whether to use per-tty ticket files" >&5 +echo "configure:1802: checking whether to use per-tty ticket files" >&5 # Check whether --with-tty-tickets or --without-tty-tickets was given. if test "${with_tty_tickets+set}" = set; then withval="$with_tty_tickets" case $with_tty_tickets in - yes) cat >> confdefs.h <<\EOF -#define USE_TTY_TICKETS 1 -EOF - - echo "$ac_t""yes" 1>&6 + yes) tty_tickets=on ;; - no) echo "$ac_t""no" 1>&6 + no) tty_tickets=off ;; *) { echo "configure: error: "--with-tty-tickets does not take an argument."" 1>&2; exit 1; } ;; esac -else - echo "$ac_t""no" 1>&6 fi +if test "$tty_tickets" = "on"; then + cat >> confdefs.h <<\EOF +#define USE_TTY_TICKETS 1 +EOF + + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi echo $ac_n "checking whether to include insults""... $ac_c" 1>&6 -echo "configure:1826: checking whether to include insults" >&5 +echo "configure:1827: checking whether to include insults" >&5 # Check whether --with-insults or --without-insults was given. if test "${with_insults+set}" = set; then withval="$with_insults" case $with_insults in - yes) cat >> confdefs.h <<\EOF -#define USE_INSULTS 1 -EOF - - echo "$ac_t""yes" 1>&6 + yes) insults=on with_classic_insults=yes with_csops_insults=yes ;; - no) echo "$ac_t""no" 1>&6 + no) insults=off ;; *) { echo "configure: error: "--with-insults does not take an argument."" 1>&2; exit 1; } ;; esac -else - echo "$ac_t""no" 1>&6 fi +if test "$insults" = "on"; then + cat >> confdefs.h <<\EOF +#define USE_INSULTS 1 +EOF + + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi # Check whether --with-all-insults or --without-all-insults was given. if test "${with_all_insults+set}" = set; then @@ -1925,9 +1929,9 @@ esac fi -if test "$with_insults" = "yes"; then +if test "$insults" = "on"; then echo $ac_n "checking which insult sets to include""... $ac_c" 1>&6 -echo "configure:1931: checking which insult sets to include" >&5 +echo "configure:1935: checking which insult sets to include" >&5 i="" test "$with_goons_insults" = "yes" && i="goons ${i}" test "$with_hal_insults" = "yes" && i="hal ${i}" @@ -1937,7 +1941,7 @@ echo "configure:1931: checking which insult sets to include" >&5 fi echo $ac_n "checking whether to override the user's path""... $ac_c" 1>&6 -echo "configure:1941: checking whether to override the user's path" >&5 +echo "configure:1945: checking whether to override the user's path" >&5 # Check whether --with-secure-path or --without-secure-path was given. if test "${with_secure_path+set}" = set; then withval="$with_secure_path" @@ -1963,7 +1967,7 @@ fi echo $ac_n "checking whether to get ip addresses from the network interfaces""... $ac_c" 1>&6 -echo "configure:1967: checking whether to get ip addresses from the network interfaces" >&5 +echo "configure:1971: checking whether to get ip addresses from the network interfaces" >&5 # Check whether --with-interfaces or --without-interfaces was given. if test "${with_interfaces+set}" = set; then withval="$with_interfaces" @@ -1986,7 +1990,7 @@ fi echo $ac_n "checking whether to do user authentication by default""... $ac_c" 1>&6 -echo "configure:1990: checking whether to do user authentication by default" >&5 +echo "configure:1994: checking whether to do user authentication by default" >&5 # Check whether --enable-authentication or --disable-authentication was given. if test "${enable_authentication+set}" = set; then enableval="$enable_authentication" @@ -2010,7 +2014,7 @@ fi echo $ac_n "checking whether to disable shadow password support""... $ac_c" 1>&6 -echo "configure:2014: checking whether to disable shadow password support" >&5 +echo "configure:2018: checking whether to disable shadow password support" >&5 # Check whether --enable-shadow or --disable-shadow was given. if test "${enable_shadow+set}" = set; then enableval="$enable_shadow" @@ -2031,7 +2035,7 @@ fi echo $ac_n "checking whether root should be allowed to use sudo""... $ac_c" 1>&6 -echo "configure:2035: checking whether root should be allowed to use sudo" >&5 +echo "configure:2039: checking whether root should be allowed to use sudo" >&5 # Check whether --enable-root-sudo or --disable-root-sudo was given. if test "${enable_root_sudo+set}" = set; then enableval="$enable_root_sudo" @@ -2054,7 +2058,7 @@ fi echo $ac_n "checking whether to log the hostname in the log file""... $ac_c" 1>&6 -echo "configure:2058: checking whether to log the hostname in the log file" >&5 +echo "configure:2062: checking whether to log the hostname in the log file" >&5 # Check whether --enable-log-host or --disable-log-host was given. if test "${enable_log_host+set}" = set; then enableval="$enable_log_host" @@ -2078,7 +2082,7 @@ fi echo $ac_n "checking whether to invoke a shell if sudo is given no arguments""... $ac_c" 1>&6 -echo "configure:2082: checking whether to invoke a shell if sudo is given no arguments" >&5 +echo "configure:2086: checking whether to invoke a shell if sudo is given no arguments" >&5 # Check whether --enable-noargs-shell or --disable-noargs-shell was given. if test "${enable_noargs_shell+set}" = set; then enableval="$enable_noargs_shell" @@ -2102,7 +2106,7 @@ fi echo $ac_n "checking whether to set \$HOME to target user in shell mode""... $ac_c" 1>&6 -echo "configure:2106: checking whether to set \$HOME to target user in shell mode" >&5 +echo "configure:2110: checking whether to set \$HOME to target user in shell mode" >&5 # Check whether --enable-shell-sets-home or --disable-shell-sets-home was given. if test "${enable_shell_sets_home+set}" = set; then enableval="$enable_shell_sets_home" @@ -2126,7 +2130,7 @@ fi echo $ac_n "checking whether to disable 'command not found' messages""... $ac_c" 1>&6 -echo "configure:2130: checking whether to disable 'command not found' messages" >&5 +echo "configure:2134: checking whether to disable 'command not found' messages" >&5 # Check whether --enable-path_info or --disable-path_info was given. if test "${enable_path_info+set}" = set; then enableval="$enable_path_info" @@ -2152,7 +2156,7 @@ fi # Extract the first word of "egrep", so it can be a program name with args. set dummy egrep; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2156: checking for $ac_word" >&5 +echo "configure:2160: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_EGREPPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2187,7 +2191,7 @@ cross_compiling="no" # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2191: checking for $ac_word" >&5 +echo "configure:2195: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2216,7 +2220,7 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2220: checking for $ac_word" >&5 +echo "configure:2224: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2264,7 +2268,7 @@ fi fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:2268: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:2272: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -2274,11 +2278,11 @@ ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2286: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -2298,12 +2302,12 @@ if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:2302: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:2306: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:2307: checking whether we are using GNU C" >&5 +echo "configure:2311: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2312,7 +2316,7 @@ else yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:2316: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:2320: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -2327,7 +2331,7 @@ if test $ac_cv_prog_gcc = yes; then ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:2331: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:2335: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2357,7 +2361,7 @@ fi ac_cv_prog_cc_cross="no" cross_compiling="no" echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:2361: checking how to run the C preprocessor" >&5 +echo "configure:2365: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -2372,13 +2376,13 @@ else # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2382: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2386: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : @@ -2389,13 +2393,13 @@ else rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2399: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2403: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : @@ -2418,7 +2422,7 @@ fi echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 -echo "configure:2422: checking for POSIXized ISC" >&5 +echo "configure:2426: checking for POSIXized ISC" >&5 if test -d /etc/conf/kconfig.d && grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 then @@ -2446,7 +2450,7 @@ fi # Extract the first word of "uname", so it can be a program name with args. set dummy uname; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2450: checking for $ac_word" >&5 +echo "configure:2454: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_UNAMEPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2474,7 +2478,7 @@ fi # Extract the first word of "tr", so it can be a program name with args. set dummy tr; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2478: checking for $ac_word" >&5 +echo "configure:2482: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_TRPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2502,7 +2506,7 @@ fi # Extract the first word of "sed", so it can be a program name with args. set dummy sed; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2506: checking for $ac_word" >&5 +echo "configure:2510: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_SEDPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2530,7 +2534,7 @@ fi # Extract the first word of "nroff", so it can be a program name with args. set dummy nroff; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:2534: checking for $ac_word" >&5 +echo "configure:2538: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_NROFFPROG'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2586,7 +2590,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:2590: checking host system type" >&5 +echo "configure:2594: checking host system type" >&5 host_alias=$host case "$host_alias" in @@ -2615,7 +2619,7 @@ if test -n "$sudo_cv_prev_host"; then exit 1 else echo $ac_n "checking previous host type""... $ac_c" 1>&6 -echo "configure:2619: checking previous host type" >&5 +echo "configure:2623: checking previous host type" >&5 if eval "test \"`echo '$''{'sudo_cv_prev_host'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2655,12 +2659,12 @@ case "$host" in # check for password adjunct functions (shadow passwords) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getpwanam""... $ac_c" 1>&6 -echo "configure:2659: checking for getpwanam" >&5 +echo "configure:2663: checking for getpwanam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getpwanam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2691: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getpwanam=yes" else @@ -2703,12 +2707,12 @@ EOF for ac_func in issecure do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2707: checking for $ac_func" >&5 +echo "configure:2711: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2739: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2784,7 +2788,7 @@ EOF *-*-hiuxmpp*) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:2788: checking for getprpwnam in -lsec" >&5 +echo "configure:2792: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -2796,7 +2800,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2815: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2829,7 +2833,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:2833: checking for getprpwnam in -lsecurity" >&5 +echo "configure:2837: checking for getprpwnam in -lsecurity" >&5 if test -n ""; then ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -2841,7 +2845,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2860: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2901,7 +2905,7 @@ fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:2905: checking for getprpwnam in -lsec" >&5 +echo "configure:2909: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -2913,7 +2917,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2932: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2943,7 +2947,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then #define HAVE_GETPRPWNAM 1 EOF echo $ac_n "checking for iscomsec in -lsec""... $ac_c" 1>&6 -echo "configure:2947: checking for iscomsec in -lsec" >&5 +echo "configure:2951: checking for iscomsec in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'iscomsec | sed 'y% ./+-%___p_%'` else @@ -2955,7 +2959,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2974: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3037,12 +3041,12 @@ EOF for ac_func in getspwuid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3041: checking for $ac_func" >&5 +echo "configure:3045: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3073: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3141,7 +3145,7 @@ EOF SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement" echo $ac_n "checking whether to disable sia support on Digital UNIX""... $ac_c" 1>&6 -echo "configure:3145: checking whether to disable sia support on Digital UNIX" >&5 +echo "configure:3149: checking whether to disable sia support on Digital UNIX" >&5 # Check whether --enable-sia or --disable-sia was given. if test "${enable_sia+set}" = set; then enableval="$enable_sia" @@ -3165,12 +3169,12 @@ fi # unless overridden on the command line if test "$CHECKSIA" = "true"; then echo $ac_n "checking for sia_ses_init""... $ac_c" 1>&6 -echo "configure:3169: checking for sia_ses_init" >&5 +echo "configure:3173: checking for sia_ses_init" >&5 if eval "test \"`echo '$''{'ac_cv_func_sia_ses_init'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_sia_ses_init=yes" else @@ -3221,7 +3225,7 @@ fi fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:3225: checking for getprpwnam in -lsecurity" >&5 +echo "configure:3229: checking for getprpwnam in -lsecurity" >&5 if test -n ""; then ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3233,7 +3237,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3252: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3274,12 +3278,12 @@ EOF # -ldb includes bogus versions of snprintf/vsnprintf echo $ac_n "checking for snprintf""... $ac_c" 1>&6 -echo "configure:3278: checking for snprintf" >&5 +echo "configure:3282: checking for snprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_snprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3310: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_snprintf=yes" else @@ -3326,12 +3330,12 @@ NEED_SNPRINTF=1 fi echo $ac_n "checking for vsnprintf""... $ac_c" 1>&6 -echo "configure:3330: checking for vsnprintf" >&5 +echo "configure:3334: checking for vsnprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_vsnprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3362: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_vsnprintf=yes" else @@ -3379,7 +3383,7 @@ fi # 4.x and higher need -ldb too... echo $ac_n "checking for dbopen in -ldb""... $ac_c" 1>&6 -echo "configure:3383: checking for dbopen in -ldb" >&5 +echo "configure:3387: checking for dbopen in -ldb" >&5 if test -n ""; then ac_lib_var=`echo db'_'dbopen | sed 'y% ./+-%___p_%'` else @@ -3391,7 +3395,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldb $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3410: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3426,12 +3430,12 @@ fi for ac_func in dispcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3430: checking for $ac_func" >&5 +echo "configure:3434: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3462: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3479,9 +3483,9 @@ fi done echo $ac_n "checking for broken /usr/include/prot.h""... $ac_c" 1>&6 -echo "configure:3483: checking for broken /usr/include/prot.h" >&5 +echo "configure:3487: checking for broken /usr/include/prot.h" >&5 cat > conftest.$ac_ext < @@ -3492,7 +3496,7 @@ int main() { exit(0); ; return 0; } EOF -if { (eval echo configure:3496: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3500: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* echo "$ac_t""no" 1>&6 else @@ -3504,7 +3508,7 @@ else fi rm -f conftest* - else + elif test "$CHECKSIA" = "true"; then with_passwd=no AUTH_OBJS="sia.o" fi @@ -3540,7 +3544,7 @@ EOF # IRIX <= 4 needs -lsun if test "$OSREV" -le 4; then echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6 -echo "configure:3544: checking for getpwnam in -lsun" >&5 +echo "configure:3548: checking for getpwnam in -lsun" >&5 if test -n ""; then ac_lib_var=`echo sun'_'getpwnam | sed 'y% ./+-%___p_%'` else @@ -3552,7 +3556,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsun $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3571: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3597,12 +3601,12 @@ EOF # Some Linux versions need to link with -lshadow if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:3601: checking for getspnam" >&5 +echo "configure:3605: checking for getspnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3633: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getspnam=yes" else @@ -3646,7 +3650,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6 -echo "configure:3650: checking for getspnam in -lshadow" >&5 +echo "configure:3654: checking for getspnam in -lshadow" >&5 if test -n ""; then ac_lib_var=`echo shadow'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3658,7 +3662,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lshadow $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3677: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3708,7 +3712,7 @@ EOF if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:3712: checking for getprpwnam in -lsec" >&5 +echo "configure:3716: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -3720,7 +3724,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3739: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3761,7 +3765,7 @@ fi OS="ultrix" if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getauthuid in -lauth""... $ac_c" 1>&6 -echo "configure:3765: checking for getauthuid in -lauth" >&5 +echo "configure:3769: checking for getauthuid in -lauth" >&5 if test -n ""; then ac_lib_var=`echo auth'_'getauthuid | sed 'y% ./+-%___p_%'` else @@ -3773,7 +3777,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lauth $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3792: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3825,7 +3829,7 @@ fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3829: checking for getspnam in -lsec" >&5 +echo "configure:3833: checking for getspnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3837,7 +3841,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3856: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3879,7 +3883,7 @@ fi *-*-sco*) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam in -lprot""... $ac_c" 1>&6 -echo "configure:3883: checking for getprpwnam in -lprot" >&5 +echo "configure:3887: checking for getprpwnam in -lprot" >&5 if test -n "-lx"; then ac_lib_var=`echo prot'_'getprpwnam-lx | sed 'y% ./+-%___p_%'` else @@ -3891,7 +3895,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lprot -lx $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3910: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3926,7 +3930,7 @@ else fi echo $ac_n "checking for getspnam in -lgen""... $ac_c" 1>&6 -echo "configure:3930: checking for getspnam in -lgen" >&5 +echo "configure:3934: checking for getspnam in -lgen" >&5 if test -n ""; then ac_lib_var=`echo gen'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3938,7 +3942,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lgen $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3980,7 +3984,7 @@ fi *-sequent-sysv*) if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3984: checking for getspnam in -lsec" >&5 +echo "configure:3988: checking for getspnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getspnam | sed 'y% ./+-%___p_%'` else @@ -3992,7 +3996,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4072,12 +4076,12 @@ test -n "$mansectform" || mansectform=5 if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:4076: checking for getspnam" >&5 +echo "configure:4080: checking for getspnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4108: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getspnam=yes" else @@ -4125,12 +4129,12 @@ fi fi if test "$CHECKSHADOW" = "true"; then echo $ac_n "checking for getprpwnam""... $ac_c" 1>&6 -echo "configure:4129: checking for getprpwnam" >&5 +echo "configure:4133: checking for getprpwnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getprpwnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4161: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getprpwnam=yes" else @@ -4174,7 +4178,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 -echo "configure:4178: checking for getprpwnam in -lsec" >&5 +echo "configure:4182: checking for getprpwnam in -lsec" >&5 if test -n ""; then ac_lib_var=`echo sec'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -4186,7 +4190,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4205: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4219,7 +4223,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 -echo "configure:4223: checking for getprpwnam in -lsecurity" >&5 +echo "configure:4227: checking for getprpwnam in -lsecurity" >&5 if test -n ""; then ac_lib_var=`echo security'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -4231,7 +4235,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4250: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4264,7 +4268,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for getprpwnam in -lprot""... $ac_c" 1>&6 -echo "configure:4268: checking for getprpwnam in -lprot" >&5 +echo "configure:4272: checking for getprpwnam in -lprot" >&5 if test -n ""; then ac_lib_var=`echo prot'_'getprpwnam | sed 'y% ./+-%___p_%'` else @@ -4276,7 +4280,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lprot $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4295: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4320,13 +4324,13 @@ fi if test $ac_cv_prog_gcc = yes; then echo $ac_n "checking whether ${CC-cc} needs -traditional""... $ac_c" 1>&6 -echo "configure:4324: checking whether ${CC-cc} needs -traditional" >&5 +echo "configure:4328: checking whether ${CC-cc} needs -traditional" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc_traditional'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_pattern="Autoconf.*'x'" cat > conftest.$ac_ext < Autoconf TIOCGETP @@ -4344,7 +4348,7 @@ rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then cat > conftest.$ac_ext < Autoconf TCGETA @@ -4366,12 +4370,12 @@ echo "$ac_t""$ac_cv_prog_gcc_traditional" 1>&6 fi echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:4370: checking for working const" >&5 +echo "configure:4374: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4428: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -4445,7 +4449,7 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4449: checking for $ac_word" >&5 +echo "configure:4453: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4475,7 +4479,7 @@ done test -n "$YACC" || YACC="yacc" echo $ac_n "checking for mv""... $ac_c" 1>&6 -echo "configure:4479: checking for mv" >&5 +echo "configure:4483: checking for mv" >&5 if test -f "/usr/bin/mv"; then echo "$ac_t""/usr/bin/mv" 1>&6 cat >> confdefs.h <<\EOF @@ -4505,7 +4509,7 @@ else fi echo $ac_n "checking for bourne shell""... $ac_c" 1>&6 -echo "configure:4509: checking for bourne shell" >&5 +echo "configure:4513: checking for bourne shell" >&5 if test -f "/bin/sh"; then echo "$ac_t""/bin/sh" 1>&6 cat >> confdefs.h <<\EOF @@ -4560,7 +4564,7 @@ fi if test -z "$with_sendmail"; then echo $ac_n "checking for sendmail""... $ac_c" 1>&6 -echo "configure:4564: checking for sendmail" >&5 +echo "configure:4568: checking for sendmail" >&5 if test -f "/usr/sbin/sendmail"; then echo "$ac_t""/usr/sbin/sendmail" 1>&6 cat >> confdefs.h <<\EOF @@ -4604,7 +4608,7 @@ fi fi if test -z "$with_editor"; then echo $ac_n "checking for vi""... $ac_c" 1>&6 -echo "configure:4608: checking for vi" >&5 +echo "configure:4612: checking for vi" >&5 if test -f "/usr/bin/vi"; then echo "$ac_t""/usr/bin/vi" 1>&6 cat >> confdefs.h <<\EOF @@ -4641,12 +4645,12 @@ fi fi echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:4645: checking for ANSI C header files" >&5 +echo "configure:4649: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -4654,7 +4658,7 @@ else #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4658: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4662: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4671,7 +4675,7 @@ rm -f conftest* if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -4689,7 +4693,7 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -4710,7 +4714,7 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -4721,7 +4725,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); exit (0); } EOF -if { (eval echo configure:4725: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4729: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then : else @@ -4749,12 +4753,12 @@ for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:4753: checking for $ac_hdr that defines DIR" >&5 +echo "configure:4757: checking for $ac_hdr that defines DIR" >&5 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include <$ac_hdr> @@ -4762,7 +4766,7 @@ int main() { DIR *dirp = 0; ; return 0; } EOF -if { (eval echo configure:4766: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4770: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=yes" else @@ -4787,7 +4791,7 @@ done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:4791: checking for opendir in -ldir" >&5 +echo "configure:4795: checking for opendir in -ldir" >&5 if test -n ""; then ac_lib_var=`echo dir'_'opendir | sed 'y% ./+-%___p_%'` else @@ -4799,7 +4803,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldir $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4818: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4832,7 +4836,7 @@ fi else echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:4836: checking for opendir in -lx" >&5 +echo "configure:4840: checking for opendir in -lx" >&5 if test -n ""; then ac_lib_var=`echo x'_'opendir | sed 'y% ./+-%___p_%'` else @@ -4844,7 +4848,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lx $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4863: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4881,17 +4885,17 @@ for ac_hdr in string.h strings.h unistd.h malloc.h paths.h utime.h netgroup.h sy do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4885: checking for $ac_hdr" >&5 +echo "configure:4889: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4895: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4899: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4922,17 +4926,17 @@ if test "$OS" != "ultrix"; then do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4926: checking for $ac_hdr" >&5 +echo "configure:4930: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4936: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4940: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4962,17 +4966,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4966: checking for $ac_hdr" >&5 +echo "configure:4970: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4976: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4980: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4995,12 +4999,12 @@ EOF for ac_func in tcgetattr do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4999: checking for $ac_func" >&5 +echo "configure:5003: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5031: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5054,12 +5058,12 @@ done fi echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:5058: checking for mode_t" >&5 +echo "configure:5062: checking for mode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5087,12 +5091,12 @@ EOF fi echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:5091: checking for uid_t in sys/types.h" >&5 +echo "configure:5095: checking for uid_t in sys/types.h" >&5 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF @@ -5121,12 +5125,12 @@ EOF fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:5125: checking for size_t" >&5 +echo "configure:5129: checking for size_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5156,12 +5160,12 @@ EOF fi echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 -echo "configure:5160: checking for ssize_t" >&5 +echo "configure:5164: checking for ssize_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_ssize_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5191,12 +5195,12 @@ EOF fi echo $ac_n "checking for dev_t""... $ac_c" 1>&6 -echo "configure:5195: checking for dev_t" >&5 +echo "configure:5199: checking for dev_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_dev_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5226,12 +5230,12 @@ EOF fi echo $ac_n "checking for ino_t""... $ac_c" 1>&6 -echo "configure:5230: checking for ino_t" >&5 +echo "configure:5234: checking for ino_t" >&5 if eval "test \"`echo '$''{'sudo_cv_type_ino_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -5261,9 +5265,9 @@ EOF fi echo $ac_n "checking for full void implementation""... $ac_c" 1>&6 -echo "configure:5265: checking for full void implementation" >&5 +echo "configure:5269: checking for full void implementation" >&5 cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:5279: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define VOID void @@ -5291,7 +5295,7 @@ fi rm -f conftest* echo $ac_n "checking max length of uid_t""... $ac_c" 1>&6 -echo "configure:5295: checking max length of uid_t" >&5 +echo "configure:5299: checking max length of uid_t" >&5 if eval "test \"`echo '$''{'sudo_cv_uid_t_len'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5300,7 +5304,7 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < #include @@ -5321,7 +5325,7 @@ main() { exit(0); } EOF -if { (eval echo configure:5325: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5329: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_uid_t_len=`cat conftestdata` else @@ -5344,16 +5348,16 @@ EOF echo $ac_n "checking for long long support""... $ac_c" 1>&6 -echo "configure:5348: checking for long long support" >&5 +echo "configure:5352: checking for long long support" >&5 cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5361: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_LONG_LONG 1 @@ -5363,11 +5367,11 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5375: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then cat >> confdefs.h <<\EOF #define LONG_IS_QUAD 1 @@ -5389,7 +5393,7 @@ else fi rm -f conftest* echo $ac_n "checking for sa_len field in struct sockaddr""... $ac_c" 1>&6 -echo "configure:5393: checking for sa_len field in struct sockaddr" >&5 +echo "configure:5397: checking for sa_len field in struct sockaddr" >&5 if eval "test \"`echo '$''{'sudo_cv_sock_sa_len'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5397,7 +5401,7 @@ else sudo_cv_sock_sa_len=no else cat > conftest.$ac_ext < #include @@ -5407,7 +5411,7 @@ s.sa_len = 0; exit(0); } EOF -if { (eval echo configure:5411: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5415: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_sock_sa_len=yes else @@ -5432,12 +5436,12 @@ fi case "$DEFS" in *"RETSIGTYPE"*) ;; *) echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:5436: checking return type of signal handlers" >&5 +echo "configure:5440: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -5454,7 +5458,7 @@ int main() { int i; ; return 0; } EOF -if { (eval echo configure:5458: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:5462: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else @@ -5476,12 +5480,12 @@ esac for ac_func in strchr strrchr memchr memcpy memset sysconf sigaction tzset seteuid strftime setrlimit initgroups fstat do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5480: checking for $ac_func" >&5 +echo "configure:5484: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5512: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5528,16 +5532,73 @@ else fi done +if test X"$with_interfaces" != X"no"; then + for ac_func in getifaddrs +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5540: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5568: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +fi if test -n "$SECUREWARE"; then for ac_func in bigcrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5536: checking for $ac_func" >&5 +echo "configure:5597: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5625: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5587,12 +5648,12 @@ done for ac_func in set_auth_parameters do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5591: checking for $ac_func" >&5 +echo "configure:5652: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5680: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5642,12 +5703,12 @@ done for ac_func in initprivs do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5646: checking for $ac_func" >&5 +echo "configure:5707: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5735: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5697,12 +5758,12 @@ done fi if test -z "$BROKEN_GETCWD"; then echo $ac_n "checking for getcwd""... $ac_c" 1>&6 -echo "configure:5701: checking for getcwd" >&5 +echo "configure:5762: checking for getcwd" >&5 if eval "test \"`echo '$''{'ac_cv_func_getcwd'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5790: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getcwd=yes" else @@ -5750,12 +5811,12 @@ fi fi echo $ac_n "checking for lockf""... $ac_c" 1>&6 -echo "configure:5754: checking for lockf" >&5 +echo "configure:5815: checking for lockf" >&5 if eval "test \"`echo '$''{'ac_cv_func_lockf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5843: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_lockf=yes" else @@ -5801,12 +5862,12 @@ else for ac_func in flock do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5805: checking for $ac_func" >&5 +echo "configure:5866: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5894: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5856,12 +5917,12 @@ done fi echo $ac_n "checking for waitpid""... $ac_c" 1>&6 -echo "configure:5860: checking for waitpid" >&5 +echo "configure:5921: checking for waitpid" >&5 if eval "test \"`echo '$''{'ac_cv_func_waitpid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5949: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_waitpid=yes" else @@ -5907,12 +5968,12 @@ else for ac_func in wait3 do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5911: checking for $ac_func" >&5 +echo "configure:5972: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6000: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5962,12 +6023,12 @@ done fi echo $ac_n "checking for innetgr""... $ac_c" 1>&6 -echo "configure:5966: checking for innetgr" >&5 +echo "configure:6027: checking for innetgr" >&5 if eval "test \"`echo '$''{'ac_cv_func_innetgr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6055: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_innetgr=yes" else @@ -6010,12 +6071,12 @@ EOF for ac_func in getdomainname do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6014: checking for $ac_func" >&5 +echo "configure:6075: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6103: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6067,12 +6128,12 @@ else fi echo $ac_n "checking for lsearch""... $ac_c" 1>&6 -echo "configure:6071: checking for lsearch" >&5 +echo "configure:6132: checking for lsearch" >&5 if eval "test \"`echo '$''{'ac_cv_func_lsearch'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6160: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_lsearch=yes" else @@ -6116,7 +6177,7 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for lsearch in -lcompat""... $ac_c" 1>&6 -echo "configure:6120: checking for lsearch in -lcompat" >&5 +echo "configure:6181: checking for lsearch in -lcompat" >&5 if test -n ""; then ac_lib_var=`echo compat'_'lsearch | sed 'y% ./+-%___p_%'` else @@ -6128,7 +6189,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcompat $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6156,17 +6217,17 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_safe=`echo "search.h" | sed 'y%./+-%__p_%'` echo $ac_n "checking for search.h""... $ac_c" 1>&6 -echo "configure:6160: checking for search.h" >&5 +echo "configure:6221: checking for search.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:6170: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:6231: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -6199,12 +6260,12 @@ fi fi echo $ac_n "checking for setenv""... $ac_c" 1>&6 -echo "configure:6203: checking for setenv" >&5 +echo "configure:6264: checking for setenv" >&5 if eval "test \"`echo '$''{'ac_cv_func_setenv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6292: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_setenv=yes" else @@ -6248,12 +6309,12 @@ EOF else echo "$ac_t""no" 1>&6 echo $ac_n "checking for putenv""... $ac_c" 1>&6 -echo "configure:6252: checking for putenv" >&5 +echo "configure:6313: checking for putenv" >&5 if eval "test \"`echo '$''{'ac_cv_func_putenv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6341: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_putenv=yes" else @@ -6302,12 +6363,12 @@ fi fi echo $ac_n "checking for utime""... $ac_c" 1>&6 -echo "configure:6306: checking for utime" >&5 +echo "configure:6367: checking for utime" >&5 if eval "test \"`echo '$''{'ac_cv_func_utime'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6395: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_utime=yes" else @@ -6349,7 +6410,7 @@ if eval "test \"`echo '$ac_cv_func_'utime`\" = yes"; then EOF echo $ac_n "checking for POSIX utime""... $ac_c" 1>&6 -echo "configure:6353: checking for POSIX utime" >&5 +echo "configure:6414: checking for POSIX utime" >&5 if eval "test \"`echo '$''{'sudo_cv_func_utime_posix'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6358,7 +6419,7 @@ if test "$cross_compiling" = yes; then sudo_cv_func_utime_posix=no else cat > conftest.$ac_ext < #include @@ -6370,7 +6431,7 @@ utime("conftestdata", &ut); exit(0); } EOF -if { (eval echo configure:6374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6435: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_func_utime_posix=yes else @@ -6398,7 +6459,7 @@ LIBOBJS="$LIBOBJS utime.o" fi echo $ac_n "checking for working fnmatch with FNM_CASEFOLD""... $ac_c" 1>&6 -echo "configure:6402: checking for working fnmatch with FNM_CASEFOLD" >&5 +echo "configure:6463: checking for working fnmatch with FNM_CASEFOLD" >&5 if eval "test \"`echo '$''{'sudo_cv_func_fnmatch'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6407,13 +6468,13 @@ if test "$cross_compiling" = yes; then sudo_cv_func_fnmatch=no else cat > conftest.$ac_ext < main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); } EOF -if { (eval echo configure:6417: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6478: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then sudo_cv_func_fnmatch=yes else @@ -6440,12 +6501,12 @@ fi for ac_func in strerror strcasecmp do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:6444: checking for $ac_func" >&5 +echo "configure:6505: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6533: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6495,12 +6556,12 @@ done echo $ac_n "checking for snprintf""... $ac_c" 1>&6 -echo "configure:6499: checking for snprintf" >&5 +echo "configure:6560: checking for snprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_snprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6588: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_snprintf=yes" else @@ -6547,12 +6608,12 @@ NEED_SNPRINTF=1 fi echo $ac_n "checking for vsnprintf""... $ac_c" 1>&6 -echo "configure:6551: checking for vsnprintf" >&5 +echo "configure:6612: checking for vsnprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_vsnprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6640: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_vsnprintf=yes" else @@ -6599,12 +6660,12 @@ NEED_SNPRINTF=1 fi echo $ac_n "checking for asprintf""... $ac_c" 1>&6 -echo "configure:6603: checking for asprintf" >&5 +echo "configure:6664: checking for asprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_asprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6692: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_asprintf=yes" else @@ -6651,12 +6712,12 @@ NEED_SNPRINTF=1 fi echo $ac_n "checking for vasprintf""... $ac_c" 1>&6 -echo "configure:6655: checking for vasprintf" >&5 +echo "configure:6716: checking for vasprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_vasprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6744: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_vasprintf=yes" else @@ -6707,12 +6768,12 @@ if test -n "$NEED_SNPRINTF"; then fi if test -z "$LIB_CRYPT"; then echo $ac_n "checking for crypt""... $ac_c" 1>&6 -echo "configure:6711: checking for crypt" >&5 +echo "configure:6772: checking for crypt" >&5 if eval "test \"`echo '$''{'ac_cv_func_crypt'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6800: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_crypt=yes" else @@ -6753,7 +6814,7 @@ if eval "test \"`echo '$ac_cv_func_'crypt`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:6757: checking for crypt in -lcrypt" >&5 +echo "configure:6818: checking for crypt in -lcrypt" >&5 if test -n ""; then ac_lib_var=`echo crypt'_'crypt | sed 'y% ./+-%___p_%'` else @@ -6765,7 +6826,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6841: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6795,7 +6856,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lcrypt_d""... $ac_c" 1>&6 -echo "configure:6799: checking for crypt in -lcrypt_d" >&5 +echo "configure:6860: checking for crypt in -lcrypt_d" >&5 if test -n ""; then ac_lib_var=`echo crypt_d'_'crypt | sed 'y% ./+-%___p_%'` else @@ -6807,7 +6868,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt_d $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6883: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6837,7 +6898,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lufc""... $ac_c" 1>&6 -echo "configure:6841: checking for crypt in -lufc" >&5 +echo "configure:6902: checking for crypt in -lufc" >&5 if test -n ""; then ac_lib_var=`echo ufc'_'crypt | sed 'y% ./+-%___p_%'` else @@ -6849,7 +6910,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lufc $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6925: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6888,12 +6949,12 @@ fi fi echo $ac_n "checking for socket""... $ac_c" 1>&6 -echo "configure:6892: checking for socket" >&5 +echo "configure:6953: checking for socket" >&5 if eval "test \"`echo '$''{'ac_cv_func_socket'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6981: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_socket=yes" else @@ -6934,7 +6995,7 @@ if eval "test \"`echo '$ac_cv_func_'socket`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:6938: checking for socket in -lsocket" >&5 +echo "configure:6999: checking for socket in -lsocket" >&5 if test -n ""; then ac_lib_var=`echo socket'_'socket | sed 'y% ./+-%___p_%'` else @@ -6946,7 +7007,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6976,7 +7037,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for socket in -linet""... $ac_c" 1>&6 -echo "configure:6980: checking for socket in -linet" >&5 +echo "configure:7041: checking for socket in -linet" >&5 if test -n ""; then ac_lib_var=`echo inet'_'socket | sed 'y% ./+-%___p_%'` else @@ -6988,7 +7049,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7064: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7019,7 +7080,7 @@ else echo "$ac_t""no" 1>&6 echo "configure: warning: unable to find socket() trying -lsocket -lnsl" 1>&2 echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:7023: checking for socket in -lsocket" >&5 +echo "configure:7084: checking for socket in -lsocket" >&5 if test -n "-lnsl"; then ac_lib_var=`echo socket'_'socket-lnsl | sed 'y% ./+-%___p_%'` else @@ -7031,7 +7092,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket -lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7069,12 +7130,12 @@ fi fi echo $ac_n "checking for inet_addr""... $ac_c" 1>&6 -echo "configure:7073: checking for inet_addr" >&5 +echo "configure:7134: checking for inet_addr" >&5 if eval "test \"`echo '$''{'ac_cv_func_inet_addr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7162: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_inet_addr=yes" else @@ -7115,12 +7176,12 @@ if eval "test \"`echo '$ac_cv_func_'inet_addr`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for __inet_addr""... $ac_c" 1>&6 -echo "configure:7119: checking for __inet_addr" >&5 +echo "configure:7180: checking for __inet_addr" >&5 if eval "test \"`echo '$''{'ac_cv_func___inet_addr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func___inet_addr=yes" else @@ -7161,7 +7222,7 @@ if eval "test \"`echo '$ac_cv_func_'__inet_addr`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for inet_addr in -lnsl""... $ac_c" 1>&6 -echo "configure:7165: checking for inet_addr in -lnsl" >&5 +echo "configure:7226: checking for inet_addr in -lnsl" >&5 if test -n ""; then ac_lib_var=`echo nsl'_'inet_addr | sed 'y% ./+-%___p_%'` else @@ -7173,7 +7234,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7249: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7203,7 +7264,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for inet_addr in -linet""... $ac_c" 1>&6 -echo "configure:7207: checking for inet_addr in -linet" >&5 +echo "configure:7268: checking for inet_addr in -linet" >&5 if test -n ""; then ac_lib_var=`echo inet'_'inet_addr | sed 'y% ./+-%___p_%'` else @@ -7215,7 +7276,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7291: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7246,7 +7307,7 @@ else echo "$ac_t""no" 1>&6 echo "configure: warning: unable to find inet_addr() trying -lsocket -lnsl" 1>&2 echo $ac_n "checking for inet_addr in -lsocket""... $ac_c" 1>&6 -echo "configure:7250: checking for inet_addr in -lsocket" >&5 +echo "configure:7311: checking for inet_addr in -lsocket" >&5 if test -n "-lnsl"; then ac_lib_var=`echo socket'_'inet_addr-lnsl | sed 'y% ./+-%___p_%'` else @@ -7258,7 +7319,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket -lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7334: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7298,12 +7359,12 @@ fi fi echo $ac_n "checking for syslog""... $ac_c" 1>&6 -echo "configure:7302: checking for syslog" >&5 +echo "configure:7363: checking for syslog" >&5 if eval "test \"`echo '$''{'ac_cv_func_syslog'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7391: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_syslog=yes" else @@ -7344,7 +7405,7 @@ if eval "test \"`echo '$ac_cv_func_'syslog`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for syslog in -lsocket""... $ac_c" 1>&6 -echo "configure:7348: checking for syslog in -lsocket" >&5 +echo "configure:7409: checking for syslog in -lsocket" >&5 if test -n ""; then ac_lib_var=`echo socket'_'syslog | sed 'y% ./+-%___p_%'` else @@ -7356,7 +7417,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7432: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7386,7 +7447,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for syslog in -lnsl""... $ac_c" 1>&6 -echo "configure:7390: checking for syslog in -lnsl" >&5 +echo "configure:7451: checking for syslog in -lnsl" >&5 if test -n ""; then ac_lib_var=`echo nsl'_'syslog | sed 'y% ./+-%___p_%'` else @@ -7398,7 +7459,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7474: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7428,7 +7489,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then else echo "$ac_t""no" 1>&6 echo $ac_n "checking for syslog in -linet""... $ac_c" 1>&6 -echo "configure:7432: checking for syslog in -linet" >&5 +echo "configure:7493: checking for syslog in -linet" >&5 if test -n ""; then ac_lib_var=`echo inet'_'syslog | sed 'y% ./+-%___p_%'` else @@ -7440,7 +7501,7 @@ else ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7516: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7481,19 +7542,19 @@ if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works # for constant arguments. Useless! echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 -echo "configure:7485: checking for working alloca.h" >&5 +echo "configure:7546: checking for working alloca.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { char *p = alloca(2 * sizeof(int)); ; return 0; } EOF -if { (eval echo configure:7497: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7558: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_header_alloca_h=yes else @@ -7514,12 +7575,12 @@ EOF fi echo $ac_n "checking for alloca""... $ac_c" 1>&6 -echo "configure:7518: checking for alloca" >&5 +echo "configure:7579: checking for alloca" >&5 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7607: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_func_alloca_works=yes else @@ -7574,12 +7635,12 @@ EOF echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 -echo "configure:7578: checking whether alloca needs Cray hooks" >&5 +echo "configure:7639: checking whether alloca needs Cray hooks" >&5 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7608: checking for $ac_func" >&5 +echo "configure:7669: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7697: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7659,7 +7720,7 @@ done fi echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 -echo "configure:7663: checking stack direction for C alloca" >&5 +echo "configure:7724: checking stack direction for C alloca" >&5 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -7667,7 +7728,7 @@ else ac_cv_c_stack_direction=0 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:7751: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_c_stack_direction=1 else @@ -7718,6 +7779,8 @@ EOF CPPFLAGS="$CPPFLAGS -I/usr/local/include" elif test -f "/usr/local/kerberos/include/krb5.h"; then CPPFLAGS="$CPPFLAGS -I/usr/local/kerberos/include" + elif test -f "/usr/krb5/include/krb5.h"; then + CPPFLAGS="$CPPFLAGS -I/usr/krb5/include" elif test -f "/usr/local/krb5/include/krb5.h"; then CPPFLAGS="$CPPFLAGS -I/usr/local/krb5/include" else @@ -7728,6 +7791,8 @@ EOF SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" elif test -f "/usr/local/kerberos/lib/libkrb5.a"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/kerberos/lib" + elif test -f "/usr/krb5/lib/libkrb5.a"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/krb5/lib" elif test -f "/usr/local/krb5/lib/libkrb5.a"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/krb5/lib" else @@ -7740,21 +7805,21 @@ fi if test "$with_pam" = "yes"; then echo $ac_n "checking for -ldl""... $ac_c" 1>&6 -echo "configure:7744: checking for -ldl" >&5 +echo "configure:7809: checking for -ldl" >&5 if eval "test \"`echo '$''{'ac_cv_lib_dl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7823: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_lib_dl=yes else @@ -7804,21 +7869,21 @@ EOF fi echo $ac_n "checking for -ldes""... $ac_c" 1>&6 -echo "configure:7808: checking for -ldes" >&5 +echo "configure:7873: checking for -ldes" >&5 if eval "test \"`echo '$''{'ac_cv_lib_des'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldes $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:7887: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_cv_lib_des=yes else @@ -7946,7 +8011,7 @@ if test "$with_authenticate" = "yes"; then fi echo $ac_n "checking for log file location""... $ac_c" 1>&6 -echo "configure:7950: checking for log file location" >&5 +echo "configure:8015: checking for log file location" >&5 if test -n "$with_logpath"; then echo "$ac_t""$with_logpath" 1>&6 cat >> confdefs.h <&6 -echo "configure:7980: checking for timestamp file location" >&5 +echo "configure:8045: checking for timestamp file location" >&5 if test -n "$with_timedir"; then echo "$ac_t""$with_timedir" 1>&6 cat >> confdefs.h <&6 cat >> confdefs.h <<\EOF #define _PATH_SUDO_TIMEDIR "/var/run/sudo" EOF - TIMEDIR="/var/run/sudo" + timedir="/var/run/sudo" else echo "$ac_t""/tmp/.odus" 1>&6 cat >> confdefs.h <<\EOF #define _PATH_SUDO_TIMEDIR "/tmp/.odus" EOF - TIMEDIR="/tmp/.odus" + timedir="/tmp/.odus" fi @@ -8174,11 +8239,34 @@ s%@MAN_POSTINSTALL@%$MAN_POSTINSTALL%g s%@SUDOERS_MODE@%$SUDOERS_MODE%g s%@SUDOERS_UID@%$SUDOERS_UID%g s%@SUDOERS_GID@%$SUDOERS_GID%g -s%@TIMEDIR@%$TIMEDIR%g s%@DEV@%$DEV%g s%@mansectsu@%$mansectsu%g s%@mansectform@%$mansectform%g s%@mansrcdir@%$mansrcdir%g +s%@timedir@%$timedir%g +s%@timeout@%$timeout%g +s%@password_timeout@%$password_timeout%g +s%@sudo_umask@%$sudo_umask%g +s%@passprompt@%$passprompt%g +s%@long_otp_prompt@%$long_otp_prompt%g +s%@lecture@%$lecture%g +s%@logfac@%$logfac%g +s%@goodpri@%$goodpri%g +s%@badpri@%$badpri%g +s%@loglen@%$loglen%g +s%@ignore_dot@%$ignore_dot%g +s%@mail_no_user@%$mail_no_user%g +s%@mail_no_host@%$mail_no_host%g +s%@mail_no_perms@%$mail_no_perms%g +s%@mailto@%$mailto%g +s%@mailsub@%$mailsub%g +s%@badpass_message@%$badpass_message%g +s%@fqdn@%$fqdn%g +s%@runas_default@%$runas_default%g +s%@env_editor@%$env_editor%g +s%@passwd_tries@%$passwd_tries%g +s%@tty_tickets@%$tty_tickets%g +s%@insults@%$insults%g s%@EGREPPROG@%$EGREPPROG%g s%@CC@%$CC%g s%@CPP@%$CPP%g diff --git a/configure.in b/configure.in index e15627e94..e61056766 100644 --- a/configure.in +++ b/configure.in @@ -11,7 +11,7 @@ dnl This won't work before AC_INIT() dnl echo "Configuring Sudo version 1.6.3" dnl -dnl Variables that get substituted in the Makefile +dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST(CFLAGS)dnl AC_SUBST(PROGS)dnl @@ -30,14 +30,66 @@ AC_SUBST(MAN_POSTINSTALL)dnl AC_SUBST(SUDOERS_MODE)dnl AC_SUBST(SUDOERS_UID)dnl AC_SUBST(SUDOERS_GID)dnl -AC_SUBST(TIMEDIR) AC_SUBST(DEV) AC_SUBST(mansectsu) AC_SUBST(mansectform) AC_SUBST(mansrcdir) dnl +dnl Variables that get substituted in docs (not overridden by environment) +dnl +AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR +AC_SUBST(timeout) +AC_SUBST(password_timeout) +AC_SUBST(sudo_umask) +AC_SUBST(passprompt) +AC_SUBST(long_otp_prompt) +AC_SUBST(lecture) +AC_SUBST(logfac) +AC_SUBST(goodpri) +AC_SUBST(badpri) +AC_SUBST(loglen) +AC_SUBST(ignore_dot) +AC_SUBST(mail_no_user) +AC_SUBST(mail_no_host) +AC_SUBST(mail_no_perms) +AC_SUBST(mailto) +AC_SUBST(mailsub) +AC_SUBST(badpass_message) +AC_SUBST(fqdn) +AC_SUBST(runas_default) +AC_SUBST(env_editor) +AC_SUBST(passwd_tries) +AC_SUBST(tty_tickets) +AC_SUBST(insults) +dnl +dnl Initial values for above +dnl +timeout=5 +password_timeout=5 +sudo_umask=0022 +passprompt="Password:" +long_otp_prompt=off +lecture=on +logfac=local2 +goodpri=notice +badpri=alert +loglen=80 +ignore_dot=off +mail_no_user=on +mail_no_host=off +mail_no_perms=off +mailto=root +mailsub='*** SECURITY information for %h ***' +badpass_message='Sorry, try again.' +fqdn=off +runas_default=root +env_editor=off +passwd_tries=3 +tty_tickets=off +insults=off +dnl dnl Initial values for Makefile variables listed above -dnl Some may be overridden by environment variables.. +dnl May be overridden by environment variables.. dnl PROGS="sudo visudo" test -n "$MANTYPE" || MANTYPE="man" @@ -157,7 +209,7 @@ AC_ARG_WITH(csops, [ --with-csops add CSOps standard options], yes) echo 'Adding CSOps standard options' CHECKSIA=false with_ignore_dot=yes - with_insults=yes + insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes @@ -213,8 +265,10 @@ AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey yes) AC_DEFINE(LONG_OTP_PROMPT) AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication) AC_MSG_RESULT(yes) + long_otp_prompt=on + ;; + no) long_otp_prompt=off ;; - no) ;; *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."]) ;; esac]) @@ -334,14 +388,19 @@ esac]) AC_MSG_CHECKING(whether to lecture users the first time they run sudo) AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer], [case $with_lecture in - yes|short) AC_MSG_RESULT(yes) + yes|short) lecture=on ;; - no|none) AC_DEFINE(NO_LECTURE) - AC_MSG_RESULT(no) + no|none) lecture=off ;; *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"]) ;; -esac], [AC_MSG_RESULT(yes)]) +esac]) +if test "$lecture" = "on"; then + AC_MSG_RESULT(yes) +else + AC_DEFINE(NO_LECTURE) + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default) AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both], @@ -364,46 +423,51 @@ AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both], esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) AC_MSG_CHECKING(which syslog facility sudo should log with) -AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is local2)], +AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is $logfac)], [case $with_logfac in yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) ;; no) AC_MSG_ERROR(["--without-logfac not supported."]) ;; - authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) AC_DEFINE_UNQUOTED(LOGFAC, "$with_logfac") - AC_MSG_RESULT([$with_logfac]) + authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) ;; -esac], [AC_DEFINE_UNQUOTED(LOGFAC, "local2") AC_MSG_RESULT("local2")]) +esac]) +AC_DEFINE_UNQUOTED(LOGFAC, "$logfac") +AC_MSG_RESULT($logfac) AC_MSG_CHECKING(at which syslog priority to log commands) -AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is notice)], +AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is $goodpri)], [case $with_goodpri in yes) AC_MSG_ERROR(["must give --with-goodpri an argument."]) ;; no) AC_MSG_ERROR(["--without-goodpri not supported."]) ;; - alert|crit|debug|emerg|err|info|notice|warning) AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$with_goodpri") - AC_MSG_RESULT([$with_goodpri]) + alert|crit|debug|emerg|err|info|notice|warning) + goodpri=$with_goodpri ;; *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."]) ;; -esac], [AC_DEFINE_UNQUOTED(PRI_SUCCESS, "notice") AC_MSG_RESULT("notice")]) +esac]) +AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri") +AC_MSG_RESULT($goodpri) AC_MSG_CHECKING(at which syslog priority to log failures) -AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is alert)], +AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is $badpri)], [case $with_badpri in yes) AC_MSG_ERROR(["must give --with-badpri an argument."]) ;; no) AC_MSG_ERROR(["--without-badpri not supported."]) ;; - alert|crit|debug|emerg|err|info|notice|warning) AC_DEFINE_UNQUOTED(PRI_FAILURE, "$with_badpri") - AC_MSG_RESULT([$with_badpri]) + alert|crit|debug|emerg|err|info|notice|warning) + badpri=$with_badpri ;; *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.]) ;; -esac], [AC_DEFINE_UNQUOTED(PRI_FAILURE, "alert") AC_MSG_RESULT("alert")]) +esac]) +AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri") +AC_MSG_RESULT(badpri) AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file], [case $with_logpath in @@ -414,90 +478,113 @@ AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file], esac]) AC_MSG_CHECKING(how long a line in the log file should be) -AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)], +AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is $loglen)], [case $with_loglen in yes) AC_MSG_ERROR(["must give --with-loglen an argument."]) ;; no) AC_MSG_ERROR(["--without-loglen not supported."]) ;; - [[0-9]]*) AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $with_loglen) - AC_MSG_RESULT([$with_loglen]) + [[0-9]]*) loglen=$with_loglen ;; *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"]) ;; -esac], [AC_DEFINE(MAXLOGFILELEN, 80) AC_MSG_RESULT(80)]) +esac]) +AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen) +AC_MSG_RESULT($loglen) AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH) AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH], [case $with_ignore_dot in - yes) AC_DEFINE(IGNORE_DOT_PATH) - AC_MSG_RESULT(yes) + yes) ignore_dot=on ;; - no) AC_MSG_RESULT(no) + no) ignore_dot=off ;; *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) - -AC_MSG_CHECKING(who should get the mail that sudo sends) -AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")], -[case $with_mailto in - yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) - ;; - no) AC_MSG_ERROR(["--without-mailto not supported."]) - ;; - *) AC_DEFINE_UNQUOTED(MAILTO, "$with_mailto") - AC_MSG_RESULT([$with_mailto]) - ;; -esac], [AC_DEFINE(MAILTO, "root") AC_MSG_RESULT(root)]) - -AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail], -[case $with_mailsubject in - yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) - ;; - no) echo "Sorry, --without-mailsubject not supported." - ;; - *) AC_DEFINE_UNQUOTED(MAILSUBJECT, "$with_mailsubject") - AC_MSG_CHECKING(sudo mail subject) - AC_MSG_RESULT([Using alert mail subject: $with_mailsubject]) - ;; -esac], AC_DEFINE(MAILSUBJECT, "*** SECURITY information for %h ***")) +esac]) +if test "$ignore_dot" = "on"; then + AC_DEFINE(IGNORE_DOT_PATH) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether to send mail when a user is not in sudoers) AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers], [case $with_mail_if_no_user in - yes) AC_DEFINE(SEND_MAIL_WHEN_NO_USER) - AC_MSG_RESULT(yes) + yes) mail_no_user=on ;; - no) AC_MSG_RESULT(no) + no) mail_no_user=off ;; - *) AC_MSG_ERROR(["unknown argument to --with-mail-if-no-user: $with_mail_if_no_user"]) + *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."]) ;; -esac], [AC_DEFINE(SEND_MAIL_WHEN_NO_USER) AC_MSG_RESULT(yes)]) +esac]) +if test "$mail_no_user" = "on"; then + AC_DEFINE(SEND_MAIL_WHEN_NO_USER) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether to send mail when user listed but not for this host) AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host], [case $with_mail_if_no_host in - yes) AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) - AC_MSG_RESULT(yes) + yes) mail_no_host=on ;; - no) AC_MSG_RESULT(no) + no) mail_no_host=off ;; - *) AC_MSG_ERROR(["unknown argument to --with-mail-if-no-host: $with_mail_if_no_host"]) + *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$mail_no_host" = "on"; then + AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command) AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command], [case $with_mail_if_noperms in - yes) AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) - AC_MSG_RESULT(yes) + yes) mail_noperms=on ;; - no) AC_MSG_RESULT(no) + no) mail_noperms=off ;; - *) AC_MSG_ERROR(["unknown argument to --with-mail-if-noperms: $with_mail_if_noperms"]) + *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$mail_noperms" = "on"; then + AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi + +AC_MSG_CHECKING(who should get the mail that sudo sends) +AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "$mailto")], +[case $with_mailto in + yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) + ;; + no) AC_MSG_ERROR(["--without-mailto not supported."]) + ;; + *) mailto=$with_mailto + ;; +esac]) +AC_DEFINE_UNQUOTED(MAILTO, "$mailto") +AC_MSG_RESULT([$mailto]) + +AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail], +[case $with_mailsubject in + yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) + ;; + no) echo "Sorry, --without-mailsubject not supported." + ;; + *) mailsub="$with_mailsubject" + AC_MSG_CHECKING(sudo mail subject) + AC_MSG_RESULT([Using alert mail subject: $mailsub]) + ;; +esac]) +AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub") AC_MSG_CHECKING(for bad password prompt) AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt], @@ -506,10 +593,10 @@ AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt], ;; no) echo "Sorry, --without-passprompt not supported." ;; - *) AC_DEFINE_UNQUOTED(PASSPROMPT, "$with_passprompt") - AC_MSG_RESULT([$with_passprompt]) - ;; -esac], [AC_DEFINE(PASSPROMPT, "Password:") AC_MSG_RESULT(Password:)]) + *) passprompt="$with_passprompt" +esac]) +AC_MSG_RESULT($passprompt) +AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt") AC_MSG_CHECKING(for bad password message) AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong], @@ -518,22 +605,28 @@ AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees wh ;; no) echo "Sorry, --without-badpass-message not supported." ;; - *) AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$with_badpass_message") - AC_MSG_RESULT([$with_badpass_message]) + *) badpass_message="$with_badpass_message" ;; -esac], [AC_DEFINE(INCORRECT_PASSWORD, ["Sorry, try again."]) AC_MSG_RESULT([Sorry, try again.])]) +esac]) +AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message") +AC_MSG_RESULT([$badpass_message]) AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers) AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers], [case $with_fqdn in - yes) AC_DEFINE(FQDN) - AC_MSG_RESULT(yes) + yes) fqdn=on ;; - no) AC_MSG_RESULT(no) + no) fqdn=off ;; *) AC_MSG_ERROR(["--with-fqdn does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$fqdn" = "on"; then + AC_DEFINE(FQDN) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir], [case $with_timedir in @@ -592,19 +685,27 @@ AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file ( esac]) AC_MSG_CHECKING(for umask programs should be run with) -AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 0022) +AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is $sudo_umask) --without-umask Preserves the umask of the user invoking sudo.], [case $with_umask in yes) AC_MSG_ERROR(["must give --with-umask an argument."]) ;; no) AC_MSG_RESULT(user) + sudo_umask=0777 ;; [[0-9]]*) AC_DEFINE_UNQUOTED(SUDO_UMASK, $with_umask) AC_MSG_RESULT([$with_umask]) + sudo_umask=$with_umask ;; *) AC_MSG_ERROR(["you must enter a numeric mask."]) ;; -esac], [AC_DEFINE(SUDO_UMASK, 0022) AC_MSG_RESULT(0022)]) +esac]) +AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask) +if test "$sudo_umask" = "0777"; then + AC_MSG_RESULT(user) +else + AC_MSG_RESULT($sudo_umask) +fi AC_MSG_CHECKING(for default user to run commands as) AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root"], @@ -613,10 +714,11 @@ AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (d ;; no) AC_MSG_ERROR(["--without-runas-default not supported."]) ;; - *) AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$with_runas_default") - AC_MSG_RESULT([$with_runas_default]) + *) runas_default="$with_runas_default" ;; -esac], [AC_DEFINE(RUNAS_DEFAULT, "root") AC_MSG_RESULT(root)]) +esac]) +AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default") +AC_MSG_RESULT([$runas_default]) AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group], [case $with_exempt in @@ -645,99 +747,108 @@ esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables) AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo], [case $with_env_editor in - yes) AC_DEFINE(ENV_EDITOR) - AC_MSG_RESULT(yes) + yes) env_editor=on ;; - no) AC_MSG_RESULT(no) + no) env_editor=off ;; *) AC_MSG_ERROR(["--with-env-editor does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$env_editor" = "on"; then + AC_DEFINE(ENV_EDITOR) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(number of tries a user gets to enter their password) -AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)], +AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is $passwd_tries)], [case $with_passwd_tries in - yes) AC_DEFINE(TRIES_FOR_PASSWORD, 3) - AC_MSG_RESULT(3) - ;; + yes) ;; no) AC_MSG_ERROR(["--without-editor not supported."]) ;; - [[1-9]]*) AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $with_passwd_tries) - AC_MSG_RESULT([$with_passwd_tries]) + [[1-9]]*) passwd_tries=$with_passwd_tries ;; *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"]) ;; -esac], [AC_DEFINE(TRIES_FOR_PASSWORD, 3) AC_MSG_RESULT(3)]) +esac]) +AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries) +AC_MSG_RESULT($passwd_tries) AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again) -AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5)], +AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is $timeout)], [echo $with_timeout; case $with_timeout in - yes) AC_DEFINE(TIMEOUT, 5) - AC_MSG_RESULT(5) - ;; - no) AC_DEFINE(TIMEOUT, 0) - AC_MSG_RESULT([no timeout]) + yes) ;; + no) timeout=0 ;; - [[0-9]]*) AC_DEFINE_UNQUOTED(TIMEOUT, $with_timeout) - AC_MSG_RESULT([$with_timeout]) + [[0-9]]*) timeout=$with_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; -esac], [AC_DEFINE(TIMEOUT, 5) AC_MSG_RESULT(5)]) +esac]) +AC_DEFINE_UNQUOTED(TIMEOUT, $timeout) +AC_MSG_RESULT($timeout) AC_MSG_CHECKING(time in minutes after the password prompt will time out) -AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5)], +AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is $password_timeout)], [case $with_password_timeout in - yes) AC_DEFINE(PASSWORD_TIMEOUT, 5) - AC_MSG_RESULT(5) - ;; - no) AC_DEFINE(PASSWORD_TIMEOUT, 0) - AC_MSG_RESULT([no timeout]) + yes) ;; + no) password_timeout=0 ;; - [[0-9]]*) AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $with_password_timeout) - AC_MSG_RESULT([$with_password_timeout]) + [[0-9]]*) password_timeout=$with_password_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; -esac], [AC_DEFINE(PASSWORD_TIMEOUT, 5) AC_MSG_RESULT(5)]) +esac]) +AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout) +AC_MSG_RESULT($password_timeout) -AC_MSG_CHECKING(whether to use execvp or execv) AC_ARG_WITH(execv, [ --with-execv use execv() instead of execvp()], [case $with_execv in - yes) AC_DEFINE(USE_EXECV) + yes) AC_MSG_CHECKING(whether to use execvp or execv) AC_MSG_RESULT(execv) + AC_DEFINE(USE_EXECV) ;; - no) AC_MSG_RESULT(execvp) - ;; + no) ;; *) AC_MSG_ERROR(["--with-execv does not take an argument."]) ;; -esac], AC_MSG_RESULT(execvp)) +esac]) AC_MSG_CHECKING(whether to use per-tty ticket files) AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty], [case $with_tty_tickets in - yes) AC_DEFINE(USE_TTY_TICKETS) - AC_MSG_RESULT(yes) + yes) tty_tickets=on ;; - no) AC_MSG_RESULT(no) + no) tty_tickets=off ;; *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$tty_tickets" = "on"; then + AC_DEFINE(USE_TTY_TICKETS) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_MSG_CHECKING(whether to include insults) AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password], [case $with_insults in - yes) AC_DEFINE(USE_INSULTS) - AC_MSG_RESULT(yes) + yes) insults=on with_classic_insults=yes with_csops_insults=yes ;; - no) AC_MSG_RESULT(no) + no) insults=off ;; *) AC_MSG_ERROR(["--with-insults does not take an argument."]) ;; -esac], AC_MSG_RESULT(no)) +esac]) +if test "$insults" = "on"; then + AC_DEFINE(USE_INSULTS) + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets], [case $with_all_insults in @@ -788,7 +899,7 @@ AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from t esac]) dnl include all insult sets on one line -if test "$with_insults" = "yes"; then +if test "$insults" = "on"; then AC_MSG_CHECKING(which insult sets to include) i="" test "$with_goons_insults" = "yes" && i="goons ${i}" @@ -1197,7 +1308,7 @@ case "$host" in [AC_MSG_RESULT([yes, fixing locally]) sed 's:::g' < /usr/include/prot.h > prot.h ]) - else + elif test "$CHECKSIA" = "true"; then with_passwd=no AUTH_OBJS="sia.o" fi @@ -1404,6 +1515,9 @@ dnl dnl Function checks dnl AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf sigaction tzset seteuid strftime setrlimit initgroups fstat) +if test X"$with_interfaces" != X"no"; then + AC_CHECK_FUNCS(getifaddrs) +fi if test -n "$SECUREWARE"; then AC_CHECK_FUNCS(bigcrypt) AC_CHECK_FUNCS(set_auth_parameters) @@ -1472,6 +1586,8 @@ if test "$with_kerb5" = "yes"; then CPPFLAGS="$CPPFLAGS -I/usr/local/include" elif test -f "/usr/local/kerberos/include/krb5.h"; then CPPFLAGS="$CPPFLAGS -I/usr/local/kerberos/include" + elif test -f "/usr/krb5/include/krb5.h"; then + CPPFLAGS="$CPPFLAGS -I/usr/krb5/include" elif test -f "/usr/local/krb5/include/krb5.h"; then CPPFLAGS="$CPPFLAGS -I/usr/local/krb5/include" else @@ -1482,6 +1598,8 @@ if test "$with_kerb5" = "yes"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" elif test -f "/usr/local/kerberos/lib/libkrb5.a"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/kerberos/lib" + elif test -f "/usr/krb5/lib/libkrb5.a"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/krb5/lib" elif test -f "/usr/local/krb5/lib/libkrb5.a"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/krb5/lib" else diff --git a/sudo.cat b/sudo.cat index bda189d18..05d67aa09 100644 --- a/sudo.cat +++ b/sudo.cat @@ -9,41 +9,41 @@ NNNNAAAAMMMMEEEE SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS ssssuuuuddddoooo ----VVVV | ----hhhh | ----llll | ----LLLL | ----vvvv | ----kkkk | ----KKKK | ----ssss | [ ----HHHH ] [----SSSS ] - [ ----bbbb ] | [ ----pppp prompt ] [ ----cccc class|- ] [ ----uuuu username/#uid ] + [ ----bbbb ] | [ ----pppp _p_r_o_m_p_t ] [ ----cccc _c_l_a_s_s|_- ] [ ----uuuu _u_s_e_r_n_a_m_e|_#_u_i_d ] _c_o_m_m_a_n_d DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN ssssuuuuddddoooo allows a permitted user to execute a _c_o_m_m_a_n_d as the - superuser or another user, as specified in the sudoers + superuser or another user, as specified in the _s_u_d_o_e_r_s file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file (the group vector is also initialized when the target user is not root). By default, ssssuuuuddddoooo requires that users - authenticate themselves with a password (NOTE: this is the - user's password, not the root password). Once a user has - been authenticated, a timestamp is updated and the user - may then use sudo without a password for a short period of - time (five minutes by default). + authenticate themselves with a password (NOTE: by default + this is the user's password, not the root password). Once + a user has been authenticated, a timestamp is updated and + the user may then use sudo without a password for a short + period of time (`5' minutes unless overridden in _s_u_d_o_e_r_s). ssssuuuuddddoooo determines who is an authorized user by consulting the file _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssssuuuuddddoooo the ----vvvv flag a user - can update the time stamp without running a _c_o_m_m_a_n_d_. The + can update the time stamp without running a _c_o_m_m_a_n_d_. The password prompt itself will also time out if the user's - password is not entered with N minutes (again, this is - defined at configure time and defaults to 5 minutes). + password is not entered within `5' minutes (unless over­ + ridden via _s_u_d_o_e_r_s). - If a user that is not listed in the _s_u_d_o_e_r_s file tries to + If a user who is not listed in the _s_u_d_o_e_r_s file tries to run a command via ssssuuuuddddoooo, mail is sent to the proper author­ - ities, as defined at configure time (defaults to root). - Note that the mail will not be sent if an unauthorized - user tries to run sudo with the ----llll or ----vvvv flags. This - allows users to determine for themselves whether or not - they are allowed to use ssssuuuuddddoooo. + ities, as defined at configure time or the _s_u_d_o_e_r_s file + (defaults to root). Note that the mail will not be sent + if an unauthorized user tries to run sudo with the ----llll or + ----vvvv flags. This allows users to determine for themselves + whether or not they are allowed to use ssssuuuuddddoooo. ssssuuuuddddoooo can log both successful an unsuccessful attempts (as well as errors) to _s_y_s_l_o_g(3), a log file, or both. By default ssssuuuuddddoooo will log via _s_y_s_l_o_g(3) but this is changeable - at configure time. + at configure time or via the _s_u_d_o_e_r_s file. OOOOPPPPTTTTIIIIOOOONNNNSSSS ssssuuuuddddoooo accepts the following command line options: @@ -61,7 +61,7 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS -April 22, 2000 1.6.3 1 +August 13, 2000 1.6.4 1 @@ -76,9 +76,8 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) -v If given the ----vvvv (_v_a_l_i_d_a_t_e) option, ssssuuuuddddoooo will update the user's timestamp, prompting for the user's pass­ word if necessary. This extends the ssssuuuuddddoooo timeout to - for another N minutes (where N is defined at installa­ - tion time and defaults to 5 minutes) but does not run - a command. + for another `5' minutes (or whatever the timeout is + set to in _s_u_d_o_e_r_s) but does not run a command. -k The ----kkkk (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's timestamp by setting the time on it to the epoch. The @@ -88,13 +87,13 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) .logout file. -K The ----KKKK (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's - timestamp entirely. This option does not require a - password. + timestamp entirely. Likewise, this option does not + require a password. -b The ----bbbb (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the given command in the background. Note that if you use the ----bbbb option you cannot use shell job control to manipu­ - late the command. + late the process. -p The ----pppp (_p_r_o_m_p_t) option allows you to override the default password prompt and use a custom one. If the @@ -106,9 +105,9 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) command with resources limited by the specified login class. The _c_l_a_s_s argument can be either a class name as defined in /etc/login.conf, or a single '-' charac­ - ter. Specifying the _c_l_a_s_s as '-' means that the com­ - mand should be run restricted by the default login - capibilities of the user the command is run as. If + ter. Specifying a _c_l_a_s_s of `-' indicates that the + command should be run restricted by the default login + capibilities for the user the command is run as. If the _c_l_a_s_s argument specifies an existing user class, the command must be run as root, or the ssssuuuuddddoooo command must be run from a shell that is already root. This @@ -118,7 +117,7 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) -u The ----uuuu (_u_s_e_r) option causes ssssuuuuddddoooo to run the specified command as a user other than _r_o_o_t. To specify a _u_i_d - instead of a _u_s_e_r_n_a_m_e, use "#uid". + instead of a _u_s_e_r_n_a_m_e, use _#_u_i_d. -s The ----ssss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L environment variable if it is set or the shell @@ -127,7 +126,8 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) -April 22, 2000 1.6.3 2 + +August 13, 2000 1.6.4 2 @@ -136,10 +136,10 @@ April 22, 2000 1.6.3 2 sudo(1m) MAINTENANCE COMMANDS sudo(1m) - -H The ----HHHH (_H_O_M_E) option sets the _H_O_M_E environment vari­ + -H The ----HHHH (_H_O_M_E) option sets the `HOME' environment vari­ able to the homedir of the target user (root by default) as specified in _p_a_s_s_w_d(4). By default, ssssuuuuddddoooo - does not modify _H_O_M_E. + does not modify `HOME'. -S The ----SSSS (_s_t_d_i_n) option causes ssssuuuuddddoooo to read the password from standard input instead of the terminal device. @@ -193,7 +193,7 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE -April 22, 2000 1.6.3 3 +August 13, 2000 1.6.4 3 @@ -259,7 +259,7 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS -April 22, 2000 1.6.3 4 +August 13, 2000 1.6.4 4 @@ -325,7 +325,7 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS -April 22, 2000 1.6.3 5 +August 13, 2000 1.6.4 5 @@ -340,8 +340,8 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) setuid shell scripts are generally safe). SSSSEEEEEEEE AAAALLLLSSSSOOOO - _l_o_g_i_n___c_a_p(3), _s_u_d_o_e_r_s(4), _v_i_s_u_d_o(1m), _s_u(1). - + _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _s_u_d_o_e_r_s(4), _p_a_s_s_w_d(5), _v_i_s_u_d_o(1m), + _g_r_e_p(1), _s_u(1). @@ -391,6 +391,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -April 22, 2000 1.6.3 6 +August 13, 2000 1.6.4 6 diff --git a/sudo.man.in b/sudo.man.in index 0fc99075b..fce1793ca 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -1,5 +1,5 @@ -.\" Automatically generated by Pod::Man version 1.02 -.\" Sat Apr 22 12:13:37 2000 +.\" Automatically generated by Pod::Man version 1.04 +.\" Sun Aug 13 14:54:25 2000 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,45 +138,47 @@ .\" ====================================================================== .\" .IX Title "sudo @mansectsu@" -.TH sudo @mansectsu@ "1.6.3" "April 22, 2000" "MAINTENANCE COMMANDS" +.TH sudo @mansectsu@ "1.6.4" "August 13, 2000" "MAINTENANCE COMMANDS" .UC .SH "NAME" sudo \- execute a command as another user .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | -[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-c\fR class|\- ] -[ \fB\-u\fR username/#uid ] \fIcommand\fR +[ \fB\-H\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ] [ \fB\-c\fR \fIclass\fR|\fI-\fR ] +[ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the -superuser or another user, as specified in the sudoers file. The -real and effective uid and gid are set to match those of the target -user as specified in the passwd file (the group vector is also -initialized when the target user is not root). By default, \fBsudo\fR -requires that users authenticate themselves with a password -(\s-1NOTE:\s0 this is the user's password, not the root password). Once -a user has been authenticated, a timestamp is updated and the -user may then use sudo without a password for a short period of time -(five minutes by default). +superuser or another user, as specified in the \fIsudoers\fR file. +The real and effective uid and gid are set to match those of the +target user as specified in the passwd file (the group vector is +also initialized when the target user is not root). By default, +\&\fBsudo\fR requires that users authenticate themselves with a password +(\s-1NOTE:\s0 by default this is the user's password, not the root password). +Once a user has been authenticated, a timestamp is updated and the +user may then use sudo without a password for a short period of +time (\f(CW\*(C`@timeout@\*(C'\fR minutes unless overridden in \fIsudoers\fR). .PP -\&\fBsudo\fR determines who is an authorized user by consulting the -file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user -can update the time stamp without running a \fIcommand.\fR -The password prompt itself will also time out if the user's password is -not entered with N minutes (again, this is defined at configure -time and defaults to 5 minutes). +\&\fBsudo\fR determines who is an authorized user by consulting the file +\&\fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user +can update the time stamp without running a \fIcommand.\fR The password +prompt itself will also time out if the user's password is not +entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via +\&\fIsudoers\fR). .PP -If a user that is not listed in the \fIsudoers\fR file tries to run -a command via \fBsudo\fR, mail is sent to the proper authorities, -as defined at configure time (defaults to root). Note that the -mail will not be sent if an unauthorized user tries to run sudo -with the \fB\-l\fR or \fB\-v\fR flags. This allows users to determine -for themselves whether or not they are allowed to use \fBsudo\fR. +If a user who is not listed in the \fIsudoers\fR file tries to run a +command via \fBsudo\fR, mail is sent to the proper authorities, as +defined at configure time or the \fIsudoers\fR file (defaults to root). +Note that the mail will not be sent if an unauthorized user tries +to run sudo with the \fB\-l\fR or \fB\-v\fR flags. This allows users to +determine for themselves whether or not they are allowed to use +\&\fBsudo\fR. .PP \&\fBsudo\fR can log both successful an unsuccessful attempts (as well as errors) to \fIsyslog\fR\|(3), a log file, or both. By default \fBsudo\fR -will log via \fIsyslog\fR\|(3) but this is changeable at configure time. +will log via \fIsyslog\fR\|(3) but this is changeable at configure time +or via the \fIsudoers\fR file. .SH "OPTIONS" .IX Header "OPTIONS" \&\fBsudo\fR accepts the following command line options: @@ -200,9 +202,9 @@ The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and .IX Item "-v" If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the user's timestamp, prompting for the user's password if necessary. -This extends the \fBsudo\fR timeout to for another N minutes -(where N is defined at installation time and defaults to 5 -minutes) but does not run a command. +This extends the \fBsudo\fR timeout to for another \f(CW\*(C`@timeout@\*(C'\fR minutes +(or whatever the timeout is set to in \fIsudoers\fR) but does not run +a command. .Ip "\-k" 4 .IX Item "-k" The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp @@ -213,12 +215,12 @@ file. .Ip "\-K" 4 .IX Item "-K" The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp -entirely. This option does not require a password. +entirely. Likewise, this option does not require a password. .Ip "\-b" 4 .IX Item "-b" The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given command in the background. Note that if you use the \fB\-b\fR -option you cannot use shell job control to manipulate the command. +option you cannot use shell job control to manipulate the process. .Ip "\-p" 4 .IX Item "-p" The \fB\-p\fR (\fIprompt\fR) option allows you to override the default @@ -231,9 +233,9 @@ hostname. The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command with resources limited by the specified login class. The \fIclass\fR argument can be either a class name as defined in /etc/login.conf, -or a single '\-' character. Specifying the \fIclass\fR as '\-' means +or a single '\-' character. Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates that the command should be run restricted by the default login -capibilities of the user the command is run as. If the \fIclass\fR +capibilities for the user the command is run as. If the \fIclass\fR argument specifies an existing user class, the command must be run as root, or the \fBsudo\fR command must be run from a shell that is already root. This option is only available on systems with \s-1BSD\s0 login classes @@ -242,7 +244,7 @@ where \fBsudo\fR has been configured with the \-\-with-logincap option. .IX Item "-u" The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a -\&\fIusername\fR, use \*(L"#uid\*(R". +\&\fIusername\fR, use \fI#uid\fR. .Ip "\-s" 4 .IX Item "-s" The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR @@ -250,9 +252,9 @@ environment variable if it is set or the shell as specified in \fIpasswd\fR\|(@mansectform@). .Ip "\-H" 4 .IX Item "-H" -The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable +The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable to the homedir of the target user (root by default) as specified -in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR. +in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR. .Ip "\-S" 4 .IX Item "-S" The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from @@ -300,7 +302,7 @@ not disable user-defined library search paths for setuid programs behavior or link \fBsudo\fR statically. .PP \&\fBsudo\fR will check the ownership of its timestamp directory -(\fI@TIMEDIR@\fR by default) and ignore the directory's contents if +(\fI@timedir@\fR by default) and ignore the directory's contents if it is not owned by root and only writable by root. On systems that allow non-root users to give away files via \fIchown\fR\|(2), if the timestamp directory is located in a directory writable by anyone (eg: \fI/tmp\fR), @@ -312,7 +314,7 @@ This is unlikely to happen since once the timestamp dir is owned by root and inaccessible by any other user the user placing files there would be unable to get them back out. To get around this issue you can use a directory that is not world-writable for the -timestamps (\fI/var/adm/sudo\fR for instance) or create \fI@TIMEDIR@\fR +timestamps (\fI/var/adm/sudo\fR for instance) or create \fI@timedir@\fR with the appropriate owner (root) and permissions (0700) in the system startup files. .PP @@ -376,7 +378,7 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. .IX Header "FILES" .Vb 2 \& @sysconfdir@/sudoers List of who can run what -\& @TIMEDIR@ Directory containing timestamps +\& @timedir@ Directory containing timestamps .Ve .SH "AUTHORS" .IX Header "AUTHORS" @@ -414,4 +416,4 @@ that make setuid shell scripts unsafe on some operating systems are generally safe). .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@), \fIsu\fR\|(1). +\&\fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIpasswd\fR\|(5), \fIvisudo\fR\|(@mansectsu@), \fIgrep\fR\|(1), \fIsu\fR\|(1). diff --git a/sudo.pod b/sudo.pod index 16ae36416..14c5fc1f3 100644 --- a/sudo.pod +++ b/sudo.pod @@ -42,39 +42,41 @@ sudo - execute a command as another user =head1 SYNOPSIS B B<-V> | B<-h> | B<-l> | B<-L> | B<-v> | B<-k> | B<-K> | B<-s> | -[ B<-H> ] [B<-S> ] [ B<-b> ] | [ B<-p> prompt ] [ B<-c> class|- ] -[ B<-u> username/#uid ] I +[ B<-H> ] [B<-S> ] [ B<-b> ] | [ B<-p> I ] [ B<-c> I|I<-> ] +[ B<-u> I|I<#uid> ] I =head1 DESCRIPTION B allows a permitted user to execute a I as the -superuser or another user, as specified in the sudoers file. The -real and effective uid and gid are set to match those of the target -user as specified in the passwd file (the group vector is also -initialized when the target user is not root). By default, B -requires that users authenticate themselves with a password -(NOTE: this is the user's password, not the root password). Once -a user has been authenticated, a timestamp is updated and the -user may then use sudo without a password for a short period of time -(five minutes by default). - -B determines who is an authorized user by consulting the -file F<@sysconfdir@/sudoers>. By giving B the B<-v> flag a user -can update the time stamp without running a I -The password prompt itself will also time out if the user's password is -not entered with N minutes (again, this is defined at configure -time and defaults to 5 minutes). - -If a user that is not listed in the I file tries to run -a command via B, mail is sent to the proper authorities, -as defined at configure time (defaults to root). Note that the -mail will not be sent if an unauthorized user tries to run sudo -with the B<-l> or B<-v> flags. This allows users to determine -for themselves whether or not they are allowed to use B. +superuser or another user, as specified in the I file. +The real and effective uid and gid are set to match those of the +target user as specified in the passwd file (the group vector is +also initialized when the target user is not root). By default, +B requires that users authenticate themselves with a password +(NOTE: by default this is the user's password, not the root password). +Once a user has been authenticated, a timestamp is updated and the +user may then use sudo without a password for a short period of +time (C<@timeout@> minutes unless overridden in I). + +B determines who is an authorized user by consulting the file +F<@sysconfdir@/sudoers>. By giving B the B<-v> flag a user +can update the time stamp without running a I The password +prompt itself will also time out if the user's password is not +entered within C<@password_timeout@> minutes (unless overridden via +I). + +If a user who is not listed in the I file tries to run a +command via B, mail is sent to the proper authorities, as +defined at configure time or the I file (defaults to root). +Note that the mail will not be sent if an unauthorized user tries +to run sudo with the B<-l> or B<-v> flags. This allows users to +determine for themselves whether or not they are allowed to use +B. B can log both successful an unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default B -will log via syslog(3) but this is changeable at configure time. +will log via syslog(3) but this is changeable at configure time +or via the I file. =head1 OPTIONS @@ -106,9 +108,9 @@ The B<-h> (I) option causes B to print a usage message and exit. If given the B<-v> (I) option, B will update the user's timestamp, prompting for the user's password if necessary. -This extends the B timeout to for another N minutes -(where N is defined at installation time and defaults to 5 -minutes) but does not run a command. +This extends the B timeout to for another C<@timeout@> minutes +(or whatever the timeout is set to in I) but does not run +a command. =item -k @@ -121,13 +123,13 @@ file. =item -K The B<-K> (sure I) option to B removes the user's timestamp -entirely. This option does not require a password. +entirely. Likewise, this option does not require a password. =item -b The B<-b> (I) option tells B to run the given command in the background. Note that if you use the B<-b> -option you cannot use shell job control to manipulate the command. +option you cannot use shell job control to manipulate the process. =item -p @@ -142,9 +144,9 @@ hostname. The B<-c> (I) option causes B to run the specified command with resources limited by the specified login class. The I argument can be either a class name as defined in /etc/login.conf, -or a single '-' character. Specifying the I as '-' means +or a single '-' character. Specifying a I of C<-> indicates that the command should be run restricted by the default login -capibilities of the user the command is run as. If the I +capibilities for the user the command is run as. If the I argument specifies an existing user class, the command must be run as root, or the B command must be run from a shell that is already root. This option is only available on systems with BSD login classes @@ -154,7 +156,7 @@ where B has been configured with the --with-logincap option. The B<-u> (I) option causes B to run the specified command as a user other than I. To specify a I instead of a -I, use "#uid". +I, use I<#uid>. =item -s @@ -164,9 +166,9 @@ in passwd(5). =item -H -The B<-H> (I) option sets the I environment variable +The B<-H> (I) option sets the C environment variable to the homedir of the target user (root by default) as specified -in passwd(5). By default, B does not modify I. +in passwd(5). By default, B does not modify C. =item -S @@ -221,7 +223,7 @@ not disable user-defined library search paths for setuid programs behavior or link B statically. B will check the ownership of its timestamp directory -(F<@TIMEDIR@> by default) and ignore the directory's contents if +(F<@timedir@> by default) and ignore the directory's contents if it is not owned by root and only writable by root. On systems that allow non-root users to give away files via chown(2), if the timestamp directory is located in a directory writable by anyone (eg: F), @@ -233,7 +235,7 @@ This is unlikely to happen since once the timestamp dir is owned by root and inaccessible by any other user the user placing files there would be unable to get them back out. To get around this issue you can use a directory that is not world-writable for the -timestamps (F for instance) or create F<@TIMEDIR@> +timestamps (F for instance) or create F<@timedir@> with the appropriate owner (root) and permissions (0700) in the system startup files. @@ -291,7 +293,7 @@ B utilizes the following environment variables: =head1 FILES @sysconfdir@/sudoers List of who can run what - @TIMEDIR@ Directory containing timestamps + @timedir@ Directory containing timestamps =head1 AUTHORS @@ -332,4 +334,4 @@ are generally safe). =head1 SEE ALSO -login_cap(3), sudoers(5), visudo(8), su(1). +stat(2), login_cap(3), sudoers(5), passwd(5), visudo(8), grep(1), su(1). diff --git a/sudoers.cat b/sudoers.cat index e71b17eda..dc9e4f716 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN -April 22, 2000 1.6.3 1 +August 13, 2000 1.6.4 1 @@ -127,7 +127,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 22, 2000 1.6.3 2 +August 13, 2000 1.6.4 2 @@ -193,7 +193,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 22, 2000 1.6.3 3 +August 13, 2000 1.6.4 3 @@ -237,29 +237,29 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but some people find it - more convenient. This flag is off by default. + more convenient. This flag is _o_f_f by default. ignore_dot If set, ssssuuuuddddoooo will ignore '.' or '' (current - dir) in `$PATH'; the `$PATH' itself is not - modified. This flag is off by default. + dir) in the `PATH' environment variable; the + `PATH' itself is not modified. This flag is + _o_f_f by default. mail_always Send mail to the _m_a_i_l_t_o user every time a - users runs ssssuuuuddddoooo. This flag is off by default. + users runs ssssuuuuddddoooo. This flag is _o_f_f by default. mail_no_user If set, mail will be sent to the _m_a_i_l_t_o user if the invoking user is not in the _s_u_d_o_e_r_s - file. This flag is on by default. + file. This flag is _o_n by default. mail_no_host If set, mail will be sent to the _m_a_i_l_t_o user if the invoking user exists in the _s_u_d_o_e_r_s file, but is not allowed to run commands on - the current host. This flag is off by -April 22, 2000 1.6.3 4 +August 13, 2000 1.6.4 4 @@ -268,13 +268,14 @@ April 22, 2000 1.6.3 4 sudoers(4) MAINTENANCE COMMANDS sudoers(4) + the current host. This flag is _o_f_f by default. mail_no_perms If set, mail will be sent to the _m_a_i_l_t_o user if the invoking user allowed to use ssssuuuuddddoooo but the command they are trying is not listed in - their _s_u_d_o_e_r_s file entry. This flag is off by + their _s_u_d_o_e_r_s file entry. This flag is _o_f_f by default. tty_tickets If set, users must authenticate on a per-tty @@ -283,32 +284,32 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) ning it. With this flag enabled, ssssuuuuddddoooo will use a file named for the tty the user is logged in on in that directory. This flag is - off by default. + _o_f_f by default. lecture If set, a user will receive a short lecture the first time he/she runs ssssuuuuddddoooo. This flag is - on by default. + _o_n by default. authenticate If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default may be overridden via the `PASSWD' and - `NOPASSWD' tags. This flag is on by default. + `NOPASSWD' tags. This flag is _o_n by default. root_sudo If set, root is allowed to run ssssuuuuddddoooo too. Dis­ abling this prevents users from "chaining" ssssuuuuddddoooo commands to get a root shell by doing something like `"sudo sudo /bin/sh"'. This - flag is on by default. + flag is _o_n by default. log_host If set, the hostname will be logged in the - (non-syslog) ssssuuuuddddoooo log file. This flag is off + (non-syslog) ssssuuuuddddoooo log file. This flag is _o_f_f by default. log_year If set, the four-digit year will be logged in the (non-syslog) ssssuuuuddddoooo log file. This flag is - off by default. + _o_f_f by default. shell_noargs If set and ssssuuuuddddoooo is invoked with no arguments @@ -317,15 +318,14 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) determined by the `SHELL' environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if - not). This flag is off by default. + not). This flag is _o_f_f by default. set_home If set and ssssuuuuddddoooo is invoked with the ----ssss flag the `HOME' environment variable will be set to - the home directory of the target user (which -April 22, 2000 1.6.3 5 +August 13, 2000 1.6.4 5 @@ -334,20 +334,22 @@ April 22, 2000 1.6.3 5 sudoers(4) MAINTENANCE COMMANDS sudoers(4) + the home directory of the target user (which is root unless the ----uuuu option is used). This effectively makes the ----ssss flag imply ----HHHH. This - flag is off by default. + flag is _o_f_f by default. path_info Normally, ssssuuuuddddoooo will tell the user when a com­ - mand could not be found in their `$PATH'. - Some sites may wish to disable this as it - could be used to gather information on the - location of executables that the normal user - does not have access to. The disadvantage is - that if the executable is simply not in the - user's `$PATH', ssssuuuuddddoooo will tell the user that - they are not allowed to run it, which can be - confusing. This flag is off by default. + mand could not be found in their `PATH' envi­ + ronment variable. Some sites may wish to dis­ + able this as it could be used to gather infor­ + mation on the location of executables that the + normal user does not have access to. The dis­ + advantage is that if the executable is simply + not in the user's `PATH', ssssuuuuddddoooo will tell the + user that they are not allowed to run it, + which can be confusing. This flag is off by + default. fqdn Set this flag if you want to put fully quali­ fied hostnames in the _s_u_d_o_e_r_s file. Ie: @@ -365,11 +367,11 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) get all aliases from DNS. If your machine's hostname (as returned by the `hostname' com­ mand) is already fully qualified you shouldn't - need to set _f_q_f_n. This flag is off by + need to set _f_q_f_n. This flag is _o_f_f by default. insults If set, ssssuuuuddddoooo will insult users when they enter - an incorrect password. This flag is off by + an incorrect password. This flag is _o_f_f by default. requiretty If set, ssssuuuuddddoooo will only run when the user is @@ -379,19 +381,17 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) not possible to turn of echo when there is no tty present, some sites may with to set this flag to prevent a user from entering a visible - password. This flag is off by default. + password. This flag is _o_f_f by default. env_editor If set, vvvviiiissssuuuuddddoooo will use the value of the EDI­ TOR or VISUAL environment variables before falling back on the default editor list. Note that this may create a security hole as it allows the user to run any arbitrary command - as root without logging. A safer alternative - is to place a colon-separated list of editors -April 22, 2000 1.6.3 6 +August 13, 2000 1.6.4 6 @@ -400,25 +400,27 @@ April 22, 2000 1.6.3 6 sudoers(4) MAINTENANCE COMMANDS sudoers(4) + as root without logging. A safer alternative + is to place a colon-separated list of editors in the `editor' variable. vvvviiiissssuuuuddddoooo will then only use the EDITOR or VISUAL if they match a - value specified in `editor'. This flag is off - by default. + value specified in `editor'. This flag is + `off' by default. rootpw If set, ssssuuuuddddoooo will prompt for the root password instead of the password of the invoking user. - This flag is off by default. + This flag is _o_f_f by default. runaspw If set, ssssuuuuddddoooo will prompt for the password of the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t option - (defaults to root) instead of the password of - the invoking user. This flag is off by + (defaults to `root') instead of the password + of the invoking user. This flag is _o_f_f by default. targetpw If set, ssssuuuuddddoooo will prompt for the password of the user specified by the ----uuuu flag (defaults to - root) instead of the password of the invoking - user. This flag is off by default. + `root') instead of the password of the invok­ + ing user. This flag is _o_f_f by default. set_logname Normally, ssssuuuuddddoooo will set the `LOGNAME' and `USER' environment variables to the name of @@ -435,14 +437,14 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) for the target user's login class if one exists. Only available if ssssuuuuddddoooo is configured with the --with-logincap option. This flag is - off by default. + _o_f_f by default. IIIInnnntttteeeeggggeeeerrrrssss: passwd_tries The number of tries a user gets to enter his/her password before ssssuuuuddddoooo logs the failure - and exits. The default is 3. + and exits. The default is `3'. IIIInnnntttteeeeggggeeeerrrrssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt: @@ -450,14 +452,12 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) log. This value is used to decide when to wrap lines for nicer log files. This has no effect on the syslog log file, only the file - log. The default is 80 (use 0 or negate to - disable word wrap). - - + log. The default is `80' (use 0 or negate the + option to disable word wrap). -April 22, 2000 1.6.3 7 +August 13, 2000 1.6.4 7 @@ -469,29 +469,29 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) timestamp_timeout Number of minutes that can elapse before ssssuuuuddddoooo will ask for a passwd again. The default is - 5, set this to 0 to always prompt for a pass­ - word. + `5', set this to `0' to always prompt for a + password. passwd_timeout Number of minutes before the ssssuuuuddddoooo password - prompt times out. The default is 5, set this - to 0 for no password timeout. + prompt times out. The default is `5', set + this to `0' for no password timeout. umask Umask to use when running the root command. Set this to 0777 to not override the user's - umask. The default is 0022. + umask. The default is `0022'. SSSSttttrrrriiiinnnnggggssss: mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The escape `%h' will expand to the hostname of - the machine. Default is "*** SECURITY infor­ - mation for %h ***". + the machine. Default is `*** SECURITY infor­ + mation for %h ***'. badpass_message Message that is displayed if a user enters an - incorrect password. The default is "Sorry, - try again." unless insults are enabled. + incorrect password. The default is `Sorry, + try again.' unless insults are enabled. timestampdir The directory in which ssssuuuuddddoooo stores its times­ @@ -502,28 +502,28 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) or the `SUDO_PROMPT' environment variable. Supports two escapes: "%u" expands to the user's login name and "%h" expands to the - local hostname. The default value is "Pass­ - word:". + local hostname. The default value is `Pass­ + word:'. runas_default The default user to run commands as if the ----uuuu flag is not specified on the command line. - This defaults to "root". + This defaults to `root'. syslog_goodpri Syslog priority to use when user authenticates - successfully. Defaults to "notice". + successfully. Defaults to `notice'. syslog_badpri Syslog priority to use when user authenticates - unsuccessfully. Defaults to "alert". + unsuccessfully. Defaults to `alert'. editor A colon (':') separated list of editors allowed to be used with vvvviiiissssuuuuddddoooo. vvvviiiissssuuuuddddoooo will -April 22, 2000 1.6.3 8 +August 13, 2000 1.6.4 8 @@ -546,7 +546,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) syslog Syslog facility if syslog is being used for logging (negate to disable syslog logging). - Defaults to "local2". + Defaults to `local2'. mailerpath Path to mail program used to send warning mail. Defaults to the path to sendmail found @@ -556,7 +556,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) ----tttt. mailto Address to send warning and erorr mail to. - Defaults to "root". + Defaults to `root'. exempt_group Users in this group are exempt from password @@ -589,7 +589,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 22, 2000 1.6.3 9 +August 13, 2000 1.6.4 9 @@ -655,7 +655,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 22, 2000 1.6.3 10 +August 13, 2000 1.6.4 10 @@ -712,8 +712,8 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) By default, if the `NOPASSWD' tag is applied to any of the entries for a user on the current host, he or she will be - able to run `sudo \-l' without a password. Additionally, - a user may only run `sudo \-v' without a password if the + able to run `sudo -l' without a password. Additionally, a + user may only run `sudo -v' without a password if the `NOPASSWD' tag is present for all a user's entries that pertain to the current host. This behavior may be over­ ridden via the verifypw and listpw options. @@ -721,7 +721,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 22, 2000 1.6.3 11 +August 13, 2000 1.6.4 11 @@ -787,7 +787,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 22, 2000 1.6.3 12 +August 13, 2000 1.6.4 12 @@ -853,7 +853,7 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS -April 22, 2000 1.6.3 13 +August 13, 2000 1.6.4 13 @@ -919,7 +919,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 22, 2000 1.6.3 14 +August 13, 2000 1.6.4 14 @@ -985,7 +985,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 22, 2000 1.6.3 15 +August 13, 2000 1.6.4 15 @@ -1051,7 +1051,7 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS -April 22, 2000 1.6.3 16 +August 13, 2000 1.6.4 16 @@ -1067,7 +1067,7 @@ FFFFIIIILLLLEEEESSSS SSSSEEEEEEEE AAAALLLLSSSSOOOO - _s_u_d_o(1m), _v_i_s_u_d_o(8), _s_u(1), _f_n_m_a_t_c_h(3). + _r_s_h(1), _s_u_d_o(1m), _v_i_s_u_d_o(8), _s_u(1), _f_n_m_a_t_c_h(3). @@ -1117,6 +1117,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -April 22, 2000 1.6.3 17 +August 13, 2000 1.6.4 17 diff --git a/sudoers.man.in b/sudoers.man.in index 62c06e033..2ed23b523 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -1,5 +1,5 @@ -.\" Automatically generated by Pod::Man version 1.02 -.\" Sat Apr 22 12:13:37 2000 +.\" Automatically generated by Pod::Man version 1.04 +.\" Sun Aug 13 15:05:51 2000 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "sudoers @mansectform@" -.TH sudoers @mansectform@ "1.6.3" "April 22, 2000" "MAINTENANCE COMMANDS" +.TH sudoers @mansectform@ "1.6.4" "August 13, 2000" "MAINTENANCE COMMANDS" .UC .SH "NAME" sudoers \- list of which users may execute what @@ -341,82 +341,87 @@ be escaped with a backslash (\f(CW\*(C`\e\*(C'\fR). When validating with a One Time Password scheme (\fBS/Key\fR or \fB\s-1OPIE\s0\fR), a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but -some people find it more convenient. This flag is off by default. +some people find it more convenient. This flag is \fI@long_otp_prompt@\fR +by default. .Ip "ignore_dot" 12 .IX Item "ignore_dot" -If set, \fBsudo\fR will ignore '.' or '' (current dir) in \f(CW\*(C`$PATH\*(C'\fR; -the \f(CW\*(C`$PATH\*(C'\fR itself is not modified. This flag is off by default. +If set, \fBsudo\fR will ignore '.' or '' (current dir) in the \f(CW\*(C`PATH\*(C'\fR +environment variable; the \f(CW\*(C`PATH\*(C'\fR itself is not modified. This +flag is \fI@ignore_dot@\fR by default. .Ip "mail_always" 12 .IX Item "mail_always" Send mail to the \fImailto\fR user every time a users runs \fBsudo\fR. -This flag is off by default. +This flag is \fIoff\fR by default. .Ip "mail_no_user" 12 .IX Item "mail_no_user" If set, mail will be sent to the \fImailto\fR user if the invoking -user is not in the \fIsudoers\fR file. This flag is on by default. +user is not in the \fIsudoers\fR file. This flag is \fI@mail_no_user@\fR +by default. .Ip "mail_no_host" 12 .IX Item "mail_no_host" If set, mail will be sent to the \fImailto\fR user if the invoking user exists in the \fIsudoers\fR file, but is not allowed to run -commands on the current host. This flag is off by default. +commands on the current host. This flag is \fI@mail_no_host@\fR by default. .Ip "mail_no_perms" 12 .IX Item "mail_no_perms" If set, mail will be sent to the \fImailto\fR user if the invoking user allowed to use \fBsudo\fR but the command they are trying is not -listed in their \fIsudoers\fR file entry. This flag is off by default. +listed in their \fIsudoers\fR file entry. This flag is \fI@mail_no_perms@\fR +by default. .Ip "tty_tickets" 12 .IX Item "tty_tickets" If set, users must authenticate on a per-tty basis. Normally, \&\fBsudo\fR uses a directory in the ticket dir with the same name as the user running it. With this flag enabled, \fBsudo\fR will use a file named for the tty the user is logged in on in that directory. -This flag is off by default. +This flag is \fI@tty_tickets@\fR by default. .Ip "lecture" 12 .IX Item "lecture" If set, a user will receive a short lecture the first time he/she -runs \fBsudo\fR. This flag is on by default. +runs \fBsudo\fR. This flag is \fI@lecture@\fR by default. .Ip "authenticate" 12 .IX Item "authenticate" If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default may be overridden via the \f(CW\*(C`PASSWD\*(C'\fR and \f(CW\*(C`NOPASSWD\*(C'\fR tags. -This flag is on by default. +This flag is \fIon\fR by default. .Ip "root_sudo" 12 .IX Item "root_sudo" If set, root is allowed to run \fBsudo\fR too. Disabling this prevents users from \*(L"chaining\*(R" \fBsudo\fR commands to get a root shell by doing something like \f(CW\*(C`"sudo sudo /bin/sh"\*(C'\fR. -This flag is on by default. +This flag is \fIon\fR by default. .Ip "log_host" 12 .IX Item "log_host" If set, the hostname will be logged in the (non-syslog) \fBsudo\fR log file. -This flag is off by default. +This flag is \fIoff\fR by default. .Ip "log_year" 12 .IX Item "log_year" If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR log file. -This flag is off by default. +This flag is \fIoff\fR by default. .Ip "shell_noargs" 12 .IX Item "shell_noargs" If set and \fBsudo\fR is invoked with no arguments it acts as if the \&\fB\-s\fR flag had been given. That is, it runs a shell as root (the shell is determined by the \f(CW\*(C`SHELL\*(C'\fR environment variable if it is set, falling back on the shell listed in the invoking user's -/etc/passwd entry if not). This flag is off by default. +/etc/passwd entry if not). This flag is \fIoff\fR by default. .Ip "set_home" 12 .IX Item "set_home" If set and \fBsudo\fR is invoked with the \fB\-s\fR flag the \f(CW\*(C`HOME\*(C'\fR environment variable will be set to the home directory of the target user (which is root unless the \fB\-u\fR option is used). This effectively -makes the \fB\-s\fR flag imply \fB\-H\fR. This flag is off by default. +makes the \fB\-s\fR flag imply \fB\-H\fR. This flag is \fIoff\fR by default. .Ip "path_info" 12 .IX Item "path_info" Normally, \fBsudo\fR will tell the user when a command could not be -found in their \f(CW\*(C`$PATH\*(C'\fR. Some sites may wish to disable this as -it could be used to gather information on the location of executables -that the normal user does not have access to. The disadvantage is -that if the executable is simply not in the user's \f(CW\*(C`$PATH\*(C'\fR, \fBsudo\fR -will tell the user that they are not allowed to run it, which can -be confusing. This flag is off by default. +found in their \f(CW\*(C`PATH\*(C'\fR environment variable. Some sites may wish +to disable this as it could be used to gather information on the +location of executables that the normal user does not have access +to. The disadvantage is that if the executable is simply not in +the user's \f(CW\*(C`PATH\*(C'\fR, \fBsudo\fR will tell the user that they are not +allowed to run it, which can be confusing. This flag is off by +default. .Ip "fqdn" 12 .IX Item "fqdn" Set this flag if you want to put fully qualified hostnames in the @@ -430,11 +435,11 @@ you may not use a host alias (\f(CW\*(C`CNAME\*(C'\fR entry) due to performance issues and the fact that there is no way to get all aliases from \&\s-1DNS\s0. If your machine's hostname (as returned by the \f(CW\*(C`hostname\*(C'\fR command) is already fully qualified you shouldn't need to set -\&\fIfqfn\fR. This flag is off by default. +\&\fIfqfn\fR. This flag is \fI@fqdn@\fR by default. .Ip "insults" 12 .IX Item "insults" If set, \fBsudo\fR will insult users when they enter an incorrect -password. This flag is off by default. +password. This flag is \fI@insults@\fR by default. .Ip "requiretty" 12 .IX Item "requiretty" If set, \fBsudo\fR will only run when the user is logged in to a real @@ -442,7 +447,7 @@ tty. This will disallow things like \f(CW\*(C`"rsh somehost sudo ls"\*(C'\fR si \&\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn of echo when there is no tty present, some sites may with to set this flag to prevent a user from entering a visible password. This -flag is off by default. +flag is \fIoff\fR by default. .Ip "env_editor" 12 .IX Item "env_editor" If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 @@ -451,22 +456,22 @@ Note that this may create a security hole as it allows the user to run any arbitrary command as root without logging. A safer alternative is to place a colon-separated list of editors in the \f(CW\*(C`editor\*(C'\fR variable. \fBvisudo\fR will then only use the \s-1EDITOR\s0 or \s-1VISUAL\s0 if -they match a value specified in \f(CW\*(C`editor\*(C'\fR. This flag is off by +they match a value specified in \f(CW\*(C`editor\*(C'\fR. This flag is \f(CW\*(C`@env_editor@\*(C'\fR by default. .Ip "rootpw" 12 .IX Item "rootpw" If set, \fBsudo\fR will prompt for the root password instead of the password -of the invoking user. This flag is off by default. +of the invoking user. This flag is \fIoff\fR by default. .Ip "runaspw" 12 .IX Item "runaspw" If set, \fBsudo\fR will prompt for the password of the user defined by the -\&\fIrunas_default\fR option (defaults to root) instead of the password -of the invoking user. This flag is off by default. +\&\fIrunas_default\fR option (defaults to \f(CW\*(C`root\*(C'\fR) instead of the password +of the invoking user. This flag is \fIoff\fR by default. .Ip "targetpw" 12 .IX Item "targetpw" If set, \fBsudo\fR will prompt for the password of the user specified by -the \fB\-u\fR flag (defaults to root) instead of the password of the -invoking user. This flag is off by default. +the \fB\-u\fR flag (defaults to \f(CW\*(C`root\*(C'\fR) instead of the password of the +invoking user. This flag is \fIoff\fR by default. .Ip "set_logname" 12 .IX Item "set_logname" Normally, \fBsudo\fR will set the \f(CW\*(C`LOGNAME\*(C'\fR and \f(CW\*(C`USER\*(C'\fR environment variables @@ -478,13 +483,13 @@ to change this behavior. This can be done by negating the set_logname option. .IX Item "use_loginclass" If set, \fBsudo\fR will apply the defaults specified for the target user's login class if one exists. Only available if \fBsudo\fR is configured with -the \-\-with-logincap option. This flag is off by default. +the \-\-with-logincap option. This flag is \fIoff\fR by default. .PP \&\fBIntegers\fR: .Ip "passwd_tries" 12 .IX Item "passwd_tries" The number of tries a user gets to enter his/her password before -\&\fBsudo\fR logs the failure and exits. The default is 3. +\&\fBsudo\fR logs the failure and exits. The default is \f(CW\*(C`@passwd_tries@\*(C'\fR. .PP \&\fBIntegers that can be used in a boolean context\fR: .Ip "loglinelen" 12 @@ -492,52 +497,53 @@ The number of tries a user gets to enter his/her password before Number of characters per line for the file log. This value is used to decide when to wrap lines for nicer log files. This has no effect on the syslog log file, only the file log. The default is -80 (use 0 or negate to disable word wrap). +\&\f(CW\*(C`@loglen@\*(C'\fR (use 0 or negate the option to disable word wrap). .Ip "timestamp_timeout" 12 .IX Item "timestamp_timeout" -Number of minutes that can elapse before \fBsudo\fR will ask for a passwd -again. The default is 5, set this to 0 to always prompt for a password. +Number of minutes that can elapse before \fBsudo\fR will ask for a +passwd again. The default is \f(CW\*(C`@timeout@\*(C'\fR, set this to \f(CW\*(C`0\*(C'\fR to always +prompt for a password. .Ip "passwd_timeout" 12 .IX Item "passwd_timeout" Number of minutes before the \fBsudo\fR password prompt times out. -The default is 5, set this to 0 for no password timeout. +The default is \f(CW\*(C`@password_timeout@\*(C'\fR, set this to \f(CW\*(C`0\*(C'\fR for no password timeout. .Ip "umask" 12 .IX Item "umask" Umask to use when running the root command. Set this to 0777 to -not override the user's umask. The default is 0022. +not override the user's umask. The default is \f(CW\*(C`@sudo_umask@\*(C'\fR. .PP \&\fBStrings\fR: .Ip "mailsub" 12 .IX Item "mailsub" Subject of the mail sent to the \fImailto\fR user. The escape \f(CW\*(C`%h\*(C'\fR will expand to the hostname of the machine. -Default is \*(L"*** \s-1SECURITY\s0 information for \f(CW%h\fR ***\*(R". +Default is \f(CW\*(C`@mailsub@\*(C'\fR. .Ip "badpass_message" 12 .IX Item "badpass_message" Message that is displayed if a user enters an incorrect password. -The default is \*(L"Sorry, try again.\*(R" unless insults are enabled. +The default is \f(CW\*(C`@badpass_message@\*(C'\fR unless insults are enabled. .Ip "timestampdir" 12 .IX Item "timestampdir" The directory in which \fBsudo\fR stores its timestamp files. -The default is \fI@TIMEDIR@\fR. +The default is \fI@timedir@\fR. .Ip "passprompt" 12 .IX Item "passprompt" The default prompt to use when asking for a password; can be overridden via the \fB\-p\fR option or the \f(CW\*(C`SUDO_PROMPT\*(C'\fR environment variable. Supports two escapes: \*(L"%u\*(R" expands to the user's login name and \*(L"%h\*(R" expands -to the local hostname. The default value is \*(L"Password:\*(R". +to the local hostname. The default value is \f(CW\*(C`@passprompt@\*(C'\fR. .Ip "runas_default" 12 .IX Item "runas_default" The default user to run commands as if the \fB\-u\fR flag is not specified -on the command line. This defaults to \*(L"root\*(R". +on the command line. This defaults to \f(CW\*(C`@runas_default@\*(C'\fR. .Ip "syslog_goodpri" 12 .IX Item "syslog_goodpri" Syslog priority to use when user authenticates successfully. -Defaults to \*(L"notice\*(R". +Defaults to \f(CW\*(C`@goodpri@\*(C'\fR. .Ip "syslog_badpri" 12 .IX Item "syslog_badpri" Syslog priority to use when user authenticates unsuccessfully. -Defaults to \*(L"alert\*(R". +Defaults to \f(CW\*(C`@badpri@\*(C'\fR. .Ip "editor" 12 .IX Item "editor" A colon (':') separated list of editors allowed to be used with @@ -554,7 +560,7 @@ turns on logging to a file, negating this option turns it off. .Ip "syslog" 12 .IX Item "syslog" Syslog facility if syslog is being used for logging (negate to -disable syslog logging). Defaults to \*(L"local2\*(R". +disable syslog logging). Defaults to \f(CW\*(C`@logfac@\*(C'\fR. .Ip "mailerpath" 12 .IX Item "mailerpath" Path to mail program used to send warning mail. @@ -564,7 +570,7 @@ Defaults to the path to sendmail found at configure time. Flags to use when invoking mailer. Defaults to \fB\-t\fR. .Ip "mailto" 12 .IX Item "mailto" -Address to send warning and erorr mail to. Defaults to \*(L"root\*(R". +Address to send warning and erorr mail to. Defaults to \f(CW\*(C`@mailto@\*(C'\fR. .Ip "exempt_group" 12 .IX Item "exempt_group" Users in this group are exempt from password and \s-1PATH\s0 requirements. @@ -703,8 +709,8 @@ in the group specified by the exempt_group option. .PP By default, if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is applied to any of the entries for a user on the current host, he or she will be able to run -\&\f(CW\*(C`sudo \e-l\*(C'\fR without a password. Additionally, a user may only run -\&\f(CW\*(C`sudo \e-v\*(C'\fR without a password if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is present +\&\f(CW\*(C`sudo \-l\*(C'\fR without a password. Additionally, a user may only run +\&\f(CW\*(C`sudo \-v\*(C'\fR without a password if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is present for all a user's entries that pertain to the current host. This behavior may be overridden via the verifypw and listpw options. .Sh "Wildcards (aka meta characters):" @@ -1003,4 +1009,4 @@ as returned by the \f(CW\*(C`hostname\*(C'\fR command or use the \fIfqdn\fR opti .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3). +\&\fIrsh\fR\|(1), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3). diff --git a/sudoers.pod b/sudoers.pod index 5b80d0a7c..978a051a7 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -230,34 +230,38 @@ B: When validating with a One Time Password scheme (B or B), a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but -some people find it more convenient. This flag is off by default. +some people find it more convenient. This flag is I<@long_otp_prompt@> +by default. =item ignore_dot -If set, B will ignore '.' or '' (current dir) in C<$PATH>; -the C<$PATH> itself is not modified. This flag is off by default. +If set, B will ignore '.' or '' (current dir) in the C +environment variable; the C itself is not modified. This +flag is I<@ignore_dot@> by default. =item mail_always Send mail to the I user every time a users runs B. -This flag is off by default. +This flag is I by default. =item mail_no_user If set, mail will be sent to the I user if the invoking -user is not in the I file. This flag is on by default. +user is not in the I file. This flag is I<@mail_no_user@> +by default. =item mail_no_host If set, mail will be sent to the I user if the invoking user exists in the I file, but is not allowed to run -commands on the current host. This flag is off by default. +commands on the current host. This flag is I<@mail_no_host@> by default. =item mail_no_perms If set, mail will be sent to the I user if the invoking user allowed to use B but the command they are trying is not -listed in their I file entry. This flag is off by default. +listed in their I file entry. This flag is I<@mail_no_perms@> +by default. =item tty_tickets @@ -265,36 +269,36 @@ If set, users must authenticate on a per-tty basis. Normally, B uses a directory in the ticket dir with the same name as the user running it. With this flag enabled, B will use a file named for the tty the user is logged in on in that directory. -This flag is off by default. +This flag is I<@tty_tickets@> by default. =item lecture If set, a user will receive a short lecture the first time he/she -runs B. This flag is on by default. +runs B. This flag is I<@lecture@> by default. =item authenticate If set, users must authenticate themselves via a password (or other means of authentication) before they may run commands. This default may be overridden via the C and C tags. -This flag is on by default. +This flag is I by default. =item root_sudo If set, root is allowed to run B too. Disabling this prevents users from "chaining" B commands to get a root shell by doing something like C<"sudo sudo /bin/sh">. -This flag is on by default. +This flag is I by default. =item log_host If set, the hostname will be logged in the (non-syslog) B log file. -This flag is off by default. +This flag is I by default. =item log_year If set, the four-digit year will be logged in the (non-syslog) B log file. -This flag is off by default. +This flag is I by default. =item shell_noargs @@ -302,24 +306,25 @@ If set and B is invoked with no arguments it acts as if the B<-s> flag had been given. That is, it runs a shell as root (the shell is determined by the C environment variable if it is set, falling back on the shell listed in the invoking user's -/etc/passwd entry if not). This flag is off by default. +/etc/passwd entry if not). This flag is I by default. =item set_home If set and B is invoked with the B<-s> flag the C environment variable will be set to the home directory of the target user (which is root unless the B<-u> option is used). This effectively -makes the B<-s> flag imply B<-H>. This flag is off by default. +makes the B<-s> flag imply B<-H>. This flag is I by default. =item path_info Normally, B will tell the user when a command could not be -found in their C<$PATH>. Some sites may wish to disable this as -it could be used to gather information on the location of executables -that the normal user does not have access to. The disadvantage is -that if the executable is simply not in the user's C<$PATH>, B -will tell the user that they are not allowed to run it, which can -be confusing. This flag is off by default. +found in their C environment variable. Some sites may wish +to disable this as it could be used to gather information on the +location of executables that the normal user does not have access +to. The disadvantage is that if the executable is simply not in +the user's C, B will tell the user that they are not +allowed to run it, which can be confusing. This flag is off by +default. =item fqdn @@ -334,12 +339,12 @@ you may not use a host alias (C entry) due to performance issues and the fact that there is no way to get all aliases from DNS. If your machine's hostname (as returned by the C command) is already fully qualified you shouldn't need to set -I. This flag is off by default. +I. This flag is I<@fqdn@> by default. =item insults If set, B will insult users when they enter an incorrect -password. This flag is off by default. +password. This flag is I<@insults@> by default. =item requiretty @@ -348,7 +353,7 @@ tty. This will disallow things like C<"rsh somehost sudo ls"> since rsh(1) does not allocate a tty. Because it is not possible to turn of echo when there is no tty present, some sites may with to set this flag to prevent a user from entering a visible password. This -flag is off by default. +flag is I by default. =item env_editor @@ -358,25 +363,25 @@ Note that this may create a security hole as it allows the user to run any arbitrary command as root without logging. A safer alternative is to place a colon-separated list of editors in the C variable. B will then only use the EDITOR or VISUAL if -they match a value specified in C. This flag is off by +they match a value specified in C. This flag is C<@env_editor@> by default. =item rootpw If set, B will prompt for the root password instead of the password -of the invoking user. This flag is off by default. +of the invoking user. This flag is I by default. =item runaspw If set, B will prompt for the password of the user defined by the -I option (defaults to root) instead of the password -of the invoking user. This flag is off by default. +I option (defaults to C) instead of the password +of the invoking user. This flag is I by default. =item targetpw If set, B will prompt for the password of the user specified by -the B<-u> flag (defaults to root) instead of the password of the -invoking user. This flag is off by default. +the B<-u> flag (defaults to C) instead of the password of the +invoking user. This flag is I by default. =item set_logname @@ -390,7 +395,7 @@ to change this behavior. This can be done by negating the set_logname option. If set, B will apply the defaults specified for the target user's login class if one exists. Only available if B is configured with -the --with-logincap option. This flag is off by default. +the --with-logincap option. This flag is I by default. =back @@ -401,7 +406,7 @@ B: =item passwd_tries The number of tries a user gets to enter his/her password before -B logs the failure and exits. The default is 3. +B logs the failure and exits. The default is C<@passwd_tries@>. =back @@ -414,22 +419,23 @@ B: Number of characters per line for the file log. This value is used to decide when to wrap lines for nicer log files. This has no effect on the syslog log file, only the file log. The default is -80 (use 0 or negate to disable word wrap). +C<@loglen@> (use 0 or negate the option to disable word wrap). =item timestamp_timeout -Number of minutes that can elapse before B will ask for a passwd -again. The default is 5, set this to 0 to always prompt for a password. +Number of minutes that can elapse before B will ask for a +passwd again. The default is C<@timeout@>, set this to C<0> to always +prompt for a password. =item passwd_timeout Number of minutes before the B password prompt times out. -The default is 5, set this to 0 for no password timeout. +The default is C<@password_timeout@>, set this to C<0> for no password timeout. =item umask Umask to use when running the root command. Set this to 0777 to -not override the user's umask. The default is 0022. +not override the user's umask. The default is C<@sudo_umask@>. =back @@ -441,39 +447,39 @@ B: Subject of the mail sent to the I user. The escape C<%h> will expand to the hostname of the machine. -Default is "*** SECURITY information for %h ***". +Default is C<@mailsub@>. =item badpass_message Message that is displayed if a user enters an incorrect password. -The default is "Sorry, try again." unless insults are enabled. +The default is C<@badpass_message@> unless insults are enabled. =item timestampdir The directory in which B stores its timestamp files. -The default is F<@TIMEDIR@>. +The default is F<@timedir@>. =item passprompt The default prompt to use when asking for a password; can be overridden via the B<-p> option or the C environment variable. Supports two escapes: "%u" expands to the user's login name and "%h" expands -to the local hostname. The default value is "Password:". +to the local hostname. The default value is C<@passprompt@>. =item runas_default The default user to run commands as if the B<-u> flag is not specified -on the command line. This defaults to "root". +on the command line. This defaults to C<@runas_default@>. =item syslog_goodpri Syslog priority to use when user authenticates successfully. -Defaults to "notice". +Defaults to C<@goodpri@>. =item syslog_badpri Syslog priority to use when user authenticates unsuccessfully. -Defaults to "alert". +Defaults to C<@badpri@>. =item editor @@ -497,7 +503,7 @@ turns on logging to a file, negating this option turns it off. =item syslog Syslog facility if syslog is being used for logging (negate to -disable syslog logging). Defaults to "local2". +disable syslog logging). Defaults to C<@logfac@>. =item mailerpath @@ -510,7 +516,7 @@ Flags to use when invoking mailer. Defaults to B<-t>. =item mailto -Address to send warning and erorr mail to. Defaults to "root". +Address to send warning and erorr mail to. Defaults to C<@mailto@>. =item exempt_group @@ -934,4 +940,4 @@ I. =head1 SEE ALSO -sudo(8), visudo(8), su(1), fnmatch(3). +rsh(1), sudo(8), visudo(8), su(1), fnmatch(3). diff --git a/visudo.cat b/visudo.cat index 051381d90..50edb4e0b 100644 --- a/visudo.cat +++ b/visudo.cat @@ -16,15 +16,26 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN ple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the _s_u_d_o_e_r_s file is currently being edited you will receive a message to try again - later. In the default configuration, the _v_i(1) editor is - used, but there is a compile time option to allow use of - whatever editor the environment variables `EDITOR' or - `VISUAL' are set to. + later. + + There is a hard-coded list of editors that vvvviiiissssuuuuddddoooo will use + set at compile time that may be overridden via the _e_d_i_t_o_r + _s_u_d_o_e_r_s `Default' variable. This list defaults to the + path to _v_i(1) on your system, as determined by the _c_o_n_f_i_g_­ + _u_r_e script. Normally, vvvviiiissssuuuuddddoooo does not honor the `EDITOR' + or `VISUAL' environment variables unless they contain an + editor in the aforementioned editors list. However, if + vvvviiiissssuuuuddddoooo is configured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r flag or the + _e_n_v_e_d_i_t_o_r `Default' variable is set in _s_u_d_o_e_r_s, vvvviiiissssuuuuddddoooo + will use any the editor defines by `EDITOR' or `VISUAL'. + Note that this can be a security hole since it allows the + user to execute any program they wish simply by setting + `EDITOR' or `VISUAL'. vvvviiiissssuuuuddddoooo parses the _s_u_d_o_e_r_s file after the edit and will not save the changes if there is a syntax error. Upon finding an error, a message will be printed stating the line - _n_u_m_b_e_r(s) that the error occurred on and the user will + _n_u_m_b_e_r(s) where the error occurred and the user will receive the "What now?" prompt. At this point the user may enter "e" to re-edit the _s_u_d_o_e_r_s file, enter "x" to exit without saving the changes, or "Q" to quit and save @@ -47,28 +58,27 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS or username that consists solely of upper case let­ ters, digits, and the underscore ('_') character. - -V The ----VVVV (version) option causes vvvviiiissssuuuuddddoooo to print the - version number and exit. -EEEERRRRRRRROOOORRRRSSSS - sudoers file busy, try again later. - Someone else is currently editing the _s_u_d_o_e_r_s file. - /etc/sudoers.tmp: Permission denied - You didn't run vvvviiiissssuuuuddddoooo as root. +August 13, 2000 1.6.4 1 -April 22, 2000 1.6.3 1 - +visudo(1m) MAINTENANCE COMMANDS visudo(1m) + -V The ----VVVV (version) option causes vvvviiiissssuuuuddddoooo to print the + version number and exit. -visudo(1m) MAINTENANCE COMMANDS visudo(1m) +EEEERRRRRRRROOOORRRRSSSS + sudoers file busy, try again later. + Someone else is currently editing the _s_u_d_o_e_r_s file. + /etc/sudoers.tmp: Permission denied + You didn't run vvvviiiissssuuuuddddoooo as root. Can't find you in the passwd database Your userid does not appear in the system passwd file. @@ -115,18 +125,74 @@ DDDDIIIISSSSCCCCLLLLAAAAIIIIMMMMEEEERRRR purpose are disclaimed. See the LICENSE file distributed with ssssuuuuddddoooo for complete details. + + +August 13, 2000 1.6.4 2 + + + + + +visudo(1m) MAINTENANCE COMMANDS visudo(1m) + + CCCCAAAAVVVVEEEEAAAATTTTSSSS There is no easy way to prevent a user from gaining a root shell if the editor used by vvvviiiissssuuuuddddoooo allows shell escapes. SSSSEEEEEEEE AAAALLLLSSSSOOOO - _s_u_d_o(1m), _v_i_p_w(8). + _v_i(1), _s_u_d_o(1m), _v_i_p_w(8). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -April 22, 2000 1.6.3 2 +August 13, 2000 1.6.4 3 diff --git a/visudo.man.in b/visudo.man.in index 0cda55f8f..b2b6ad893 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -1,5 +1,5 @@ -.\" Automatically generated by Pod::Man version 1.02 -.\" Sat Apr 22 12:13:38 2000 +.\" Automatically generated by Pod::Man version 1.04 +.\" Sun Aug 13 14:54:27 2000 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "visudo @mansectsu@" -.TH visudo @mansectsu@ "1.6.3" "April 22, 2000" "MAINTENANCE COMMANDS" +.TH visudo @mansectsu@ "1.6.4" "August 13, 2000" "MAINTENANCE COMMANDS" .UC .SH "NAME" visudo \- edit the sudoers file @@ -151,15 +151,24 @@ visudo \- edit the sudoers file \&\fIvipw\fR\|(@mansectsu@). \fBvisudo\fR locks the \fIsudoers\fR file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the \fIsudoers\fR file is currently being -edited you will receive a message to try again later. In the -default configuration, the \fIvi\fR\|(1) editor is used, but there is -a compile time option to allow use of whatever editor the -environment variables \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR are set to. +edited you will receive a message to try again later. +.PP +There is a hard-coded list of editors that \fBvisudo\fR will use set +at compile time that may be overridden via the \fIeditor\fR \fIsudoers\fR +\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on +your system, as determined by the \fIconfigure\fR script. Normally, +\&\fBvisudo\fR does not honor the \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR environment +variables unless they contain an editor in the aforementioned editors +list. However, if \fBvisudo\fR is configured with the \fI\*(--with-enveditor\fR +flag or the \fIenveditor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, +\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR. +Note that this can be a security hole since it allows the user to +execute any program they wish simply by setting \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR. .PP \&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will not save the changes if there is a syntax error. Upon finding an error, a message will be printed stating the line \fInumber\fR\|(s) -that the error occurred on and the user will receive the +where the error occurred and the user will receive the \&\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R" to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without saving the changes, or \*(L"Q\*(R" to quit and save changes. The @@ -243,4 +252,4 @@ There is no easy way to prevent a user from gaining a root shell if the editor used by \fBvisudo\fR allows shell escapes. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8). +\&\fIvi\fR\|(1), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8). diff --git a/visudo.pod b/visudo.pod index d261e32fc..51940b548 100644 --- a/visudo.pod +++ b/visudo.pod @@ -49,15 +49,24 @@ B edits the I file in a safe fashion, analogous to vipw(8). B locks the I file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the I file is currently being -edited you will receive a message to try again later. In the -default configuration, the vi(1) editor is used, but there is -a compile time option to allow use of whatever editor the -environment variables C or C are set to. +edited you will receive a message to try again later. + +There is a hard-coded list of editors that B will use set +at compile time that may be overridden via the I I +C variable. This list defaults to the path to vi(1) on +your system, as determined by the I script. Normally, +B does not honor the C or C environment +variables unless they contain an editor in the aforementioned editors +list. However, if B is configured with the I<--with-enveditor> +flag or the I C variable is set in I, +B will use any the editor defines by C or C. +Note that this can be a security hole since it allows the user to +execute any program they wish simply by setting C or C. B parses the I file after the edit and will not save the changes if there is a syntax error. Upon finding an error, a message will be printed stating the line number(s) -that the error occurred on and the user will receive the +where the error occurred and the user will receive the "What now?" prompt. At this point the user may enter "e" to re-edit the I file, enter "x" to exit without saving the changes, or "Q" to quit and save changes. The @@ -158,4 +167,4 @@ the editor used by B allows shell escapes. =head1 SEE ALSO -sudo(8), vipw(8). +vi(1), sudo(8), vipw(8).