From 8a6dcebd8a8d302a25df4627fb579c9a3cc07c71 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sat, 26 Sep 2009 15:34:46 +0000
Subject: [PATCH] Hook up --disable-transcript and --enable-transcript=DIR

---
 INSTALL      |  10 +++
 Makefile.in  |  14 +--
 aclocal.m4   |  29 +++---
 configure    | 244 +++++++++++++++++++++++++++++++++++++++++++++------
 configure.in |  33 +++----
 sudo.c       |  12 +++
 6 files changed, 277 insertions(+), 65 deletions(-)

diff --git a/INSTALL b/INSTALL
index b58852b98..38e0e981c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -591,6 +591,16 @@ The following options are also configurable at runtime:
 	if the executable is simply not in the user's path, sudo will tell
 	the user that they are not allowed to run it, which can be confusing.
 
+  --disable-transcript
+        Disable sudo's transcript support.  This can be used to allow sudo
+	to be compiled on systems without pseudo-tty support.
+
+  --enable-transcript[=DIR]
+	By default, sudo stores transcript files in either
+	/var/log/sudo-transcript, /var/adm/sudo-transcript, or
+	/usr/log/sudo-transcript.  If DIR is specified, transcripts
+	will be stored in the indicated directory instead.
+
 Shadow password and C2 support
 ==============================
 
diff --git a/Makefile.in b/Makefile.in
index 26935e105..d9bcf1b17 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -133,10 +133,10 @@ COMMON_OBJS = alias.o alloc.o defaults.o error.o getline.o gram.o \
 	      list.o match.o pwutil.o timestr.o toke.o redblack.o \
 	      zero_bytes.o @NONUNIX_GROUPS_IMPL@
 
-SUDO_OBJS = $(AUTH_OBJS) @SUDO_OBJS@ audit.o check.o env.o \
-	    getspwuid.o gettime.o goodpath.o fileops.o find_path.o \
-	    interfaces.o lbuf.o logging.o parse.o script.o \
-	    set_perms.o sudo.o sudo_edit.o sudo_nss.o term.o tgetpass.o
+SUDO_OBJS = $(AUTH_OBJS) @SUDO_OBJS@ audit.o check.o \
+	    env.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o \
+	    interfaces.o lbuf.o logging.o parse.o set_perms.o sudo.o \
+	    sudo_edit.o sudo_nss.o term.o tgetpass.o
 
 VISUDO_OBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o
 
@@ -456,9 +456,9 @@ install-binaries: install-dirs $(PROGS)
 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)$(sudodir)/sudo
 	rm -f $(DESTDIR)$(sudodir)/sudoedit
 	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
-	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sudoreplay $(DESTDIR)$(sudodir)/sudoreplay
+	test -r sudoreplay && $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sudoreplay $(DESTDIR)$(sudodir)/sudoreplay
 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
-@SELINUX@	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh
+	test -r sesh && $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh
 
 install-noexec: install-dirs sudo_noexec.la
 	test -f .libs/$(noexecfile) && $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir)
@@ -472,7 +472,7 @@ install-man: install-dirs
 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
 	@rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
 	ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
-	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
+	@REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
 	@LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
diff --git a/aclocal.m4 b/aclocal.m4
index 4591886b9..ac24ef68f 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -161,21 +161,22 @@ dnl
 dnl Where the transcript files go, use /var/log/sudo-transcript if
 dnl /var/log exists, else /{var,usr}/adm/sudo-transcript
 dnl
-if test "$TRANSCRIPT" != "no"; then
-    AC_DEFUN(SUDO_TRANSCRIPT, [AC_MSG_CHECKING(for transcript dir location)
-    if test "$TRANSCRIPT" != "yes"; then
-	:
-    elif test -d "/var/log"; then
-	TRANSCRIPT="/var/log/sudo-transcript"
-    elif test -d "/var/adm"; then
-	TRANSCRIPT="/var/adm/sudo-transcript"
-    else
-	TRANSCRIPT="/usr/adm/sudo-transcript"
+AC_DEFUN(SUDO_TRANSCRIPT, [
+    if test "${enable_transcript-no}" != "no"; then
+	AC_MSG_CHECKING(for transcript dir location)
+	if test "$enable_transcript" != "yes"; then
+	    :
+	elif test -d "/var/log"; then
+	    enable_transcript="/var/log/sudo-transcript"
+	elif test -d "/var/adm"; then
+	    enable_transcript="/var/adm/sudo-transcript"
+	else
+	    enable_transcript="/usr/adm/sudo-transcript"
+	fi
+	SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TRANSCRIPT, "$enable_transcript")
+	AC_MSG_RESULT($enable_transcript)
     fi
-    AC_MSG_RESULT($TRANSCRIPT)
-    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TRANSCRIPT, "$TRANSCRIPT")
-    ])dnl
-fi
+])dnl
 
 dnl
 dnl SUDO_CHECK_TYPE(TYPE, DEFAULT)
diff --git a/configure b/configure
index 57ecf4195..a3903a417 100755
--- a/configure
+++ b/configure
@@ -821,7 +821,6 @@ SUDOERS_MODE
 SUDOERS_UID
 SUDOERS_GID
 DEV
-SELINUX
 BAMAN
 LCMAN
 SEMAN
@@ -837,6 +836,7 @@ DONT_LEAK_PATH_INFO
 BSDAUTH_USAGE
 SELINUX_USAGE
 LDAP
+REPLAY
 LOGINCAP_USAGE
 NONUNIX_GROUPS_IMPL
 timedir
@@ -876,6 +876,8 @@ ac_ct_CC
 EXEEXT
 OBJEXT
 CPP
+AR
+RANLIB
 build
 build_cpu
 build_vendor
@@ -889,8 +891,6 @@ GREP
 EGREP
 LN_S
 ECHO
-AR
-RANLIB
 STRIP
 DSYMUTIL
 NMEDIT
@@ -2154,7 +2154,7 @@ path_info=on
 secure_path="not set"
 INSTALL_NOEXEC=
 devdir='$(srcdir)'
-PROGS="sudo visudo sudoreplay"
+PROGS="sudo visudo"
 : ${MANTYPE='man'}
 : ${mansrcdir='.'}
 : ${SUDOERS_MODE='0440'}
@@ -2162,7 +2162,7 @@ PROGS="sudo visudo sudoreplay"
 : ${SUDOERS_GID='0'}
 DEV="#"
 LDAP="#"
-SELINUX="#"
+REPLAY="#"
 BAMAN='.\" '
 LCMAN='.\" '
 SEMAN='.\" '
@@ -2172,7 +2172,6 @@ AUTH_EXCL=
 AUTH_EXCL_DEF=
 AUTH_DEF=passwd
 
-TRANSCRIPT=yes
 CHECKSHADOW=true
 shadow_defs=
 shadow_funcs=
@@ -4119,15 +4118,7 @@ fi
 
 # Check whether --enable-transcript was given.
 if test "${enable_transcript+set}" = set; then
-  enableval=$enable_transcript;  case "$enableval" in
-    yes)	TRANSCRIPT=yes
-		;;
-    no)		TRANSCRIPT=no
-		;;
-    *)		TRANSCRIPT="$enableval"
-		;;
-  esac
-
+  enableval=$enable_transcript;
 fi
 
 
@@ -4143,7 +4134,6 @@ _ACEOF
 		SUDO_LIBS="${SUDO_LIBS} -lselinux"
 		SUDO_OBJS="${SUDO_OBJS} selinux.o"
 		PROGS="${PROGS} sesh"
-		SELINUX=""
 		SEMAN=""
 		;;
     no)		;;
@@ -5443,6 +5433,198 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$AR"; then
+  ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AR="${ac_tool_prefix}ar"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+  { echo "$as_me:$LINENO: result: $AR" >&5
+echo "${ECHO_T}$AR" >&6; }
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+  ac_ct_AR=$AR
+  # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_AR"; then
+  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_AR="ar"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+  { echo "$as_me:$LINENO: result: $ac_ct_AR" >&5
+echo "${ECHO_T}$ac_ct_AR" >&6; }
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+  if test "x$ac_ct_AR" = x; then
+    AR="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf@gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    AR=$ac_ct_AR
+  fi
+else
+  AR="$ac_cv_prog_AR"
+fi
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  { echo "$as_me:$LINENO: result: $RANLIB" >&5
+echo "${ECHO_T}$RANLIB" >&6; }
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
+echo "${ECHO_T}$ac_ct_RANLIB" >&6; }
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf@gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf@gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
 
 ac_aux_dir=
 for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
@@ -6285,7 +6467,7 @@ ia64-*-hpux*)
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 6288 "configure"' > conftest.$ac_ext
+  echo '#line 6470 "configure"' > conftest.$ac_ext
   if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -8149,11 +8331,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8152: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8334: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:8156: \$? = $ac_status" >&5
+   echo "$as_me:8338: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -8439,11 +8621,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8442: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8624: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:8446: \$? = $ac_status" >&5
+   echo "$as_me:8628: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -8543,11 +8725,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8546: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8728: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:8550: \$? = $ac_status" >&5
+   echo "$as_me:8732: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -10903,7 +11085,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 10906 "configure"
+#line 11088 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11003,7 +11185,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 11006 "configure"
+#line 11188 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -25158,6 +25340,12 @@ EOF
 
 
 
+if test "${enable_transcript-no}" != "no"; then
+    SUDO_OBJS="${SUDO_OBJS} script.o"
+    PROGS="$PROGS sudoreplay"
+    REPLAY=""
+fi
+
 case "$with_passwd" in
 yes|maybe)
     AUTH_OBJS="$AUTH_OBJS passwd.o"
@@ -25905,7 +26093,6 @@ SUDOERS_MODE!$SUDOERS_MODE$ac_delim
 SUDOERS_UID!$SUDOERS_UID$ac_delim
 SUDOERS_GID!$SUDOERS_GID$ac_delim
 DEV!$DEV$ac_delim
-SELINUX!$SELINUX$ac_delim
 BAMAN!$BAMAN$ac_delim
 LCMAN!$LCMAN$ac_delim
 SEMAN!$SEMAN$ac_delim
@@ -25921,6 +26108,7 @@ DONT_LEAK_PATH_INFO!$DONT_LEAK_PATH_INFO$ac_delim
 BSDAUTH_USAGE!$BSDAUTH_USAGE$ac_delim
 SELINUX_USAGE!$SELINUX_USAGE$ac_delim
 LDAP!$LDAP$ac_delim
+REPLAY!$REPLAY$ac_delim
 LOGINCAP_USAGE!$LOGINCAP_USAGE$ac_delim
 NONUNIX_GROUPS_IMPL!$NONUNIX_GROUPS_IMPL$ac_delim
 timedir!$timedir$ac_delim
@@ -26001,6 +26189,8 @@ ac_ct_CC!$ac_ct_CC$ac_delim
 EXEEXT!$EXEEXT$ac_delim
 OBJEXT!$OBJEXT$ac_delim
 CPP!$CPP$ac_delim
+AR!$AR$ac_delim
+RANLIB!$RANLIB$ac_delim
 build!$build$ac_delim
 build_cpu!$build_cpu$ac_delim
 build_vendor!$build_vendor$ac_delim
@@ -26014,8 +26204,6 @@ GREP!$GREP$ac_delim
 EGREP!$EGREP$ac_delim
 LN_S!$LN_S$ac_delim
 ECHO!$ECHO$ac_delim
-AR!$AR$ac_delim
-RANLIB!$RANLIB$ac_delim
 STRIP!$STRIP$ac_delim
 DSYMUTIL!$DSYMUTIL$ac_delim
 NMEDIT!$NMEDIT$ac_delim
diff --git a/configure.in b/configure.in
index c75187352..177d9f73d 100644
--- a/configure.in
+++ b/configure.in
@@ -34,7 +34,6 @@ AC_SUBST(SUDOERS_MODE)
 AC_SUBST(SUDOERS_UID)
 AC_SUBST(SUDOERS_GID)
 AC_SUBST(DEV)
-AC_SUBST(SELINUX)
 AC_SUBST(BAMAN)
 AC_SUBST(LCMAN)
 AC_SUBST(SEMAN)
@@ -50,6 +49,7 @@ AC_SUBST(DONT_LEAK_PATH_INFO)
 AC_SUBST(BSDAUTH_USAGE)
 AC_SUBST(SELINUX_USAGE)
 AC_SUBST(LDAP)
+AC_SUBST(REPLAY)
 AC_SUBST(LOGINCAP_USAGE)
 AC_SUBST(NONUNIX_GROUPS_IMPL)
 dnl
@@ -121,7 +121,7 @@ dnl
 dnl Initial values for Makefile variables listed above
 dnl May be overridden by environment variables..
 dnl
-PROGS="sudo visudo sudoreplay"
+PROGS="sudo visudo"
 : ${MANTYPE='man'}
 : ${mansrcdir='.'}
 : ${SUDOERS_MODE='0440'}
@@ -129,7 +129,7 @@ PROGS="sudo visudo sudoreplay"
 : ${SUDOERS_GID='0'}
 DEV="#"
 LDAP="#"
-SELINUX="#"
+REPLAY="#"
 BAMAN='.\" '
 LCMAN='.\" '
 SEMAN='.\" '
@@ -142,7 +142,6 @@ AUTH_DEF=passwd
 dnl
 dnl Other vaiables
 dnl
-TRANSCRIPT=yes
 CHECKSHADOW=true
 shadow_defs=
 shadow_funcs=
@@ -1219,17 +1218,9 @@ AC_ARG_ENABLE(env_debug,
   esac
 ], AC_MSG_RESULT(no))
 
+dnl we check enable_transcript later
 AC_ARG_ENABLE(transcript,
-[AS_HELP_STRING([--enable-transcript[[=DIR]]], [Enable Sudo's transcript support, storing them in DIR])],
-[ case "$enableval" in
-    yes)	TRANSCRIPT=yes
-		;;
-    no)		TRANSCRIPT=no
-		;;
-    *)		TRANSCRIPT="$enableval"
-		;;
-  esac
-])
+[AS_HELP_STRING([--enable-transcript[[=DIR]]], [Enable Sudo's transcript support, storing them in DIR])])
 
 AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
 [case $with_selinux in
@@ -1238,7 +1229,6 @@ AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])
 		SUDO_LIBS="${SUDO_LIBS} -lselinux"
 		SUDO_OBJS="${SUDO_OBJS} selinux.o"
 		PROGS="${PROGS} sesh"
-		SELINUX=""
 		SEMAN=""
 		;;
     no)		;;
@@ -1273,6 +1263,8 @@ dnl C compiler checks
 dnl
 AC_ISC_POSIX
 AC_PROG_CPP
+AC_CHECK_TOOL(AR, ar, false)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
 
 dnl
 dnl Libtool magic; enable shared libs and disable static libs
@@ -2579,12 +2571,21 @@ if test -n "$blibpath"; then
 fi
 
 dnl
-dnl Check for log file and timestamp locations
+dnl Check for log file, timestamp and transcript locations
 dnl
 SUDO_LOGFILE
 SUDO_TIMEDIR
 SUDO_TRANSCRIPT
 
+dnl
+dnl If transcript is enabled, build sudoreplay and add script.o for sudo
+dnl
+if test "${enable_transcript-no}" != "no"; then
+    SUDO_OBJS="${SUDO_OBJS} script.o"
+    PROGS="$PROGS sudoreplay"
+    REPLAY=""
+fi
+
 dnl
 dnl Use passwd (and secureware) auth modules?
 dnl
diff --git a/sudo.c b/sudo.c
index 4eb34e858..8a442fdd3 100644
--- a/sudo.c
+++ b/sudo.c
@@ -460,9 +460,11 @@ main(argc, argv, envp)
 		validate_env_vars(sudo_user.env_vars);
 	}
 
+#ifdef _PATH_SUDO_TRANSCRIPT
 	/* Get next session ID so we can log it. */
 	if (def_transcript && ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)))
 	    script_nextid();
+#endif
 
 	log_allowed(validated);
 	if (ISSET(sudo_mode, MODE_CHECK))
@@ -502,9 +504,11 @@ main(argc, argv, envp)
 	/* Must audit before uid change. */
 	audit_success(NewArgv);
 
+#ifdef _PATH_SUDO_TRANSCRIPT
 	/* Open tty as needed */
 	if (def_transcript)
 	    script_setup();
+#endif
 
 	/* Become specified user or root if executing a command. */
 	if (ISSET(sudo_mode, MODE_RUN))
@@ -549,8 +553,12 @@ main(argc, argv, envp)
 	sudo_endgrent();
 
 	/* Move pty master/slave to low numbered fd and close the rest. */
+#ifdef _PATH_SUDO_TRANSCRIPT
 	fd = def_transcript ? script_duplow(def_closefrom) : def_closefrom;
 	closefrom(fd);
+#else
+	closefrom(def_closefrom);
+#endif
 
 #ifndef PROFILING
 	if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) {
@@ -563,9 +571,11 @@ main(argc, argv, envp)
 		selinux_exec(user_role, user_type, NewArgv,
 		    ISSET(sudo_mode, MODE_LOGIN_SHELL));
 #endif
+#ifdef _PATH_SUDO_TRANSCRIPT
 	    if (def_transcript)
 		script_execv(safe_cmnd, NewArgv);
 	    else
+#endif
 		execv(safe_cmnd, NewArgv);
 	}
 #else
@@ -1460,8 +1470,10 @@ cleanup(gotsignal)
 	sudo_endpwent();
 	sudo_endgrent();
     }
+#ifdef _PATH_SUDO_TRANSCRIPT
     if (def_transcript)
 	term_restore(STDIN_FILENO);
+#endif
 }
 
 static void
-- 
2.40.0