Project import
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..df9b15b
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,110 @@
+#
+# Copyright (c) 2010-2011 Nest, Inc.
+# All rights reserved.
+#
+# This document is the property of Nest. It is considered
+# confidential and proprietary information.
+#
+# This document may not be reproduced or transmitted in any form,
+# in whole or in part, without the express written permission of
+# Nest.
+#
+# Description:
+# This file is the makefile for the "Super User Do" (sudo) utility.
+#
+
+BuildConfigSpecialized := No
+BuildProductSpecialized := No
+
+include pre.mak
+
+PackageName := sudo
+
+PackageExtension := tar.gz
+PackageSeparator := -
+
+PackagePatchArgs := -p1
+
+PackageArchive := $(PackageName).$(PackageExtension)
+PackageSourceDir := $(PackageName)$(PackageSeparator)$(PackageVersion)
+
+PackageBuildMakefile = $(call GenerateBuildPaths,Makefile)
+
+CleanPaths += $(PackageLicenseFile)
+
+all: $(PackageDefaultGoal)
+
+# Generate the package license contents.
+
+$(PackageSourceDir)/LICENSE: source
+
+$(PackageLicenseFile): $(PackageSourceDir)/LICENSE
+ $(copy-result)
+
+# Extract the source from the archive and apply patches, if any.
+
+$(PackageSourceDir): $(PackageArchive) $(PackagePatchPaths)
+ $(expand-and-patch-package)
+
+# Prepare the sources.
+
+.PHONY: source
+source: | $(PackageSourceDir)
+
+# Patch the sources, if necessary.
+
+.PHONY: patch
+patch: source
+
+# Generate the package build makefile.
+
+$(PackageBuildMakefile): | $(PackageSourceDir) $(BuildDirectory) $(ResultDirectory)
+ $(Verbose)cd $(BuildDirectory) && \
+ $(CURDIR)/$(PackageSourceDir)/configure \
+ CC="$(CC)" AR=$(AR) RANLIB=$(RANLIB) STRIP=$(STRIP) \
+ INSTALL="$(INSTALL) $(INSTALLFLAGS)" \
+ sudo_cv_uid_t_len=10 \
+ --build=$(HostTuple) \
+ --host=$(TargetTuple) \
+ --enable-shared \
+ --enable-fast-install \
+ --without-lecture \
+ --with-logging="syslog" \
+ --without-sendmail \
+ --without-insults \
+ --without-ldap \
+ --disable-pam-session \
+ --without-pam \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var
+
+# Configure the source for building.
+
+.PHONY: configure
+configure: source $(PackageBuildMakefile)
+
+# Build the source.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: build
+build: configure
+ $(Verbose)unset MAKEFLAGS && \
+ $(MAKE) $(JOBSFLAG) -C $(BuildDirectory) all
+
+# Stage the build to a temporary installation area.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: stage
+stage: build | $(ResultDirectory)
+ $(Verbose)unset MAKEFLAGS && \
+ $(MAKE) $(JOBSFLAG) -C $(BuildDirectory) DESTDIR=$(ResultDirectory) install
+
+clean:
+ $(Verbose)$(RM) $(RMFLAGS) -r $(PackageSourceDir)
+ $(Verbose)$(RM) $(RMFLAGS) -r $(BuildDirectory)
+ $(Verbose)$(RM) $(RMFLAGS) -r $(ResultDirectory)
+
+include post.mak
diff --git a/sudo-1.7.4p4/ChangeLog b/sudo-1.7.4p4/ChangeLog
new file mode 100644
index 0000000..d5247b7
--- /dev/null
+++ b/sudo-1.7.4p4/ChangeLog
@@ -0,0 +1,24861 @@
+2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ When matching the runas user and runas group (-u and -g command line
+ options), keep track of runas group and runas user matches
+ separately. Only return a positive match if we have a match for
+ both runas user and runas group (if specified).
+ [68d30216c13a]
+
+2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, parse.c:
+ Do not return -1 on error from the display functions; the call
+ expects a return value >= 0.
+ [e50e6ae4d06d]
+
+ * ldap.c:
+ display_bound_defaults now returns a count so make the stub return
+ 0, not 1.
+ [97293ced4908]
+
+2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * get_pty.c:
+ It looks like AIX doesn't need to push STREAMS modules for ptys.
+ [62c281fcd4ad]
+
+2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Install sudoers file from the build dir not hte src dir.
+ [a26afd8db531]
+
+2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ If runas_pw changes, reset the stashed runas aux group vector.
+ Otherwise, if runas_default is set in a per-command Defaults
+ statement, the command runs with root's aux group vector (i.e. the
+ one that was used when locating the command).
+ [24a695707b67]
+
+ * Makefile.in:
+ Add target to generate sudoers file Remove generated sudoers file as
+ part of distclean
+ [448627fc35b6]
+
+2010-08-23 millert <millert@rh4-x86.home.courtesan.com>
+
+ * exec.c:
+ When not logging I/O install a handler for SIGCONT and deliver it to
+ the command upon resume. Fixes bugzilla #431
+ [e84690aa67bd]
+
+2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Don't need to fork and wait when compiled with --disable-pam-session
+ [2ae1bbe4437a]
+
+2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lbuf.c:
+ Convert a remaining puts() and putchar() to use the output function.
+ [d68c213feb0f]
+
+2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Replace sudoers with sudoers.in in DISTFILES
+ [616509f85d6c]
+
+ * env.c:
+ Set dupcheck to TRUE when setting new HOME value if !env_reset but
+ always_set_home is true. Prevents a duplicate HOME in the
+ environment (old value plus the new one) introduced in 9f97e4b43a4b.
+ [2672ae047984]
+
+ * configure, configure.in, sudoers, sudoers.in:
+ Substitute sysconfdir in the installed sudoers file to get the
+ correct path for sudoers.d.
+ [ab14a68e546f]
+
+2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * boottime.c, get_pty.c:
+ Fix typos that prevented compilation on Irix; Friedrich Haubensak
+ [a3e6c5a66890]
+
+2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ If the user hits ^C while a password is being read, error out before
+ reading any further passwords in the pam conversation function.
+ Otherwise, if multiple PAM auth methods are required, the user will
+ have to hit ^C for each one.
+ [c8f6bc58fd86]
+
+2010-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec.c:
+ Fix waitpid() loop termination condition.
+ [97719b3259f2]
+
+ * exec_pty.c:
+ Use sudo_waitpid() instead of bare waitpid()
+ [624a40269189]
+
+2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Set pp_kit_version and strip off patchlevel
+ [814c87778567]
+
+ * sudo.pp:
+ Better handling of versions with a patchlevel. For rpm and deb, use
+ the patchlevel+1 as the release. For AIX, use the patchlevel as the
+ 4th version number. For the rest, just leave the patchlevel in the
+ version string.
+ [d18ef30f0a72]
+
+2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c:
+ For non-standalone auth methods, stop reading the password if the
+ user enters ^C at the prompt.
+ [59d2b1328d1e]
+
+ * check.c:
+ When removing/resetting the timestamp file ignore the tty ticket
+ contents.
+ [8b285f601ec0]
+
+2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * UPGRADE:
+ Fix typo
+ [0f443aa22e96]
+
+2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Do not produce a warning for "sudo -k" if the ticket file does not
+ exist.
+ [eeaaa73d7f5b]
+
+2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure:
+ Add cross-compile defaults for remaining AC_TRY_RUN usage.
+ [fb88d22eabc6]
+
+2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
+ Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
+ and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
+ [5e7cc557a46e]
+
+2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_7_4 for changeset 2920a3b9d568
+ [e929004d5102]
+
+ * pp:
+ Debian: Remove dots from decoded release number AIX: looser matching
+ of file command output for AIX 5.1
+ [2920a3b9d568] [SUDO_1_7_4]
+
+ * .hgtags:
+ Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
+ [cf65ddcec602]
+
+2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec_pty.c:
+ exec_monitor is static
+ [0d844aa34c1d]
+
+ * pp:
+ Update to latest version
+ [7b8a00defbd6]
+
+2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Let pp determine pp_aix_version itself.
+ [c5ee7944af03]
+
+ * INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
+ Add support for Ubuntu admin flag file and enable it when building
+ Ubuntu packages.
+ [2d97501cda0c]
+
+ * sudo.pp, sudoers:
+ Add commented out SuSE-like targetpw settings
+ [f4ad331ace46]
+
+ * configure, configure.in:
+ Only try to use +DAportable for non-GCC on hppa Check the value of
+ $pic_flag insteaf of whether the compiler is ANSI C when detecting
+ the HP-UX bundled C compiler.
+ [654da0091c16]
+
+ * configure, configure.in:
+ Prevent configure from adding the -g flag unless in devel mode
+ [e3c11f228c56]
+
+2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Go back to sudo-flavor to match existing packages and only use an
+ underscore for those that need it.
+ [1f78ecf3b990]
+
+ * sudo.pp:
+ Use sudo_$flavor instead of sudo-$flavor since that causes the least
+ amount of trouble for the various package managers.
+ [7e1e07115788]
+
+ * mkpkg:
+ Fix handling of the ldap flavor Remove destdir unless --debug was
+ specified Make distclean before running configure if there is a
+ Makefile present
+ [2bde3925346d]
+
+ * configure, configure.in:
+ Back out version change in 5baf2187a138
+ [bbc3a81afbba]
+
+ * mkpkg:
+ Pass extra args on to configure on HP-UX, if we don't have the HP C
+ compiler, disable zlib to prevent gcc from finding it in
+ /usr/local/lib.
+ [87201c7f1116]
+
+ * configure, configure.in, mkpkg:
+ Use the HP ANSI C compiler on HP-UX if possible
+ [5baf2187a138]
+
+ * sudoreplay.c:
+ Some getline() implementations (FreeBSD 8.0) do not ignore the
+ length pointer when the line pointer is NULL as they should.
+ [8652300785ed]
+
+ * sudoreplay.c:
+ Don't need to check for *cp being non-zero, isdigit() will do that.
+ [107301a99b6a]
+
+ * sudoreplay.c:
+ Add setlocale() so the command line arguments that use floating
+ point work in different locales. Since sudo now logs the timing
+ data in the C locale we must Parse the seconds in the timing file
+ manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
+ the number of seconds with the user's locale so if the decimal point
+ is not '.' try using the locale-specific version.
+ [2b8ed181e37c]
+
+ * exec.c:
+ Do I/O logging in the C locale so the floating point numbers in the
+ timing file are not locale-dependent.
+ [18abbca14078]
+
+ * sudoreplay.c:
+ Use errorx() not error() for thingsthat don't set errno.
+ [a2e7c6793d26]
+
+2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add Tru64 kit support
+ [40e2d21aa17f]
+
+ * pp:
+ Better support for 1.2.3 style versions in Tru64 kits
+ [f7133199a711]
+
+ * pp:
+ Remove apparently unnecessary use of sudo
+ [a667a69eeab0]
+
+ * Makefile.in:
+ Create timedir as part of install-dirs target.
+ [a2e394d694dd]
+
+ * exec_pty.c:
+ Handle ENXIO from read/write which can occur when reading/writing a
+ pty that has gone away. Fixes bugzilla 422
+ [142f4c2efa17]
+
+ * pwutil.c:
+ sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
+ [82e5e46bf458]
+
+ * mkpkg:
+ platform is a pp flag not a variable
+ [9d0ab9b9bf0c]
+
+ * Makefile.in, mkpkg, sudo.pp:
+ Add simple arg parsing for mkpkg so we can set debug, flavor or
+ platform.
+ [8142ab01ccd9]
+
+ * pp:
+ Make rpm backend work on AIX 5.x
+ [2467a79d0b4d]
+
+2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers:
+ Add commented out Defaults entry for log_output
+ [b3fe97e59ae0]
+
+2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Install binary files with -b~ to make a backup. Fixes "text file
+ busy" error on HP-UX during install.
+ [3563e3e0163a]
+
+ * install-sh:
+ "mv -f" on HP-UX doesn't unlink the destination first so add an
+ explicit rm before moving the temporary into place.
+ [3994af813c88]
+
+ * configure, configure.in:
+ Some more ${foo} -> $(foo) conversion for consistent Makefiles.
+ [c214d50c32ec]
+
+2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pathnames.h.in:
+ Add missing include of maillock.h for Solaris
+ [343f04b7a581]
+
+ * NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
+ sample.syslog.conf, sudoers.cat:
+ Change the default syslog facility from local2 to authpriv (or auth
+ if the operating system doesn't support authpriv).
+ [949f39cf4a59]
+
+ * Makefile.in, configure, configure.in, sudo.pp:
+ Install sudoers as /etc/sudoers on RPM and debian systems where the
+ package manager will not replace a user-modified configuration file.
+ This fixes upgrades from the vendor sudo packages.
+ [74c7ff01e880]
+
+ * pp:
+ RPM: use %config(noreplace) instead of %config for volatile This
+ results in the new file being installed with a .rpmnew suffix
+ instead of the file being replaced and the old one renamed with a
+ .rpmsave suffix.
+ [166133a4fb9e]
+
+2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * boottime.c, mkstemps.c:
+ Include time.h for struct timeval.
+ [50446e0b8398]
+
+ * exec_pty.c:
+ The return value of strsignal() may be const and should be treated
+ as const regardless.
+ [c035b17b50e3]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention that 127.0.0.1 will not match, nor will localhost unless
+ that is the actual host name.
+ [e9977ec7ac4f]
+
+ * Makefile.in:
+ fix typo
+ [f216d653404d]
+
+ * Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
+ Rename WHATSNEW -> NEWS
+ [f3ce0a462ca0]
+
+ * pp:
+ Updated pp with latest patches
+ [cded68af5ba0]
+
+ * WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
+ If pam is in use, wait until the process has finished before calling
+ pam_close_session().
+ [fb3d7de50a05]
+
+ * sudoers.cat, sudoers.man.in:
+ regen sudoers manual
+ [7498a058eeb1]
+
+ * UPGRADE, sudoers, sudoers.pod:
+ Add commented out line to add HOME to env_keep and add a warning to
+ the note about the HOME change in UPGRADE.
+ [0f7e08f09b9f]
+
+2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Add LINE_MAX define for those without it.
+ [6248dd44573c]
+
+ * WHATSNEW:
+ Mention that tty_tickets is now the default.
+ [4cf26eaee5ba]
+
+ * INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
+ sudoers.cat, sudoers.man.in, sudoers.pod:
+ The tty_tickets option is now on by default.
+ [73dd2b82a3a9]
+
+ * WHATSNEW:
+ Mention that AIX authdb support has been fixed.
+ [9331829dc276]
+
+ * aix.c:
+ setauthdb() only sets the "old" registry if it was set by a previous
+ call to setauthdb(). To restore the original value, passing NULL
+ (or an empty string) to setauthdb() is sufficient.
+ [d956fd763521]
+
+2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention new handling of HOME in always_set_home and set_home
+ descriptions.
+ [a69c9bed3164]
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ fix typo
+ [9b90bb3e9187]
+
+ * UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
+ Reset HOME when env_reset is enabled unless it is in env_keep
+ [18223dfd1ac3]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ The default for set_logname has been "true" for some time now.
+ [9f97e4b43a4b]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document that MAIL it set in env_reset mode.
+ [dcf9ad98079e]
+
+ * boottime.c:
+ Add missing include of time.h
+ [57bee414982d]
+
+ * defaults.c, sudo.c:
+ Check return value of setdefs() but don't stop setting defaults if
+ we hit an unknown one.
+ [a42cb2d6b7ed]
+
+ * logging.c:
+ Fix check for dup2() return value.
+ [916cd7fdeba7]
+
+ * visudo.c:
+ Treat an unknown defaults entry as a parse error.
+ [1f94675835d9]
+
+ * env.c:
+ Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
+ -i and env_reset mode.
+ [aa6657ccfe01]
+
+ * env.c:
+ Add PYTHONUSERBASE to initial_badenv_table
+ [93058374f0d9]
+
+ * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
+ pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
+ If env_reset is enabled, set the MAIL environment variable based on
+ the target user unless MAIL is explicitly preserved in sudoers.
+ [d903c904dcd4]
+
+2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ decode debian code names
+ [2df0ecbc23b4]
+
+ * WHATSNEW:
+ fix typo
+ [b66a95fa1869]
+
+2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Add entry about SuSE bash script fix.
+ [04af78fa281c]
+
+ * sudo.c:
+ Restore RLIMIT_NPROC after the uid switch if it appears that
+ runas_setup() did not do it for us. Fixes a bash script problem on
+ SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
+ [bb14802d48b1]
+
+2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, pp, sudo.pp:
+ Restore the dot removal in the os version reported by polypkg. Adapt
+ mkpkg and sudo.pp to the change.
+ [83c7870130fe]
+
+2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Mention polypkg
+ [c5f6e40bbb58]
+
+ * README, WHATSNEW:
+ Update for sudo 1.7.4
+ [0c688f1f8160]
+
+ * INSTALL:
+ document --with-pam-login
+ [33ca3f6308ae]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ The tag is NOSETENV, not UNSETENV. From Petr Uzel.
+ [95f37e63ca15]
+
+2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Include flavor in solaris package name
+ [b6d56ccf367e]
+
+ * mkpkg:
+ Older shells don't support IFS= so set explictly to space, tab,
+ newline.
+ [336925525e17]
+
+ * mkpkg:
+ Use '=' not '==' in test
+ [98c692271cfd]
+
+ * mkpkg:
+ Fix typo that prevented debian from matching
+ [af4deec35e37]
+
+ * mkpkg:
+ Add missing prefix setting for debian
+ [d0c1941cb6ec]
+
+ * sudo.pp:
+ Use tab indents to reduce the chance of problem with <<- Uncomment
+ some env_keep lines for RHEL, SLES and Debian to more closely match
+ the vendor sudoers files.
+ [74ba26566cdc]
+
+ * sudo.pp:
+ Fix indentation Fix the debian %set section, pp does not set
+ pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
+ to %files for debian Remove the /etc/sudo-ldap.conf symlink on
+ debian for ldap flavor
+ [f15ff41b5afd]
+
+ * sudoers:
+ Add commented out env_keep entries, sample Aliases and a %sudo line
+ for debian.
+ [8264e4ed42dc]
+
+ * configure, configure.in:
+ Remove check for egrep; configure has its own
+ [27b3d85ebf4f]
+
+ * configure.in:
+ Use enable_zlib instead of enableval for consistency
+ [4a15cfd43d3e]
+
+2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Enable zlib for linux distros
+ [fcab91448bb0]
+
+ * mkpkg:
+ Add ldap flavor to default build
+ [e35a577c8994]
+
+ * mkpkg, sudo.pp:
+ Simplify rpm linux distro settings
+ [f30547765636]
+
+ * UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+ sudoers.cat:
+ Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
+ [8c9440423d98]
+
+ * Makefile.in, mkpkg, sudo.pp:
+ Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
+ environment variable.
+ [9f418defc08a]
+
+ * sudo.pp:
+ Create sudo group on debian
+ [4b0cc7b8b0b5]
+
+ * mkpkg, sudo.pp:
+ Add debian 4/5/6 and use the dot when doing version matches
+ [d5184f0a1efc]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Remove spurious "and"; from debian
+ [8b9f2a5937bc]
+
+ * aclocal.m4, configure:
+ Use a loop when searching for mv, sendmail and sh
+ [a1c7d19721a4]
+
+ * aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Substitute the value of EDITOR into the sudoers and visudo manuals.
+ [f00dc9343f94]
+
+2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, pp, sudo.pp:
+ Initial debian 4.0 support
+ [6d73c000723f]
+
+ * mkpkg:
+ Some platforms need -fPIE instead of -fpie
+ [8533a29633e8]
+
+ * Makefile.in:
+ Add packaging bits to DISTFILES
+ [dea9f374f28b]
+
+ * auth/pam.c:
+ Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
+ On Linux it causes a DNS lookup via libaudit.
+ [22e04d2f5f0f]
+
+ * sudo.psf:
+ We now use pp to generate HP-UX packages
+ [6c9f8ae6bc11]
+
+2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Fix indentation
+ [e52e9e6338d5]
+
+ * INSTALL, Makefile.in:
+ isntall-man -> install-doc
+ [02cc8198ea7a]
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ Bump version to 1.7.4
+ [df6ce4ea908a]
+
+ * INSTALL.binary, Makefile.binary.in, Makefile.in:
+ Remove remaining bits of the old binary package
+ [8d4f82c23c22]
+
+ * sudo.pp:
+ Use http://rc.quest.com/topics/polypkg/ for packaging
+ [d71793085629]
+
+ * Makefile.in, mkpkg, pp:
+ Use http://rc.quest.com/topics/polypkg/ for packaging
+ [675e505758c5]
+
+ * install-sh:
+ Just ignore the -c option, it is the default Add support for -d
+ option
+ [2adfb3a63231]
+
+ * env.c, logging.c, pathnames.h.in:
+ Use _PATH_STDPATH instead of _PATH_DEFPATH
+ [2c22d54a1f02]
+
+ * Makefile.in:
+ Do not strip binaries.
+ [bc84682b372c]
+
+ * INSTALL, configure, configure.in:
+ Add --insults=disabled configure option to allow people to build in
+ insult support but have the insults disabled unless explicitly
+ enabled in sudoers.
+ [6d9f40db9cca]
+
+2010-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudoreplay.c:
+ Fix K&R compilation
+ [e44d3be7ab85]
+
+2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
+ sudo.h:
+ Add support for a sudo-i pam.d file to be used for "sudo -i".
+ Adapted from a RedHat patch.
+ [2984c3831d88]
+
+ * Makefile.in:
+ Fix installation of sudo_noexec.so
+ [d1f7ca8331b6]
+
+ * Makefile.in, config.h.in, configure, configure.in, missing.h,
+ mkstemp.c, mkstemps.c, sudo_edit.c:
+ Use mkstemps() instead of mkstemp() in sudoedit. This allows
+ sudoedit to preserve the file extension (if any) which may be used
+ by the editor (like emacs) to choose the editing mode.
+ [46399679d9ae]
+
+2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
+ TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
+ code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
+ should avoid disabling TLS_CHECKPEER is possible.
+ [1d626a5cf8c0]
+
+2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Add suport for negated user/host/command lists in a Defaults entry.
+ E.g. Defaults:!baduser noexec
+ [24f07a805dce]
+
+2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.ldap.pod:
+ fix typo.
+ [d5f2922cecf2]
+
+2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_7_3 for changeset 72fd1f510a08
+ [cc8b2277e17e]
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ Sudo 1.7.3 GA
+ [72fd1f510a08] [SUDO_1_7_3]
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
+ defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
+ fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
+ getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
+ iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
+ pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
+ sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
+ tsgetgrpw.c, visudo.c:
+ Include strings.h even if string.h exists since they may define
+ different things. Fixes warnings on AIX and others.
+ [7c6de7fb5dba]
+
+ * env.c:
+ Do not rely on env.env_len when unsetting a variable, just use the
+ NULL terminator.
+ [faf088613ce5]
+
+ * env.c:
+ In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
+ [47f8dfcc7a48]
+
+2010-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Mention that multiple URI lines are merged into a single one.
+ [1dc0ac5929bf]
+
+ * WHATSNEW:
+ Document AIX fixes
+ [be36e8a6dddd]
+
+2010-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c, sudo.h:
+ For env_init() just use environ not the envp from main().
+ [d4f3e374caeb]
+
+2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ Update version to 1.7.3rc1
+ [fe43fe79070d]
+
+ * TODO:
+ fqdn issue is resolved
+ [f35cb63eb74b]
+
+ * env.c:
+ In unsetenv(), assign ep in the for loop instead of doing it
+ earlier. This version of the code does not change env.envp in
+ between when ep is assigned and when it is used but older versions
+ (e.g. 1.7.2) do.
+ [a4cd29c862c9]
+
+ * aix.c:
+ Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
+ getuserattr() when fetching the administrative domain to be used by
+ setauthdb(). This was suggested by AIX support and is consistent
+ with what OpenSSH does.
+ [d3109706ec85]
+
+ * vasgroups.c:
+ Use warningx() instead of log_error() since the latter is not
+ available to visudo or testsudoers. This does mean that they don't
+ end up in syslog.
+ [0174e89f983b]
+
+ * sudo.c:
+ Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
+ closed the sudoers sources. From Quest sudo.
+ [c1b33e3e0f9e]
+
+ * pwutil.c:
+ Ignore case when matching user/group names in the cache. From Quest
+ sudo.
+ [72df368a8a0e]
+
+2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, selinux.c:
+ Add check for setkeycreatecon() when --with-selinux is specified.
+ [24144c52c0cc]
+
+ * configure, configure.in:
+ Bump version to 1.7.3b5 Error out if libaudit.h is missing or
+ ununable when --with-linux-audit was specified
+ [215c7653d9bc]
+
+ * aix.c:
+ K&R function declaration for aix_setauthdb()
+ [82da12d222a6]
+
+ * env.c, sudo.c, sudo.h:
+ If env_init() was called implicitly via getenv(), setenv() or
+ putenv() just use the specified envp instead of mallocing a new
+ copy. This prevents an infinite loop on OpenBSD which calls
+ getenv() from malloc() to get MALLOC_OPTIONS.
+ [8e82ce63f774]
+
+ * ldap.c:
+ Add support for multiple URI lines by joining the contents and
+ passing the result to ldap_initialize.
+ [b4e10b2ffdb1]
+
+2010-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, set_perms.c, sudo_nss.c:
+ Bracket initgroups with calls to aix_setauthdb() and
+ aix_restoreauthdb()
+ [363dbe449f1c]
+
+ * aix.c:
+ Include compat.h before alloc.h to get __P
+ [819a2667ffd7]
+
+ * auth/aix_auth.c:
+ Include usersec.h for authenticate() prototype
+ [2b8dd2b67131]
+
+ * aix.c:
+ Add missing includes Add missing trailing NUL in userinfo string
+ [8deaedf44943]
+
+2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, history.pod:
+ Mention when LDAP was incorporated.
+ [4e6c8ec4f67c]
+
+2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+ not covered by _ALL_SOURCE.
+ [3657f1b181b9]
+
+ * pwutil.c:
+ Include usersec.h on AIX to get IDtouser() prototype.
+ [11483bbe15c7]
+
+ * configure.in:
+ Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+ not covered by _ALL_SOURCE.
+ [fd48e6e2136b]
+
+2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * iolog.c:
+ Add a cast to quiet a compiler warning.
+ [51e9d419bd83]
+
+ * boottime.c:
+ Use memset() instead of zero_bytes() since we don't include sudo.h
+ [f310b2123ba9]
+
+ * Makefile.in:
+ getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
+ [c8750c2d75ab]
+
+ * getdate.c, getdate.y:
+ Quiet a compiler warning.
+ [9f231be15958]
+
+ * defaults.c, sudo.c:
+ Call set_fqdn() after sudoers has parsed instead of inline as a
+ callback.
+ [26d413ddb6dd]
+
+ * WHATSNEW:
+ Do not call set_fqdn() until sudoers parses (where is gets run as a
+ callback).
+ [582453a993a1]
+
+ * sudo.c:
+ Do not call set_fqdn() until sudoers parses (where is gets run as a
+ callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
+ set even if !fqdn is set in sudoers.
+ [aa01e867d1bb]
+
+ * configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+ Bump version to 1.7.3b4
+ [c1c5a73766b6]
+
+ * WHATSNEW:
+ mention the change in tty ticket behavior when there is no tty
+ [93ddde63e453]
+
+ * TODO:
+ remove done items
+ [9601b2e8dcef]
+
+ * aix.c:
+ Remove comment; NAME in usrinfo should be user name.
+ [eb46f1e8ea08]
+
+ * check.c:
+ Do not update tty ticket if there is no tty.
+ [e64e8c8f2286]
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ No longer need to use -- with the -s flag
+ [e45c18dd79dc]
+
+ * Makefile.in:
+ Add missing $(srcdir) to sudo.man.in target
+ [2bd89f6ca9f3]
+
+ * Makefile.in:
+ Do not rely on BSD make's $>
+ [cb328b82cb92]
+
+ * configure, configure.in:
+ Set timedir to /var/db/sudo for darwin to match Apple sudo's
+ location
+ [860c7f1b001f]
+
+2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure, configure.in:
+ Move aix.o from SUDO_OBJS to COMMON_OBJS
+ [f8a9bdf346c1]
+
+ * config.h.in, configure, configure.in, defaults.c, iolog.c,
+ sudoreplay.c:
+ Check for zlib.h in addition to libz.
+ [fb77e44d5196]
+
+ * Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
+ Move functions and symbols shared between exec.c and exec_pty.c into
+ sudo_exec.h.
+ [e798d945424e]
+
+ * sudo.h:
+ Add missing prototypes for aix_setauthdb and aix_restoreauthdb
+ [8bc2af6d4e17]
+
+ * Makefile.in:
+ Comment out rules to build .man.in and .cat files unless --with-
+ devel
+ [81d6726a19ab]
+
+ * aix.c, pwutil.c, set_perms.c, sudo.h:
+ Fix AIX compilation problems.
+ [7d95f73eca42]
+
+ * sudo.c:
+ Cast isalnum() arg to unsigned char.
+ [5fff9a81af00]
+
+ * WHATSNEW:
+ Add Linux audit support.
+ [e59e0670ba79]
+
+ * sudo.c:
+ Quote any non-alphanumeric characters other than '_' or '-' when
+ passing a command to be run via the shell for the -s and -i options.
+ [d35a3f4cb3c0]
+
+ * sudo.c:
+ Add missing braces that broke -i mode.
+ [7fe124b078ec]
+
+ * linux_audit.c:
+ Fix linux_audit_command() return value
+ [0c582476181c]
+
+2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, linux_audit.c, linux_audit.h:
+ Add Linux audit support.
+ [b207dc9960de]
+
+2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
+ logging.h, selinux.c:
+ Add Linux audit support.
+ [26ae31d7ff93]
+
+2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Sync sudoreplay with trunk
+ [65b780cccfa5]
+
+ * exec_pty.c:
+ Remove an XXX
+ [8304ac649241]
+
+ * aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
+ Set usrinfo for AIX Set adminstrative domain for the process when
+ looking up user's password info and when preparing for execve().
+ [52b48cbe97fd]
+
+ * ldap.c, parse.c:
+ Better prefix determination now that we can't rely on len==0 to tell
+ the beginning on an entry.
+ [32f1875d9605]
+
+ * WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Add support for multiple sudoers_base entries in ldap.conf. From
+ Joachim Henke
+ [3c0b59fce7b4]
+
+ * configure, configure.in:
+ Remove duplicate setsid check
+ [7712d6d52da1]
+
+ * Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
+ logging.c, missing.h, setsid.c:
+ Move setsid emulation into setsid.c
+ [f24743c9e4e9]
+
+ * exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
+ Check for dup2() failure.
+ [b1b6ba761b61]
+
+ * config.h.in, configure, configure.in:
+ Remove dup2 check, it is not optional.
+ [cfbe5f3b5956]
+
+2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Add mbr_check_membership support and SELinux fixes
+ [af1936a7cf2f]
+
+ * Makefile.in:
+ Sync SRCS and DISTFILES with reality
+ [0971b5dcb1be]
+
+ * INSTALL:
+ Update OS specific notes. Delete some really ancient ones and move
+ older ones to the end of the list.
+ [872dd8b437a8]
+
+ * README:
+ Bump for sudo 1.7.3 Merge some changes from trunk
+ [a3088c75bf22]
+
+ * selinux.c, sudo.c:
+ Call selinux_restore_tty() as part of cleanup() so it gets called
+ from error()/errorx()
+ [0197c07d4c1e]
+
+ * compat.h:
+ No longer use SA_NOCLDSTOP
+ [73ca654cd3f8]
+
+ * interfaces.h, match.c:
+ Move union sudo_in_addr_un into interfaces.h
+ [c84bda7c332a]
+
+ * pathnames.h.in:
+ Update copyright year
+ [94871f44206b]
+
+ * HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
+ compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
+ gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
+ match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+ sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
+ visudo.man.in, visudo.pod:
+ Update copyright year
+ [4cfb47c799b8]
+
+ * Makefile.in:
+ Remove varsub as part of clean
+ [61f04a21b0bb]
+
+ * match.c:
+ Quiet a compiler warning.
+ [06d8cfe916c8]
+
+ * getdate.c, getdate.y:
+ Quiet a compiler warning.
+ [473d2b7d44a1]
+
+ * ldap.c, sudo.h:
+ Make the remaining functions in ldap.c static
+ [ba555565b30a]
+
+ * ldap.c:
+ Make private functions static. Diff from Joachim Henke
+ [1603035b1863]
+
+ * schema.ActiveDirectory:
+ Updates from Alain Roy to provide better examples for importing the
+ schema and to fix problems caused by Windows validating attributes
+ which have not yet been added before committing the changes.
+ [83f11ae00f19]
+
+2010-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
+ Generate .cat files directly from .man.in instead of .man using
+ default values in configure.in
+ [0a92b41c5ce5]
+
+2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, sudo.c, sudo_usage.h.in:
+ Print configure args with verbose version information.
+ [ca4a5fcf0af8]
+
+ * visudo.c:
+ Remove tfd from struct sudoersfile; it is not used. Add prev pointer
+ to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
+ Use tq_append to append sudoers entries to the tail queue.
+ [344c631d0d43]
+
+2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Describe tty timestamp improvements
+ [136b0f832903]
+
+ * toke.c, toke.l:
+ A comment character may not be part of a command line argument
+ unless it is quoted with a backslash. Fixes parsing of:
+ testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
+ [2a0c82ffedde]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [c9fddd23c7e1]
+
+ * sudoers.pod:
+ Make this read a little bit better when passwd_timeout is 0.
+ [51644950823f]
+
+ * Makefile.in:
+ Use the --file argument to config.status instead of setting
+ CONFIG_FILES
+ [fc2b42c60b5d]
+
+ * sudo.man.pl, sudo.pod:
+ Attempt to handle a default password prompt timeout of zero more
+ gracefully.
+ [478b8e720993]
+
+ * toke.c, toke.l:
+ Do not override value of keepopen global, instead restore it to the
+ value we pushed onto the stack when popping.
+ [dc370d57a668]
+
+ * exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
+ Use SA_INTERRUPT in sa_flags
+ [3845c6637361]
+
+ * getdate.c, getdate.y, ldap.c, sudoreplay.c:
+ Silence some compiler warnings
+ [112ac65afd0c]
+
+2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec.c, exec_pty.c, sudo.c, sudo.h:
+ Implement background mode. If I/O logging we use pipes instead of a
+ pty.
+ [8d448eaf2aaa]
+
+ * compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
+ Move compat definition of NSIG to compat.h
+ [cae72a4c9dec]
+
+ * tgetpass.c:
+ Ignore SIGPIPE for "sudo -S"
+ [c6595c8527c4]
+
+ * tgetpass.c:
+ Properly handle TGP_ECHO again. Print a newline if the user
+ interrupted password input.
+ [15acbe4fb535]
+
+ * exec_pty.c:
+ Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
+ [dd041fc9554c]
+
+2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
+ Return an error from selinux_setup() instead of exiting. Call
+ selinux_setup() from exec_setup().
+ [b518225cafba]
+
+ * compat.h:
+ Add definition of WCOREDUMP for systems without it. This is known
+ to work on AIX and SunOS 4, but may be incorrect on other systems
+ that lack WCOREDUMP.
+ [365e56db7cd5]
+
+ * check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
+ nanosleep.c, sudo_edit.c, visudo.c:
+ Replace timerfoo macros with timevalfoo since the timer macros are
+ known to be busted on some systems.
+ [4bb5228606c5]
+
+ * toke.c, toke.l:
+ If a file in a #includedir has improper permissions or owner just
+ skip it. This prevents packages that incorrectly install a file
+ into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
+ #includedir files still result in a parse error (for now).
+ [b7fb75eddb77]
+
+ * TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
+ Defer call to pam_close_session() until after the command finishes
+ if there is a monitor process.
+ [0a39c8e6a81b]
+
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod:
+ Add use_pty sudoers option to force use of a pty even when not
+ logging I/O.
+ [aea971f1456a]
+
+ * env.c, sudo.c, sudo.h:
+ Instead of trying to keep the global environment in sync with our
+ private copy, provide our own getenv() that returns values from the
+ private environment and use env_get() to pass the environment in to
+ run_command().
+ [58c85c5695dc]
+
+ * set_perms.c:
+ Fix typo
+ [0f677fcdde04]
+
+2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ Rename pty.c -> get_pty.c
+ [39137dcc4420]
+
+ * iolog.c:
+ Add #define for maximum session id
+ [2a487437f013]
+
+ * Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
+ selinux.c, sudo.c, sudo.h, sudo_edit.c:
+ Split exec.c into exec.c and exec_pty.c Pass a flag in to
+ sudo_execve to indicate whether we need to wait for the command
+ to finish (fork + execve vs. execve).
+ [b197515585db]
+
+ * Makefile.in, configure, configure.in, get_pty.c, pty.c:
+ Rename pty.c -> get_pty.c
+ [c0e5270bb28a]
+
+ * aclocal.m4, configure, configure.in:
+ Fix --without-iologdir
+ [dcd6c5907b10]
+
+2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * iolog.c:
+ Only use I/O input log file if def_log_input is set and output file
+ if def_log_output is set.
+ [96cdd49be996]
+
+2010-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse_args.c, sudo.c:
+ Include sudo_usage.h after sudo.h now that it has function
+ prototypes to guarantee that __P is defined.
+ [c67b77f8d6b1]
+
+2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Do signal setup after turning off echo, not before. If we are using
+ a tty but are not the foreground pgrp this will generate SIGTTOU so
+ we want the default action to be taken (suspend process). Use an
+ array for signals received instead of a single variable so we don't
+ lose any when there are multiple different signals.
+ [de356064ea01]
+
+ * defaults.h, lbuf.h, sudo.h:
+ Reorg function prototypes a bit
+ [5c40f58bb28e]
+
+ * Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
+ Move argument parsing into parse_args.c
+ [fad7b8737c12]
+
+ * Makefile.in, config.h.in, configure, configure.in, missing.h,
+ mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
+ Build our own sys_siglist for systems that lack it.
+ [3b5f671936dc]
+
+ * exec.c, iolog.c, missing.h, sudo_edit.c:
+ K&R fixes
+ [dad62986f2fe]
+
+ * exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
+ Log sudoedit sessions as well; adapted from trunk
+ [2c5d9695022b]
+
+ * configure:
+ regen
+ [9b319e89a6c4]
+
+ * INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
+ def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
+ gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
+ script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
+ sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+ sudoreplay.pod, term.c:
+ Merge I/O logging changes from trunk. Disabling I/O log support at
+ compile time does not currently work. Sudoedit is not yet hooked up
+ to I/O logging.
+ [968c2c74c69b]
+
+2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Add --enable-warnings configure option
+ [19cf967c36d1]
+
+ * check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
+ Fix K&R compilation issues on HP-UX.
+ [c01a547cdcf8]
+
+ * lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
+ Pass in output function to lbuf_init() instead of writing to stdout.
+ A side effect is that the usage info can now go to stderr as it
+ should. Add support for embedded newlines in lbuf and use that
+ instead of multiple calls to lbuf_print.
+ [596a427ff873]
+
+ * configure, configure.in, sudo.man.pl, sudoers.man.pl:
+ Use numeric registers to handle conditionals instead of trying to do
+ it all with text processing.
+ [31570c372e0e]
+
+ * sudoers.pod:
+ Document per-command SELinux settings
+ [bbce5acad1be]
+
+ * sudo.pod:
+ timestamp -> time stamp
+ [d7335ce6286f]
+
+ * tsgetgrpw.c:
+ Set close on exec flag in private versions of setpwent() and
+ setgrent().
+ [954814bdbd56]
+
+ * logging.c:
+ Make send_mail() take a printf-style argument list
+ [0783ad585062]
+
+ * Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
+ config.guess, config.h.in, config.sub, configure, configure.in,
+ ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+ m4/ltversion.m4, m4/lt~obsolete.m4:
+ Update to autoconf 2.65 and libtool 2.2.6b
+ [3544dd2f1a94]
+
+ * boottime.c:
+ Don't use TRUE/FALSE which may not be defined.
+ [8649bf22b3b2]
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Document new tty_ticket behavior
+ [0663e0390338]
+
+ * find_path.c, sudo.c, sudo.h, visudo.c:
+ Make find_path() a little more generic by not checking def_foo
+ variables inside it. Instead, pass in ignore_dot as a function
+ argument.
+ [16c3f27cd9b9]
+
+ * check.c:
+ Store info from stat(2)ing the tty in the tty ticket when tty
+ tickets are in use. If the tty lives on a devpts (Linux) or devices
+ (Solaris) filesystem, stash the ctime in the tty ticket file, as it
+ is not updated when the tty is written to. This helps us determine
+ when a tty has been reused without the user authenticating again
+ with sudo.
+ [f9aec9ab9054]
+
+ * boottime.c, check.c, sudo.h:
+ get_boottime() now fills in a timeval struct
+ [dbd2003659c0]
+
+2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
+ gettime.c, sudo.h, sudo_edit.c, visudo.c:
+ Use timeval directly instead of converting to timespec when dealing
+ with file times and time of day.
+ [c85bf3e41839]
+
+ * auth/pam.c:
+ Fix OpenPAM detection for newer versions.
+ [67f29a0703d0]
+
+ * vasgroups.c:
+ Sync with Quest sudo git repo
+ [2680ad9762c2]
+
+ * aclocal.m4, configure, configure.in:
+ HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
+ libvas may need libdl for dlopen() Add missing template for
+ ENV_DEBUG Adapted from Quest sudo
+ [6c886eb9070a]
+
+ * README.LDAP:
+ Fix typos; from Quest Sudo
+ [cf258fc69f1a]
+
+ * Makefile.in, configure.in:
+ Use value of SHELL from configure in Makefile
+ [08aaf12221d6]
+
+2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Handle duplicate variables in the environment. For unsetenv(), keep
+ looking even after remove the first instance. For sudo_putenv(),
+ check for and remove dupes after we replace an existing value.
+ [086c6397d8cd]
+
+2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Fix a crash when checking a sudoers file that has aliases that
+ reference themselves. Based on a diff from David Wood.
+ [5efc702a3b35]
+
+2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c:
+ Fix use after free in error message when a duplicate alias exists.
+ [9eaac49bd22b]
+
+2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Set errorfile to the sudoers path if we set parse_error manually.
+ This prevents a NULL dereference in printf() when checking a sudoers
+ file in strict mode when alias errors are present.
+ [b4eed2f0615d]
+
+2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Fix typo
+ [57198cae9cf5]
+
+2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ Qualify the command even if it is in the current working directory,
+ e.g. "./foo" instead of just returning "foo". This removes an
+ ambiguity between real commands and possible pseudo-commands in
+ command matching.
+ [fb4d571495fa]
+
+2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add a note about the security implications of the fast_glob option.
+ [84f8097553d9]
+
+ * memrchr.c:
+ Remove duplicate includes
+ [3e8d90f4c30f]
+
+2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix installation of sudoers.ldap in "make install" when --with-ldap
+ was specified without a directory. From Prof. Dr. Andreas Mueller
+ [5177a284b9ff]
+
+2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ When doing a glob match, short circuit if gl.gl_pathc is 0. From
+ Mark Kettenis.
+ [549f8f7c2463]
+
+2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Use parent process group id instead of parent process id when
+ checking foreground status and suspending parent. Fixes an issue
+ when running commands under /usr/bin/time and others.
+ [eac86126e335]
+
+ * env.c:
+ In setenv(), if the var is empty, return 1 and set errno to EINVAL
+ instead of returning EINVAL directly.
+ [d202091ec15e]
+
+2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Check for pseudo-command by looking at the first character of the
+ command in sudoers instead of checking the user-supplied command for
+ a slash.
+ [88f3181692fe]
+
+2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.l:
+ Avoid a duplicate fclose() of the sudoers file.
+ [164d39108dde]
+
+ * toke.l:
+ Fix size arg when realloc()ing include stack. From Daniel Kopecek
+ [8900bccef219]
+
+2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c, config.h.in, configure, configure.in:
+ Use setrlimit64(), if available, instead of setrlimit() when setting
+ AIX resource limits since rlim_t is 32bits.
+ [2cbb14d98fc1]
+
+ * logging.c:
+ Fix use after free when sending error messages. From Timo Juhani
+ Lindfors
+ [caf183fd9d94]
+
+2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog, Makefile.in:
+ Generate the ChangeLog as part of "make dist" instead of having it
+ in the repo.
+ [836c31615859]
+
+2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Generate correct ChangeLog for 1.7 branch.
+ [586dd90b8878]
+
+2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
+ auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+ auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+ closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+ emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
+ fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
+ gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
+ isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
+ logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
+ mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
+ pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
+ sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
+ sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+ strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
+ sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+ sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
+ term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
+ utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
+ Remove CVS $Sudo$ tags.
+ [de683a8b31f5]
+
+2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_usage.h.in:
+ make this match sudoers SYNOPSIS
+ [c74ba66944c2]
+
+ * lbuf.c, parse.c:
+ Print a newline between Runas and Command-specific defaults in sudo
+ -l.
+ [b5bdfcc9ce4b]
+
+ * term.c:
+ Use SET and CLR macros in term_raw
+ [50ca42609d6c]
+
+ * sudoreplay.c:
+ Set stdin to non-blocking mode early instead of in check_input. Use
+ term_raw instead of term_cbreak since the data we get has already
+ been expanded via OPOST.
+ [51c47e803d62]
+
+2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c, term.c:
+ Enable/disable all postprocessing instead of just nl->crnl
+ processing since things like tab expansion matter too. However, if
+ stdout is a tty leave postprocessing on in the pty since we run into
+ problems doing it only on the real stdout with .e.g nvi.
+ [62666e309673]
+
+2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ If tty_tickets is enabled and there is no tty, prompt for a
+ password. Do not lecture user for "sudo -k command" if user has a
+ timestamp.
+ [5880200c5f6b]
+
+ * INSTALL:
+ Document missing options: --with-efence and --with-bsm-audit
+ [d83afcdf9ff3]
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+ sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
+ visudo.man.in, visudo.pod:
+ username -> user name groupname -> group name hostname -> host name
+ [10c85646f45d]
+
+ * INSTALL, README.LDAP, sudoers.pod:
+ filename -> file name like the rest of the docs
+ [1ef8ab5a9018]
+
+2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix printing of entries with multiple host entries on a single line.
+ [226ceaf91d8d]
+
+2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Mention that targetpw affects the timestamp file name.
+ [a26e22e4f72e]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
+ sudoers.pod:
+ Add compress_transcript option.
+ [6e94f8cb9dfb]
+
+2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ bump to 1.7.3b2
+ [906d7e347d15]
+
+ * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
+ Better split of membership vs. traditional group check in
+ user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
+ [6ebc55d4716b]
+
+2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Fix pasto and add default return value.
+ [7973b5e4599c]
+
+ * check.c, match.c, pwutil.c, sudo.h:
+ refactor group member checking into user_in_group()
+ [48ca8c2eddf8]
+
+ * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
+ sudo.h:
+ Add support for mbr_check_membership() as present in darwin.
+ [5501aed02b9f]
+
+2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Rename label to be accurate
+ [3af17dd960f7]
+
+ * Makefile.in, boottime.c, check.c, config.h.in, configure,
+ configure.in, sudo.h:
+ Treat timestamp files from before we booted as old. Idea from and
+ Apple patch.
+ [5c96e484c05a]
+
+2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo.pod, sudo_usage.h.in:
+ Allow the -u flag to be used in conjunction with the -v flag as per
+ older versions of sudo.
+ [591e9fc13c1a]
+
+ * logging.c:
+ fix typo in last commit
+ [4fd0c692dcf0]
+
+2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Convert fmt_first and fmt_confd into macros.
+ [32e870158b29]
+
+ * sudoers.pod:
+ timeouts can be floats now
+ [89de639a9679]
+
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
+ defaults.h, mkdefaults:
+ Add support for floating point timeout values (e.g. 2.5 minutes).
+ [210ffa291733]
+
+2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ The -L flag will be removed in sudo 1.7.4
+ [ffd026084333]
+
+2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Fix a bug due to order of operators.
+ [938d34464283]
+
+2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ cmnd_matches() already deals with negation so _cmndlist_matches()
+ does not need to do so itself. Fixes a bug with negated entries in
+ a Cmnd_List.
+ [71c845f6ce73]
+
+2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Don't exit() from open_sudoers, just return NULL for all errors.
+ [8cfa832f972a]
+
+ * script.c:
+ Can't rely on the shell sending us SIGCONT when transitioning from
+ backgroup to foreground process.
+ [3c6c5b6cb4b3]
+
+ * toke.c, toke.l:
+ Add missing extern def for parse_error
+ [45b7b59d03b7]
+
+2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Avoid a parse error when #includedir doesn't find any files. Closes
+ bug #375
+ [1ce1b850e9e6]
+
+ * Makefile.in:
+ Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
+ [6a22e32da108]
+
+2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Start command out in foreground mode if stdout is a tty. Works
+ around issues with some curses-based programs that don't handle
+ tcsetattr getting interrupted by a signal. Still allows us to avoid
+ hogging the tty if the command is part of a pipeline.
+ [1c32f2b94769]
+
+ * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
+ Use a socketpair to pass signals from parent to child. Child will
+ now pass command status change info back via the socketpair. This
+ allows the parent to distinguish between signals it has been sent
+ directly and signals the command has received. It also means the
+ parent can once again print the signal notifications to the tty so
+ all writes to the pty master occur in the parent. The command is
+ now always started in background mode with tty signals handled by
+ the parent.
+ [c6790b82986d]
+
+2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix a few typos in the descriptions; from Jeff Makey Only do the
+ check for krb5_get_init_creds_opt_free() taking two arguments if we
+ find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
+ positive when using our own krb5_get_init_creds_opt_free which takes
+ only a single argument.
+ [845a9ff6f93d]
+
+2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Remove a spurious comma in the kerb5 bits.
+ [3433eab083db]
+
+ * auth/kerb5.c:
+ Call krb5_get_init_creds_opt_init() in our emulated
+ krb5_get_init_creds_opt_alloc() for MIT kerberos.
+ [7ffb40bf43e9]
+
+2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Add HAVE_ZLIB
+ [9297bde61ecc]
+
+ * script.c:
+ Need to ignore SIGTT{IN,OU} in child when running the command in the
+ background. Also some minor cleanup.
+ [dc208d982319]
+
+2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Instead of calling sigsuspend when waiting for SIGUSR[12] from
+ parent, install the signal handlers w/o SA_RESTART and let them
+ interrupt waitpid().
+ [759c7d18203b]
+
+ * script.c:
+ Pass along SIGHUP and SIGTERM from parent to child.
+ [035b0e254568]
+
+ * script.c:
+ Close unused bits of script_fds in processes that don't need them.
+ Restore default SIGCONT handler in child.
+ [e037378ab0c1]
+
+ * script.c:
+ Update foreground/background status in SIGCONT handler in parent
+ process.
+ [3f7f91333264]
+
+2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Defer setting terminal into raw mode until just before we fork() and
+ only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
+ and sudo is already in the foreground be sure to set raw mode before
+ continuing the child.
+ [1102ef40832c]
+
+2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
+ give the command the controlling tty if the main sudo process is the
+ foreground process.
+ [cf3a91cb5682]
+
+ * script.c:
+ Don't bother with sudo_waitpid() here for now.
+ [9086de480c2d]
+
+ * script.c:
+ fix non-zlib case
+ [a258bff0f9a6]
+
+2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Remove non-wroking code that crept into rev 1.55
+ [2802dd55cff5]
+
+2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in, script.c, sudoreplay.c:
+ First pass at zlib support for transcript data files
+ [5d10260807da]
+
+ * Makefile.in:
+ remove vestiges of ZLDFLAGS
+ [1fa0caf1c0fb]
+
+ * script.c:
+ Add missing variable declaration for when TIOCSCTTY is not defined.
+ Need to include sys/termio.h for TIOCSCTTY on some systems.
+ [ee7f41ac2709]
+
+ * script.c:
+ when resuming command, send SIGCONT to its pgrp not just pid
+ [5cd63c1d565b]
+
+ * selinux.c:
+ remove unused variable
+ [df67df4be228]
+
+ * script.c:
+ include selinux.h for is_selinux_enabled() proto
+ [85ebaa880cc1]
+
+ * script.c:
+ Don't use log_error() in the child process.
+ [def65fe2a433]
+
+ * script.c:
+ Do I/O in parent instead of child since the parent can have both
+ /dev/tty as well as the pty fds open. The child just sets things up
+ and waits for its grandchild and writes the signal description to
+ the pty master if the command was killed by a signal.
+ [95e473208982]
+
+2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * missing.h, sudo.h:
+ Move two struct forward declarations from sudo.h to missing.h
+ [90ad28294a8c]
+
+ * script.c:
+ Make comment at the top of script_exec() match reality.
+ [c5042d27dbe0]
+
+ * sudo.c:
+ if neither stdin nor stdout is a tty, check stderr
+ [c532ff20c8d8]
+
+ * Makefile.in:
+ Add back dependecy of gram.h on gram.y
+ [c58382b7fcca]
+
+ * script.c:
+ Make transcript mode work as long as we can figure out our tty, even
+ if it is not stdin. We'd like to use /dev/tty but that won't be
+ valid after the setsid().
+ [7b8bba8d99e7]
+
+2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, pty.c:
+ Add support for IRIX-style dynamic ptys
+ [bedc9bac44c1]
+
+ * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
+ Move alloc.c protos into alloc.h
+ [b6a90649617d]
+
+ * missing.h:
+ Move prototypes for missing libc functions to missing.h
+ [dda9ae1ccaf8]
+
+ * Makefile.in, sudo.h, sudoreplay.c:
+ Move prototypes for missing libc functions to missing.h
+ [7483166b577b]
+
+2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Disable transcript support if no tcsetpgrp until we support older
+ BSD-style job control.
+ [27ac1d8163df]
+
+ * configure, configure.in, pty.c, script.c:
+ Break out pty code into pty.c
+ [e85509b25d41]
+
+ * compat.h, config.h.in, configure, configure.in:
+ add killpg macro if no killpg function
+ [3a125f4a51f0]
+
+ * config.h.in, configure, configure.in, script.c:
+ Push ptem and ldterm for STERAMS-based systems when allocating a
+ pty.
+ [36bb39b30ff2]
+
+2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
+ [d94bd5c9bf4e]
+
+ * script.c:
+ Call tcgetpgrp() in the parent, not the child and have the child
+ spin until it is granted. Fixes a race on darwin.
+ [6e8d435339ce]
+
+ * script.c:
+ Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
+ reopen slave.
+ [0bdc63c019ca]
+
+2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ In script mode, if the command is killed by a signal, print the
+ signal description as well as a core dump notification like the
+ shell does.
+ [9df61738df07]
+
+ * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
+ sudo.h:
+ Add check for strsignal() and a simple implementation if it is not
+ there but sys_siglist is
+ [61421a188ef4]
+
+ * script.c:
+ Add missing WUNTRACED and store the signal that stopped the
+ grandchild in suspended, not signo.
+ [df65042b200e]
+
+ * script.c:
+ g/c unused code
+ [40d8cb5c9203]
+
+ * script.c:
+ Associate the grandchild's pgrp with the tty instead of the child's
+ and just get suspend notifications via SIGCHLD instead of directly.
+ This fixes a hang with programs that try to set terminal attributes
+ and is more consistent with how the shell handles things.
+ [6865abff7e94]
+
+2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Move setpgid() of child into the parent side of the fork() where it
+ belongs.
+ [3defa782777c]
+
+2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ fix typo
+ [b6a612b3622c]
+
+ * script.c:
+ Run command in its own pgrp (like the shell does) for easier
+ signalling. No need to relay SIGINT or SIGQUIT to parent, just send
+ to grandchild. Don't want grandchild stopped events in the child
+ (only termination). Flush output after suspending grandchild before
+ signalling parent.
+ [db556bf2176f]
+
+ * script.c:
+ Back out revision 1.34; the problem lies elsewhere.
+ [85f590a03275]
+
+ * script.c:
+ Don't set stdout to blocking mode when flushing remaining output.
+ It can cause us to hang when trying to exit. Need to investigate
+ why.
+ [6f803a3e33ca]
+
+ * script.c:
+ Handle SIGTTOU and remove some debugging.
+ [52d17279053e]
+
+ * term.c:
+ Back out revision 1.10 as the signal that interrupts us may be
+ SIGTTOU or SIGTTIN which the caller must handle.
+ [7e2fa9107975]
+
+ * script.c:
+ Apparently we need to send SIGSTOP to the command as well as ourself
+ when we get SIGTSTP, the kernel doesn't automatically stop the
+ process for us.
+ [1a936e9309c4]
+
+ * script.c:
+ Use an extra process to act as the glue bewteen the sessions
+ associated with the user's controlling tty (what the shell uses) and
+ the tty that sudo is using to do its logging. Basically, this means
+ that if we get, e.g. SIGTSTP from the process sudo is running, we
+ relay the signal to the parent so it's shell can do the job control.
+ [6dd296988060]
+
+ * term.c:
+ Handle getting/setting terminal attributes when the fd is in non-
+ blocking mode.
+ [ae5ae535ea7b]
+
+2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Add support for pausing and changing the speed in interactive mode.
+ [72a2063780a7]
+
+ * script.c:
+ Already define O_NOCTTY in compat.h, don't need it here
+ [b5d80ed3e5ce]
+
+2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Add missing protos
+ [c4cb4e7f4d8a]
+
+2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Always update the stashed mtime of the temp file instead of using
+ what we have for the original because the time resolution of the
+ filesystem the temporary is on may not match that of the filesystem
+ that holds the original. Should fix bz #371 found by Philippe Levan.
+ [c86ca4bec60c]
+
+ * sudoreplay.c:
+ Use cbreak mode instead of raw mode and add signal handlers to
+ restore the tty on interrupt.
+ [84dd283da41c]
+
+ * script.c, sudo.h, term.c:
+ Retain NL to NLCR conversion on the real tty and skip it on the pty
+ we allocate. That way, if stdout is not a pty there are no extra
+ carriage returns.
+ [32e4f570414e]
+
+ * script.c:
+ Fix log_output(); just pass in a string and a length.
+ [ca980cc0a3fb]
+
+2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ do not use errno when complaining out lack of a tty
+ [8f9b8c55ab8e]
+
+2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudoreplay.c, term.c:
+ Instead of messing with line endings, just set terminal to raw mode
+ in sudoreplay.
+ [90943fa87acb]
+
+ * term.c:
+ When copying the terminal attributes to the pty, be sure not to set
+ ONLCR. This prevents extra carriage returns from ending up in the
+ script output file.
+ [e6b5475ac2aa]
+
+ * script.c:
+ Convert a do {} while into a while
+ [e461310d2c77]
+
+ * Makefile.in:
+ Use if then instead of test && when installing binaries that may not
+ exist.
+ [ad4f9490d971]
+
+ * script.c:
+ Add O_NOCTTY when opening a tty device. Explicitly disconnect from
+ old tty before associatng with new one.
+ [0e0ca634b80c]
+
+ * script.c, selinux.c, sudo.c, sudo.h:
+ First cut at refactoring some of the selinux code so it can be used
+ in conjunction with sudo's transcript support.
+ [779b0d8f9d29]
+
+2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Fix default case of transcript_enabled being unset.
+ [f8aa96186e6b]
+
+ * script.c, sudoreplay.c:
+ Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
+ [2844a7a851fa]
+
+ * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
+ Hook up --disable-transcript and --enable-transcript=DIR
+ [b3fa7e6b2480]
+
+2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in, pathnames.h.in:
+ _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
+ transcript=DIR option to specify the directory
+ [b0bb76d43cda]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [c7a8a0a9027c]
+
+ * configure, configure.in, sudoers.man.pl, sudoers.pod:
+ Substitute in default value for secure_path
+ [c8f9ac6dbf93]
+
+ * sudo.pod:
+ Mention that the password must be followed by a newline with the -S
+ option.
+ [2fc589a3ee7e]
+
+2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Go back to dropping out of the select() loop when the process dies;
+ Linux ptys apparently don't behave the same as BSD in regards to
+ select(). No need to flush remaining output to the transcript, only
+ to stdout. Add back code to check the master pty for additional data
+ when we exit the main select loop.
+ [abed9a9cbc6b]
+
+2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Add getline.o to COMMON_OBJS
+ [04ef7643cbc2]
+
+ * Makefile.in:
+ sudoreplay depends on libsudo.a
+ [142bd0472631]
+
+ * Makefile.in:
+ More pwutil.o into COMMON_OBJS
+ [4a016b933629]
+
+ * pwutil.c, testsudoers.c, tsgetgrpw.c:
+ Remove my_* redirection in pwutil.c for testsudoers and just use the
+ normal libc get{pw,gr}* names.
+ [9b76d637d86b]
+
+ * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ More time and date examples
+ [c6ee0175ec56]
+
+ * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
+ Move nanosleep() emulation into its own file Check librt.a for
+ nanosleep if we don't find it in libc
+ [4da0cc26aad7]
+
+ * Makefile.in, configure, configure.in:
+ Build libsudo with the common bits and link things against that.
+ [2b53bc0b081a]
+
+ * script.c:
+ Fix final flush.
+ [6da287d833da]
+
+ * script.c:
+ Keep reading from the pty master -> log file until read returns <=
+ 0. Do our best to write everything to stdout when flushing any
+ remaining bits.
+ [2a45d4ae280c]
+
+ * sudoreplay.c:
+ Use unbuffered I/O when writing to stdout and make sure we write the
+ entire buffer.
+ [f39ef9844a47]
+
+2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Only use max_wait if it is non-zero
+ [f6c10604d2e8]
+
+ * getdate.c, getdate.y, getline.c:
+ Need compat.h here
+ [5d6722e225a0]
+
+ * sudoreplay.c:
+ Fix nanosleep emulation
+ [34e5e5d72a76]
+
+ * script.c:
+ Fix comment after #endif
+ [bd1347718b25]
+
+ * sudoreplay.c:
+ Add protos for missing libc bits
+ [644f496427a2]
+
+ * configure, configure.in:
+ add missing line continuation char
+ [db13c0d402cd]
+
+ * config.h.in, configure, configure.in, getline.c:
+ Implement getline() in terms of fgetln() if we have it.
+ [3ab786eaadc5]
+
+ * sudoreplay.c:
+ Print year when formatting log line
+ [90be669e3443]
+
+ * sudoreplay.pod:
+ Document cwd, attempt to document time/date formats.
+ [6290fb9b65c6]
+
+ * sudoreplay.c:
+ Fix getline return value check.
+ [d696d6657261]
+
+ * Makefile.in, config.h.in, configure, configure.in, getline.c,
+ sudoreplay.c:
+ Use getline() if the system has it, else use provide our own for
+ sudoreplay.
+ [afca1d6fbe5e]
+
+ * script.c:
+ Refactor code to update output and timing files.
+ [361491332b1a]
+
+2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Make sudo_getln() behave more like glibc getline.
+ [40c9f2ea29e6]
+
+ * script.c:
+ When flushing remaining output, also update timing file.
+ [5a9a5a627549]
+
+ * sudoreplay.c:
+ Use get_timestr() and make the -l output look like the regular sudo
+ log.
+ [452ba9d436c9]
+
+ * logging.c, sudo.h, timestr.c:
+ Make get_timestr() take a time_t so we can use it properly in
+ sudoreplay.
+ [82e67cc53c9c]
+
+ * script.c:
+ Create session dir earlier now that we update the seq number early.
+ [797fe8d6dc61]
+
+2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Use fromdate and todate as the keywords instead of from and to; the
+ short forms will still be accepted.
+ [d14d9b116df4]
+
+ * sudoreplay.c:
+ Fix reading long liensin sudo_getln()
+ [58dadd74118c]
+
+ * script.c, sudoreplay.c:
+ Log the cwd in the script log file. Add sudo_getln() to read
+ arbitrarily long lines.
+ [faceb802ab8f]
+
+ * Makefile.in, logging.c, sudo.h, timestr.c:
+ Move get_timestr() into its own source file so sudoreplay can use
+ it.
+ [99b054bfa20a]
+
+2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Add to and from perdicates (date ranges); needs documentation
+ [1d629174dcf4]
+
+2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, getdate.c, getdate.y:
+ Fix warning and add generated getdate.c
+ [b877a86b5a03]
+
+ * Makefile.in, getdate.y:
+ Add getdate.y to be used for sudoreplay date parsing.
+ [b8e26fbb7a40]
+
+2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Check more than just the first character of a predicate
+ [4fe53728adb1]
+
+ * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Add examples, sort predicates
+ [70f8075cbccc]
+
+ * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+ sudoreplay.pod:
+ Implement search expressions in sudoreplay similar in concept to
+ what find or tcpdump uses. TODO: date ranges
+ [f7ce4fb4cf3a]
+
+2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Remove vhangup as it was hanging up the wrong tty. Should really
+ vhangup in the child after it as set its tty.
+ [2eed9df73010]
+
+ * sudoers.pod:
+ Fix cut at documenting transcript support.
+ [e6c533a5568a]
+
+ * logging.c:
+ ID= -> TSID= for transcript ID
+ [1bf755a35333]
+
+2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Move fast_glob description to where it belongs in sorted order
+ [5901cfb0d25f]
+
+ * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+ parse.c, parse.h, sudo.c:
+ Rename script -> transcript
+ [e06cf823122c]
+
+2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ Add timeradd and timersub for those without them
+ [929f8aa06c2b]
+
+ * script.c:
+ Sanity check sessid before using it.
+ [aa8ca5211d43]
+
+ * sudo.c:
+ Only set the session id if we are running a command or editing a
+ file.
+ [7205d717c098]
+
+ * script.c:
+ Actually. qsort is fine since most versions fal back to a cheaper
+ sort when the number of elements to sort is small (like in our
+ case).
+ [d11c7cd352fe]
+
+ * config.h.in, configure, configure.in, script.c:
+ Check for dup2 and use dup instead if we don't have it.
+ [98bd89830f8a]
+
+ * script.c, sudo.c, sudo.h:
+ Move the code to dup2 the script fds to low numbered descriptors
+ into script_duplow() and fix the fd sorting.
+ [9453fdc5fba6]
+
+ * script.c, sudo.c, sudo.h:
+ Move script_setup() back to immediately before we drop privs and
+ call the new script_nextid() in its place, which will set
+ sudo_user.sessid for the logging functions.
+ [8434d0c8ff08]
+
+2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Install sudoreplay
+ [6acf2cdb4d3f]
+
+ * sudoreplay.c:
+ remove unused variable
+ [2316360bb992]
+
+2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, script.c, sudo.c, sudo.h:
+ Log the session ID, if there is one. Currently logs ID=XXXXXX,
+ perhaps should be SESSIONID or SESSID.
+ [53976905b0a6]
+
+ * Makefile.in, configure, configure.in, sudoreplay.cat,
+ sudoreplay.man.in, sudoreplay.pod:
+ Add sudoreplay docs
+ [da4f14f0e64c]
+
+ * sudoreplay.c:
+ add -V (version) flag
+ [b5e743639ee3]
+
+ * sudoreplay.c:
+ Hook up max_wait.
+ [2ec5697a92ba]
+
+ * script.c, sudoreplay.c:
+ Use base36 number for the ID and store script files with paths like
+ /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
+ (2,176,782,336) unique IDs.
+ [6aab019d07aa]
+
+2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ Add check for regcomp
+ [44c3ebd7ff34]
+
+ * sudoreplay.c:
+ Add support for selecting by pattern and tty when listing.
+ [66189f840c52]
+
+2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ The beginnings of a list mode.
+ [8d0150b4a52c]
+
+2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fix pasto
+ [616b4640b8a8]
+
+ * Makefile.in, config.h.in, configure.in:
+ Add scaffolding for building sudoreplay
+ [a32958505dbe]
+
+ * sudoreplay.c:
+ include error.h first arg to nanotime is const
+ [fe5a7bb31bc5]
+
+ * sudoreplay.c:
+ Initial cut at sudoreplay; replay a sudo session.
+ [f149fba372bd]
+
+2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Fix wait() usage and use correct wait status.
+ [f4745ed7ad05]
+
+ * sudo.c, sudo.h, tgetpass.c:
+ Add protos for term_* to sudo.h
+ [14fe1abd7e7b]
+
+ * script.c:
+ Fix detection of the child process exiting. Since the child is in
+ its own session we should only ever get SIGCHLD for that process but
+ better safe than sorry.
+ [7edfdadd8505]
+
+ * config.h.in:
+ Add UNIX98 pty support.
+ [82f4b53a0e8f]
+
+ * configure, configure.in, script.c:
+ Add UNIX98 pty support.
+ [795b8bb0a3a1]
+
+2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * term.c:
+ For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
+ if it is defined.
+ [40f8b83baf69]
+
+ * auth/pam.c:
+ Set PAM_RUSER and PAM_RHOST early so they can be used during
+ authentication. Based on a patch from Jamie Beverly.
+ [3d567b453a6a]
+
+ * match.c:
+ Close dir before returning if strlcpy() reports overflow. From
+ Martynas Venckus.
+ [6a82f96473e5]
+
+ * config.h.in, configure, configure.in, script.c:
+ On Linux, the openpty proto libes in pty.h
+ [98643a018d1c]
+
+ * script.c:
+ Call vhangup on exit if the system has it Use setpgrp() if no
+ setsid()
+ [3a9e13149829]
+
+2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Add checks for revoke and vhangup if we don't have openpty
+ [fcb04572e994]
+
+ * script.c:
+ Session logging guts that got forgotten in the previous commit.
+ [c2af08a63ea9]
+
+ * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
+ configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
+ gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
+ tgetpass.c:
+ First cut at session logging for sudo. Still need to write
+ get_pty() for Unix 98 and old-style BSD ptys. Also needs
+ documentation and general cleanup.
+ [77e3f5e25738]
+
+2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo_edit.c:
+ Fix a bug introduced with def_closefrom. The value of def_closefrom
+ already includes the +1.
+ [7291c136300d]
+
+2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Generate sudo distributions with pax in ustar mode. No longer need
+ to use a temp file or have the source dir name match the version.
+ [9778177a8272]
+
+2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Fix expansion of %h in #include names. Fixes bugzilla 363
+ [6e346879ba24]
+
+2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkdefaults:
+ If no arg assume def_data.in
+ [c1dd28c0e675]
+
+ * README, WHATSNEW:
+ Update for 1.7.2
+ [f5ad45f69f05] [SUDO_1_7_2]
+
+ * ChangeLog:
+ sync
+ [6283549396ff]
+
+2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add missing single quotes around a colon in Runas_Spec definition.
+ From Elias Benali.
+ [ccc6ee4fca83]
+
+2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [546e75304ebf]
+
+ * redblack.c:
+ In rbrepair, re-color the root or the first non-block node we find
+ to be black. Re-coloring the root is probably not needed but won't
+ hurt.
+ [34d01ebe241b]
+
+ * sudo.cat, sudoers.cat:
+ regen
+ [bebf5a39f54f]
+
+2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * redblack.c:
+ When repairing the tree, don't touch the root node.
+ [9841f0d5d789]
+
+2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
+ Reported by Josef Schmid.
+ [ed044b1eb879]
+
+2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Document that we accept env_pam-style environment files
+ [e3b545456352]
+
+ * env.c:
+ Adapt to accept pam_env-style /etc/environment which allows shell-
+ style lines such as: export EDITOR="/usr/bin/vi"
+ [752eb75bf007]
+
+ * sudoers.pod:
+ Make it clear that env_delete only works when !env_reset. From Lo??c
+ Minier
+ [3bd3f8e351ba]
+
+2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod:
+ Add non-unix group bits, adapted from Quest
+ [8ce427de8dea]
+
+ * Makefile.in:
+ build the .cat page in the current working dir, not the src dir
+ [00e87a307674]
+
+ * env.c:
+ Return EINVAL in setenv() if var is NULL or the empty string to
+ match glibc behavior.
+ [23fd7c247142]
+
+2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
+ [fedd4a3e2a85]
+
+2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [7b9f461a40b3]
+
+2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Document --with-libvas and --with-libvas-rpath
+ [a071e6d96c89]
+
+2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, sudoers.ldap.pod:
+ For netscape-derived LDAP SDKs the cert and key paths may be a
+ directory or a file. However, version 5.0 of the SDK only seems to
+ support using a directory. If ldapssl_clientauth_init fails and the
+ cert or key paths look like they could be files, strip off the last
+ path element and try again.
+ [ac4e49d83043]
+
+ * Makefile.in:
+ Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
+ [4547cc1a335f]
+
+2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, match.c, sudo.c, vasgroups.c:
+ Update non-Unix group support from Quest, as reworked by me.
+ [1abafce29dc6]
+
+ * toke.c:
+ regen
+ [01bfca9148b7]
+
+ * toke.l:
+ Add support for escaped hex chars in names, e.g. \x20 for space.
+ [3c7be8e58a39]
+
+2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
+ auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
+ fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
+ logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
+ set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
+ sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
+ tgetpass.c, toke.l, visudo.c:
+ Update copyright years.
+ [e615f676c764]
+
+2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c, lbuf.c:
+ Minor fixes for Minix-3
+ [898c510d23f9]
+
+2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Handle getgroups() returning 0. Also add missing check for
+ HAVE_GETGROUPS.
+ [d73b958f9ffd]
+
+2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, config.h.in, configure, configure.in, sudo.c,
+ version.h, visudo.c:
+ Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
+ [5050579a264d]
+
+2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Remove group setting code in setusercontext case, we will do it
+ ourselves later on in runas_setup. Set the gid after
+ initgroups/setgroups is called, since on Mac OS X it seems to change
+ the egid.
+ [09dc21d8b42d]
+
+2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
+ vasgroups.c:
+ Initial bits of non-unix group support using Quest Authentication
+ Services
+ [1eecab0ff27e]
+
+ * toke.c, toke.l:
+ Accept %:foo as a non-Unix group
+ [4c4b5dd899a6]
+
+ * toke.c, toke.l:
+ Allow user/group to be double quoted in the case of non-Unix groups
+ which contain spaces.
+ [47a3d568b7e8]
+
+2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Don't allow the user to specify the default runas user if their
+ sudoers entry only allows them to run as a group.
+ [4d726177227c]
+
+2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Must call audit_success before we change uids.
+ [04a9e6ce6e55]
+
+ * logging.c, set_perms.c, sudo.h, testsudoers.c:
+ Add option for set_perm to not exit on failure and use this in the
+ logging routines.
+ [833dce7b7f42]
+
+ * parse.c:
+ In -l mode, if the user is only allowed to run as a group, display
+ the user's name, not root's before the allowed group.
+ [ef92ff99d265]
+
+ * sudo.c:
+ Fix -g mode, broken by rev 1.503 which had the side effect of
+ setting the runas user to root unilaterally.
+ [50a2f7df4385]
+
+2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fileops.c:
+ When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
+ [30fbe832dcf3]
+
+ * pwutil.c:
+ Only cache by the method we fetched for pwd and grp lookups.
+ Previously we cached both by namd and id but this can cause problems
+ for entries that share the same id. Also add more info in the error
+ message in case the insert fails (which should now be impossible).
+ [ef95a4f0bab5]
+
+2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Add a clarification from Nick Sieger
+ [1eadad329561]
+
+2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Inline the setting of the environment string.
+ [9515d11c6295]
+
+2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ setenv(3) in Linux treats a NUL value as the empty string setenv(3)
+ in BSD doesn't return an error if the name has '=' in it, it just
+ treats the '=' as end of string.
+ [941260bf94d2]
+
+2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Not all systems have d_namlen
+ [e377b18d8e2d]
+
+2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Fix up some pod2html issues.
+ [823a1f10ab60]
+
+2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
+ Quest Software.
+ [73de36653131]
+
+ * sudoers.pod:
+ Ignore files ending in '~' in sudo.d (emacs backup files)
+ [7871fad702db]
+
+ * toke.c, toke.l:
+ Ignore files ending in '~' in sudo.d (emacs backup files)
+ [53fded2a469f]
+
+2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
+ For #includedir, ignore any file containing a dot
+ [a7daa1bce6c2]
+
+ * Makefile.in, version.h:
+ Bump version
+ [ef60f14ffc44]
+
+ * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
+ sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
+ visudo.c:
+ Implement #includedir directive. Files in an includedir are not
+ edited by visudo unless they contain a syntax error.
+ [3923d85a6c79]
+
+ * ChangeLog:
+ sync
+ [8741ed61a78b] [SUDO_1_7_1]
+
+ * WHATSNEW:
+ Forgot umask_override
+ [7c86a21a5504]
+
+ * ChangeLog, TODO:
+ sync
+ [57339ca6bccf]
+
+2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Rewind stream if we fdopen sudoers since it may not be at the
+ beginning. Set the keepopen flag on already-open files too so the
+ lexer doesn't close them out from under us.
+ [61292d819aff]
+
+ * visudo.c:
+ Print the proper file name when there is a parse error in an include
+ file.
+ [b0e85d4aedde]
+
+2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Sync
+ [997e5d485ea3]
+
+2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix a warning when --without-ldap is specified.
+ [d91fd9481b30]
+
+2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c, parse.h, visudo.c:
+ Store aliases that we remove during check_aliases in a freelist and
+ free them at the end so we don't leak memory.
+ [805e2272f6a3]
+
+2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Check aliases in -c mode too.
+ [9199e188d9f2]
+
+ * alias.c, parse.h, visudo.c:
+ Make alias_remove return the alias struct instead of freeing it
+ directly. Fixes a use after free in alias_remove_recursive, the only
+ consumer.
+ [a04b61804800]
+
+ * alias.c, match.c, parse.c, parse.h, visudo.c:
+ Rename find_alias -> alias_find for consistency.
+ [48b0a82924f3]
+
+2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ When checking for unused aliases, recurse if the alias points to
+ another alias.
+ [2d4d1a7f3a41]
+
+2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Back out rev 1.105 for now. Real ldapux_client.conf support will be
+ done later after some refactoring.
+ [8ad72e69b277]
+
+2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Treat ldap_hostport the same as "host" for ldapux.
+ [3281dcc66da8]
+
+ * configure, configure.in:
+ Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
+ Fixes compilation with ldapux.
+ [ca1ed585ef0e]
+
+2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fileops.c:
+ fix char subscript
+ [41e51f080d00]
+
+2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ remove errant carriage returns
+ [e9e258a31c7b]
+
+ * audit.c, env.c:
+ fix K&R compilation
+ [d182e8920f13]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [791a5cbf04e5]
+
+2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Add missing HAVE_BSM_AUDIT
+ [49ad1bb96f04]
+
+ * WHATSNEW:
+ Add 1.7.1 features
+ [f107f1604c61]
+
+ * INSTALL:
+ Mention --with-netsvc
+ [d1e90d147795]
+
+ * sudoers.ldap.pod:
+ Document netsvc.conf support
+ [e78f8abce6af]
+
+ * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
+ sudo_nss.h:
+ Add support for AIX netsvc.conf (like nsswitch.conf).
+ [1df56a84dee5]
+
+2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, env.c:
+ Add --enable-env-debug flag to enable environment sanity checks.
+ [128cdd8832e7]
+
+ * sudoers.ldap.pod, sudoers.pod:
+ Work around some pod2html issue.
+ [e733b9609bd2]
+
+2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Only sync environ for putenv, setenv, and unsetenv. We need to make
+ sure that sudo_putenv and sudo_setenv only modify env.envp, not
+ environ.
+ [be3ac732243c]
+
+2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Really fix UNSETENV_VOID
+ [08ab7e882507]
+
+ * env.c:
+ Fix unsetenv when UNSETENV_VOID
+ [d3038b3f2f15]
+
+ * aclocal.m4, configure:
+ Fix SUDO_FUNC_PUTENV_CONST
+ [de35569c572b]
+
+ * ldap.c:
+ tivoli-based ldap does not have ldapssl_err2string
+ [c63fd90d5e99]
+
+ * configure:
+ regen
+ [f38f1ee828ad]
+
+2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Add support for Tivoli-based LDAP start TLS as seen in AIX.
+ Untested.
+ [8f8771829f85]
+
+ * env.c:
+ Add sanity checks for setenv/unsetenv
+ [adbd1d95856b]
+
+ * Makefile.in:
+ Include bsm_audit.h in the tarball
+ [4a4aa02b2c32]
+
+ * Makefile.in, version.h:
+ bump version for sudo 1.7.1
+ [362c71d21595]
+
+ * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
+ env.c, ldap.c, sudo.h:
+ Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
+ provide our own setenv/unsetenv/putenv that operates on own env
+ pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
+ [276edcd23032]
+
+2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Make "sudoedit -h" work as expected
+ [2bcbbb45d389]
+
+ * auth/pam.c:
+ Make sure def_prompt is always defined. This is a workaround for
+ pam configs that prompt for a password in the session but don't have
+ an auth line. A better fix is to expand the sudo prompt earlier and
+ set def_prompt to that when initializing.
+ [ee073c04aec3]
+
+ * sudo.pod:
+ Mention that the helper for -A may be graphical.
+ [b64a940c4082]
+
+ * TROUBLESHOOTING:
+ Document what happens if there is no tty.
+ [313d58a856a5]
+
+ * sudo.c:
+ cosmetic changes
+ [894f5e3b0c3e]
+
+ * term.c:
+ Fix term_restore
+ [6c6315ff14bc]
+
+ * sudo.c:
+ Fix "sudo -k" with no other args
+ [59e94dc419c6]
+
+2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
+ Allow the -k flag to be specified in conjunction with a command or
+ another option that may require authentication.
+ [5960ff20355d]
+
+2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
+ [e86ab69c4a57]
+
+ * Makefile.in:
+ Parallel make fix. From Diego E. 'Flameeyes'
+ [1289d7ee27db]
+
+2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+ Implement umask_override
+ [8b87a3f7c5aa]
+
+ * toke.c:
+ regen
+ [79d7ca9ac873]
+
+ * sudoers.pod, toke.l, visudo.c:
+ Implement %h escape in sudoers include filenames.
+ [a7f288dd64f0]
+
+ * audit.c:
+ Need to include compat.h
+ [c0dc07ce2f70]
+
+ * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
+ Make audit_success and audit_failure generic functions in
+ preparation for integrating linux audit support.
+ [7df020a8fd6f]
+
+ * term.c:
+ remove duplicate include
+ [1dfcd01a7e46]
+
+2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * bsm_audit.c:
+ Add missing include
+ [fb56e08c37ee]
+
+ * sudo.c:
+ May need to update the runas user after parsing command-based
+ defaults.
+ [246f130d7802]
+
+2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * glob.c:
+ Add missing pair of braces introduced with character class support.
+ [0e2afa2e03e9]
+
+2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
+ Rename pwstars to pwfeedback
+ [a9f85a57ebac]
+
+2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * bsm_audit.c, bsm_audit.h:
+ Add const to make MacOS happy.
+ [4274432d6627]
+
+ * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
+ configure.in, sudo.c:
+ Add bsm audit support from Christian S.J. Peron
+ [bef61cd8693d]
+
+ * term.c:
+ This is new code, no DARPA notice.
+ [ec6ad09b9c23]
+
+2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+ Rename simple_glob -> fast_glob
+ [68d9ed803cc1]
+
+ * match.c:
+ g/c unused var
+ [693fa0464eb6]
+
+ * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+ Add simple_glob option to use fnmatch() instead of glob(). This is
+ useful when you need to specify patterns that reference network file
+ systems.
+ [77ba634f6949]
+
+ * tgetpass.c:
+ add term_* proto
+ [520f5149d073]
+
+ * sudoers.pod:
+ mention glob()
+ [ddaab8e03c52]
+
+2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Delete any pwstars we wrote after the user hits return. That way
+ there is no record on screen as to the user's password length.
+ [fae25cda762b]
+
+2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * term.c:
+ Move terminal setting bits from tgetpass.c to term.c
+ [03d43325ee99]
+
+ * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
+ tgetpass.c:
+ Add pwstars sudoers option that causes sudo to print a star every
+ time the user presses a key.
+ [7aab417e184d]
+
+2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
+ [64f70e879816]
+
+2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
+ indicate no limit. From Mark Janssen.
+ [e2c5732d54f5]
+
+2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Comments that begin with #- should not be parsed as uids.
+ [a72a50f12f41]
+
+2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Do not try to set the close on exec flag if we didn't actually open
+ sudoers.
+ [ece3ca256904]
+
+2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ regen
+ [e11f0e4c1bdd] [SUDO_1_7_0]
+
+2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sync
+ [5b8954462bb3]
+
+2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
+ password prompt.
+ [8563601cb3de]
+
+ * configure, configure.in:
+ Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
+ as it cannot generate shared objects.
+ [6d4262ef9669]
+
+ * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
+ K&R compilation fixes
+ [77921678d17c]
+
+ * parse.c:
+ Use tq_foreach_fwd when checking pseudo-commands to make it clear
+ that we are not short-circuiting on last match. When pwcheck is
+ 'all', initialize nopass to TRUE and override it with the first non-
+ TRUE entry.
+ [96b209f4778f]
+
+2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Do not short circuit pseudo commands when we get a match since,
+ depending on the settings, we may need to examine all commands for
+ tags.
+ [fdbaf89d6f35]
+
+2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [1ecce7c1b841]
+
+ * sudoers.pod:
+ hostnames may also contain wildcards
+ [82b76695601c]
+
+ * Makefile.in:
+ remove stamp-* files and linux core files in clean target
+ [22003f091467]
+
+2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.h, config.h.in, configure, configure.in:
+ Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
+ [6905bede8410]
+
+2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ correctly enable SIA on Digital UNIX
+ [a51881d13995]
+
+ * TODO:
+ checkpoint
+ [af0fe8d94d42]
+
+ * ChangeLog:
+ sync
+ [831f623cf99c]
+
+2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, sudo.h, tgetpass.c:
+ Even if neither stdin nor stdout are ttys we may still have /dev/tty
+ available to us.
+ [20f306ba883b]
+
+2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [76d97c4c318f]
+
+ * sudoers.pod:
+ fix typos; Markus Lude
+ [bff8bc1e2066]
+
+ * ChangeLog:
+ sync
+ [f108552531cd]
+
+ * toke.c:
+ regen
+ [de828413c67e]
+
+ * toke.l:
+ Fix matching of a line that only consists of a comment char
+ [09c953d8d5ca]
+
+2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ MacOS pam will retry conversation function if it fails so just treat
+ ^C as an empty password.
+ [d056058930bc]
+
+ * visudo.c:
+ When checking for alias use, also check defaults bindings.
+ [2647f82c7dbd]
+
+ * redblack.c:
+ unused var
+ [b7ff71c17c18]
+
+ * redblack.c:
+ Replace my rbdelete with Emin's version (which actually works ;-)
+ [21b133dd0c72]
+
+2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * testsudoers.c:
+ malloc debugging
+ [0fb446fa3279]
+
+ * visudo.c:
+ malloc options in devel mode for visudo too
+ [98d06c6afeef]
+
+2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix compilation on non-C99; from Theo
+ [7c304e16c536]
+
+ * visudo.c:
+ fix check_aliases
+ [83f30a3b1765]
+
+ * alias.c:
+ when destroying an alias, free the correct data pointer
+ [6e1a8bd86c01]
+
+ * auth/sudo_auth.h:
+ add proto for aixauth_cleanup; from Dale King
+ [eba94ffc8f63]
+
+2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [409fa57fff83]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ standardize on the term 'option' for command line options (not flag)
+ [228caefc2e36]
+
+2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Add note on configuring HP-UX pam
+ [f7674a581baf]
+
+2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, sudo.c:
+ Move tty checks into check_user() so we only do them if we actually
+ need a password.
+ [7d997d7106d6]
+
+ * sudo.c:
+ Don't error out if no tty or askpass unless we actually need to
+ authenticate.
+ [9f23b83ed66c]
+
+2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ regen
+ [23f9aef32da6]
+
+ * pathnames.h.in, sudo.c:
+ s/overriden/overridden/; from Tobias Stoeckmann
+ [9f7459a8fac5]
+
+2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, visudo.c:
+ check sudoers owner and mode in strict mode
+ [a3468c5ac1c4]
+
+ * gram.c, toke.c:
+ regen
+ [7d6b515a5443]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ Update copyright years.
+ [52d340cb8cba]
+
+ * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
+ auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
+ closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
+ gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
+ interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
+ parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
+ sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
+ testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
+ visudo.pod, zero_bytes.c:
+ Update copyright years.
+ [b4e6bf2beafa]
+
+ * emul/charclass.h, fnmatch.c, glob.c:
+ add my copyright
+ [28681385014a]
+
+2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ The loop in fill_cmnd() was going one byte too far past the end,
+ resulting in a NUL being written immediately after the buffer end.
+ [a5a49d603cd7]
+
+ * UPGRADE, WHATSNEW:
+ add sections on tgetpass changes
+ [2e6929b6a102]
+
+ * tgetpass.c:
+ Treat EOF w/o newline as an error.
+ [aa02b1db9240]
+
+2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix "sudo -v" when NOPASSWD is set.
+ [f4914711ea80]
+
+ * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
+ auth/sudo_auth.h:
+ No longer treat an empty password at the prompt as special. To quit
+ out of sudo you now need to hit ^C at the password prompt.
+ [980f760ad419]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [6ca21a2cd869]
+
+ * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+ Sudo will now refuse to run if no tty is present unless the new
+ visiblepw sudoers flag is set.
+ [0cc56943252e]
+
+2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c:
+ just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
+ defined
+ [24fc6f712d5c]
+
+ * aix.c:
+ fix fallback value for RLIM_SAVED_MAX
+ [e09e04e1af89]
+
+ * auth/aix_auth.c, auth/sudo_auth.h:
+ Move clearing of AUTHSTATE into aixauth_cleanup.
+ [e14ae7bd259c]
+
+ * auth/aix_auth.c, env.c:
+ Unset AUTHSTATE after calling authenticate() as it may not be
+ correct for the user we are running the command as.
+ [d14f68f1b0ab]
+
+ * isblank.c:
+ Add isblank() function for systems without it. Needed for POSIX
+ character class matching in fnmatch.c and glob.c.
+ [16cba30b283f]
+
+2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ expound on sudo and cd
+ [8e0fa9033637]
+
+2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ regen
+ [40cf320a10fc]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [7cac761ae2c6]
+
+ * sudoers.pod:
+ mention defauts parse order
+ [4e2ce86d1394]
+
+2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4, compat.h, configure:
+ Add isblank() function for systems without it. Needed for POSIX
+ character class matching in fnmatch.c and glob.c.
+ [a1ab55da8424]
+
+ * Makefile.in:
+ add emul/charclass.h to HDRS
+ [7e8a019dcaa4]
+
+2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ checkpoint
+ [afeb9bc1baed]
+
+ * defaults.c, parse.c, testsudoers.c, visudo.c:
+ Move update_defaults into defaults.c and call it properly from
+ visudo and testsudoers.
+ [f4dbb369461f]
+
+ * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
+ tsgetgrpw.c:
+ use zero_bytes() instead of memset() for consistency
+ [4cee0465f4a8]
+
+ * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
+ visudo.c:
+ Zero out sigaction_t before use in case it has non-standard entries.
+ [120092225459]
+
+ * match.c:
+ quiet gcc
+ [098a1df49b23]
+
+ * match.c:
+ Short circuit glob() checks if basename(pattern) !=
+ basename(command). Refactor code that checks for a command in a
+ directory and use it in the glob case if the resolved pattern ends
+ in a '/'.
+ [3c46fd317acb]
+
+2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
+ Defer setting runas defaults until after runaspw/gr is setup.
+ [12e75ee49c0c]
+
+2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c, sudo.c, testsudoers.c:
+ Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
+ systems do not include space for the NUL in the size. Also manually
+ NUL-terminate buffer from gethostname() since POSIX is wishy-washy
+ on this.
+ [7266ab3296a3]
+
+2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudoers.pod:
+ When setting the umask, use the union of the user's umask and the
+ default value set in sudoers so that we never lower the user's umask
+ when running a command.
+ [4e804b004e38]
+
+ * sudo.c:
+ Don't try to read from a zero-length sudoers file. Remove the bogus
+ Solaris work-around for EAGAIN. Since we now use fgetc() it should
+ not be a problem.
+ [bb8e5f68d944]
+
+2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ In update_defaults() check the return value of user*_matches against
+ ALLOW so we don't inadvertantly match on UNSPEC.
+ [4e422fa1527e]
+
+2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen man pages; no more hyphenation
+ [15de4fe2fe01]
+
+ * sudo.c:
+ Don't error out on a zero-length sudoers file. With the advent of
+ #include the user could create a situation where sudo is unusable.
+ [6eb461319fa5]
+
+2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c, config.h.in, configure, configure.in:
+ Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
+ krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
+ all. Add configure tests to handle all the cases.
+ [4b554a98470d]
+
+2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ resort ENVIRONMENT
+ [f4f20f40653e]
+
+ * sudoers.pod:
+ document sudoers_locale
+ [0bffd2dbe806]
+
+ * sudo.pod, sudo_edit.c:
+ add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
+ or EDITOR
+ [0ef8cb248cee]
+
+ * toke.c, toke.l:
+ In fill_cmnd(), collapse any escaped sudo-specific characters.
+ Allows character classes to be used in pathnames.
+ [5685244c8e44]
+
+2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lbuf.c:
+ fix typo in non-C89 function declaration
+ [99a7113b3a05]
+
+ * sudoers.pod:
+ Mention POSIX characters classes now that out fnmatch() and glob()
+ support them.
+ [9c916f1230c3]
+
+ * sample.sudoers, sudoers.pod:
+ Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
+ locale agnostic.
+ [a60a62bec244]
+
+ * parse.h:
+ use __signed char if we are going to assign a negative value since
+ on Power, char is unsigned by default
+ [2877b319df17]
+
+ * config.h.in, configure, configure.in:
+ Add tests for __signed char and signed char.
+ [5eb874fdf1d4]
+
+ * aix.c:
+ Fix AIX limit setting. getuserattr() returns values in disk blocks
+ rather than bytes. The default hard stack size in newer AIX is
+ RLIM_SAVED_MAX. From Dale King.
+ [3db67415ecc3]
+
+2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/charclass.h, fnmatch.c, glob.c:
+ Add character class support to included glob(3) and fnmatch(3).
+ [6b5b4ad77899]
+
+2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/fnmatch.h:
+ Remove UCB advertising clause and some compatibility defines.
+ [2ade7bee74e1]
+
+2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
+ or sudo. This allows one to set EDITOR to sudoedit without getting
+ into an infinite loop of sudoedit running itself until the path gets
+ too big.
+ [aa49ab68f82d]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
+ Add sudoers_locale Defaults option to override the default sudoers
+ locale of "C".
+ [0639886a35bf]
+
+2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Set locale to system default except for during sudoers parse.
+ [016dd2736728]
+
+2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Redo change in 1.34 to use pointer arithmetic.
+ [f9e7b63bb450]
+
+2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Fix a dereference (read) of a freed pointer. Reported by Patrick
+ Williams.
+ [69877b633753]
+
+2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Set locale to "C" to avoid interpretation issues with character
+ ranges in sudoers. May want to make the locale a sudoers option in
+ the future.
+ [098a95de1746]
+
+2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ we no longer use setproctitle
+ [c7f20fb747ea]
+
+ * sudo.h:
+ remove #if 1
+ [a368ee6816c6]
+
+ * LICENSE, mkstemp.c:
+ Use my replacement mkstemp() from the mktemp package.
+ [d07c2beb0f9e]
+
+2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen with yacc skeleton bug fixed
+ [24784571cbb8]
+
+ * sudoers.pod:
+ Remove duplicate "as root". From Martin Toft.
+ [97241acfee5e]
+
+2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, sudo.c, sudo.h, testsudoers.c:
+ Flesh out the fake passwd entry used for running commands as a uid
+ not listed in the passwd database. Fixes an issue with some PAM
+ modules.
+ [a6648227f3f2]
+
+2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Error out in -i mode if the user has no shell. This can happen when
+ running commands as a uid with no password entry.
+ [0c174bef36ff]
+
+2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Better fix for line continuation inside double quotes. Now accepts
+ whitespace between the backslash and the newline like the main
+ lexer.
+ [64efcdf86d31]
+
+2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Fix line continuation in strings. It was only being honored if
+ preceded by whitespace.
+ [96c21271a3e4]
+
+2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, logging.c:
+ Replace the double fork with a fork + daemonize.
+ [328505441e67]
+
+2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ The -i flag should imply env_reset. This got broken in sudo 1.6.9.
+ [3caedfeaec87]
+
+ * logging.c, sudo.c, sudo_edit.c, visudo.c:
+ Change how the mailer is waited for. Instead of having a SIGCHLD
+ handler, use the double fork trick to orphan the child that opens
+ the pipe to sendmail. Fixes a problem running su on some Linux
+ distros.
+ [b59ce60a393d]
+
+2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix configure test for dirfd() on Linux where DIR is opaque.
+ [b8f729cdfecc]
+
+2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
+ this problem we'll need to revisit this again.
+ [c17fee8ad530]
+
+2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Ignore SIGPIPE instead of blocking it when piping to the mailer. If
+ we only block the signal it may be delivered later when we unblock.
+ Also, there is no need to block SIGCHLD since we no longer do the
+ double fork. The normal SIGCHLD handler is sufficient.
+ [e94a49e992e5]
+
+2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add description for NO_PAM_SESSION, from a redhat patch.
+ [b9e4c939ec09]
+
+2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Fix typos in -i usage
+ [2d7ce5de0235]
+
+2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Redo the test for dgettext() in a way that hopefully will work
+ around the libintl_dgettext() undefined problem.
+ [d27beb0cf85e]
+
+2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * schema.ActiveDirectory:
+ change filename in comment
+ [733da4ee9ac5]
+
+2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Reference schema.ActiveDirectory
+ [d6aec537800e]
+
+2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * schema.OpenLDAP, schema.iPlanet:
+ Mark sudoRunAs as deprecated.
+ [00c50df807af]
+
+ * schema.ActiveDirectory:
+ add sudoRunAsUser and sudoRunAsGroup
+ [19bcce6f72fb]
+
+ * schema.ActiveDirectory:
+ Active Directory schema by Chantal Paradis and Eric Paquet
+ [06a09c92c6a5]
+
+2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ remove an XXX that was fixed
+ [b88038062fa2]
+
+ * ChangeLog:
+ sync
+ [8fc27c17270e]
+
+ * parse.c:
+ Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
+ fixes a problem where the tag value printed was influenced by
+ defaults set in the first pass through the parser.
+ [588ccd630367]
+
+2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudo.psf:
+ No point in packaging the TODO file
+ [9590248fffe1]
+
+ * ChangeLog:
+ sync
+ [152acf4c6813]
+
+2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
+ sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add env_file Defaults option that is similar to /etc/environment on
+ some systems.
+ [1daf53d51e18]
+
+2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
+ sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ version.h, visudo.cat, visudo.man.in:
+ change version to 1.7.0
+ [d41d126b9bd8]
+
+ * UPGRADE:
+ initial valgrind pass done
+ [c59c3876d8ca]
+
+2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Fix typo/think in sudo_ldap_read_secret() when storing the secret.
+ [830d246c09b0]
+
+2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ define LDAPS_PORT if the system headers do not
+ [247b12325701]
+
+2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c, gram.y:
+ Fix another memory leak in init_parser().
+ [7bba47deba11]
+
+ * configure, configure.in:
+ There was a missing space before the ldap libs in SUDO_LIBS for some
+ configurations.
+ [7524cfc93759]
+
+ * alias.c, gram.c, gram.y, toke.c, toke.l:
+ Clean up some memory leaks pointed out by valgrind.
+ [a965866ece1a]
+
+2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix "sudo -s" broken by mode/flags breakout
+ [acffe984d408]
+
+ * configure, configure.in:
+ remove duplicate check for dgettext
+ [58145529133c]
+
+2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c:
+ Fall back to default stanza if no user-specific limit is found.
+ [7b8cb29123ee]
+
+2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ include stdint.h if present
+ [f0ec38529306]
+
+ * snprintf.c:
+ Use LLONG_MAX, not the old QUAD_MAX
+ [01041ce508fb]
+
+2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.ldap.pod:
+ fix cut and pasto
+ [34240fdef5ab]
+
+2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Add #ifdef PURITY
+ [ce1b571ad526]
+
+2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/bsdauth.c:
+ remove useless cast
+ [494f8a862e1d]
+
+2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ sync
+ [f5c97ffaabcc]
+
+ * TODO:
+ sync
+ [96ff1c44c182]
+
+ * sudo.h:
+ Split MODE_* defines into primary and flags.
+ [c02ee3027cb9]
+
+2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c:
+ It turns out the logic for getting AIX limits is more convoluted
+ than I realized and differs depending on whether the soft and/or
+ hard limits are defined.
+ [cf8d3f85d395]
+
+2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure, configure.in:
+ Back out AIX-specific change to set the sudo_noexec path to the .a
+ file, we do really want to use the .so file. Since libtool doesn't
+ do that correctly, just install the .so file ourselves in the
+ Makefile.
+ [05c6f33177d9]
+
+ * install-sh:
+ If the file given to install is a path, only use the basename of the
+ file when building the destination path.
+ [695ba4e429ce]
+
+2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ parse_args() cleanup: Sort command line options in the getopt()
+ switch The -U option requires a parameter Normalize a few ISSET
+ calls Split mode into mode and flags and retire the now-obsolete
+ excl variable
+ [0d156835f861]
+
+ * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
+ sudo_usage.h.in:
+ Add -n (non-interactive) flag.
+ [e3e50400d32d]
+
+ * sudo.c:
+ Move version printing, etc. into a separate function.
+ [18c91b476e2c]
+
+ * sudo.c:
+ Don't try to cleanup nsswitch if it has not been initialized.
+ [aeb1ca1b399d]
+
+2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Block SIGPIPE in send_mail() so sudo is not killed by a problem
+ executing the mailer.
+ [f130e7924cca]
+
+2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ AIX shared libs end in .a, not .so.
+ [a5deb07020d8]
+
+2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Preserve HOME by default too. Matches documentation and previous
+ behavior.
+ [c16f17f1047c]
+
+2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Use getopt() to parse the command line. We need to be able to
+ intersperse env variables and options yet still honor "--"" which
+ complicates things slightly.
+ [60f271ce5c16]
+
+2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ sync
+ [685e67964eda]
+
+ * acsite.m4, configure, ltmain.sh:
+ update to libtool-1.5.26
+ [4c9a8c3d3b40]
+
+ * config.guess, config.sub:
+ update from libtool-1.5.26 distribution
+ [c6641aef2527]
+
+ * aix.c, sudo.h:
+ attempt to fix compilation errors on AIX
+ [edb13e5b2184]
+
+ * Makefile.in:
+ fix typo in last commit
+ [25ba7f7ceae4]
+
+ * Makefile.in:
+ Add WHATSNEW file to the distribution
+ [213f4115de8f]
+
+ * visudo.c:
+ use warningx instead of fprintf(stderr, ...)
+ [a3494b8ccb19]
+
+ * list.c:
+ add DEBUG to list2tq
+ [115d24a3000c]
+
+ * ChangeLog, TODO:
+ sync
+ [60e6f4d1fac0]
+
+ * WHATSNEW:
+ mention mailfrom
+ [e2498f9e18d6]
+
+ * Makefile.in, aix.c, config.h.in, configure, configure.in,
+ set_perms.c, sudo.h:
+ Add aix_setlimits() to set resource limits on AIX using a
+ combination of getuserattr() and setrlimit(). Currently untested.
+ [9b1441fd89ca]
+
+2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod:
+ Add mailfrom Defaults option that sets the value of the From: field
+ in the warning/error mail. If unset the login name of the invoking
+ user is used.
+ [029b9f05d3d9]
+
+ * defaults.c:
+ store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
+ [a90e407d5e00]
+
+ * gram.c, gram.y:
+ When adding a default, only call list2tq() once to do the list to tq
+ conversion. It is not legal to call list2tq multiple times on the
+ same list since list2tq consumes and modifies the list argument.
+ [fbc25d245c4a]
+
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ comment out XXXs for now
+ [595a1d43309d]
+
+ * WHATSNEW:
+ mention askpass
+ [b993e0837c22]
+
+2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Error out if both -A and -S are specified Error out if -A is
+ specified but no askpass is configured
+ [24f1df2638f6]
+
+ * configure, configure.in:
+ we are not going to ship a sudo-specific askpass
+ [61949e7a3943]
+
+2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ fix definition of TGP_ASKPASS
+ [0447c57ba4c3]
+
+ * def_data.c, def_data.in:
+ make askpass boolean-capable
+ [e0885893a325]
+
+ * INSTALL:
+ document --with-askpass
+ [c76e15ba97cf]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.man.in, visudo.cat:
+ regen
+ [8d16242980b7]
+
+2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudo_usage.h.in, sudoers.pod:
+ document -A and askpass
+ [02c07505a78c]
+
+ * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
+ def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
+ sudo_usage.h.in, tgetpass.c:
+ Add support for running a helper program to read the password when
+ no tty is present (or when specified with the -A flag). TODO: docs.
+ [05780f5f71fd]
+
+ * def_data.c, def_data.in:
+ add missing printf format to SELinux role and type strings
+ [2b32774715e7]
+
+2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Disable use of gss_krb5_ccache_name() by default and add
+ --enable-gss-krb5-ccache-name configure option to enable it. It
+ seems that gss_krb5_ccache_name() doesn't work properly with some
+ combinations of Heimdal and OpenLDAP.
+ [f61ebd3b19bd]
+
+2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * selinux.c:
+ Ignore setexeccon() failing in permissive mode. Also add a call to
+ setkeycreatecon() (though this is probably insufficient). From Dan
+ Walsh.
+ [52564fc1c069]
+
+ * auth/pam.c:
+ Only set std_prompt for the PAM_PROMPT_* cases. The conversation
+ function may be called for non-password reading purposes so we must
+ be careful not to use def_prompt in cases where it may not be set.
+ [29d88ca575ba]
+
+2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * selinux.c:
+ Don't free the new tty context, we need to keep it around when we
+ restore the tty context after the command completes
+ [5b4bd39b6ea8]
+
+2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * selinux.c:
+ s/newrole/sudo/
+ [21b8a96ff8df]
+
+ * sudo.man.pl, sudo.pod:
+ Only put login_cap(3) in SEE ALSO section if we have login.conf
+ support
+ [05250ddff2c0]
+
+2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [301e5c5ccdbe]
+
+ * sudoers.pod:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [c1c98fa163ce]
+
+ * sudoers.man.pl:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [6c88f30b878a]
+
+ * sudo.pod:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [acdbdfd24e1d]
+
+ * sudo.man.pl:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [0c56d4750ac3]
+
+ * Makefile.in, configure, configure.in:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [9a02bd6a6658]
+
+ * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
+ Remove the =cut on the first line (above the copyright notice) to
+ quiet pod2man. Also remove the hackery in the FILES section and
+ just deal with the fact that there will a newline between each
+ pathname.
+ [2ac1ab191835]
+
+2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ run sudo.man.pl when generating sudo.man.in
+ [859727369168]
+
+ * configure, configure.in, sudo.man.pl:
+ comment out SELinux manual bits unless --with-selinux was specified
+ [97ff4212b649]
+
+ * sudoers.pod:
+ document role and type defaults for SELinux
+ [870f303366b3]
+
+ * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
+ Document "sudo -ll" and make "sudo -l -l" be equivalent.
+ [3ce6dc429ea3]
+
+2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
+ Debian GNU/kFreeBSD.
+ [c4efa567a328]
+
+2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
+ verify_krb_v5_tgt()
+ [f80538e5a6fa]
+
+ * logging.c, logging.h, sudo.c:
+ Remove dependence on VALIDATE_NOT_OK in logging functions. Split
+ log_auth() into log_allowed() and log_denial() Replace mail_auth()
+ with should_mail() and a call to send_mail()
+ [58aac9997557]
+
+2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Add debugging so we can tell if the krb5 ccache is accessible
+ [c679322527bb]
+
+ * INSTALL:
+ mention --with-selinux
+ [9efbe0b52194]
+
+2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [467a834f867c]
+
+ * selinux.c:
+ add Sudo tag
+ [d004ee669bed]
+
+ * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+ testsudoers.c, toke.c, toke.l:
+ Add support for SELinux RBAC. Sudoers entries may specify a role
+ and type. There are also role and type defaults that may be used.
+ To make sure a transition occurs, when using RBAC commands are
+ executed via the new sesh binary. Based on initial changes from Dan
+ Walsh.
+ [1d4abfe2c004]
+
+ * sesh.c:
+ Add support for SELinux RBAC. Sudoers entries may specify a role
+ and type. There are also role and type defaults that may be used.
+ To make sure a transition occurs, when using RBAC commands are
+ executed via the new sesh binary. Based on initial changes from Dan
+ Walsh.
+ [1e3b395ce049]
+
+ * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
+ def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
+ pathnames.h.in, selinux.c:
+ Add support for SELinux RBAC. Sudoers entries may specify a role
+ and type. There are also role and type defaults that may be used.
+ To make sure a transition occurs, when using RBAC commands are
+ executed via the new sesh binary. Based on initial changes from Dan
+ Walsh.
+ [6b421948286e]
+
+2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
+ Add long list (sudo -ll) support for printing verbose LDAP and
+ sudoers file entries. Still need to update manual.
+ [2875be37935c]
+
+2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
+ Unify the -l output for file and ldap based sudoers and use lbufs
+ for both. The ldap output does not currently include options that
+ cannot be represented as tags. This will be remedied in a long list
+ output mode to come.
+ [b2e429456596]
+
+2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Use a specific error message for errno == EAGAIN when setuid() et al
+ fails. On Linux systems setuid() will fail with errno set to EAGAIN
+ if changing to the new uid would result in a resource limit
+ violation.
+ [08d0aecd9f03]
+
+ * sudo.c:
+ Unlimit nproc on Linux systems where calling the setuid() family of
+ syscalls causes the nroc resource limit to be checked. The limits
+ will be reset by pam_limits.so when PAM is used. In the non-PAM
+ case the nproc limit will remain unlimited but there doesn't seem to
+ be a way around that other than having sudo parse
+ /etc/security/limits.conf directly.
+ [df024b415a8d]
+
+ * env.c, sudo.c, sudo.pod:
+ Only read /etc/environment on Linux and AIX
+ [90669e2aefdb]
+
+2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
+ ldap.conf and ldap.secret paths from going into config.h. Avoid
+ single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
+ since in some versions of bash they will end up literally in the
+ resulting define.
+ [25390f3ef10a]
+
+2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ mention --with-nsswitch=no
+ [c509df927263]
+
+ * configure, configure.in:
+ ldap_ssl.h depends on ldap.h being included first
+ [d96d90e9b21f]
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Include ldap_ssl.h if we can find it. Needed for the
+ ldapssl_set_strength defines on HP-UX at least.
+ [9e530470948a]
+
+ * sudoers.ldap.pod:
+ sync
+ [b9d101f4673a]
+
+ * TODO:
+ sync
+ [2ce951b2ecd0]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [b61d793987e0]
+
+ * Makefile.in:
+ Use 78n line length when formatting cat pages.
+ [761bee9d5759]
+
+ * README.LDAP:
+ Remove redundant info that is now in sudoers.ldap.pod
+ [01828dcce59e]
+
+2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Reorganize the first section a bit. Substitute the proper path for
+ /etc/sudoers.
+ [11ae165e065d]
+
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
+ schema into EXAMPLES
+ [ab6509d1dde7]
+
+ * configure, configure.in:
+ Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
+ sudoers.ldap.man.
+ [6e689972f465]
+
+ * configure, configure.in:
+ substitute for sudoers.ldap.man
+ [5a4a25766dee]
+
+ * Makefile.in:
+ Fix cut & pasto introduced when adding sudoers.ldap man page.
+ [a7b069af8894]
+
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Fill in some of the missing pieces. Still needs some reorganization
+ and editing.
+ [5e7331722166]
+
+2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Beginnings of a sudoers.ldap man page. Currently, much of the
+ information is adapted from README.LDAP.
+ [aad28c8a922d]
+
+2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ When copying gr_mem we must guarantee that the storage space for
+ gr_mem is properly aligned. The simplest way to do this is to
+ simply store gr_mem directly after struct group. This is not a
+ problem for gr_passwd or gr_name as they are simple strings.
+ [af58fc76f1ed]
+
+ * ldap.c:
+ Fix a typo/thinko in one of the calls to
+ sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
+ [70b2eb8097f5]
+
+2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, ldap.c:
+ include <mps/ldap_ssl.h> in ldap.c if available
+ [34346206ef16]
+
+2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c, gram.y:
+ Make sure we define SIZE_MAX for yacc's skeleton.c
+ [d8a45c7a3c42]
+
+ * tgetpass.c:
+ Use TCSAFLUSH when restoring terminal settings (and echo) to
+ guarantee that any pending output is discarded
+ [549a184479e5]
+
+2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers:
+ no longer need to specify SETENV when user has sudo ALL
+ [3051b41f8032]
+
+ * testsudoers.c:
+ sync user_args size calculation with sudo.c Add -g group option,
+ renaming old -g to -G Add set_runasgr() and set_runaspw() and use
+ them
+ [0850325180f0]
+
+ * sudo.c, sudo.h:
+ Make set_runaspw static void
+ [5d44d7a340ce]
+
+ * testsudoers.c, visudo.c:
+ g/c set_runaspw stub
+ [79ebb5e2cc38]
+
+ * configure, configure.in:
+ Don't add -llber twice.
+ [4356d302eef4]
+
+2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ fix typo
+ [249cecc557e9]
+
+2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen
+ [2f94ea375b67]
+
+ * configure, configure.in:
+ Fix check that determines whether -llber is required.
+ [6afa99523379]
+
+ * README.LDAP, config.h.in, configure, configure.in, ldap.c:
+ For netscape-based LDAP, use ldapssl_set_strength() to implement the
+ checkpeer ldap.conf option.
+ [16ae24d73795]
+
+ * auth/kerb5.c:
+ Delay krb5_cc_initialize() until we actually need to use the cred
+ cache, which is what krb5_verify_user() does. Better cleanup on
+ failure.
+ [d12e5f1695b8]
+
+2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Rewrite verify_krb_v5_tgt() based on what heimdal's
+ krb5_verify_user() does.
+ [05b5815f86c9]
+
+2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ The U suffix on constants is an ANSI feature
+ [c6dfce3167f1]
+
+ * configure, configure.in:
+ Add check for ber_set_option() in -llber
+ [43d0c0566074]
+
+2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ default if no nsswitch.conf is files only
+ [c13001d9c998]
+
+2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ don't tell people to mail aaron about LDAP stuff
+ [8165ec1ef0c6]
+
+ * README.LDAP:
+ timelimit and bind_timelimit
+ [44f74cbed167]
+
+ * ChangeLog:
+ sync
+ [aba1a0ab02bd]
+
+ * ldap.c:
+ Move ldap.secret reading into a separate function.
+ [1948acc9f7a4]
+
+ * check.c:
+ user_runas -> runas_pw
+ [334490fc2bae]
+
+2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sync
+ [c7b165cc47c6]
+
+ * check.c, sudo.pod, sudoers.pod:
+ Add and document the %p escape in the password prompt. Based on a
+ patch from Patrick Schoenfeld.
+ [3972d4f31ffa]
+
+ * ldap.c:
+ Check strlcpy() return values.
+ [9b42f3ae8ff1]
+
+ * ldap.c:
+ refactor ldap binding code into sudo_ldap_bind_s()
+ [cb0c66a4d955]
+
+ * README.LDAP:
+ Make it clear that host and uri can take multiple parameters. URI is
+ now supported for more than just openldap nsswitch.conf does't
+ accept "compat"
+ [f610dea656d6]
+
+ * sudo.c:
+ comment cleanup and update (c) year
+ [6cd69c810ca5]
+
+ * parse.c, sudo_nss.c:
+ Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
+ This should make it possible to build an LDAP-only sudo binary.
+ [61c3f27066a0]
+
+ * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
+ Improve chaining of multiple sudoers sources by passing in the
+ previous return value to the next in the chain
+ [2c0b722b1b2d]
+
+ * gram.y:
+ Free up parser data structures in sudo_file_close().
+ [2251531d4519]
+
+ * gram.c, parse.c:
+ Free up parser data structures in sudo_file_close().
+ [8371f130f401]
+
+ * ldap.c:
+ Parse uri ourself if no ldap_initialize() is present Use
+ ldap_create() instead of deprecated ldap_init() Use
+ ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
+ [85d3825b1953]
+
+ * config.h.in, configure, configure.in:
+ Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
+ CFLAGS
+ [240524512bc5]
+
+2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ add check for ldap_create
+ [3089badd73b8]
+
+2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
+ dn using the mechanism appropriate for the LDAP SDK in use. Use
+ ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
+ ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
+ [6deeca3d00cc]
+
+ * lbuf.c:
+ include unistd.h
+ [8419ed0bae7f]
+
+ * config.h.in, configure.in:
+ fix typo in mtim_getnsec
+ [2d5f21230a60]
+
+2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ add check for st__tim in struct stat as used by SCO
+ [587060ea2a89]
+
+ * ldap.c:
+ use ldap_search_ext_s instead of deprecated ldap_search_s
+ [5fc44fe3b44c]
+
+ * Makefile.in, TODO, sudo.cat, sudo.man.in:
+ add sudo_nss.h to HDRS
+ [86f01a70ff29]
+
+ * ldap.c:
+ Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
+ ldap_rdn2str().
+ [aa217002cfae]
+
+2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Use ldap_get_values_len()/ldap_value_free_len() instead of the
+ deprecated ldap_get_values()/ldap_value_free().
+ [e22dceb85e57]
+
+ * ChangeLog:
+ sync
+ [adad27b36107]
+
+ * TODO:
+ sync
+ [c449eb47e0ef]
+
+ * gettime.c, sudo.c:
+ Remove some already fixed XXXs
+ [532788d0e6da]
+
+ * ldap.c:
+ Same return value as non-existent sudoers if LDAP was unable to
+ connect.
+ [5819810e8e4e]
+
+ * sudo.pod:
+ mention /etc/environment
+ [ea8e6102f853]
+
+ * README.LDAP, UPGRADE, WHATSNEW:
+ Update to reflect recent developments.
+ [ed1fb026fe77]
+
+ * sudo.c:
+ Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
+ [55b68a58260d]
+
+ * ldap.c:
+ When building up a query don't list groups in the aux group vector
+ that are the same as the passwd file group. On most systems the
+ first gid in the group vector is the same as the passwd entry gid.
+ [4bb51e297e0d]
+
+ * env.c, ldap.c:
+ Define LDAPNOINIT before calling ldap_init(), etc. to disable user
+ ldaprc and system defaults that could affect how LDAP works.
+ [ce5036440db2]
+
+ * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
+ sudo_nss.c, sudo_nss.h:
+ Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
+ to specify nsswitch.conf path or disable it. If --with-nsswitch=no
+ but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
+ file and --with-ldap-secret-file
+ [ea5d7704381f]
+
+ * parse.c:
+ Honor def_ignore_local_sudoers
+ [f38e1121fae1]
+
+2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ no longer need to check def_ignore_local_sudoers here
+ [fce2a72f96fb]
+
+ * parse.c:
+ Refactor group vector resetting into a function and also call it
+ from display_cmnd. Stop after the first sucessful match in
+ display_cmnd. Print a newline between each display_privs method.
+ [981b37b5adff]
+
+ * parse.c:
+ fix double free introduced in rev 1.218
+ [c574b02d8747]
+
+ * ldap.c:
+ belt and suspenders; zero out result after freeing it
+ [7732988d4620]
+
+ * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
+ Refactor line reading into a separate function, sudo_parseln(),
+ which removes comments, leading/trailing whitespace and newlines.
+ May want to rethink the use of sudo_parseln() for /etc/ldap.secret
+ [61d9068f0645]
+
+ * parse.c, sudo.c:
+ Make the inability to read the sudoers file a non-fatal error if
+ there are other sudoers sources available. sudoers_file_lookup now
+ returns "not OK" if sudoers was not present
+ [643babf597a8]
+
+ * ldap.c:
+ make it clear that the global options are from LDAP
+ [9ff950349463]
+
+ * logging.c:
+ allocate proper amount of space for error string
+ [8bebb7d46d19]
+
+ * sudo_nss.c, sudo_nss.h:
+ actual sudo nss code
+ [5bd7d52d7738]
+
+ * ldap.c, parse.c, sudo.c, sudo.h:
+ nss-ify display_privs and display_cmnd.
+ [cccfdd3253f2]
+
+ * defaults.c, parse.c, testsudoers.c, visudo.c:
+ move update_defaults() to parse.c
+ [ace144b958a9]
+
+ * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
+ Use nsswitch to hide some sudoers vs. ldap implementation details
+ and reduce the number of #ifdef LDAP TODO: fix display routines and
+ error handling
+ [6225edde89a6]
+
+2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
+ First cut at nsswitch.conf support. Further reorganizaton and
+ related changes are forthcoming.
+ [717f59d0790b]
+
+2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, pathnames.h.in, sudo.c, sudo.h:
+ Add support for reading and /etc/environment file. Still needs to
+ be documented and should probably only applies to OSes that have it
+ (AIX and Linux, maybe others).
+ [15d3edae27e4]
+
+ * ldap.c:
+ include limits.h
+ [e19875ef0f82]
+
+2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ reword LDAP SASL
+ [7ec3c4ec31b5]
+
+2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sync
+ [87c5a7aea7bf]
+
+ * README.LDAP:
+ Add an example sudoRole, clarify netscape vs. openldap a bit more
+ [6f96c0ca8107]
+
+ * README.LDAP:
+ Be clear on what is OpenLDAP vs. Netscape-derived
+ [a33c8314dec5]
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Use ldapssl_init() for ldaps support instead of trying to do it
+ manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
+ and tls_key for cert7.db and key3.db respectively. Don't print
+ debugging info for options that are not set. Add warning if
+ start_tls specified when not supported.
+ [abb62dc7e4a3]
+
+ * ldap.c:
+ fix compilation on solaris
+ [03d449684e80]
+
+ * Makefile.in:
+ add missing .h and .c files for missing lib objs
+ [8b37825bdfc7]
+
+2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ fix LDAP_OPT_NETWORK_TIMEOUT setting
+ [226eba89c0ad]
+
+ * ldap.c:
+ fix compilation on Solaris
+ [917d47639eb6]
+
+2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix typo
+ [009d5c81b225]
+
+ * README.LDAP:
+ try to clear up which variables are for OpenLDAP and which are for
+ netscape-derived SDKs
+ [f8d9823ee73c]
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Add support for "ssl on" in both netscape and openldap flavors. Only
+ the OpenLDAP flavor has been tested.
+ [952745829ec5]
+
+ * logging.c, sudo.c, sudo.h:
+ Call cleanup() before exit in log_error() instead of calling
+ sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
+ [da02d1b67a2c]
+
+ * sudo.c:
+ ld -> ldap_conn
+ [01afa6d927cc]
+
+2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, sudo.c, sudo.h:
+ Better ldap cleanup.
+ [25b9abe2d617]
+
+ * ldap.c:
+ Distinguish between LDAP conf settings that are connection-specific
+ (which take an ld pointer) and those that are default settings
+ (which do not).
+ [d48dc6c9c3b4]
+
+2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Improved warnings on error.
+ [c8dce7b4feb4]
+
+ * ldap.c:
+ Make ldap config table driven and set the config *after* we open the
+ connection.
+ [d9698b5a2681]
+
+2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
+ [598c6df06660]
+
+ * configure, configure.in:
+ some operating systems need to link with -lkrb5support when using
+ krb5
+ [8896365dde9e]
+
+2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ minor update
+ [acfeeb7f4886]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [a3c6699674f9]
+
+2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog, TODO:
+ sync
+ [138e99b925ee]
+
+ * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
+ add -g support for LDAP
+ [8fc27dbe9287]
+
+2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
+ The -i and -s flags can now take an optional command.
+ [6afec104ee77]
+
+2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
+ sudoers.pod:
+ Add passprompt_override flag to sudoers that will cause the prompt
+ to be overridden in all cases. This flag is also set when the user
+ specifies the -p flag.
+ [e4c5402131a6]
+
+ * sudo.c:
+ Move setting of login class until after sudoers has been parsed. Set
+ NewArgv[0] for -i after runas_pw has been set.
+ [62a48c8c56fa]
+
+ * configure, configure.in:
+ Move the dgettext check.
+ [5fd8a4712d1c]
+
+2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, config.h.in, configure, configure.in:
+ Add basic support for looking up the string "Password: " in the PAM
+ localized text db. This allows us to determine whether the PAM
+ prompt is the default "Password: " one even if it has been
+ localized.
+
+ TODO: concatenate non-std PAM prompts and user-specified sudo
+ prompts.
+ [81c25a415d41]
+
+2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, config.h.in, configure, configure.in, parse.c,
+ set_perms.c, sudo.c, sudo.h:
+ Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
+ insufficient.
+ [1cce6ec1a91e]
+
+ * acsite.m4, configure, interfaces.c, memrchr.c:
+ Fix typos; Martynas Venckus
+ [be1233cca11a]
+
+2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Don't assume runas_pw is set; it may not be in the -g case.
+ [aa11bd2193ac]
+
+2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, set_perms.c:
+ Set aux group vector for PERM_RUNAS and restore group vector for
+ PERM_ROOT if we previously changed it. Stash the runas group vector
+ so we don't have to call initgroups more than once. Also add no-op
+ check to check_perms.
+ [53837fc755f7]
+
+2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
+ ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
+ pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+ sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
+ testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
+ Add support for runas groups. This allows the user to run a command
+ with a different effective group. If the -g option is specified
+ without -u the command will be run as the current user (only the
+ group will change). the -g and -u options may be used together.
+ TODO: implement runas group for ldap improve runas group
+ documentation add testsudoers support
+ [9019309df6d0]
+
+ * configure, configure.in:
+ fix setting of mandir
+ [2c60f269399f]
+
+ * sudo.pod, sudoers.pod:
+ document that ALL implies SETENV
+ [bcc8e5b703b9]
+
+ * ldap.c:
+ s/setenv_ok/setenv_implied/g
+ [f005df2c2eea]
+
+ * ldap.c:
+ hostname_matches() returns TRUE on match in sudo 1.7.
+ [c3d4377b6e8b]
+
+ * ldap.c:
+ use strcmp, not strcasecmp when comparing ALL
+ [e486024574a1]
+
+ * ldap.c:
+ Make sudo ALL imply setenv. Note that unlike with file-based
+ sudoers this does affect all the commands in the sudoRole.
+ [bc12f54321d1]
+
+ * gram.c, gram.y, parse.c, parse.h:
+ sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
+ it is not passed on to other commands in the list.
+ [026e2cb40680]
+
+ * visudo.c:
+ Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
+ sudo_getpwuid() instead of getpwuid().
+ [86f30a8fbd49]
+
+2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers:
+ Expand on the dangers of not using visudo to edit sudoers.
+ [e434e8057d02]
+
+2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Don't quote *?[]! on output since the lexer does not strip off the
+ backslash when reading those in.
+ [561da4a13afa]
+
+2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * glob.c:
+ expand "u_foo" types to "unsigned foo" to avoid compatibility
+ issues.
+ [b0d7c64d78c3]
+
+2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Refactor log line generation in to new_logline().
+ [6a9b9730615d]
+
+2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ fix typo
+ [9e19d4f86e47]
+
+2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
+ match.c:
+ Add configure check for struct in6_addr instead of relying on
+ AF_INET6 since some systems define AF_INET6 but do not include IPv6
+ support.
+ [e24082c416bd]
+
+2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
+ use.
+ [76a9df4a63be]
+
+2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ POSIX states that struct timespec be declared in time.h so check
+ there regardless of the value of TIME_WITH_SYS_TIME.
+ [e42c55ec9daf]
+
+2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Instead of defining a macro to call the appropriate method for
+ turning on/off echo, just define tc[gs]etattr() and the related
+ defines that use the correct terminal ioctls if needed. Also go back
+ to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
+ [5dfb2379d995]
+
+2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ g/c @ALLOCA@
+ [e6946c2e3820]
+
+ * configure:
+ regen
+ [9bac7159a138]
+
+ * INSTALL, auth/pam.c, config.h.in, configure.in:
+ Add --disable-pam-session configure option to disable calling
+ pam_{open,close}_session. May work around bugs in some PAM
+ implementations.
+ [273d0fdb4a9d]
+
+2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ quiet gcc warnings
+ [325565c5a579]
+
+ * tgetpass.c:
+ Avoid printing the prompt if we are already backgrounded. E.g. if
+ the user runs "sudo foo &" from the shell. In this case, the call
+ to tcsetattr() will cause SIGTTOU to be delivered.
+ [db2139a8d8b8]
+
+2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in:
+ Reorder things such that the definition of env_reset come right
+ before the env variable lists.
+ [e0d8e22a581a]
+
+ * parse.h:
+ Shrink type and seqno in struct alias from int to u_short
+ [9425263dd565]
+
+ * alias.c, match.c, parse.c, parse.h:
+ Add a sequence number in the aliases for loop detection. If we find
+ an alias with the seqno already set to the current (global) value we
+ know we've visited it before so ignore it.
+ [301a0548ffff]
+
+2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO, auth/pam.c, sudo.c, sudo.h:
+ PAM wants the full tty path so add user_ttypath which holds the full
+ path to the tty or is NULL if no tty was present.
+ [c7c1dd4b36c8]
+
+ * auth/pam.c:
+ Set PAM_RHOST to work around a bug in Solaris 7 and lower that
+ results in a segv.
+ [3a8865b3a357]
+
+2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen
+ [5647be127950]
+
+ * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
+ parse.h, testsudoers.c, visudo.c:
+ rename lh_ -> tq_
+ [8f500c542c4a]
+
+2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alloc.c:
+ remove some useless casts
+ [409a448b23f5]
+
+ * alloc.c:
+ pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
+ predates the final C99 spec and the standard specifies that it shall
+ include stdint.h anyway
+ [ae478fdef61a]
+
+2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, alloca.c, configure.in:
+ Since we ship with a pre-generated parser there is no need to ship a
+ bogus alloca implementation.
+ [3f611a7cc0e5]
+
+ * configure:
+ regen
+ [771eccf5269c]
+
+ * configure.in:
+ remove initial setting of CHECKSIA, we require that it be unset if
+ not used
+ [a2e91adc5aa2]
+
+ * Makefile.in:
+ add list.c to SRCS
+ [7db0e56cf5b9]
+
+ * configure:
+ regen
+ [3716ec30172e]
+
+ * configure.in:
+ only do SIA checks on Digital Unix
+ [6a96e1af2597]
+
+2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [ac1dc29de72b]
+
+ * ChangeLog, TODO:
+ sync
+ [781effce0a2d]
+
+ * auth/kerb5.c:
+ Remove call to krb5_cc_register() as it is not needed for modern
+ kerb5.
+ [351b8b764f16]
+
+ * configure:
+ regen
+ [ac21dbcc9c2c]
+
+ * aclocal.m4, configure.in:
+ New method for setting the default authentication type and avoiding
+ conflicts in auth types.
+ [5fb15be11f78]
+
+ * match.c, parse.c, testsudoers.c:
+ Each entry in a cmndlist now has an associated runaslist so no need
+ to keep track of the most recent non-NULL one.
+ [582e015786b0]
+
+2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ back out partial ldaps support mistakenly committed
+ [357703e94b2d]
+
+ * ldap.c:
+ Add support for unix groups and netgroups in sudoRunas
+ [2f04eb91c6d0]
+
+2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Fix sudoedit of a non-existent file. From Tilo Stritzky.
+ [a5488a03bddd]
+
+2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [541177376ee1]
+
+ * INSTALL:
+ update --passprompt escape info
+ [6d57db4cd538]
+
+ * configure.in:
+ remove now-bogus comment and update copyright date
+ [6a4af45fa331]
+
+ * configure.in:
+ Fix up use of with_passwd
+ [7c79d8640f77]
+
+ * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
+ Update to autoconf-2.61 andf libtool-1.5.24
+ [045259b0b439]
+
+ * Makefile.in:
+ "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
+ [f5b6a7afb817]
+
+2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen
+ [b5b78e71d2cb]
+
+ * gram.y:
+ move tags and runaslist propagation to be earlier
+ [94f7805f4489]
+
+ * visudo.c:
+ If -f flag given use the permissions of the original file as a
+ template
+ [9303d22bddb0]
+
+ * gram.y:
+ prevent a double free() when re-initing the parser
+ [5b3907c4de5a]
+
+2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [49a90b19a17d]
+
+ * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
+ configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
+ parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
+ sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
+ Remove support for compilers that don't support void *
+ [35e1d01ae197]
+
+ * gram.c:
+ regen
+ [70ce412a458a]
+
+ * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
+ parse.c, parse.h, testsudoers.c, visudo.c:
+ Move list manipulation macros to list.h and create C versions of the
+ more complex ones in list.c. The names have been down-cased so they
+ appear more like normal functions.
+ [9cea0e281148]
+
+ * Makefile.in:
+ Fix cmp command when regenerating parser. Make gram.o the first
+ dependency for all programs so gram.h will be generated before
+ anything that needs it.
+ [429ea065abf1]
+
+ * gram.y, parse.h:
+ Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
+ [2f3433833589]
+
+ * match.c, parse.c, testsudoers.c:
+ Use LH_FOREACH_REV when checking permission and short-circuit on the
+ first non-UNSPEC hit we get for the command. This means that
+ instead of cycling through the all the parsed sudoers entries we
+ start at the end and work backwards and quit after the first
+ positive or negative match.
+ [881474532f3e]
+
+ * gram.c:
+ regen
+ [9152a19d4188]
+
+ * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
+ Change list head macros to take a pointer, not a struct.
+ [054f1dcce4cc]
+
+ * gram.c:
+ regen
+ [be154aae6235]
+
+ * gram.y:
+ Propagate the runasspec from one command to the next in a cmndspec.
+ [4957b1cb03a3]
+
+2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Replace has_meta() with a macro that calls strpbrk().
+ [a2e58846a542]
+
+ * regen
+ [5a932a5c9451]
+
+ * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
+ testsudoers.c, visudo.c:
+ Use a list head struct when storing the semi-circular lists and
+ convert to tail queues in the process. This will allow us to
+ reverse foreach loops more easily and it makes it clearer which
+ functions expect a list as opposed to a single member.
+
+ Add macros for manipulating lists. Some of these should become
+ functions.
+
+ When freeing up a list, just pop off the last item in the queue
+ instead of going from head to tail. This is simpler since we don't
+ have to stash a pointer to the next member, we always just use the
+ last one in the queue until the queue is empty.
+
+ Rename match functions that take a list to have list in the name.
+ Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
+ [7c37b271607a]
+
+ * parse.c:
+ Fix pasto, append "!" not negated (which is an int) for sudo -l
+ output.
+ [93a444c3997f]
+
+ * Makefile.in:
+ Remove the dependency of gram .h on gram.y, the .c dependency is
+ enough. Only move y.tab.h to gram.h if it is different; avoids
+ needless rebuilding.
+ [67bf4ea2a2e5]
+
+2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Defaults lines may be associated with lists of users, hosts,
+ commands and runas users, not just single entries.
+ [795effacb6be]
+
+2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Revert the "cmp" portion of the last diff, it doesn't make sense.
+ [26f34bf4e2e3]
+
+ * Makefile.in:
+ Remove *.lo for clean: When generating the parser, only move the
+ generated files into place if they differ from the existing ones.
+ [84673fea371b]
+
+2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Replace IPV6 regexp with a much simpler (readable) one and add an
+ extra check when it matches to make sure we have a valid address.
+ [592e9f690556]
+
+ * match.c:
+ Fix thinko introduced when merging IPV6 support.
+ [da38cd5eb8c7]
+
+2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, LICENSE:
+ regen
+ [0d7b27b90634]
+
+ * license.pod:
+ add 2007
+ [510e5048ae1a]
+
+ * UPGRADE:
+ mention #uid vs. comment pitfall
+ [4d2861898bcc]
+
+ * acsite.m4:
+ Merge in a patch from the libtool cvs that fixes a problem with the
+ latest autoconf. From Stepan Kasal.
+ [0c279ae7df3e]
+
+ * parse.h:
+ Back out he XOR swap trick, it is slower than a temp variable on
+ modern CPUs.
+ [91c4b024e317]
+
+ * gram.c:
+ regen
+ [cb6d4106fb74]
+
+ * gram.y, parse.h:
+ Convert the tail queue to a semi-circle queue and use the XOR swap
+ trick to swap the prev pointers during append.
+ [8bf4d9fbee58]
+
+2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.h:
+ remove useless statement
+ [421ec1dd73e6]
+
+ * toke.c, toke.l:
+ Refactor #include parsing into a separate function and return
+ unparsed chars (such as newline or comment) back to the lexer.
+ [64166917aa3d]
+
+2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ mention better uid support
+ [56f510e7f2ec]
+
+ * sudoers.pod:
+ Users may now consist of a uid.
+ [5fd31b2c55ed]
+
+ * gram.c, gram.h, toke.c:
+ regen
+ [599e58af6dc1]
+
+ * parse.c:
+ Use lbuf_append_quoted() for sudo -l output to quote characters that
+ would require quoting in sudoers.
+ [3132d05c990a]
+
+ * lbuf.c, lbuf.h:
+ Add lbuf_append_quoted() which takes a set of characters which
+ should be quoted with a backslash when displayed.
+ [ab09bebb1d65]
+
+ * toke.l:
+ Require that the first character after a comment not be a digit or a
+ dash. This allows us to remove the GOTRUNAS state and treat
+ uid/gids similar to other words. It also means that we can now
+ specify uids in User_Lists and a User_Spec may now contain a uid.
+ [461fe01f8392]
+
+ * gram.y, toke.l:
+ Replace RUNAS token with '(' and ')' tokens to make the runas
+ portion of the grammar more natural.
+ [e0c383b4684d]
+
+ * BUGS:
+ The BUGS file is history
+ [4d9a809585c7]
+
+ * Makefile.in, README:
+ The BUGS file is history
+ [d9500e261172]
+
+2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Allow comments after a RunasAlias as long as the character after the
+ pound sign isn't a digit or a dash.
+ [d7f3bd94eeda]
+
+ * WHATSNEW:
+ Glob support was back-ported to 1.6.9
+ [d1d5cfd46228]
+
+2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ remove sudo_usage.h in distclean
+ [df05ce9c4127]
+
+ * parse.c:
+ If a Defaults value contains a blank, double-quote the string.
+ [9057a910daad]
+
+ * toke.c, toke.l:
+ Properly deal with Defaults double-quoted strings that span multiple
+ lines using the line continuation char. Previously, the entire
+ thing, including the continuation char, newline, and spaces was
+ stored as-is.
+ [4a4e8eacefe6]
+
+ * sudo.c:
+ Be consistent when using single quotes and backticks.
+ [d010b83a0fa1]
+
+2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
+ sudo.c, sudo_usage.h.in:
+ Add new linebuf code to do appends of dynamically allocated strings
+ and word-wrapped output. Currently used for sudo's usage() and sudo
+ -l output. Sudo usage strings are now in sudo_usage.h which is
+ generated at configure time.
+ [4dfd0ee8d961]
+
+2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, sudo.c, sudo.h:
+ Fix line wrapping in usage() and use the actual tty width instead of
+ assuming 80.
+ [700eab37c5a6]
+
+2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * history.pod:
+ some more info
+ [8140112a8ae1]
+
+ * history.pod:
+ Mentioned Chris Jepeway's parser and also the new one that is in
+ sudo 1.7.
+ [2132d00f0597]
+
+2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ For the options list, add flag args where appropriate and increase
+ the indent level so there is room for them.
+ [2b60fb572e12]
+
+2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix some spacing in "sudo -l" and add a comment about some bogosity
+ in the line wrapping.
+ [b59b056f5ee2]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [5fb719f18ebc]
+
+ * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
+ def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+ parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
+ testsudoers.c, toke.c, toke.l:
+ Remove monitor support until there is a versino of systrace that
+ uses a lookaside buffer (or we have a better mechanism to use).
+ [61ff76878e4a]
+
+ * config.h.in, configure, configure.in, sudo.c:
+ use getaddrinfo() instead of gethostbyname() if it is available
+ [cc33c136aa6a]
+
+2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, sudo.c:
+ Deal with OSes where sizeof(gid_t) < sizeof(int).
+ [130a89cbdfba]
+
+ * interfaces.c:
+ repair non-getifaddrs() code after ipv6 integration
+ [7ae7a89e2236]
+
+ * sudo.c:
+ If we can open sudoers but fail to read the first byte, close the
+ file stream before trying again.
+ [6f31272fae7b]
+
+2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c:
+ regen
+ [4d7afe0aa6fa]
+
+ * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
+ Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
+ [4e6ff2965a42]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Add some missing markup Update copyright
+ [7e6d3c686b5e]
+
+2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix sudo_noexec extension which got broken in the libtool update
+ [3a5b447df861]
+
+2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ explicitly specify -Tascii to nroff
+ [45c8da4cbefe]
+
+2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ remove an ANSI-ism that crept in
+ [29086f87b2ca]
+
+2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ Adjust list indents Prevent -- from being turned into an em dash Use
+ a list for the environment instead of a literal paragraph
+ [c3abcd8f76f4]
+
+ * visudo.pod:
+ Use a list for the environment instead of an indented literal
+ paragraph.
+ [0ffcfcb7349f]
+
+ * sudoers.pod:
+ Adjust list indentation
+ [615c89e3123a]
+
+ * license.pod:
+ add =head3
+ [8b2e0d38c0bd]
+
+2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ mention that when specifying a uid for the -u option the shell may
+ require that the # be escaped
+ [3e3a17bff150]
+
+2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Fix off by one in group matching.
+ [b529602b7fba]
+
+2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
+ [ffbf8907c6e7]
+
+2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
+ -lgssapi_krb5 case.
+ [2b85a89c2252]
+
+ * aclocal.m4, configure, configure.in:
+ Fix link tests such that new gcc doesn't optimize away the test.
+ [83484ec95cba]
+
+2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ add missing over/back
+ [251a12c89b91]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Change FILES section to use =item
+ [60b9efc3a0b2]
+
+ * env.c:
+ Add back allocation of the env struct in rebuild_env but save a copy
+ of the old pointer and free it before returning.
+ [1100cd4fa997]
+
+ * env.c:
+ Don't init the private environment in rebuild_env() since it may
+ have already been done implicitly sudo_setenv/sudo_unsetenv.
+
+ Multiply length by sizeof(char *) in memcpy/memmove when copying the
+ environment so we copy the full thing.
+
+ Add missing set of parens so we deref the right pointer in
+ sudo_unsetenv when searching for a matching variable.
+ [9086a8f756b1]
+
+2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use file markup for paths in the FILES section
+ [940d99f731f2]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Don't capitalize sudo/visudo
+ [f067a455d44b]
+
+ * sudoers.pod:
+ Sort sudoers options; based on a diff from Igor Sobrado.
+ [a9b9befe85ac]
+
+2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
+ latter confuses pod2man. The Makefile rules for the .man.in file
+ will add @mansectsu@ and @mansectform@ back in after pod2man is done
+ anyway.
+ [b50ea0db727c]
+
+2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, license.pod:
+ Move license info to pod format
+ [25bdd82e592b]
+
+ * configure, configure.in, sudoers.pod:
+ Substitute value of path_info into sudoers man page.
+ [9ba661a82798]
+
+ * WHATSNEW:
+ remove features that were back-ported to 1.6.9
+ [e76d756cbe65]
+
+ * sudo.c, sudo.pod, visudo.c, visudo.pod:
+ Sort SYNOPSIS and sync usage. From Igor Sobrado.
+ [4970386c9e54]
+
+ * env.c:
+ Only need sudo_setenv/sudo_unsetenv if we are going to use
+ ldap_sasl_interactive_bind_s() but don't have
+ gss_krb5_ccache_name().
+ [f1a73d8b35c5]
+
+ * ChangeLog:
+ rebuild without branch info
+ [5d5a33494677]
+
+ * Makefile.in:
+ Add ChangeLog target
+ [a702034fdd89]
+
+ * auth/pam.c:
+ Run cleanup code if the user hits ^C at the password prompt.
+ [9cf87768e921]
+
+ * auth/pam.c:
+ Some versions of pam_lastlog have a bug that will cause a crash if
+ PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
+ string.
+ [5b63f6c88866]
+
+2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ChageLog not Changelog
+ [1243d8473ceb]
+
+ * ChangeLog:
+ sync
+ [d887df98c6b0]
+
+ * Makefile.in:
+ CHANGE -> Changelog
+ [917738df30dd]
+
+ * TODO:
+ sync
+ [cd382f7d1948]
+
+2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Add configure hooks for gss_krb5_ccache_name() and the gssapi
+ headers.
+ [139606209991]
+
+2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ rebuild_env() and insert_env_vars() no longer return environment
+ pointer, they set environ directly.
+
+ No longer need to pass around an envp pointer since we just operate
+ on environ now.
+
+ Add dosync argument to insert_env() that indicates whether it should
+ reset environ when realloc()ing env.envp.
+
+ Use an initial size of 128 for the environment.
+ [4735fd5fddb8]
+
+ * env.c:
+ Split sudo_setenv() into an external version and a version only for
+ use by rebuild_env().
+ [fda7d655adb1]
+
+2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Add support for using gss_krb5_ccache_name() instead of setting
+ KRB5CCNAME. Also use sudo_unsetenv() in the non-
+ gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
+ original environment. TODO: configure setup for
+ gss_krb5_ccache_name()
+ [fcafa5a49caf]
+
+ * README.LDAP:
+ add krb5_ccname
+ [fceb8f883886]
+
+ * README.LDAP, ldap.c:
+ Add support for sasl_secprops in ldap.conf
+ [1f06f4bf7347]
+
+ * env.c, sudo.h:
+ Add sudo_unsetenv() and refactor private env syncing code into
+ sync_env().
+ [045ecb3fd22b]
+
+ * README.LDAP, ldap.c:
+ The ldap.conf variable is sasl_auth_id not sasl_authid.
+ [a5f98491311b]
+
+2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, sudo.c, sudo.h:
+ Add support for krb5_ccname in ldap.conf. If specified, it will
+ override the default value of KRB5CCNAME in the environment for the
+ duration of the call to ldap_sasl_interactive_bind_s().
+ [b08a10c3045b]
+
+ * env.c, sudo.h:
+ Remove format_env() Add sudo_setenv() to replace most format_env() +
+ insert_env() combinations. insert_env() no longer takes a struct
+ environment *
+ [131da52f43f3]
+
+ * ldap.c:
+ Fix use_sasl vs. rootuse_sasl logic.
+ [0c0417b6918c]
+
+ * README.LDAP, config.h.in, configure, configure.in, ldap.c:
+ Add support for SASL auth when connecting to an LDAP server. Adapted
+ from a diff by Tom McLaughlin.
+ [a6285f1356ea]
+
+2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Only enable AIX or BSD auth if no other exclusive auth method has
+ been chosen. Allows people to e.g., use PAM on AIX without adding
+ --without-aixauth. A better solution is needed to deal with default
+ authentication since if a non-exclusive method is chosen we will
+ still get an error.
+ [83f7afdc0ec3]
+
+2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, Makefile.in, history.pod:
+ Generate HISTORY from history.pod (which is also used for web pages)
+ [60bcd5164931]
+
+2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [63956a366191]
+
+ * sudo.pod:
+ Better explanation of environment handling in the sudo man page.
+ [6c247742f7ee]
+
+ * env.c, sudo.c:
+ Defer setting user-specified env vars until after authentication.
+ [4750b79323ee]
+
+ * env.c:
+ honor def_default_path for PATH set on the command line
+ [6db31d9b6d65]
+
+ * env.c, sudo.c, sudo.pod, sudoers.pod:
+ Allow user to set environment variables on the command line as long
+ as they are allowed by env_keep and env_check. Ie: apply the same
+ restrictions as normal environment variables. TODO: deal with
+ secure_path
+ [26c0da3840cf]
+
+2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo_edit.c:
+ Call rebuild_env() in call cases. Pass original envp to sudo_edit().
+ Don't allow -E or env var setting in sudoedit mode. More accurate
+ usage() when called as sudoedit.
+ [a4af20658361]
+
+ * ldap.c:
+ warn -> warning
+ [d87d1192b048]
+
+ * sudo.pod:
+ add -c option to sudoedit synopsis
+ [15b596a7e2db]
+
+ * TODO:
+ udpate to reality
+ [e2f8fde89db1]
+
+ * parse.c:
+ Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
+ value from {user,host,runas,cmnd}_matches(). Rename *matches
+ variables -> *match. Purely cosmetic.
+ [e54a44c00a88]
+
+ * parse.c:
+ Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
+ in behavior.
+ [c6272b4f2127]
+
+ * sudoers:
+ add SETENV tag
+ [3a3066bb6788]
+
+2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Make pwcheck local to the pwflag block. Use pwcheck even if user
+ didn't match since Defaults options may still apply.
+ [45da9efbbafd]
+
+ * check.c, sudo.c:
+ Do not update timestamp if user not validated by sudoers.
+ [a4a9d4364827]
+
+ * set_perms.c:
+ for PERM_RUNAS, set the egid to the runas user's gid and restore to
+ the user's original in PERM_ROOT
+ [1514bfb32847]
+
+ * logging.c, mon_systrace.c, set_perms.c, sudo.h:
+ PERM_FULL_ROOT is now no different than PERM_ROOT so remove
+ PERM_FULL_ROOT
+ [b9d047a3178c]
+
+ * check.c:
+ don't check timestamp mtime if we are just going to remove it
+ [5d2470bc6cbd]
+
+ * sudoers.pod:
+ Move sudoers defaults parameters into their own section.
+ [54701fbc0ff3]
+
+ * testsudoers.c:
+ Reduce a level of indent by a few placed continue statements.
+ [5d5a9838c8ef]
+
+ * parse.c:
+ Make matching but negated commands/hosts/runas entries override a
+ previous match as expected. Also reduce some levels of indent by a
+ few placed continue statements.
+ [dd59fa4b91a1]
+
+2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Print default runas in "sudo -l" if sudoers don't specify one.
+ [07d408c400bd]
+
+ * match.c:
+ Less hacky way of testing whether the domain was set.
+ [a537059776e5]
+
+2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Mention pam-devel and openldap-devel for Linux
+ [9e708c54ecc3]
+
+2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ or vs. are
+ [abe8c0f3a410]
+
+2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix typo in Solaris project support
+ [2ffeb2d80959]
+
+ * HISTORY:
+ update
+ [df162b36f120]
+
+ * sudo.c:
+ Make -- on the command line match the manual page. The implied shell
+ case has been simplified as a result.
+ [cd217a1f6694]
+
+2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers2ldif:
+ add simplistic support for sudoRunas; note that if a sudoers entry
+ contains multiple Runas users, all will apply to the sudoRole
+ [65b11421f5c8]
+
+ * sudoers2ldif:
+ honor SETENV and NOSETENV tags
+ [2c0d5ba7a09b]
+
+2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Redo setting of user_args. We now build up a private copy of argv
+ first and then replace the NULs?with spaces.
+ [ccbba72ea112]
+
+ * mon_systrace.c:
+ getcwd() returns NULL on failure, not 0 on success
+ [88cd9e66e530]
+
+ * mon_systrace.c:
+ allow chunksiz to reach 1 before erroring out
+ [619d68f14964]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [8db512d3caf0]
+
+2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
+ logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
+ toke.c, toke.l:
+ Add support for setting environment variables on the command line.
+ This is only allowed if the setenv sudoers options is enabled or if
+ the command is prefixed with the SETENV tag.
+ [5744caebd969]
+
+ * README.LDAP:
+ replace Aaron's email address with the sudo-workers list
+ [2ffce5f9afc0]
+
+ * configure:
+ regen
+ [8013dff82c0c]
+
+2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * schema.OpenLDAP, schema.iPlanet:
+ Break schema out into separate files.
+ [15e598e4c60b]
+
+ * Makefile.in, README.LDAP:
+ Break schema out into separate files.
+ [1a53966ca1fa]
+
+2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/aix_auth.c:
+ free message if set by authenticate()
+ [849c220c1236]
+
+ * match.c:
+ deal with NULL gr_mem
+ [49e4d74f0bbe]
+
+2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ regen
+ [fead999ad3e9]
+
+ * configure.in:
+ add template for HAVE_PROJECT_H
+ [e6c42c2eaad1]
+
+ * closefrom.c:
+ include fcntl.h
+ [54d98b382f03]
+
+2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention --with-project
+ [d3ea3baad7c5]
+
+ * config.h.in, configure.in, sudo.c:
+ Add Solaris 10 "project" support. From Michael Brantley.
+ [f14f3c8c6554]
+
+ * sudoers.pod:
+ fix typo
+ [50db81a19787]
+
+ * configure:
+ regen
+ [ea71afd3e564]
+
+ * configure.in:
+ Fix preservation of LDFLAGS in the LDAP case.
+ [40a3a47e8059]
+
+ * memrchr.c:
+ Remove dependecy on NULL
+ [c957ae5e1733]
+
+ * configure:
+ regen
+ [4955ce0c6912]
+
+ * aclocal.m4, configure.in:
+ Can't use the regular autoconf fnmatch() check since we need
+ FNM_CASEFOLD so go back to our custom one.
+ [f10d76237486]
+
+ * env.c:
+ Fix preserving of variables in env_keep.
+ [d040049d6b84]
+
+ * env.c:
+ add XAUTHORIZATION
+ [0d589a5fe015]
+
+ * UPGRADE:
+ expand upon env resetting and mention that it began in 1.6.9 not
+ 1.7.
+ [dba251655c76]
+
+ * sudoers.pod:
+ Update descriptions of env_keep and env_check to match current
+ reality.
+ [dba77357954b]
+
+2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
+ LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
+ [eec4632bd190]
+
+ * env.c, logging.c:
+ Treat USERNAME environemnt variable like LOGNAME/USER
+ [09f52dcfd70c]
+
+ * env.c:
+ Don't need to populate keepenv table with the contents of the
+ checkenv table.
+ [527a14afd973]
+
+ * sudo.c:
+ Don't force sudo into the C locale.
+ [8a5bd301ef96]
+
+ * env.c:
+ Make env_check apply when env_reset it true. Environment variables
+ are passed through unless they contain '/' or '%'. There is no need
+ to have a variable in both env_check and env_keep.
+ [840c802721e4]
+
+2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Remove an duplicate lock_file() call and add a comment.
+ [5af9dcdf0eb6]
+
+ * UPGRADE:
+ Add sudo 1.6.9 upgrade note.
+ [1585149f2914]
+
+2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
+ small. From Klaus Wagner.
+ [d6899fc44f77]
+
+ * logging.c, sudo.h:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [66a50e8d553a]
+
+ * memrchr.c:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [2f6702b7d41b]
+
+ * Makefile.in, config.h.in, configure, configure.in:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [407a46190921]
+
+ * configure.in:
+ Since we need to be able to convert timespec to timeval for utimes()
+ the last 3 digits in the tv_nsec are not significant. This makes the
+ sudoedit file date comparison work again.
+ [9d0258849fa9]
+
+2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
+ This deals with exclusive authentication methods in a simple way.
+ [7d70072c0f35]
+
+2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ mkstemp.c is BSD code too.
+ [29e236d98162]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ No commercial support for now.
+ [7c76b3e192dd]
+
+2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ cleanenv() is no more.
+ [518080514408]
+
+2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ Display branch info in Changelog
+ [44e3b27427c7]
+
+ * utimes.c:
+ Include config.h early so we have it for TIME_WITH_SYS_TIME
+ [4bf1a00d0703]
+
+ * ChangeLog:
+ Fix Changelog generation and update.
+ [6e960dbcbece]
+
+2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * closefrom.c:
+ Use /proc/self/fd instead of /proc/$$/fd
+
+ Move old-style fd closing into closefrom_fallback() and call that if
+ /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
+ [faa7e4810758]
+
+ * auth/kerb5.c, config.h.in, configure.in:
+ o use krb5_verify_user() if available instead of doing it by hand o
+ use krb5_init_secure_context() if we have it o pass an encryption
+ type of 0 to krb5_kt_read_service_key() instead of
+ ENCTYPE_DES_CBC_MD5 to let kerberos choose.
+ [df7acf72bd7c]
+
+ * env.c:
+ Check TERM and COLORTERM for '%' and '/' characters. From Debian.
+ [f92d05197e40]
+
+ * configure.in:
+ Fix closefrom() substitution in the Makefile
+ [b642b13fcc5c]
+
+ * TROUBLESHOOTING:
+ Mention alternate sudo pronunciation.
+ [7c71dc73409f]
+
+2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Remove KRB5_KTNAME from environment. Allow COLORTERM.
+ [70f35a79f780]
+
+ * auth/kerb5.c:
+ If we cannot get a valid service key using the default keytab it is
+ a fatal error. Fixes a bug where sudo could be tricked into
+ allowing access when it should not by a fake KDC. From Thor Lancelot
+ Simon.
+ [a3ae6a47cb23]
+
+2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Update long long checks to use AC_CHECK_TYPES and to cache values.
+ [047318eaaeb2]
+
+ * aclocal.m4, configure.in:
+ Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
+ use AC_REPLACE_FNMATCH since that assumes replacing with GNU
+ fnmatch.
+ [80513a1003ea]
+
+2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
+ need it for visudo now too.
+ [50837c7c2b5e]
+
+2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Attempt to clarify the bit talking about network numbers w/o
+ netmasks.
+ [211e68c1d034]
+
+ * sudo.pod:
+ Clarify timestamp dir ownership sentence.
+ [9178f132c7f7]
+
+2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
+ Dmitry V. Levin.
+ [81fce91667bc]
+
+2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ -i is also one of the mutually exclusive options to list it in the
+ warning message. Noted by Chris Pepper.
+ [7da73fb248e9]
+
+2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.pod:
+ The sudoers variable is env_editor, not enveditor. From Jean-
+ Francois Saucier.
+ [2a86ec09a6db]
+
+2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * redblack.c:
+ I tracked down the original author so credit him and include his
+ license info.
+ [3733553a1bba]
+
+2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod:
+ Fix typos; from Jason McIntyre.
+ [1ee4ce2512f2]
+
+ * logging.c:
+ Restore signal mask before calling reapchild(). Fixes a possible
+ race condition that could prevent sudo from properly waiting for the
+ child.
+ [9ee4192385dc]
+
+2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Don't declare pw_free() if we are not going to use it.
+ [adb79a4289ca]
+
+ * env.c:
+ Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
+ LDR_PRELOAD64. The 64-bit version is not currently supported.
+ Remove zero_env() prototype as it no longer exists.
+ [b4fe65027fb6]
+
+2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
+ [78002ad90f7b]
+
+2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ If the user enters ^C at the password prompt, abort instead of
+ trying to authenticate with an empty password (which causes an
+ annoying delay).
+ [da3f27b747c7]
+
+2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * closefrom.c, config.h.in, configure, configure.in:
+ Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
+ Darren Tucker.
+ [0331b7780759]
+
+ * pwutil.c:
+ pw_free() is only used by sudo_freepwcache() so ifdef it out too.
+ [0014c0d9eeba]
+
+2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ Update to latest versions from cvs.savannah.gnu.org
+ [aa0143101c20]
+
+2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, sudo_edit.c:
+ Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
+ we can close the passwd/group files early.
+ [559074bd7eb7]
+
+ * config.h.in, configure, configure.in, set_perms.c:
+ Add seteuid() flavor of set_perms() for systems without setreuid()
+ or setresuid() that have a working seteuid(). Tested on Darwin.
+ [508d8da99189]
+
+2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ systrace_read() returns ssize_t
+ [9f97d1d1a59d]
+
+ * configure, configure.in:
+ Fix typo, -lldap vs. -ldap; from Tim Knox.
+ [a8cc43c3bb2a]
+
+2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ Fix typo; Matt Ackeret
+ [86964ee3dfbd]
+
+2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Print sudoers path in -V mode for root.
+ [dc43f2d75bd9]
+
+2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Do a sub tree search instead of a base search (one level in the tree
+ only) for sudo right objects. This allows system administrators to
+ categorize the rights in a tree to make them easier to manage.
+ [6d2d9abf996e]
+
+2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ fix typo
+ [1473413bcbda]
+
+2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
+ bind_timelimit support; adapted from gentoo.
+ [afc816093026]
+
+2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Support comments that start in the middle of a line
+ [c25df6ee3db8]
+
+ * configure, configure.in:
+ Define LDAP_DEPRECATED until we start using ldap_get_values_len()
+ [ee249bfe230a]
+
+2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * closefrom.c:
+ Silence gcc -Wsign-compare; djm@openbsd.org
+ [28769ce6418d]
+
+ * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ cleanup() now takes an int as an arg so it can be used as a signal
+ handler too.
+ [2bb0df34d09c]
+
+ * sudo.c:
+ Make a copy of the shell field in the passwd struct for NewArgv to
+ avoid a use after free situation after sudo_endpwent() is called.
+ [5dcc9ffd362e]
+
+2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Add mkstemp() for those poor souls without it.
+ [5fdd02e863e0]
+
+ * mkstemp.c:
+ Add mkstemp() for those poor souls without it.
+ [c99401207860]
+
+ * Makefile.in:
+ Add mkstemp() for those poor souls without it.
+ [9c1cf2678f24]
+
+2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Add PERL5DB to list of environment variables to remove.
+ [7375c27ecf75]
+
+2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c, mon_systrace.h:
+ Instead of calling the check function twice with a state cookie use
+ separate check/log functions.
+
+ Check more ioctl() calls for failure.
+
+ systrace_{read,write} now return the number of bytes read/written or
+ -1 on error.
+ [3dc8946d90e9]
+
+ * env.c:
+ Add more environment variables to remove; from gentoo linux Add some
+ comments about what bad env variables go to what (more to do)
+ [6918110a6b82]
+
+2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo_edit.c:
+ Move sudo_end{gr,pw}ent() until just before the exec since they free
+ up our cached copy of the passwd structs, including sudo_user and
+ sudo_runas. Fixes a use-after-free bug.
+ [54de3778bad0]
+
+ * visudo.c:
+ Close all fd's before executing editor.
+ [4fcc05e1bec8]
+
+ * sudo.c:
+ Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
+ [ef0e8ffa5c9f]
+
+ * check.c:
+ Fix fd leak when lecture file option is enabled. From Jerry Brown
+ [ce97f9207cd8]
+
+2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
+ environment variables to remove. From Charles Morris
+ [c96e1367d1c1]
+
+2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
+ [72a6a1571226]
+
+2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ add PS4 and SHELLOPTS to initial_badenv_table for bash
+ [89dfb3f318f3]
+
+2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Fix typo; Toby Peterson
+ [b7a3222b23f4]
+
+2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tsgetgrpw.c:
+ Make return buffers static so they don't get clobbered
+ [13323a39b9f5]
+
+2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid5.c:
+ Fix securid5 authentication, was not checking for ACM_OK. Also add
+ default cases for the two switch()es. Problem noted by ccon at
+ worldbank
+ [14091e418333]
+
+2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Remove ncat() in favor of just counting bytes and pre-allocating
+ what is needed.
+ [25b8712adb61]
+
+2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Fix up some comments Add missing fclose() for the rootbinddn case
+ [ae95c8a89711]
+
+ * ldap.c:
+ align struct ldap_config
+ [35d0d64c76f8]
+
+ * ldap.c:
+ use LINE_MAX for max conf file line size
+ [da116cb8853d]
+
+ * pathnames.h.in:
+ add _PATH_LDAP_SECRET
+ [128b04ecfab7]
+
+ * README.LDAP:
+ Mention rootbinddn Give example ou=SUDOers container
+ [852edc69bd1c]
+
+2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in, ldap.c:
+ Support rootbinddn in ldap.conf
+ [1615c91522a1]
+
+ * env.c, sudo.pod, sudoers.pod:
+ Preserve DISPLAY environment variable by default.
+ [05f503d5f438]
+
+ * acsite.m4, configure:
+ set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
+ [18a04dea8d05]
+
+ * acsite.m4, configure:
+ set need_version=no for all cases; this is safe for LD_PRELOAD
+ [b542560e1a73]
+
+ * aclocal.m4:
+ typo
+ [c040df0fcd5a]
+
+ * configure, configure.in:
+ Add dragonfly
+ [f13794618636]
+
+ * auth/pam.c:
+ Fix call to pam_end() when pam_open_session() fails.
+ [0be47cdfdef1]
+
+ * configure:
+ regen
+ [7f5c13b4b800]
+
+ * acsite.m4:
+ rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
+ ltsugar.m4 ltversion.m4
+ [a7ba9fd1a2ab]
+
+ * config.guess, config.sub, ltmain.sh:
+ merge in local changes: config.guess: o better openbsd support
+ config.sub: o hiuxmpp support ltmain.sh o remove requirement that
+ libs must begin with "lib" o don't print a bunch of crap about
+ library installs o don't run ldconfig
+ [f4149f2c720f]
+
+ * config.guess, config.sub, ltmain.sh:
+ libtool 1.9f
+ [82a534e7121f]
+
+ * configure.in:
+ Update with autoupdate and make minor changes for libtool 1.9f
+ [11b5ae5c1428]
+
+2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ don't call sudo_ldap_display_cmnd if ldap not setup
+ [8bcf6c094ffe]
+
+ * sudo_edit.c, visudo.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [b95c333299a0]
+
+ * gettime.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [021b4569cc0c]
+
+ * fileops.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [dd8573b2ee7d]
+
+ * emul/timespec.h:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [f95137771564]
+
+ * check.c, compat.h:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [2ef2ace8fe85]
+
+ * ldap.c:
+ Don't set safe_cmnd for the "sudo ALL" case.
+ [ad7fa9e07da0]
+
+2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Call pam_open_session() and pam_close_session() to give pam_limits a
+ chance to run. Idea from Karel Zak.
+ [fed46d471350]
+
+2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, sudo.c:
+ Add explicit cast from mode_t -> u_int in printf to silence warnings
+ on Solaris
+ [17bb961fe22d]
+
+ * parse.c:
+ include grp.h to silence a warning on Solaris
+ [14386fbab640]
+
+2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix printing of += and -= defaults.
+ [a667604c56cd]
+
+2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Sanity check number of syscall args with argsize. Not really needed
+ but a little paranoia never hurts.
+ [6bb455a2c2d6]
+
+ * mon_systrace.c, mon_systrace.h:
+ Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
+ for systrace lengths (since it uses int)
+ [3cafccffcffd]
+
+2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Add some memsets for paranoia Fix namespace collsion w/ error Check
+ rval of decode_args() and update_env() Remove improper setting of
+ validated variable
+ [3d385158354d]
+
+2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, sudo.c, sudo.h:
+ In -l mode, only check local sudoers file if def_ignore_sudoers is
+ not set and call LDAP versions from display_privs() and
+ display_cmnd() instead of directly from main(). Because of this we
+ need to defer closing the ldap connection until after -l processing
+ has ocurred and we must pass in the ldap pointer to display_privs()
+ and display_cmnd().
+ [1dfc2e8c9f2b]
+
+ * ldap.c:
+ Reorganize LDAP code to better match normal sudoers parsing.
+ Instead of storing strings for later printing in -l mode we do
+ another query since the authenticating user and the user being
+ listed may not be the same (the new -U flag). Also add support for
+ "sudo -l command".
+
+ There is still a fair bit if duplicated code that can probably be
+ refactored.
+ [e9568f19bde5]
+
+2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Replace pass variable with do_netgr for better readability.
+ [1bba841b6e79]
+
+ * ldap.c:
+ use DPRINTF macro
+ [02b159b66bb5]
+
+ * ldap.c:
+ estrdup, not strdup
+ [22cdee7973c1]
+
+2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Add macro to test if the tag changed to improve readability.
+ [4e11b4819556]
+
+ * parse.c:
+ Avoid printing defaults header if there are no defaults to print...
+ [41a28627df03]
+
+ * glob.c:
+ Fix a warning on systems without strlcpy().
+ [6814e0f0e4f4]
+
+ * pwutil.c:
+ Use macros where possible for sudo_grdup() like sudo_pwdup().
+ [30f201ff35cd]
+
+2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * utimes.c:
+ It is possible for tv_usec to hold >= 1000000 usecs so add in
+ tv_usec / 1000000.
+ [794ac4d53a65]
+
+2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ The component in krb5_principal_get_comp_string() should be 1, not 0
+ for Heimdal. From Alex Plotnick.
+ [fefa351c5044]
+
+2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
+ interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
+ redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
+ Add efree() for consistency with emalloc() et al. Allows us to rely
+ on C89 behavior (free(NULL) is valid) even on K&R.
+ [7876bb80d87c]
+
+ * parse.c, sudo.c:
+ Move initgroups() for -U option into display_privs() so group
+ matching in sudoers works correctly.
+ [b074428ad2ca]
+
+2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Removed duplicate call to ldap_unbind_s introduced along with
+ sudo_ldap_close.
+ [19acc1c20f7c]
+
+ * parse.c:
+ Add missing space in Defaults printing
+ [95d2935bf6d4]
+
+2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
+ and string copies.
+ [6b6b241495e5]
+
+2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Zero old pw_passwd before replacing with version from shadow file.
+ [3251b349dfe1]
+
+ * configure, configure.in:
+ Only attempt shadow password detection if PAM is not being used Add
+ shadow_* variables to make shadow password detection more generic.
+ [d498a3423ac9]
+
+ * configure.in:
+ Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
+ [04d55bbd5e35]
+
+2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ use a non-breaking space to avoid a double space after e.g.
+ [11cdb54bdf7b]
+
+ * sudo.pod:
+ commna, not colon after e.g.
+ [8d5875ff72e0]
+
+2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_noexec.c:
+ Add __ variants of the exec functions. GNU libc at least uses
+ __execve() internally.
+ [d1880473d790]
+
+ * indent.pro:
+ Match reality a bit more.
+ [633e3fa875a7]
+
+ * pwutil.c:
+ Missed piece from rev. 1.6, fix sudo_getpwnam() too.
+ [128f7b21c2ee]
+
+ * pwutil.c:
+ Store shadow password after making a local copy of struct passwd in
+ case normal and shadow routines use the same internal buffer in
+ libc.
+ [f806052a6ffc]
+
+2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alloc.c, logging.c:
+ Make varargs usage consistent with the rest of the code.
+ [3d45affc9851]
+
+2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_noexec.c:
+ Wrap more of the exec family since on Linux the others do not appear
+ to go through the normal execve() path.
+ [8167769b4e19]
+
+ * visudo.c:
+ make print_unused static like proto says
+ [ecf10e1bae55]
+
+ * glob.c:
+ silence a warning on K&R systems
+ [2e00425f1a5c]
+
+ * alias.c, error.c:
+ make this build in K&R land
+ [156f65f8525a]
+
+ * parse.c:
+ make this build in K&R land
+ [6fc9276889cb]
+
+2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c:
+ regen
+ [3b349748cd21]
+
+2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ return(foo) not return foo optimize _atobool() slightly
+ [11d09d154ed5]
+
+ * ldap.c:
+ Use TRUE/FALSE
+ [53999320d98f]
+
+ * ldap.c:
+ Reformat to match the rest of sudo's code.
+ [1bd0f2afa0e7]
+
+ * sudo.pod:
+ I am the primary author
+ [5d311ecd85c6]
+
+2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README, RUNSON:
+ The RUNSON file is toast--it confused too many people and really
+ isn't needed in a configure-oriented world.
+ [96a6ef7bbc08]
+
+ * INSTALL:
+ alternate -> alternative
+ [b65015c5d0a2]
+
+ * tgetpass.c:
+ Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
+ TCSAFLUSH.
+ [c66b4763ffdc]
+
+ * toke.l:
+ Allow leading blanks before Defaults and Foo_Alias definitions
+ [2add513d9277]
+
+ * Makefile.in:
+ fix rules to build toke.o and gram.o in devel mode
+ [96cbb414ebd3]
+
+2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ env_keep overrides set_logname
+ [401877193a15]
+
+ * env.c:
+ Fix disabling set_logname and make env_keep override set_logname.
+ [0906e7a5ed93]
+
+ * compat.h, config.h.in, configure, configure.in:
+ No longer need memmove()
+ [43bdb6efe3f2]
+
+ * env.c, sudo.c:
+ Just clean the environment once. This assumes that any further
+ setenv/putenv will be able to handle the fact that we replaced
+ environ with our own malloc'd copy but all the implementations I've
+ checked do.
+ [11658fe92ba2]
+
+2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ In -i mode, base the value of insert_env()'s dupcheck flag on
+ DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
+ [8365b0bd0c71]
+
+2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ Move setting of user_path, user_shell, user_prompt and prev_user
+ into init_vars() since user_shell at least is needed there.
+ [37e22dce66e9]
+
+2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fix devel builds
+ [9fbb15ef164c]
+
+ * sudo.c:
+ Fix some printf format mismatches on error.
+ [ffc1c3f11740]
+
+ * check.c:
+ Fix some printf format mismatches on error.
+ [7b3b508adf50]
+
+ * configure, gram.c, toke.c:
+ regen
+ [aa76f9d8b02a]
+
+ * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
+ auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+ auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+ closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+ emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
+ getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
+ interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
+ parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
+ snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
+ sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
+ testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
+ visudo.pod, zero_bytes.c:
+ Update copyright years.
+ [0610c3654739]
+
+ * Makefile.binary.in:
+ Update copyright years.
+ [d78ffc9f2e2b]
+
+ * LICENSE:
+ Update copyright years.
+ [f60473bca4b1]
+
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+ version 1.7
+ [aa977a544ca1]
+
+ * WHATSNEW:
+ What's new in sudo 1.7, based on the 1.7 CHANGES entries.
+ [ecfcf7269c14]
+
+2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h, logging.h, sudo.h:
+ Add __printflike and use it with gcc to warn about printf-like
+ format mismatches
+ [b192ad4a0548]
+
+2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, ChangeLog:
+ Replaced CHANGES file with ChangeLog generated from cvs logs
+ [d9ace9dab98f]
+
+ * set_perms.c:
+ Use warning/error instead of perror/fatal.
+ [e33259df7738]
+
+ * config.guess:
+ Update OpenBSD section
+ [9d2c23de6801]
+
+ * UPGRADE:
+ Add upgrading noted for 1.7
+ [1fb6b6d6df07]
+
+ * env.c, sudo.c, sudoers.pod:
+ Instead of zeroing out the environment, just prune out entries based
+ on the env_delete and env_check lists. Base building up the new
+ environment on the current environment and the variables we removed
+ initially.
+ [fc192df8fd15]
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Set locale to "C" if locales are supported, just to be safe.
+ [91fbaa98f02e]
+
+ * toke.c, toke.l:
+ Cast?argument to ctype functions to unsigned char.
+ [e096b4d65796]
+
+2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ correct value for DID_USER
+ [b5b05d36ec15]
+
+ * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
+ #include <compat.h> not "compat.h"
+ [7a0ad9a0ccd7]
+
+ * defaults.c:
+ Reset the environment by default.
+ [4ecc6423e0f0]
+
+ * sudo.c:
+ Alloc an extra slot in NewArgv. Removes the need to malloc an new
+ vector if execve() fails.
+ [83dfb6f584a7]
+
+2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, config.h.in, configure, configure.in, sudo.c:
+ Use execve(2) and wrap the command in sh if we get ENOEXEC.
+ [c0c6af4e2a21]
+
+2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_noexec.c:
+ Only include time.h on systems that lack struct timespec which gets
+ defind in compat.h (using time_t).
+ [e373e518b4cb]
+
+ * sudo_noexec.c:
+ Include time.h for time_t in compat.h for systems w/o struct
+ timespec.
+ [a34b5637e458]
+
+ * compat.h, config.h.in, configure, configure.in:
+ use bcopy on systems w/o memmove
+ [f835eafd78c6]
+
+ * compat.h:
+ __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
+ use to gcc >= 2.8.
+ [1cb9a4e58566]
+
+ * Makefile.in:
+ Add explicit rule to build sudo_noexec.lo
+ [df1dfcf8dd77]
+
+2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.configure, Makefile.in:
+ No longer depend on VPATH; pointed out a bunch of missed
+ dependencies.
+ [601a45d4af6b]
+
+ * TROUBLESHOOTING:
+ Help for PAM when account section is missing
+ [9b8221256756]
+
+ * auth/pam.c:
+ Give user a clue when there is a missing "account" section in the
+ PAM config.
+ [2529625c0495]
+
+ * auth/pam.c:
+ Better error handling.
+ [518c9bda23d8]
+
+ * config.h.in, configure, configure.in:
+ Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
+ possible. Silences a warning about isblank() on linux.
+ [19c94d7ecdc8]
+
+ * auth/pam.c:
+ Fix typo (missing comma) that caused an incorrect number of args to
+ be passed to log_error().
+ [0099dfec560f]
+
+2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Don't try to destroy a tree we didn't create.
+ [d43c4fe03aa4]
+
+2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+ compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
+ fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
+ goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
+ match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
+ sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+ strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
+ tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
+ Add __unused to rcsids
+ [ad6b4ac45705]
+
+2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix error message when mixing invalid auth types
+ [68069b3ff5bc]
+
+ * INSTALL:
+ PAM, AIX auth, BSD auth and login_cap are now on by default if the
+ OS supports them.
+ [4e44e9098cf0]
+
+ * auth/sudo_auth.h, config.h.in:
+ s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
+ [2d569b43b23e]
+
+ * configure.in:
+ Better checking for conflicting authentication methods Display the
+ authentication methods used at the end of configure Rename --with-
+ authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
+ --with-pam, --with-logincap by default on systems that support them
+ unless disabled. Add OSMAJOR variable that replaces old OSREV; now
+ OSREV has full version number
+ [a21115b6fe9f]
+
+2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.in, sudo.c, sudoers.pod:
+ s/-O/-C/
+ [ee73f1b81923]
+
+2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Replace: test -n "$FOO" || FOO="bar"
+
+ With: : ${FOO='bar'}
+ [37552d9054fc]
+
+2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, testsudoers.c, tsgetgrpw.c:
+ Use function pointers to only call private passwd/group routines
+ when using a nonstandard passwd/group file.
+ [215908681dfb]
+
+2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [2e55c03f5790]
+
+ * tsgetgrpw.c:
+ Can't use strtok() since it doesn't handle empty fields so add
+ getpwent()/getgrent() functions and call those.
+ [bdaa5b0db70e]
+
+2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Fix dummied out toke.c and gram.c dependencies.
+ [4b909c8b2ebe]
+
+ * Makefile.in:
+ Rename PARSESRCS -> GENERATED since it is only used in the clean
+ target Add devdir variable and use it to specify the path to parser
+ sources
+ [f27b3f41ca23]
+
+ * configure:
+ regen
+ [22c6435dbd46]
+
+ * configure.in:
+ Add a devdir variables that defaults to $(srcdir) and is set to . if
+ --devel was specified. Allows for proper dependecies building the
+ parser.
+ [a36d694c6d21]
+
+ * testsudoers.c:
+ Add support for custom passwd/group files.
+ [296549ff4b87]
+
+ * Makefile.in:
+ Build private copy of pwutil.o for testsudoers with MYPW defined so
+ it uses our own passwd/group routines.
+ [bafa54ec78ca]
+
+ * visudo.c:
+ Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
+ stubs instead. We can now just use the caching sudo_*{pw,gr}*
+ functions in pwutil.c Add comment about wanting to call
+ sudo_endpwent/sudo_endgrent in cleanup()
+ [7e59d6b5510d]
+
+ * tsgetgrpw.c:
+ Remove caching; we will just use what is in pwutil.c Use global
+ buffers for passwd/group structs Rename functions from sudo_* to
+ my_*
+ [8c1e068f574c]
+
+ * logging.c, sudo.c:
+ g/c pwcache_init/pwcache_destroy
+ [60a24909b947]
+
+ * sudo.h:
+ Undo last commit and add sudo_setspent and sudo_endspent instead.
+ [bac80db08296]
+
+ * getspwuid.c, pwutil.c:
+ Move all but the shadow stuff from getspwuid.c to pwutil.c and
+ pwcache_get and pwcache_put as they are no longer needed. Also add
+ preprocessor magic to use private versions of the passwd and group
+ routines if MYPW is defined (for use by testsudoers).
+ [a16b8678a426]
+
+ * tsgetgrpw.c:
+ zero out struct passwd/group before filling it in so if there are
+ fields we don't handle they end up as 0.
+ [274cb6a93301]
+
+ * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Adapt to pwutil.c
+ [43ebd04c8b82]
+
+ * Makefile.in:
+ Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
+ readability.
+ [7f88c6061e2d]
+
+ * tsgetgrpw.c:
+ Passwd and group lookup routines for testsudoers that support
+ alternate passwd and group files.
+ [d7803101d34e]
+
+ * getspwuid.c, pwutil.c:
+ Split off pw/gr cache and dup code into its own file. This allows
+ visudo and testsudoers to use the pw/gr cache too.
+ [ef333d3ffedf]
+
+2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Print Defaults info in "sudo -l" output and wrap lines based on the
+ terminal width.
+ [e559eae4250e]
+
+2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c, testsudoers.c, visudo.c:
+ Only check group vector in usergr_matches() if we are matching the
+ invoking or list user. Always check the group members, even if
+ there was a group vector.
+ [d0c7ceb2a041]
+
+2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, fnmatch.3:
+ No longer bundle fnmatch.3
+ [72db4a4ff4e1]
+
+ * CHANGES, TODO:
+ checkpoint
+ [e92781bfd99c]
+
+2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ sort usage
+ [15e3b876ec2c]
+
+ * sudo.pod:
+ Sort command line options
+ [c1fa56584bc4]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
+ sudo.pod, sudoers.pod:
+ Add closefrom sudoers option to start closing at a point other than
+ 3. Add closefrom_override sudoers option and -C sudo flag to allow
+ the user to specify a different closefrom starting point.
+ [370652b099d1]
+
+ * pathnames.h.in:
+ Add _PATH_DEVNULL for those without it.
+ [0c4c3e0ceb8b]
+
+ * LICENSE:
+ no more UCB strcasecmp
+ [397a6298e07f]
+
+ * strcasecmp.c:
+ replace BSD licensed one with version derived from pdksh
+ [d7cfda8c57a2]
+
+2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Fix last commit.
+ [7afb9a180532]
+
+ * sudo.c:
+ Make sure stdin, stdout and stderr are open and dup them to
+ /dev/null if not.
+ [590f387068bd]
+
+2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, mon_systrace.c, sudo.c, sudo.h:
+ add sudo_ldap_close
+ [4273a36765a7]
+
+ * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
+ Use TIME_WITH_SYS_TIME
+ [c32b59bf15fb]
+
+ * config.h.in, configure, configure.in:
+ Add TIME_WITH_SYS_TIME_H
+ [57cb146f451d]
+
+2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
+ unconditionally on darwin. From Toby Peterson.
+ [d69959681c87]
+
+ * getspwuid.c:
+ Check rbinsert() return value. In the case of faked up entries
+ there is usually a negative response cached that we need to
+ overwrite.
+
+ In pwfree() don't try to zero out a NULL pw_passwd pointer.
+ [00b32d1a48c1]
+
+ * mon_systrace.c:
+ Use the double fork trick to avoid the monitor process being waited
+ for by the main program run through sudo.
+ [e0ce556712ff]
+
+2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Call initgroups() in -U mode so group matches work normally.
+ [2235bea15283]
+
+ * def_data.h, mkdefaults:
+ Don't print a trailing comma for the last entry in enum def_tupple
+ [c43a96bb31df]
+
+2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention values when lecture, listpw and verifypw are used in boolean
+ context.
+ [a0b5c0abaccf]
+
+ * def_data.c, def_data.in:
+ verifypw when used in a boolean TRUE context should be "all", not
+ "any".
+ [2eb076ddd5e2]
+
+2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.in, defaults.c:
+ Allow tuples that can be used as booleans to be used as boolean
+ TRUE. In this case the 2nd possible value of the tuple is used for
+ TRUE.
+ [bd99aa77e88b]
+
+2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Correct the test for 2-parameter timespecsub
+ [d41c9cb26b97]
+
+ * sudo.h:
+ Add strub struct definitions for passwd, timeval and timespec
+ [c4ce5c43d8c5]
+
+ * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
+ Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
+ and fix a typo in the gettimeofday check.
+ [8ac9893057ce]
+
+2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c, testsudoers.c:
+ Deal with user_stat being NULL as it is for visudo and testsudoers.
+ [3605a6ff64d0]
+
+ * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
+ Add -U option to use in conjunction with -l instead of -u. Add
+ support for "sudo -l command" to test a specific command.
+ [99638789d415]
+
+ * gram.c, gram.y, sudo.c:
+ Set safe_cmnd after sudoers_lookup() if it has not been set.
+ Previously it was set by sudo "ALL" in the parser but at that point
+ the fully-qualified pathname has not yet been found.
+ [ac30d98f8225]
+
+2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, testsudoers.c:
+ Correctly handle multiple privileges per userspec and runas
+ inheritence.
+ [a98a965181af]
+
+2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Zero out sd_un for each entry in sudo_defs_table in init_defaults.
+ [031d3cd4a848]
+
+2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ make per-command defaults work with sudoedit
+ [e56fe33db916]
+
+ * ldap.c, parse.c, sudo.c, sudo.h:
+ Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
+ Instead, we just set the approriate defaults variable.
+ [756eeecc1d86]
+
+ * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document per-command Defaults.
+ [92a0f84b91c1]
+
+ * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
+ sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
+ Add support for command-specific Defaults entries. E.g.
+ Defaults!/usr/bin/vi noexec
+ [be3d52bf01cf]
+
+ * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
+ Change an occurence of user_matches() -> runas_matches() missed
+ previously runas_matches(), host_matches() and cmnd_matches() only
+ really need to pass in a list of members. user_matches() still
+ needs to pass in a passwd struct because of "sudo -l"
+ [833b22fc6fa0]
+
+ * parse.c:
+ Check def_authenticate, def_noexec and def_monitor when setting
+ return flags. XXX May be better to just set the defaults directly
+ and get rid of those flags.
+ [b6db22b59d69]
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+ defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
+ getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
+ gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
+ mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
+ strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
+ sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
+ visudo.c, zero_bytes.c:
+ Use: #include <config.h> Not: #include "config.h" That way we get
+ the correct config.h when build dir != src dir
+ [97e5670a442b]
+
+ * Makefile.in:
+ Back out part of rev 1.263; fix -I order
+ [197ea01cad5d]
+
+ * toke.c, toke.l:
+ More robust parsing if #include; could be much better still.
+ [31bc3cd8f045]
+
+ * sudo_edit.c, visudo.c:
+ Make arg splitting in visudo and sudoedit consistent.
+ [7bc74485f246]
+
+ * Makefile.in, alias.c, gram.c, gram.y, parse.h:
+ Split alias routines out into their own file.
+ [d90f633cf9ae]
+
+ * error.h:
+ __attribute__ is already defined in compat.h
+ [676ed3fe9203]
+
+ * visudo.c:
+ quit() should not be __noreturn__ as it is non-void on some
+ platforms.
+ [e528c2b6ba10]
+
+ * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
+ Add local error/warning functions like err/warn but that call an
+ additional cleanup routine in the error case. This means we no
+ longer need to compile a special version of alloc.o for visudo.
+ [e78e8aae882e]
+
+ * parse.h:
+ Clarify comments about the data structures
+ [ae894e266701]
+
+2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Add support for VISUAL and EDITOR containing command line args. If
+ env_editor is not set any args in VISUAL and EDITOR are ignored.
+ Arguments are also now supported in def_editor.
+ [ff7303b8e298]
+
+2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.h:
+ alias_matches() is no more
+ [b59825e28084]
+
+ * CHANGES, TODO:
+ sync
+ [2b8f5f63c1de]
+
+ * Makefile.in:
+ When regenerating the parser, don't replace gram.h unless it has
+ changed.
+ [819949668018]
+
+ * Makefile.in:
+ remove Makefile.binary for distclean
+ [351eec8d00b2]
+
+ * env.c:
+ Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
+ sure we can't overflow new_env.
+ [3284d17b9c6d]
+
+ * sudo_edit.c:
+ paranoia when stripping trailing slashes from tempdir.
+ [012f1aa2b81f]
+
+ * sudo.c:
+ Set user_ngroups to 0 if getgroups() returns an error.
+ [c46d43e9449a]
+
+2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Add configure check for getgroups()
+ [5d8a214e2cef]
+
+ * ldap.c:
+ Use supplementary group vector in struct sudo_user.
+ [3d0c463c034d]
+
+ * match.c:
+ Only do string comparisons on the group members if there is no
+ supplemental group list.
+ [be1c8362f7ef]
+
+ * CHANGES, TODO:
+ sync
+ [db188bc5b975]
+
+ * sudo_edit.c:
+ On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
+ chop off any trailing slashes we see and add an explicit one.
+ [e1b477dafee1]
+
+ * match.c:
+ remove bogus XXX comment
+ [8aecb8a28d40]
+
+ * match.c:
+ Get rid of alias_matches and correctly fall through to the non-alias
+ cases when there is no alias with the specified name.
+ [2cd555246f09]
+
+ * getspwuid.c:
+ Cache non-existent passwd/group entries too.
+ [8de9a467d271]
+
+ * gram.c:
+ regen
+ [9ece18c58f36]
+
+ * getspwuid.c:
+ fix typo
+ [9a7ae371eac1]
+
+ * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
+ mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Implement group caching and use the passwd and group caches
+ throughout.
+ [f1d8c5015169]
+
+2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Properly negate the return value of alias_matches() when
+ appropriate.
+ [ce59c4ce77ad]
+
+ * match.c:
+ Make hostname_matches() return TRUE for a match, else FALSE like the
+ caller expects.
+ [1dc03902d3a2]
+
+ * Makefile.in:
+ Add missing dependencies on gram.h
+ [4f94bbb1d50c]
+
+ * match.c:
+ Use runas_matches in alias_matches() now that we have it.
+ [284d22e91178]
+
+ * parse.c, parse.h:
+ Expand aliases in "sudo -l" mode
+ [f67a38b79c44]
+
+ * gram.y, match.c:
+ Use ALIAS for the member type when storing an alias instead of
+ HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
+ more generic type. Expand runas_matches instead of calling
+ user_matches() inside of it since user_matches() looks up
+ USERALIASes, not RUNASALIASes.
+ [52004d75232b]
+
+ * CHANGES, getspwuid.c:
+ Paranoia; zero out pw_passwd before freeing passwd entry.
+ [bd1b22638f00]
+
+ * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
+ configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
+ error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
+ sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
+ Add local error/warning functions like err/warn but that call an
+ additional cleanup routine in the error case. This means we no
+ longer need to compile a special version of alloc.o for visudo.
+ [25000b676cfe]
+
+ * match.c:
+ Use userpw_matches() to compare usernames, not strcmp(), since the
+ latter checks for "#uid".
+ [fcbe4b859f66]
+
+ * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
+ Cache passwd db entries in 2 reb-black trees; one indexed by uid,
+ the other by user name. The data returned from the cache should be
+ considered read-only and is destroyed by sudo_endpwent().
+ [ee2418ff3f86]
+
+ * match.c:
+ add cast to uid_t
+ [eb6415302d84]
+
+ * gram.y:
+ missing free in alias_destroy
+ [572ecb680ad8]
+
+ * redblack.c:
+ Can't use rbapply() for rbdestroy since the destructor is passed a
+ data pointer, not a node pointer.
+ [11ce713830c0]
+
+ * getspwuid.c, logging.c, sudo.c, sudo.h:
+ Create and use private versions of setpwent() and endpwent() that
+ set/end the shadow password file too.
+ [616bc76d23bf]
+
+ * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
+ Store aliases in a red-black tree.
+ [ce017d540416]
+
+ * Makefile.in, redblack.c, redblack.h:
+ red-black tree implementation
+ [cd5586e8f48b]
+
+ * visudo.c:
+ Edit all sudoers file if there were unused or undefined aliases and
+ we are in strict mode.
+ [b6d5f5bb7262]
+
+2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
+ find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
+ Bring back the "secure_path" Defaults option now that Defaults take
+ effect before the path is searched.
+ [2e52c0e27606]
+
+2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, parse.c:
+ A user can always list their own entries, even with -u. Better error
+ message when failing to list another user's entries.
+ [e2e24deb0071]
+
+ * parse.c, sudo.c, sudo.h:
+ The syntax to list another user's entries is now "-u otheruser -l".
+ Only root or users with sudo "ALL" may list other user's entries.
+ [3c0657e8f5fe]
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Update env variable info in SECURITY NOTES
+ [299716071024]
+
+ * env.c:
+ strip CDPATH too
+ [9b97643b26f9]
+
+ * env.c:
+ strip exported bash functions from the environment.
+ [9e5090c8284f]
+
+2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only reset sudo_user.pw based on SUDO_USER environment variables for
+ real commands and sudoedit. This avoids a confusing message when a
+ user tries "sudo -l" or "sudo -v" and is denied.
+ [3ea6d0053274]
+
+ * gram.c, gram.y, parse.h:
+ Extend LIST_APPEND to deal with appending lists too
+ [d963e42f622f]
+
+2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Convert some bitwise AND to ISSET
+ [130dc40d268e]
+
+ * lex.yy.c, toke.c:
+ toke.c replaces lex.yy.c
+ [048858df79e7]
+
+ * CHANGES, TODO:
+ sync
+ [d19e7abf251c]
+
+ * BUGS:
+ new parser fixes most of the outstanding bugs
+ [0891f66e3758]
+
+ * configure:
+ regen
+ [1a3358cc7283]
+
+ * visudo.c:
+ Rework for the new parser. Now checks for unused aliases in sudoers.
+ [ad462ede3094]
+
+ * testsudoers.c:
+ Rewrite for the new parser. Now supports a -d flag (dump) and adds
+ a -h flag (host). It now defaults to the local hostname unless
+ otherwise specified.
+ [1b69685cc601]
+
+ * sudo.h:
+ Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
+ [2e4fb3abfef0]
+
+ * sudo.c:
+ Update for new parse. We now call find_path() *after* we have
+ updated the global defaults based on sudoers. Also adds support for
+ listing other user's privs if you are root.
+ [cf3db9fc3024]
+
+ * mon_systrace.c:
+ Working LDAP support; also remove a now-unneeded rewind().
+ [649ecf1baf6b]
+
+ * logging.c, logging.h:
+ Add NO_STDERR flag.
+ [6cb935af94e0]
+
+ * ldap.c:
+ Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
+ udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
+ connecto to LDAP, apply the default options, find the command in the
+ user's path, and then check whether the user is allowed to run it.
+ The important thing here is that the default runas user may be
+ specified as a default option and that needs to be set before we
+ search for the command.
+ [fc0426abc6f1]
+
+ * ldap.c:
+ Add casts to unsigned char for isspace() to quiet a gcc warning.
+ [e5358e3df439]
+
+ * defaults.h:
+ Add prototype for update_defaults()
+ [564dac3db74e]
+
+ * defaults.c:
+ Don't warn about line numbers now that we operate on a set of data
+ structures (or LDAP) and not a file.
+ [bcd9ffb9b67c]
+
+ * config.h.in:
+ No long use lsearch()
+ [9d048c587319]
+
+ * Makefile.in:
+ Update for new and changed file names.
+ [6f424a7c4515]
+
+ * LICENSE:
+ no more BSD lsearch.c
+ [463a96d89026]
+
+ * match.c:
+ foo_matches() routines now live in match.c Added user_matches(),
+ runas_matches(), host_matches(), cmnd_matches() and alias_matches()
+ that operate on the parsed sudoers file.
+ [b14da8a0567e]
+
+ * parse.lex, toke.l:
+ Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
+ WORD no longer needs to exclude '@' kill yywrap()
+ [a922294eb7b7]
+
+ * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
+ sudo.tab.h:
+ Rewritten parser that converts sudoers into a set of data
+ structures. This eliminates ordering issues and makes it possible to
+ apply sudoers Defaults entries before searching for the command.
+ [30d2ec4d203c]
+
+ * configure.in, emul/search.h, lsearch.c:
+ We won't be using lsearch() any longer.
+ [29c4d54bfac0]
+
+ * ldap.c:
+ sudo should not send mail if someone who runs 'sudo -l' has no
+ entry.
+ [6fc27a69fd9c]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [8166347917f3]
+
+ * visudo.pod:
+ Update warnings to match new visudo
+ [004c0766798f]
+
+ * sudoers.pod:
+ The new parser doesn't have the old ordering constraints.
+ [ffd43bd08661]
+
+ * sudo.pod:
+ Document that -l now takes an optional username argument
+ [278f9557de8b]
+
+2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ AIX 5.2.0.0 works
+ [523acd29d858]
+
+ * ldap.c:
+ If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
+ a compilation problem with Solaris 9's native LDAP.
+
+ Set FLAG_MONITOR when needed.
+ [35824ade672d]
+
+2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Call sudo_goodpath() *after* changing the cwd to match the traced
+ process. Fixes relative paths.
+ [12ee111d0ad7]
+
+2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * testsudoers.c:
+ Kill set_perms() stub--it is no longer needed.
+ [116ed702935d]
+
+2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ stay_setuid now requires set_reuid() or setresuid()
+ [8511f67e25d5]
+
+ * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
+ configure.in, set_perms.c, sudo.c, sudo.h:
+ Kill use of POSIX saved uids; they aren't worth bothering with.
+ [b3b1f19f18c1]
+
+2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * glob.c:
+ remove call to issetugid()
+ [63f2e492c08f]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Remove warning about wildcards. Now that we use glob() the bug is
+ fixed.
+ [b15729d32266]
+
+ * parse.c:
+ Use glob(3) instead of fnmatch(3) for matching pathnames and stat
+ each result that matches the basename of the user's command. This
+ makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
+ /usr/bin/blah. Fixes bug #143.
+ [e31eb6310340]
+
+ * config.h.in, configure, configure.in:
+ Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
+ GLOB_BRACE)
+ [677ed6661e17]
+
+ * config.h.in, configure, configure.in:
+ Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
+ [aaa2329dd266]
+
+ * LICENSE:
+ reference glob
+ [bedc9a923423]
+
+ * glob.c:
+ 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+ removed.
+ [81799451473c]
+
+ * emul/glob.h:
+ 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+ removed.
+ [0335cf31fb1e]
+
+2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
+ means we are out of space in the stack gap...
+ [5b02b702021e]
+
+ * CHANGES:
+ sync
+ [be3826273e56]
+
+ * mon_systrace.c:
+ Take a stab at ldap sudoers support here.
+ [9d023695b0de]
+
+ * mon_systrace.c, mon_systrace.h:
+ Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
+ doesn't cause reboot to inadvertanly kill itself.
+ [d4aab2365610]
+
+ * mon_systrace.c:
+ put "monitor" in the proctitle, not "systrace"
+ [9a9025767d86]
+
+ * mon_systrace.c:
+ When modifying the environment, don't replace envp when we can get
+ away with just rewriting pointers in the traced process.
+ [c03622f7a2e2]
+
+ * mon_systrace.c, mon_systrace.h:
+ Add environment updating via STRIOCINJECT (if available).
+ [037291016870]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [869acc511046]
+
+2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c:
+ regen
+ [4e61a9bd3c97]
+
+ * parse.lex:
+ Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
+ [b70d7bd6e147]
+
+ * mon_systrace.c:
+ Include file is now mon_systrace.h
+ [ead4e36d92ae]
+
+ * Makefile.in, configure, configure.in, def_data.c, def_data.h,
+ def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
+ sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
+ No longer call it tracing, it is now "monitoring" which should be
+ more a obvious name to non-hackers.
+ [aa811ded0789]
+
+2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c, mon_systrace.h:
+ Fix some XXX
+ [a271072dacc6]
+
+ * mon_systrace.c, mon_systrace.h:
+ No need to include syscall.h, use 1024 as the max # of entries (the
+ max that systrace(4) allows).
+
+ Only need to use SYSTR_POLICY_ASSIGN once
+
+ Change check_syscall() -> find_handler() and have it return the
+ handler instead of just running it. We need this since handler now
+ have two parts: one part that generates and answer and another that
+ gets called after the answer is accepted (to do logging).
+
+ Add some missing check_exec for emul execv
+ [a89d243f0525]
+
+ * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
+ Add $Sudo$ tags.
+ [6f3fedb0daba]
+
+ * config.h.in:
+ Add missing HAVE_LINUX_SYSTRACE_H
+ [ff75ab7bfc53]
+
+ * Makefile.in:
+ add trace_systrace.o dependency
+ [88a408668ab2]
+
+2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Also look for systrace.h in /usr/include/linux
+ [98b98b436cf3]
+
+ * mon_systrace.c, mon_systrace.h:
+ Move all struct defs and prototypes into trace_systrace.h and mark
+ all but systace_attach() static.
+ [85511253b570]
+
+ * mon_systrace.c, mon_systrace.h:
+ Add support for tracing emulations. At the moment, all emulations
+ are compiled in. It might make sense to #ifdef them in the future,
+ though this impeeds readability.
+ [87bb50abf277]
+
+ * Makefile.in, configure, configure.in:
+ rename systrace.c -> trace_systrace.c
+ [31cfa4407d93]
+
+ * parse.yacc, sudo.tab.c:
+ Allow this to build with a K&R compiler again
+ [32876af5bb98]
+
+ * TODO:
+ sync
+ [46865bd70f7c]
+
+ * compat.h, sudo.c, visudo.c:
+ Use __attribute__((__noreturn__))
+ [65bbad71fe89]
+
+ * visudo.c:
+ Exit() takes a negative value to indicate it was not called via
+ signal.
+ [b93032ed7b60]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [45bcf4661558]
+
+ * Makefile.in, visudo.c:
+ Define Err() and Errx() that are like err() and errx() but call
+ Exit() instead of exit(). Build private copy of alloc.o for visudo
+ that calls Err() and Errx().
+ [c6d02bf42edd]
+
+2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [39de7e7c59da]
+
+ * CHANGES:
+ sync
+ [ba481d9ed1aa]
+
+ * visudo.c:
+ Overhaul visudo for editing multiple files: o visudo has been
+ broken out into functions (more work needed here) o each file is
+ now edited before sudoers is re-parsed o if a #include line is
+ added that file will be edited too
+
+ TODO: o cleanup temp files when exiting via err() or errx() o
+ continue breaking things out into separate functions
+ [80c35cf534eb]
+
+ * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Add keepopen arg to open_sudoers that open_sudoers can use to
+ indicate to the caller that the fd should not be closed when it is
+ done with it. To be used by visudo to keep locked fds from being
+ closed prematurely (and thus losing the lock).
+ [f330fe632470]
+
+ * parse.yacc, sudo.c:
+ Add errorfile global that contains the name of the file that caused
+ the error.
+ [98079c7a37ed]
+
+ * parse.lex:
+ return COMMENT to yacc grammar for a #include line
+ [2024a8de4fa8]
+
+ * parse.lex:
+ Remove us of unput() in favor of yyless() which is cheaper.
+ [c61291902beb]
+
+ * parse.yacc:
+ Allow an empty sudoers file.
+ [62fb111db2e7]
+
+2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
+ [9e15869ef597]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [c29bdd43bfad]
+
+ * visudo.c:
+ Do signal setup before calling edit_sudoers(). Don't shadow the
+ "quiet" global.
+ [74252efd09ff]
+
+ * visudo.c:
+ If a sudoers file includes other files, edit those too. Does not yes
+ deal with creating the new includes files itself.
+ [06af7b9c173f]
+
+ * testsudoers.c:
+ init_parser now takes a path
+ [b5ee186eb192]
+
+ * parse.c, parse.h, parse.lex, parse.yacc:
+ More scaffolding for dealing with multiple sudoers files: o
+ init_parser() now takes a path used to populate the sudoers global
+ o the sudoers global is used to print the correct file in yyerror()
+ o when switching to a new sudoers file, perserve old file name and
+ line number
+ [d9be4970b8bd]
+
+ * Makefile.in, pathnames.h.in:
+ Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
+ multiple sudoers files.
+ [6ccc4e921c43]
+
+ * parse.c, sudo.c:
+ Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
+ we start at the right file position when reading include files.
+ [91fcb961e7a4]
+
+ * sudoers.pod:
+ document #include
+ [fbb92a25a726]
+
+ * lex.yy.c:
+ regen
+ [50cd7a4c9dff]
+
+ * parse.lex:
+ Add max depth of 128 for the include stack to avoid loops.
+
+ Since yyerror() doesn't stop parsing, pass return values back to
+ yylex and call yyterminate() on error.
+ [e79dbffb729d]
+
+2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ document tracing
+ [165a467eadd8]
+
+ * sudo.pod:
+ Mention PREVENTING SHELL ESCAPES section of sudoers man page
+ [3217ccecd834]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [fbd58d1d3a76]
+
+ * parse.lex:
+ Add support for #include in sudoers (visudo support TBD)
+ [a78015ca81af]
+
+ * parse.yacc:
+ make yyerror()'s argument const
+ [7d8e168c019a]
+
+ * testsudoers.c, visudo.c:
+ Add open_sudoers() stubs.
+ [087466787198]
+
+ * sudo.c, sudo.h:
+ Rename check_sudoers() open_sudoers() and make it return a FILE *
+ [142fc511fc65]
+
+2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+ version.h:
+ Crank version
+ [1adc3f839480]
+
+ * Makefile.in, sudo.psf:
+ Better HP-UX depot construction
+ [2d952b000e63]
+
+2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ o Made children global so check_exec() can lookup a child. o
+ Replaced uid in struct childinfo with struct passwd * (for runas) o
+ new_child() now takes a parent pid so the runas info can be
+ inherited o Added find_child() to lookup a child by its pid o
+ update_child() now fills in a struct passwd o Converted the big
+ if/else mess in set_policy to a switch o Syscalls that change uid
+ are now "ask" so we get SYSTR_MSG_UGID events
+ [29b9ea3f09a3]
+
+ * getspwuid.c:
+ Add flag to sudo_pwdup that indicates whether or not to lookup the
+ shadow password. Will be used to a struct passwd that has the
+ shadow password already filled in.
+ [e19d43dd7238]
+
+ * mon_systrace.c:
+ add missing increment of addr in read_string()
+ [f9eb0f060cb6]
+
+ * mon_systrace.c:
+ Remove bogus call to update_child() and some cosmetic fixes
+ [701ab0b97fef]
+
+ * mon_systrace.c:
+ Don't leak /dev/systrace fd to tracee Make initialized global for
+ simplicity If STRIOCATTACH returns EBUSY we are already being traced
+ Check for user_args == NULL in setproctitle() call Add missing calls
+ to STRIOCANSWER
+ [1956edf9bc3a]
+
+ * sudo.c:
+ g/c sudo_pwdup proto
+ [b7c4d6249ecb]
+
+ * Makefile.in, sudo.psf:
+ Add target for building a depot file
+ [357019efd99b]
+
+ * mon_systrace.c:
+ trim includes
+ [501534428471]
+
+2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen
+ [52fd250c6986]
+
+ * INSTALL:
+ document --with-systrace
+ [79623927c94e]
+
+ * config.h.in, configure, configure.in:
+ Add check for setproctitle
+ [1730cf1c26ed]
+
+ * mon_systrace.c:
+ pass struct str_msg_ask in to syscall checker so it can set the
+ error code
+ [1703fd2fdef6]
+
+ * mon_systrace.c:
+ systrace(4) support for sudo. On systems with the systrace(4)
+ kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
+ intercept exec calls and check the exec args against the sudoers
+ file. In other words, sudo can now control subcommands and shell
+ escapes.
+ [928c9217c386]
+
+ * sudo.c, sudo.h:
+ Call systrace_attach() if FLAG_TRACE is set.
+ [014ba9402fa5]
+
+ * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
+ Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
+ [a99904db5e56]
+
+ * parse.c, sudo.c:
+ Don't close sudoers_fp, keep it open and set close on exec flag
+ instead.
+ [43a9fec60bee]
+
+ * def_data.c, def_data.h, def_data.in:
+ Add trace option
+ [5b643b86730a]
+
+ * Makefile.in:
+ Add systrace
+ [47a0519c427c]
+
+ * INSTALL:
+ SunOS /bin/sh blows up with configure
+ [005a23cc5615]
+
+ * configure, configure.in:
+ Include sys/param.h before systrace.h
+ [9345bc8efecf]
+
+ * configure:
+ regen
+ [a8f53fcbb254]
+
+ * pathnames.h.in:
+ _PATH_DEV_SYSTRACE
+ [d2ad1e492a00]
+
+ * configure.in:
+ line up options in --help
+ [fa51f2821d09]
+
+ * config.h.in, configure.in:
+ Add --with-systrace
+ [a264d54bc413]
+
+2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [a4dad0bcc523]
+
+ * aclocal.m4, configure.in:
+ make this work with autoconf-2.59
+ [c4a92b6a684a]
+
+2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Simplify logic around open & stat of files and do sanity on edited
+ file even if we lack fstat (still racable but worth doing).
+ [adda65ade70c]
+
+2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ Add support url
+ [bf6590fbde9f]
+
+ * Makefile.in:
+ versino 1.6.8p1
+ [b84ebfaf1552] [SUDO_1_6_8p1]
+
+ * CHANGES:
+ more changes for 1.6.8p1
+ [e23a9c0393b6]
+
+ * version.h:
+ 1.6.8p1
+ [872f14504b5f]
+
+ * CHANGES, sudo_edit.c:
+ Add sanity check so we don't try to edit something other than a
+ regular file.
+ [350134ec6d4e]
+
+2004-09-15 Aaron Spangler <aaron777@gmail.com>
+
+ * CHANGES:
+ sync
+ [3091ca9eae00]
+
+ * INSTALL:
+ document --with-ldap-conf-file
+ [0e2cd6b896f1]
+
+2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, ins_csops.h:
+ political correctness strikes again
+ [428e8bc77f55]
+
+ * RUNSON:
+ sync
+ [27f44bd423dc]
+
+2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.binary.in, Makefile.in:
+ Install sudoedit man link
+ [19a55234fc1f]
+
+ * INSTALL:
+ Update PAM note and mention where HP-UX users can download gcc
+ binaries.
+ [d37cdbbabfd4]
+
+ * Makefile.in:
+ libtool wants to install stuff from .libs so fake one up for binary
+ installations.
+ [a681bc6fcfba]
+
+ * Makefile.binary.in:
+ rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
+ [3e0c4b3372cc]
+
+ * Makefile.in:
+ Deal with "uname -m" having slashes in it rm -f old sudoedit link
+ instead of using ln -f
+ [cff33fb97e5b]
+
+ * Makefile.binary, Makefile.binary.in:
+ Makefile.binary -> Makefile.binary.in for config.status substitution
+ Add support for installing noexec bits
+ [37d8bb3483c6]
+
+ * Makefile.in:
+ Copy noexec bits into binary dists too No longer use my old arch
+ script for making binary dists
+ [e7058bab9e33]
+
+ * Makefile.binary:
+ Install sudoedit link.
+ [417d1e101711]
+
+2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/utime.h:
+ avoid __P so there is no need for compat.h to be included
+ [6d8d1f1abf7d]
+
+ * utimes.c:
+ Don't use HAVE_UTIME_H before including config.h.
+ [013b7bb61181]
+
+2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ Fix Solatis futimes macro
+ [d4eda2ca0d29]
+
+2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Rename ots -> omtim for improved readability.
+ [127ca5bb297c]
+
+2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Redo changes in revision 1.7. Don't really need to keep the temp
+ file open; re-opening it with the invoking user's euid is
+ sufficient.
+ [55a883165a95]
+
+ * CHANGES:
+ sync
+ [9015b291170d]
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [c0313f6ed783]
+
+ * sudo.pod:
+ back out revision 1.70; it is no long applicable
+ [b641d503aff6]
+
+ * env.c:
+ Let the loader initialize nep
+ [bec192139b02]
+
+ * config.h.in, configure, configure.in:
+ Removed unneed check for fchown Add check for gettimeofday Move
+ autoheader template stuff into separate AH_TEMPLATE lines
+ [bfc0edbd43f2]
+
+ * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+ Use timespec throughout.
+ [1a178a23b69b]
+
+ * Makefile.in:
+ gettime.[co]
+ [6aeb48a7ab7f]
+
+ * gettime.c:
+ function to return the current time in a struct timespec
+ [bf8eb12cb63f]
+
+ * utimes.c:
+ Not a darpa-sponsored file.
+ [121ce5e2036c]
+
+2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add a check for struct timespec and provide it for those without.
+ [42124055030d]
+
+ * config.h.in, configure, configure.in, sudo_edit.c:
+ Add checks for st_mtim and st_mtimespec and add macros for pulling
+ the mtime sec and nsec out of struct stat. These are used in
+ sudo_edit() to better tell whether or not the file has changed.
+ [23debfbb3fab]
+
+ * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+ Add an extra param to touch() for nsec
+ [56f7a4ba8ddb]
+
+ * sudo_edit.c:
+ Call mkstemp() as the in invoking user so we don't have to chown the
+ file later. Only touch() the temp file if we can do it via the file
+ descriptor. Don't check for modification of the temp file if we lack
+ fstat(). Catch errors read()ing the temp file.
+ [665f52c70836]
+
+ * fileops.c:
+ If path is NULL and fd == -1 return -1.
+ [757a518a824c]
+
+ * sudo_edit.c:
+ closefrom() is overkill, the only extra fds are the ones we opened
+ so just close those in the child.
+ [f361c9d2a1f4]
+
+ * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
+ configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
+ visudo.c:
+ Use utimes() and futimes() instead of utime() in touch(), emulating
+ as needed. Not all systems are able to support setting the times of
+ an fd so touch() takes both an fd and a file name as arguments.
+ [3d9276f29717]
+
+2004-09-07 Aaron Spangler <aaron777@gmail.com>
+
+ * env.c:
+ Rare SEGV
+ [8995f828782d]
+
+2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [b8e9406711c5]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Add SUPPORT section and re-order some of the sections to match the
+ order we use in OpenBSD.
+ [fa37bd917e2c]
+
+2004-09-06 Aaron Spangler <aaron777@gmail.com>
+
+ * env.c:
+ Openldap ~/.ldaprc fix
+ [1a37afe6850f]
+
+2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ Talk about how the editor must write its changes to the original
+ file and not just use rename(2).
+ [c55ed91c5ee9]
+
+ * CHANGES:
+ sync
+ [62af26bd37a2]
+
+ * sudo_edit.c:
+ Keep the temp file open instead of re-opening after the editor has
+ exited.
+ [de41eeb6dcf2]
+
+ * sample.pam:
+ Update for current redhat/fedora core.
+ [8cf083077333]
+
+2004-09-03 Aaron Spangler <aaron777@gmail.com>
+
+ * README.LDAP:
+ tls_ examples
+ [ba783d88a034]
+
+2004-09-02 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ config tls_* options
+ [0b0e0797b3b9]
+
+2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ No need for -lcrypt when using pam.
+ [41fff3a53e68]
+
+2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [75820aecce2c]
+
+2004-08-27 Aaron Spangler <aaron777@gmail.com>
+
+ * configure.in, ldap.c, pathnames.h.in:
+ Allow --with-ldap-conf-file option to override LDAP_CONF
+ [c9909bc484a5]
+
+ * ldap.c:
+ cleanup debug message
+ [1f6ca4824d8d]
+
+2004-08-26 Aaron Spangler <aaron777@gmail.com>
+
+ * README.LDAP:
+ more config info
+ [f2e7147fd507]
+
+2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
+ Add cmnd_base to struct sudo_user and set it in init_vars(). Add
+ cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
+ longer use gross statics in command_matches(). Also rename some
+ variables for improved clarity.
+ [7169a6c7bea4]
+
+2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ document HP's crippled compiler deficiency.
+ [c405ea5a8d4c]
+
+ * INSTALL:
+ Fix some thinkos in --with-editor and --with-env-editor
+ descriptions. Noticed by Norihiko Murase.
+ [dd781de1c985]
+
+ * configure, configure.in:
+ --with-noexec takes an optional PATH argument.
+ [8f6ab77f22cc]
+
+ * INSTALL:
+ document --with-noexec
+ [50cb1fc627ce]
+
+2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON, TODO:
+ sync
+ [f2503bd13373] [SUDO_1_6_8]
+
+ * sudo_edit.c:
+ Better warning message when sudoedit is unable to write to the
+ destination file.
+ [f78c18f2ffa8]
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [7e2bf63d6d9a]
+
+ * sudo.pod:
+ Don't italicize the string "sudoedit"
+ [c691643bd269]
+
+2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ Mention GratiSoft.
+ [dc53de581b2d]
+
+2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [8ae0484dfc38]
+
+ * parse.yacc:
+ Reset used_runas to FALSE when re-intializing the parser.
+ [b7403f353a02]
+
+2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess:
+ Correct OpenBSD mips support
+ [314fc7afc165]
+
+ * config.guess:
+ Add OpenBSD/mips
+ [ac87d0a773ef]
+
+2004-08-07 Aaron Spangler <aaron777@gmail.com>
+
+ * README.LDAP:
+ More behavior notes
+ [13be1d212b47]
+
+ * README.LDAP:
+ Updates on current behavior
+ [d498a8866d6f]
+
+2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ =back does not take an indentlevel (makes no difference to formatted
+ files).
+ [9c8523bb382a]
+
+ * sudo.pod:
+ =back does not take an indentlevel (makes no difference to formatted
+ files).
+ [e5f479e24fa8]
+
+ * CHANGES:
+ new
+ [2dbd9aba8b33]
+
+ * sudo.c:
+ Consistency. Use same error for bad -u #uid when targetpw is set as
+ we do when a bad -u username is specified.
+ [922961c4a9d6]
+
+ * TODO:
+ Add checksum idea from Steve Mancini
+ [e6ece1b766ba]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [370d2317829f]
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [f93d41fc38b1]
+
+ * sudo.pod, sudoers.pod:
+ Document the restriction on uids specified via -u when targetpw is
+ set.
+ [878fedb455db]
+
+ * sudo.c:
+ Error out when targetpw is enabled and sudo is run with -u #uid but
+ #uid does not exist in the passwd database. We can't do target
+ authentication when the target is not in passwd!
+ [27c5888c86eb]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [ceb65711050c]
+
+ * TODO:
+ Some more todo for the next release.
+ [7b7417be7601]
+
+ * INSTALL:
+ Make it clear that PAM should be used for DCE support when possible.
+ [7502029fd385]
+
+ * sudoers.pod:
+ o Document problems with wildcards and relative paths. o Make the
+ order requirements more prominent. o Change a "set" to "reset" for
+ clarity.
+ [bacdd181b33f]
+
+2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ Mention --with-secure-path, not SECURE_PATH.
+ [41283ddde5e1]
+
+2004-08-03 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ reflect changes to parse.c
+ [8880fe9b724d]
+
+2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [a57658ca9177]
+
+ * parse.c, parse.h, testsudoers.c, visudo.c:
+ Don't pass user_cmnd and user_args to command_matches(), just use
+ the globals there. Since we keep state with statics anyway it is
+ misleading to pretend that passing in different cmnd and cmnd_args
+ will work.
+ [0a2544991fd6]
+
+ * parse.yacc:
+ Don't pass user_cmnd and user_args to command_matches(), just use
+ the globals there. Since we keep state with statics anyway it is
+ misleading to pretend that passing in different cmnd and cmnd_args
+ will work.
+ [a4910bf6032b]
+
+ * parse.c:
+ Fix a bug introduced in rev. 1.149. When checking for pseudo-
+ commands check for a '/' anywhere in cmnd, not just the first
+ character.
+ [ce98142f03ca]
+
+2004-07-31 Aaron Spangler <aaron777@gmail.com>
+
+ * sudo.man.in, sudo.pod:
+ Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
+ [a91800e094b1]
+
+ * sudoers.man.in, sudoers.pod:
+ Add ignore_local_sudoers
+ [741ddcbf7083]
+
+ * README.LDAP:
+ Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
+ janth@moldung.no
+ [742c02e07cd9]
+
+2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ typo
+ [e7cdefbd7a9a]
+
+2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [734dafc4a85e]
+
+ * parse.c:
+ Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
+ PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
+ [151b7f593568]
+
+2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ PAM change
+ [d8fb6d6a22d0]
+
+2004-07-08 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ Better debugging of ALL command
+ [9db3e84029dc]
+
+2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ When matching for "sudoedit" in sudoers check both the command the
+ user typed *and* the command that is listed in the sudoers entry.
+ [f36ca1f94095]
+
+2004-07-04 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ Added !command feature
+ [ed539574611b]
+
+2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
+ [2be8e0e8813a]
+
+2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ License is ISC-style, not BSD-style
+ [ac0589e1dd5d]
+
+ * CHANGES:
+ sync
+ [16058a30f404]
+
+2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [8820eb9c809b]
+
+ * sudo.pod:
+ o Update some out of date bits to reality o Change the shell promt
+ in examples to bourne-shell style o Clarify some details o Add a
+ CAVEAT about "sudo cd /foo"
+ [b0af373214b6]
+
+ * check.c:
+ Don't ask for a password if invoking user == target user.
+ [dd5c96141132]
+
+ * sudo.c:
+ typo in comment
+ [278d20f9b249]
+
+2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [9036c6f39eff]
+
+ * sudoers.pod:
+ Expand on NOEXEC a little.
+ [9a13756aebe4]
+
+ * TODO:
+ sync
+ [8d2c1af48de8]
+
+ * visudo.cat, visudo.man.in:
+ regen
+ [3921f01607c8]
+
+ * sudo.tab.c:
+ regen
+ [9338c3d68250]
+
+ * visudo.pod:
+ Add a check in visudo for runas_default being set after it has
+ already been used.
+ [6700358d7ad8]
+
+ * CHANGES, parse.yacc, visudo.c:
+ Add a check in visudo for runas_default being set after it has
+ already been used.
+ [803560986a8a]
+
+ * sudo.tab.c:
+ regen
+ [b60636e2cf63]
+
+ * parse.yacc:
+ Add a MATCHED macro for testing whether foo_matches has been set to
+ TRUE or FALSE. This is more readable than checking for >=0 or < 0.
+ Doesn't change the actual code generated.
+ [f376da8ccdc8]
+
+2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat:
+ regen
+ [6cceb6d6c9bd]
+
+ * sudoers.man.in:
+ regen
+ [5acd12b730b3]
+
+ * sudoers.pod:
+ Correct description of where Defaults specs should go.
+ [6b11ff53d7ad]
+
+ * sudoers:
+ Correct description of where Defaults specs should go.
+ [868db857630d]
+
+ * testsudoers.c, visudo.c:
+ update (c) year
+ [272c8a53604c]
+
+ * logging.h:
+ update (c) year
+ [3cec76d400ce]
+
+ * ldap.c:
+ update (c) year
+ [f264632488a0]
+
+ * find_path.c:
+ update (c) year
+ [40c227af9227]
+
+ * auth/pam.c:
+ update (c) year
+ [87149e0eed50]
+
+ * auth/bsdauth.c, auth/kerb5.c:
+ update (c) year
+ [d72eb434c068]
+
+2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [83408d9e9d2e]
+
+ * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
+ Remove trailing spaces, no actual code changes.
+ [4c3bf2819293]
+
+ * tgetpass.c:
+ Remove trailing spaces, no actual code changes.
+ [96f6e0a24c26]
+
+ * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
+ Remove trailing spaces, no actual code changes.
+ [c7075d1cbed5]
+
+ * getcwd.c:
+ Remove trailing spaces, no actual code changes.
+ [776cc0374547]
+
+ * find_path.c:
+ Remove trailing spaces, no actual code changes.
+ [7ed7099f3c71]
+
+ * compat.h, defaults.c, env.c:
+ Remove trailing spaces, no actual code changes.
+ [893e83c33795]
+
+ * check.c:
+ Remove trailing spaces, no actual code changes.
+ [f77750f8803b]
+
+ * sudo.tab.c:
+ regen
+ [62e0ed883b31]
+
+ * parse.yacc:
+ Fix a >=0 that should be <0 that was improperly converted when
+ UNSPEC was added.
+ [ad1531a55a49]
+
+ * parse.yacc:
+ Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
+ NOMATCH when resetting it.
+ [ae017a12870a]
+
+ * parse.yacc:
+ Fix pastos introduced in SETNMATCH addition.
+ [6ea1c9d80681]
+
+2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Update for configure changes
+ [637a635da287]
+
+ * sudo.tab.c:
+ regen
+ [4753c2788713]
+
+ * sudo.h:
+ Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+ these in parse.yacc. Also in parse.yacc initialize the *_matches
+ vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+ when setting *_matches to a value that may be
+ NOMATCH/UNSPEC/TRUE/FALSE.
+ [2ba622e15a4d]
+
+ * parse.yacc:
+ Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+ these in parse.yacc. Also in parse.yacc initialize the *_matches
+ vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+ when setting *_matches to a value that may be
+ NOMATCH/UNSPEC/TRUE/FALSE.
+ [746b519e41a6]
+
+ * parse.yacc:
+ Initialize runas to -2, not -1 since we need to be able to
+ distinguish between the initialized value and the value of a non-
+ match when passing along the runas value to multiple commands.
+
+ The result of this is that an unmatched runas is now set to -1, not
+ 0. This is required now that parse.c treats a FALSE value for runas
+ as being explicitly denied.
+ [7791ed3621f6]
+
+2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, visudo.c:
+ Error out if argc < 1.
+ [ce6b2a9eda3c]
+
+ * getprogname.c:
+ Error out if argc < 1.
+ [c566cce8dc78]
+
+ * configure, configure.in:
+ Add tests for what libs we need to link with for ldap and for
+ whether or not lber.h needs to be explicitly included.
+ [b2e9729cc4e7]
+
+2004-06-03 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ Solaris native LDAP build fix
+ [39929e40eb11]
+
+2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
+ unset variable.
+ [6a4c20a66f98]
+
+ * sudo.h:
+ Add prototype for sudo_ldap_list_matches
+ [443b007a8dab]
+
+ * configure, configure.in:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [567656978f7e]
+
+ * config.h.in:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [34eace4faec8]
+
+ * compat.h:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [8d50ff1bbf2a]
+
+ * closefrom.c:
+ Only check /proc/$$/fd if we have the dirfd function/macro.
+ [15e3ccce7553]
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add a check for a dirfd() function (like Linux) and add a dirfd
+ macro in compat.h if there is no dirfd() function or macro.
+ [1e95756edb50]
+
+ * closefrom.c, getcwd.c:
+ dirfd() is now defined in compat.h as needed.
+ [bb1d79271188]
+
+ * CHANGES:
+ Clarify closefrom() note.
+ [f4e4a5508dda]
+
+ * parse.c:
+ When checking for a command in the directory, only copy the base dir
+ once.
+ [7a3276808b87]
+
+ * closefrom.c:
+ If there is a /proc/$$/fd directory, behave like the Solaris
+ closefrom() and only close the descriptors listed therein.
+ [19de23779e84]
+
+ * alloc.c:
+ compat.h guarantees INT_MAX is defined.
+ [1bf0c79d4606]
+
+ * compat.h:
+ Add definitions of OPEN_MAX and INT_MAX for those without it and
+ remove definition of RLIM_INFINITY (now unused).
+ [f827d1ebf96e]
+
+ * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
+ sudo.c, sudo.h, visudo.c:
+ Use PATH_MAX, not MAXPATHLEN since the former is standardized.
+ [59788f211c24]
+
+2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [d32fa124f1ad]
+
+ * RUNSON:
+ Add some entries that were mailed in a while ago
+ [ff8d5bfec54e]
+
+ * closefrom.c:
+ o sysconf returns a long, not an int. o check for negative return
+ value from sysconf/getdtablesize and use OPEN_MAX in this case. o
+ define OPEN_MAX to 256 for those without it (a fair guess...)
+ [ccf81ae6deb2]
+
+2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * UPGRADE:
+ Mention change in parse order for RunAs entries.
+ [dc73b0bca617]
+
+ * configure:
+ regen
+ [07cce8e0534e]
+
+2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, README.LDAP, config.h.in, configure.in:
+ o --with-ldap now takes an optional dir as a parameter o added
+ check for ldap_initialize() and start_tls_s()
+ [2b846c7974c6]
+
+ * README.LDAP:
+ Fix some typos, word choice and formatting issues.
+ [00dc8ca84b10]
+
+2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
+ read/write as it is simpler.
+ [30f5446ee8b0]
+
+ * configure, configure.in:
+ Remove hack overriding cross-compiler check. It should no longer be
+ needed.
+ [22a6cbd88608]
+
+ * compat.h:
+ Remove select() compat bits since we no longer use select().
+ [d7bbf7cd36f5]
+
+ * CHANGES, tgetpass.c:
+ Use alarm() instead of select() for the timeout for systems that
+ don't fully/properly implement select().
+ [d7cc60f15800]
+
+2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ synbc
+ [132a39788e07]
+
+ * RUNSON:
+ update
+ [61ef508380c6]
+
+ * set_perms.c:
+ Deal with systems that have no way of setting the effective uid such
+ as nsr-tandem-nsk.
+ [306e00e9b5a4]
+
+ * configure, configure.in:
+ Define NO_SAVED_IDS if we don't find seteuid()
+ [8588f18345cf]
+
+ * config.h.in, configure, configure.in:
+ Add back check for setreuid() since NSK doesn't have it.
+ [43127bd703d1]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [af4f4b20e422]
+
+ * CHANGES:
+ sync
+ [29ca3b699c24]
+
+ * BUGS:
+ sync
+ [3593f17f72ed]
+
+ * parse.c:
+ In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
+ explicitly denied and the command matched. This fixes a long-
+ standing bug and makes: foo machine = (ALL) /usr/bin/blah
+ foo machine = (!bar) /usr/bin/blah
+
+ equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
+ [2f5ee244985a]
+
+ * sudoers.pod:
+ Clarify mail_noperm
+ [3238b2d41989]
+
+2004-05-20 Aaron Spangler <aaron777@gmail.com>
+
+ * Makefile.in:
+ Missing DESTDIR in make install for sudo_noexec.la
+ [91431e821525]
+
+2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [cdfde0dcb556]
+
+ * TODO:
+ sync
+ [4799b7d8b62c]
+
+ * sudoers.pod:
+ Remove fastboot/fasthalt (who still remembers these?) and add a
+ minimal sudoedit example.
+ [19d299f233cd]
+
+ * sample.sudoers:
+ Remove fastboot/fasthalt (who still remembers these?) and add a
+ minimal sudoedit example.
+ [b1bca73d6250]
+
+ * UPGRADE, sudo.c, visudo.c:
+ filesystem -> file system
+ [1e1afaf30469]
+
+ * TROUBLESHOOTING:
+ filesystem -> file system
+ [39fb594e9338]
+
+ * CHANGES, INSTALL:
+ filesystem -> file system
+ [85948b608ffe]
+
+ * sudo.pod, sudoers.pod:
+ Fix some minor typos and formatting goofs
+ [e94d243a0b90]
+
+ * lex.yy.c:
+ regen
+ [2eed0ab1f4c4]
+
+ * visudo.pod:
+ remove my email addr
+ [b63262c0389b]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use @mansectform@ and @mansectsu@ everywhere Make man page
+ references links with L<>
+ [f459f4b9ddb9]
+
+ * parse.lex:
+ Accept quoted globbing characters and pass them verbatim for
+ fnmatch()
+ [8248b86e9380]
+
+ * UPGRADE:
+ Document that /tmp/.odus is gone.
+ [3667b66af5bb]
+
+ * pathnames.h.in:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [48d94c9f9ad4]
+
+ * configure:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [058d7b8cf07b]
+
+ * aclocal.m4:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [cf52c4c2803f]
+
+ * CHANGES:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [6058c4cefcec]
+
+ * set_perms.c, sudo.c, tgetpass.c, visudo.c:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches
+ from Tom Bates.
+ [2e5f81834383]
+
+ * logging.c:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches
+ from Tom Bates.
+ [934bbe6872b6]
+
+ * check.c, compat.h:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches
+ from Tom Bates.
+ [390b698b5924]
+
+2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ There was no 1.6.7p6.
+ [8013d2e6b062]
+
+ * BUGS, CHANGES:
+ sync
+ [c38b41f32857]
+
+ * Makefile.in:
+ add missing files to DISTFILES
+ [e6a80ad03039]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ regen
+ [027bc9746dd5]
+
+ * sudoers.man.in:
+ regen
+ [f5e85ef686cf]
+
+ * Makefile.in:
+ Fix some line wrap and update (c) year
+ [bad1f46aa1ca]
+
+2004-04-28 Aaron Spangler <aaron777@gmail.com>
+
+ * README.LDAP:
+ Build Note
+ [7a061248249b]
+
+2004-04-07 Aaron Spangler <aaron777@gmail.com>
+
+ * Makefile.in:
+ Fix install-dirs
+ [be0726dd92e7]
+
+2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [3f4f0d1ab8b9]
+
+ * visudo.c:
+ In Exit() when used as a signal handler, emsg is a pointer so
+ sizeof() is wrong so make it a #define instead. Also avoid using a
+ negative exit value. Found by Aaron Campbell
+ [78716a3a3fdc]
+
+2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Remove bogus sentence about uids in a User_List. Document usernames
+ vs. uid parsing in a Runas_List.
+ [7ca510b5031c]
+
+ * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+ If the user specified a uid with the -u flag and the uid exists in
+ the passwd file, set runas_user to the name, not the uid.
+
+ When comparing usernames in sudoers, if a name is really a uid
+ (starts with '#') compare it numerically to pw_uid.
+ [8d6935d04673]
+
+2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ krb5_mcc_ops should be const; Johnny C. Lam
+ [aa8c753e426e]
+
+2004-02-28 Aaron Spangler <aaron777@gmail.com>
+
+ * CHANGES, config.h.in, ldap.c:
+ Added start_tls support
+ [7ef864c15b69]
+
+2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Clean up libtool stuff for 'make distclean' and add def_data.c,
+ def_data.h to PARSESRCS.
+ [bf9bb6bb06ab]
+
+2004-02-14 Aaron Spangler <aaron777@gmail.com>
+
+ * strlcat.c, strlcpy.c:
+ Un-Fix last license munge
+ [42654b77ac71]
+
+2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [e4de6b23a4dc]
+
+ * CHANGES, RUNSON, TODO:
+ checkpoint
+ [94e1ace84d5c]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [8ce784505643]
+
+ * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
+ emul/search.h, emul/utime.h:
+ More to a less restrictive, ISC-style license.
+ [a31b20e48003]
+
+ * auth/kerb5.c, auth/pam.c:
+ More to a less restrictive, ISC-style license.
+ [e41f92b41216]
+
+ * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
+ More to a less restrictive, ISC-style license.
+ [87534c164a52]
+
+ * auth/bsdauth.c:
+ More to a less restrictive, ISC-style license.
+ [e21be6594b58]
+
+ * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
+ More to a less restrictive, ISC-style license.
+ [6d234be91c5e]
+
+ * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
+ visudo.man.in, visudo.pod:
+ More to a less restrictive, ISC-style license.
+ [b02aea324fd6]
+
+ * sudo_noexec.c:
+ More to a less restrictive, ISC-style license.
+ [a6da7631e0b2]
+
+ * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudo_edit.c:
+ More to a less restrictive, ISC-style license.
+ [71cdcc241e94]
+
+ * sigaction.c, strerror.c:
+ More to a less restrictive, ISC-style license.
+ [4bccdedca58a]
+
+ * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
+ set_perms.c:
+ More to a less restrictive, ISC-style license.
+ [64d772d70ab3]
+
+ * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, interfaces.h:
+ More to a less restrictive, ISC-style license.
+ [520381c60a54]
+
+ * find_path.c, getprogname.c:
+ More to a less restrictive, ISC-style license.
+ [f605d5eab6f1]
+
+ * fileops.c:
+ More to a less restrictive, ISC-style license.
+ [4129a8b38a67]
+
+ * env.c:
+ More to a less restrictive, ISC-style license.
+ [d5bd859757de]
+
+ * defaults.h:
+ More to a less restrictive, ISC-style license.
+ [008f5d5743f5]
+
+ * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
+ defaults.c:
+ More to a less restrictive, ISC-style license.
+ [d8d7bfc8a18b]
+
+ * utime.c, version.h:
+ More to a less restrictive, ISC-style license.
+ [e2e038ad8209]
+
+ * parse.lex, parse.yacc:
+ More to a less restrictive, ISC-style license.
+ [2f5942e847a1]
+
+ * Makefile.binary:
+ More to a less restrictive, ISC-style license.
+ [1ed561734535]
+
+2004-02-13 Aaron Spangler <aaron777@gmail.com>
+
+ * sudoers2ldif:
+ Merged in LDAP Support
+ [3994c4d05947]
+
+ * ldap.c, sudo.c, sudo.h:
+ Merged in LDAP Support
+ [547eaa346fcc]
+
+ * def_data.c, def_data.h, def_data.in:
+ Merged in LDAP Support
+ [8fb255280e42]
+
+ * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
+ Merged in LDAP Support
+ [1038092a161e]
+
+2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h, sudo_noexec.c:
+ Only do "extern int errno" if errno is not a macro.
+ [b2e02a08be8b]
+
+2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
+ euid first, then just call setuid(0) to set the real uid too.
+ [f08546e2e0ee]
+
+ * set_perms.c:
+ Use setresuid() and setreuid() for PERM_RUNAS when appropriate
+ instead of seteuid() which may not exist.
+ [ba508581befb]
+
+2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ 2004
+ [37425513a342]
+
+ * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
+ Add --with-pc-insults configure option
+ [7daa5294c17b]
+
+ * visudo.man.in:
+ Prefer VISUAL over EDITOR like old vipw did.
+ [996252a4ab65]
+
+2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [a247f1c52eb9]
+
+ * sudoers.pod:
+ Add a note that noexec is not a cure-all.
+ [9e7fc535367d]
+
+ * sudoers.pod:
+ Mention that disabling "root_sudo" is pretty pointless.
+ [f38a415afba0]
+
+ * configure, configure.in:
+ Substitute for root_sudo in sudoers.pod
+ [ce483cfc86be]
+
+ * sudo.pod:
+ Add sudoedit to the NAME section
+ [51bc453ec2f6]
+
+ * sudoers.pod:
+ Document that fact that setting ignore_dot in sudoers has no effect
+ due to the fact that find_path() is called *before* sudoers is read.
+ [6808df7e417c]
+
+2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Do not require _PATH_USRTMP to be set.
+ [546f3270dd10]
+
+ * BUGS, CHANGES, TODO:
+ sync
+ [4205ddeab781]
+
+ * sudo.man.in:
+ regen
+ [e2143690a88a]
+
+ * sudo.pod:
+ Clarify that when sudo is run by root with the SUDO_USER variable
+ set, the sudoers lookup happens for root and not the SUDO_USER user.
+ [47207bec1bdf]
+
+2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
+ set_perms.c, sigaction.c, sudo.c, tgetpass.c:
+ Use the SET, CLR and ISSET macros.
+ [a8b0d7f1e8fd]
+
+ * fnmatch.c:
+ Use the SET, CLR and ISSET macros.
+ [1afbcba22ba6]
+
+ * defaults.c, env.c:
+ Use the SET, CLR and ISSET macros.
+ [2f39431e0a49]
+
+ * interfaces.h:
+ MAIN was replaced with _SUDO_MAIN some time ago.
+ [ea1b38f2ac9d]
+
+ * sudo.c:
+ Don't look at prev_user until after we've parsed sudoers and done
+ the password check. That way, if sudo/sudoedit is run from a root
+ process that was invoked by sudo, we check sudoers for root, not the
+ previous user. This makes sudoedit much more useful and means that
+ for the sudo case, we get correct logging on who actually ran the
+ command.
+ [431dfbf20552]
+
+2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Add a comment describing why we need to be notified about our child
+ stopping.
+ [0bec3ce4b49d]
+
+2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.in:
+ Update the noexec variable descriptions
+ [9cb7f1aa0e57]
+
+ * sudoers.man.in, sudoers.pod:
+ noexec now replaces more than just execve()
+ [23cbdc0ee95c]
+
+ * sudo_noexec.c:
+ Alas, all the world does not go through execve(2). Many systems
+ still have an execv(2) system call, Linux 2.6 provides fexecve(2)
+ and it is not uncommon for libc to have underscore ('_') versions of
+ the functions to be used internally by the library. Instead of
+ stubbing all these out by hand, define a macro and let it do the
+ work. Extra exec functions pointed out by Reznic Valery.
+ [9fa0cd871b0c]
+
+ * sudo.c, sudo_edit.c:
+ Fix suspending the editor in -e mode. Because we do a fork() first
+ we need to be notified when the child has been stopped and then send
+ that same signal to ourself so the shell can do its job control
+ thing.
+ [773165eb6057]
+
+ * visudo.c:
+ Use WIFEXITED and WEXITSTATUS macros. If there are systems out
+ there that want to run sudo that still don't support these we can
+ try to deal with that later.
+ [6af68e4aff60]
+
+ * lex.yy.c:
+ regen
+ [403435317d5d]
+
+ * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
+ Document sudo -e / sudoedit
+ [a80f6ea910af]
+
+ * configure, configure.in:
+ fix typo
+ [5020fcdc27f4]
+
+ * config.h.in, configure.in:
+ Add SET/CLR/ISSET
+ [03ff57286e7e]
+
+2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Allow non-exclusive flags when invoked as sudoedit. Pretty print the
+ long usage() line to not wrap (assumes 80 char display)
+ [3941fa4004bb]
+
+ * Makefile.in, sudo.c:
+ If sudo is invoked as "sudoedit" the -e flag is implied and no other
+ flags are permitted.
+ [929670b01293]
+
+ * sudo.h:
+ Add a new flag, -e, that makes it possible to give users the ability
+ to edit files with the editor of their choice as the invoking user,
+ not the runas user. Temporary files are used for the actual edit
+ and the temp file is copied over the original after the editor is
+ done.
+ [c4051414c1f4]
+
+ * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
+ Add a new flag, -e, that makes it possible to give users the ability
+ to edit files with the editor of their choice as the invoking user,
+ not the runas user. Temporary files are used for the actual edit
+ and the temp file is copied over the original after the editor is
+ done.
+ [37ac05c8ac3c]
+
+ * env.c, sudo.c:
+ If real uid == 0 and the SUDO_USER environment variables is set, use
+ that to determine the invoking user's true identity. That way the
+ proper info gets logged by someone who has done "sudo su" but still
+ uses sudo to as root. We can't do this for non-root users since
+ that would open up a security hole, though perhaps it would be
+ acceptable to use getlogin(2) on OSes where this a system call (and
+ doesn't just look in the utmp file).
+ [c2f9198708a1]
+
+ * pathnames.h.in:
+ Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
+ [7d9e5768df93]
+
+ * config.h.in, configure, configure.in:
+ Add check for fchown(2)
+ [a85df18798ed]
+
+2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Back out portions of the -i commit that set NewArgv[0] in
+ set_runaspw. It is far to late to set NewArgv[0] there and will have
+ no effect anyway as cmnd and safe_cmnd have already been set.
+ [c2d343430c1c]
+
+ * visudo.c, visudo.pod:
+ Prefer VISUAL over EDITOR like old vipw did.
+ [ae32f477cea3]
+
+2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ In -i mode always set new environment based on the runas user's
+ passwd entry.
+ [fa653b7887a8]
+
+2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudo.pod:
+ Document the new -i flag and sync SYNOPSIS section with usage() in
+ sudo.c. Also sort the flags in the OPTIONS section.
+ [6aabc0ffc47e]
+
+ * sudo.c, sudo.h:
+ o Add -i that acts similar to "su -", based on patches from David J.
+ MacKenzie o Sort the flags in the usage message
+ [c0fe7d6beffd]
+
+ * sudoers.man.in, sudoers.pod:
+ Add a missing @runas_default@ substitution.
+ [60516fe2d090]
+
+2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Change euid to runas user before calling find_path().
+ Unfortunately, though runas_user can be modified in sudoers we
+ haven't parsed sudoers yet.
+ [f469fdf2e313]
+
+ * sudoers.man.in, sudoers.pod:
+ Add missing defintion of Parameter_List and use single pipes in the
+ Defaults EBNF definition.
+ [f7bed6e909bf]
+
+ * sudo.c:
+ Fix a bug when set_runaspw() is used as a callback. We don't want
+ to reset the contents of runas_pw if the user specified a user via
+ the -u flag.
+
+ Avoid unnecessary passwd lookups in set_authpw(). In most cases we
+ already have the info in runas_pw.
+ [efc35623ba09]
+
+2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Add Stan Lee / Uncle Ben quote to the lecture from RedHat
+ [ebd5a76ccd7e]
+
+ * sudo.h:
+ Update sudo_getepw() proto and add one for set_runaspw()
+ [6ed65795c17f]
+
+ * parse.c:
+ If we can't stat the command as root, try as the runas user instead.
+ [ae713fca0e15]
+
+ * testsudoers.c, visudo.c:
+ Add stub set_runaspw() function
+ [42aa37050053]
+
+ * sudo.c:
+ Add set_runaspw() function to fill in runas_pw. This will be used
+ as a callback to update runas_pw when the runas user changes.
+ [e570aa0088d0]
+
+ * env.c, sudo.c:
+ PERM_RUNAS -> PERM_FULL_RUNAS
+ [51eec6f9e89a]
+
+ * set_perms.c, sudo.h:
+ Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
+ changes the euid.
+ [877c6fe4d12c]
+
+ * getspwuid.c:
+ Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
+ one chunk for easy free()ing. Also change it from static to extern.
+ [ab503260a7ec]
+
+ * defaults.c, defaults.h:
+ Add callback support
+ [a61c4ca983fb]
+
+ * mkdefaults:
+ Add a callback field and use it for runas_default
+ [96b69c27df5e]
+
+ * def_data.c, def_data.in:
+ Add a callback field and use it for runas_default
+ [d3e9f06872b8]
+
+2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c:
+ Add support for chalnecho and display server responses used by fwtk
+ >= 2.0
+ [b1870f7aaf0d]
+
+2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.man.in, sudoers.pod:
+ ld.so is ld.so.1 on solaris
+ [2bf9a123fa4c]
+
+ * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
+ Use closefrom() instead of doing the equivalent inline.
+ [7e3ef6072884]
+
+ * closefrom.c:
+ closefrom(3) for systems w/o it
+ [35caf58bb636]
+
+2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.man.in:
+ Update from .pod file.
+ [d4c94fc0e0c9]
+
+ * configure, configure.in:
+ Substitute noexec_file for the sudoers man page
+ [203d3376a551]
+
+ * sudo.man.in, sudo.pod:
+ Mention noexec
+ [014375ddbb06]
+
+ * sudoers.man.in, sudoers.pod:
+ Document noexec
+ [49a65d06201f]
+
+ * auth/pam.c, config.h.in, configure.in:
+ Move PAM_CONST macro definition from config.h to pam.c where it
+ belongs. We can't have this in config.h since that gets included too
+ early.
+ [e64748071637]
+
+ * auth/pam.c, config.h.in, configure, configure.in:
+ Some PAM implementations put their headers in /usr/include/pam
+ instead of /usr/include/security.
+ [8cc749e9575c]
+
+ * configure.in:
+ I missed changing the EXEC macro -> EXECV here when I changed this
+ in config.h.in and sudo.c a while ago.
+ [6f5afac7789f]
+
+ * acsite.m4:
+ OpenBSD vax/m88k/hppa don't do shared libs
+ [e4901d958bb7]
+
+ * configure, configure.in:
+ o merge the hpux case entries into a single entry w/ its own sub-
+ case statement. o HP-UX >= 11 support getspnam(), use it in
+ preference to getprpwuid()
+ [0caad428894e]
+
+ * configure, configure.in:
+ eval $shrext so that it expands nicely on MacOS X
+ [40419343eef8]
+
+ * Makefile.in:
+ Don't lie about making a module, it does the wrong thing on mach
+ [7629b28f5688]
+
+ * ltmain.sh:
+ Remove requirement that libs must begin with "lib". They don't when
+ we point directly at the lib using LD_PRELOAD or its equivalent.
+ [d66f3de6ec85]
+
+ * acsite.m4:
+ Disable support for c++, f77 and java. We don't need it, it takes a
+ lot of time, and it hosed our check for shared lib support.
+ [4f5749c52ce4]
+
+ * configure:
+ regen
+ [160865e9d15f]
+
+ * configure.in:
+ Call AC_ENABLE_SHARED and check the status of enable_shared to know
+ when shared libs are available.
+ [42504c1668fc]
+
+ * acsite.m4:
+ Duh, OpenBSD suports shared libs too
+ [8e3cd9417475]
+
+ * config.h.in, configure.in:
+ Only OpenPAM and Linux PAM use const qualifiers.
+ [b2f76476e866]
+
+ * configure, configure.in:
+ o No need to check for sed, libtool config does that for us o move
+ check for --with-noexec until after libtool magic is run so we can
+ use $can_build_shared and $shrext
+ [668c656e89cc]
+
+ * ltmain.sh:
+ Don't print a bunch of crap about library installs since we are not
+ really installing a library.
+ [83fbcad29fe4]
+
+ * env.c:
+ Make format_env() varargs Add noexec support for Darwin, MacOS X,
+ Irix, and Tru64
+ [468885d75d10]
+
+ * acsite.m4, ltconfig, ltmain.sh:
+ Update to libtool 1.5 with local changes: o no ldconfig in the
+ finish step o assume no libprefix or version is needed
+ [4961cffc3797]
+
+ * sudo_noexec.c:
+ Fix compilation under K&R
+ [8b309bf0b1b2]
+
+2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint
+ [3c368badab32]
+
+ * sudo_noexec.c:
+ stub execve() that just returns EACCES; used for noexec
+ functionality
+ [1297acae283a]
+
+ * sudo.tab.h:
+ Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+ generated code.
+ [dcab78c49273]
+
+ * sudo.tab.c:
+ Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+ generated code.
+ [0a61c735eabe]
+
+2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in:
+ Move the environment defaults to the end and shorten a few of the
+ descriptions.
+ [66787b9c612c]
+
+ * configure, configure.in:
+ no shared libs on ultris or convexos
+ [2c5f3c456e32]
+
+ * Makefile.in, configure, configure.in:
+ Build sudo_noexec shared object using libtool; could use some
+ cleanup.
+ [373f483555dd]
+
+ * acsite.m4, ltconfig, ltmain.sh:
+ libtool scaffolding
+ [c903a42e3d90]
+
+ * parse.yacc, sudo.tab.c:
+ Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
+ important.
+ [c6e8a34639a4]
+
+ * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
+ parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
+ update copyright year
+ [a16372ae1711]
+
+ * configure, configure.in, defaults.c, env.c, pathnames.h.in:
+ Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
+ option. The default value of noexec_file is set to this.
+ [7d88e1d3c494]
+
+ * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
+ parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+ sudo.tab.h:
+ Add support for preloading a shared object containing a dummy
+ execve() function that just sets error and returns -1. This adds a
+ "noexec_file" option to load the filename as well as a "noexec" flag
+ to enable it unconditionally. There is also a NOEXEC tag that can
+ be attached to specific commands and an EXEC tag to disable it.
+ [c8b6712feb91]
+
+ * mkdefaults:
+ add missing newline to usage statement
+ [e84746618362]
+
+ * config.h.in, sudo.c:
+ Rename EXEC macro -> EXECV
+ [ddaa0c027299]
+
+ * logging.c:
+ Don't truncate usernames to 8 characters in the log message.
+ [f62a20f27075]
+
+ * check.c, sudoers.man.in, sudoers.pod:
+ Update copyright year
+ [ca9964054085]
+
+ * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
+ sudoers.pod:
+ Add a new option, lecture_file, that can be used to point to a
+ custom sudo lecture.
+ [940133231216]
+
+2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [161b6d74bfb4]
+
+ * zero_bytes.c:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [d035abf0af94]
+
+ * Makefile.in, sudo.h:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [ff136de3e255]
+
+ * err.c:
+ Use #ifdef __STDC__, not #if __STDC__.
+ [6889dd6bc51a]
+
+2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkdefaults:
+ Always put at least one space between the def_* macro name and its
+ definition.
+ [6b3ad0e6619a]
+
+ * configure, configure.in:
+ Adjust code for --without-lecture to match new values.
+ [062aa788a6b9]
+
+ * visudo.man.in:
+ regen after pasto fix
+ [3deec16906c0]
+
+ * sudoers.man.in, sudoers.pod:
+ Document that "lecture" has changed from a flag to a tuple.
+ [e2c03062b533]
+
+ * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
+ defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
+ Add support for tuples in def_data.in; these are implemented as an
+ enum type. Currently there is only a single tuple enum but in the
+ future we may have one tuple enum per T_TUPLE entry in def_data.in.
+ Currently listpw, verifypw and lecture are tuples. This avoids the
+ need to have two entries (one ival, one str) for pwflags and syslog
+ values.
+
+ lecture is now a tuple with the following values: never, once,
+ always
+
+ We no longer use both an int and string entry for syslog facilities
+ and priorities. Instead, there are logfac2str() and logpri2str()
+ functions that get used when we need to print the string values.
+ [5293f946c836]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
+ check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
+ logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
+ sudo.tab.c, visudo.c:
+ Create def_* macros for each defaults value so we no longer need the
+ def_{flag,ival,str,list,mode} macros (which have been removed). This
+ is a step toward more flexible data types in def_data.in.
+ [009c02934106]
+
+ * TODO:
+ checkpoint
+ [0a99a4bb5d15]
+
+2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ If we are in -k/-K mode, just spew to stderr. It is not unusual for
+ users to place "sudo -k" in a .logout file which can cause sudo to
+ be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
+ Previously, this would result in useless mail and logging.
+ [d282e7ed63af]
+
+2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.pod:
+ fix pasto in VISUAL description
+ [1c6a6148b5f9]
+
+2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [f44312c63799]
+
+ * CHANGES:
+ checkpoint
+ [0c42e38f78d5]
+
+ * TROUBLESHOOTING:
+ Some OSes (like Solaris) allow export w/ nosuid too
+ [973ce85ffa12]
+
+2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ We don't use FD_ZERO anymore so just define FD_SET (if not already
+ there).
+ [d1c8c11905cd]
+
+2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Fix a core dump on Solaris by preserving the pam_handle_t we used
+ during authentication for pam_prep_user(). If we didn't
+ authenticate (ie: ticket still valid), we call pam_init() from
+ pam_prep_user(). This is something of a hack; it may be better to
+ change the auth API and add an auth_final() function that acts like
+ pam_prep_user().
+ [f787de49b175]
+
+2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Add explicit declaration of printerr variable in function header
+ (was defaulting to int which is OK but oh so K&R :-). From Theo.
+ [492c2358783f]
+
+2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ s/HAVE_STOW/USE_STOW/
+ [4b99e1824ece]
+
+ * logging.c:
+ Also exit waitpid() loop when pid == 0. Fixes a problem where the
+ sudo process would spin eating up CPU until sendmail finished when
+ it has to send mail.
+ [ec3d5792b9b4]
+
+2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ Remove advertising clause, UCB has disavowed it
+ [43a26bbd6628]
+
+ * fnmatch.3:
+ Remove advertising clause, UCB has disavowed it
+ [3ff24291bcfa]
+
+2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Don't assume that getgrnam() calls don't modify contents of struct
+ passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
+ Based on a patch from Kirk Webb.
+ [5574c68f60f3]
+
+2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ missing ;;
+ [22378f2a9d31]
+
+ * configure.in:
+ darwin has a broken setreuid() in at least some versions
+ [d572aed930d2]
+
+ * env.c:
+ Fix an off by one error when reallocating the environment; Kevin Pye
+ [3d98e7cf097a]
+
+2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Fix User_Spec definition; SEKINE Tatsuo
+ [49b0da65e090]
+
+2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ More info on the early days from Coggs.
+ [9381ca10b06b]
+
+2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ remove errant semicolon that prevented compilation under heimdal
+ [d2f2bb73a598]
+
+2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
+ add DARPA credit on affected files
+ [7020785ee50d]
+
+ * sudoers.pod:
+ add DARPA credit on affected files
+ [83b46318750b]
+
+ * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudoers.man.in:
+ add DARPA credit on affected files
+ [d8adf1c2ba22]
+
+ * set_perms.c:
+ add DARPA credit on affected files
+ [3d79fdabb582]
+
+ * pathnames.h.in:
+ add DARPA credit on affected files
+ [e334cdda422f]
+
+ * logging.c, parse.c:
+ add DARPA credit on affected files
+ [8f75f822755b]
+
+ * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
+ find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
+ interfaces.h:
+ add DARPA credit on affected files
+ [da66e28fb3f5]
+
+ * auth/kerb5.c, auth/pam.c:
+ add DARPA credit on affected files
+ [15da3021b49c]
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
+ version.h:
+ add DARPA credit on affected files
+ [868d54cbddea]
+
+ * env.c:
+ add DARPA credit on affected files
+ [90239f51ef0a]
+
+ * defaults.c, defaults.h:
+ add DARPA credit on affected files
+ [6a64205fd1eb]
+
+ * compat.h:
+ add DARPA credit on affected files
+ [316a735783c4]
+
+ * Makefile.in, alloc.c, check.c:
+ add DARPA credit on affected files
+ [cd939e05c810]
+
+ * LICENSE:
+ slightly different wording for the darpa credit
+ [e468909c4a21]
+
+2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ Add DARPA credit
+ [8eb20e2cd63e]
+
+2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Use krb5_princ_component() instead of krb5_princ_realm() for MIT
+ Kerberos like we did before I messed things up ;-)
+
+ Use krb5_principal_get_comp_string() to do the same thing w/
+ Heimdal. I'm not sure if the component should be 0 or 1 in this
+ case.
+
+ #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
+ older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
+ should be a configure check for this I guess.
+ [74919a3933fe]
+
+2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ builtin -> built-in; Jason McIntyre
+ [027f2187923e]
+
+ * TROUBLESHOOTING, config.h.in, configure, configure.in:
+ builtin -> built-in; Jason McIntyre
+ [70b81ac48943]
+
+ * sudoers.pod:
+ built in -> built-in; Jason McIntyre
+ [da658ef5138d]
+
+2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint for 1.6.7p3
+ [da85f989fadf]
+
+ * HISTORY:
+ Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
+ Amazingly, sudo source from 1985 is available via groups.google.com
+ [39e0fc85b89f]
+
+ * sudo.c:
+ Don't change rl.rlim_max for RLIMIT_CORE. We need only set
+ rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
+ RLIMIT_CORE restoration on some OSes.
+ [7e2c1a7adfd8]
+
+2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Make this compile on Heimdal and MIT Kerberos 5
+ [44c07d615868]
+
+ * config.h.in, configure, configure.in:
+ Check for heimdal even if we found krb5-config and define
+ HAVE_HEIMDAL.
+ [aba0126f0059]
+
+ * auth/kerb5.c:
+ Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
+ no longer defined by MIT kerb5 (though it used to be and indeed
+ remains so in Heimdal).
+ [e5a6c64d7cd5]
+
+2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkinstalldirs:
+ Remove newer stuff that passes multiple (possibly duplicate)
+ directories to "mkdir -p" since that seems to break on Tru64 Unix at
+ least. This basically brings back what shipped with sudo 1.6.6.
+ [f2a1abd872b3]
+
+2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Correct number of args to krb5_principal_get_realm() and fix an
+ unclosed comment that hid the bug.
+ [0b37f8ce7824]
+
+ * configure:
+ regen
+ [1876cb840fe0]
+
+ * configure.in:
+ ++version
+ [480aff7c048e]
+
+ * README:
+ ++version
+ [488e0bbff613]
+
+ * Makefile.in:
+ ++version
+ [97ef63cedc38]
+
+ * INSTALL.binary:
+ ++version
+ [a506204e77d0]
+
+ * INSTALL:
+ ++version
+ [555aeba5c2bf]
+
+ * CHANGES, version.h:
+ ++version
+ [f66985a64063]
+
+ * BUGS:
+ ++version
+ [ea3573432412]
+
+ * configure.in:
+ use krb5-config to determine Kerberos V details if it exists
+ [7b46bbdaf774]
+
+ * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
+ find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
+ testsudoers.c, visudo.c:
+ Use warn/err and getprogname() throughout. The main exception is
+ openlog(). Since the admin may be filtering logs based on the
+ program name in the log files, hard code this to "sudo".
+ [9f180d015cfa]
+
+ * Makefile.in:
+ Add getprogname.c and err.c
+ [d411c54a07dc]
+
+ * configure:
+ regen
+ [6d585d391acc]
+
+ * config.h.in, configure.in:
+ Add checks for getprognam(), __progname and err.h
+ [bcbccf61d34a]
+
+ * emul/err.h:
+ For systems withour err/warn functions.
+ [1b33118884d9]
+
+ * err.c:
+ For systems withour err/warn functions.
+ [26721f6b041f]
+
+ * getprogname.c:
+ For systems neither getprogname() nor __progname; uses Argv[0].
+ [841cf42af1eb]
+
+2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint for 1.6.7p1
+ [5bfdaf441dce]
+
+ * sudo.c, testsudoers.c:
+ fix strlcpy() rval check (innocuous)
+ [e05ac7e0d1f3]
+
+ * check.c:
+ oflow detection in expand_prompt() was faulty (false positives). The
+ count was based on strlcat() return value which includes the length
+ of the entire string.
+ [086c5a0acb25]
+
+2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON, TODO:
+ checkpoint for the sudo 1.6.7 release
+ [096bab4da29a] [SUDO_1_6_7]
+
+ * CHANGES:
+ checkpoint for the sudo 1.6.7 release
+ [87322187ed78]
+
+2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ g/c unused variable
+ [c57cd4a17765]
+
+ * configure:
+ regen
+ [e7c1f581dfac]
+
+ * configure.in:
+ use man sections 8 and 5 for csops
+ [87de581bda88]
+
+2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [cb1433a9c7a1]
+
+ * configure.in:
+ Add -lskey or -lopie directly to SUDO_LIBS instead of having
+ AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
+ [ac5667978939]
+
+ * configure:
+ regen
+ [638459118a2a]
+
+ * configure.in:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [c7d17b480cad]
+
+ * aclocal.m4:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [37022e991575]
+
+ * INSTALL:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [4b4bbe5bbe1b]
+
+ * configure.in:
+ add AIX blibpath support
+ [16ba788bf086]
+
+ * INSTALL, configure.in:
+ --with-skey and --with-opie now take an option directory argument
+ This obsoletes a --with-csops hack (/tools/cs/skey)
+
+ Also remove the remaining direct uses of "echo"
+ [5b4986a90c03]
+
+2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Detect KTH Kerberos IV and deal with it. Also make -lroken optional
+ for KTH Kerberos IV and V.
+ [119f97b48e18]
+
+ * aclocal.m4:
+ Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
+ -R/path/to/dir if $with_rpath) to the specified variable.
+ [e55e49d076ce]
+
+ * INSTALL, configure.in:
+ Add -R/path/to/libs for Solaris and SVR4. There is a new configure
+ option, --with-rpath to control this behavior.
+ [d4730c5399ab]
+
+ * configure.in:
+ for kerb4 put libdes after libkrb on the link line
+ [5c566100eab6]
+
+ * auth/kerb4.c:
+ typo
+ [6541b72b64a3]
+
+ * configure.in:
+ fix kerberos lib check when a path is specified
+ [ae833a914c6f]
+
+ * logging.c:
+ Fix boolean thinko in SIGCHLD reaper and call reapchild after
+ sending mail instead of doing a conditional sudo_waitpid.
+ [86fa9a35df5a]
+
+2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [e6275cf528ba]
+
+ * configure.in:
+ replace =DIR with [=DIR] where sensible
+ [c39a59173b38]
+
+ * configure.in:
+ o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
+ detection based on openssh's configure.in
+ [5b7a340912df]
+
+ * INSTALL:
+ --with-kerb4 and --with-kerb5 now take an optional argument.
+ [71ed87fc9c64]
+
+2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid.c:
+ Kill remaining strcpy(), the programmer's guide says username is 32
+ bytes.
+ [bdba70fcd08d]
+
+ * auth/kerb4.c:
+ trat uid_t as unsigned long for printf and use snprintf, not sprintf
+ [8072f5f8966d]
+
+ * auth/rfc1938.c:
+ use snprintf
+ [fc0c70c665fe]
+
+2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/sudo_auth.c:
+ update copyright year
+ [b0a10ccb1d0e]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ update copyright year
+ [8fce0034eb51]
+
+ * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
+ configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
+ parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
+ sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
+ update copyright year
+ [d541e75fe520]
+
+ * check.c, env.c, sudo.c:
+ Cast [ug]ids to unsigned long and printf with %lu
+ [2ede64d3592b]
+
+ * configure:
+ regen
+ [c7c3245bdf3e]
+
+ * configure.in:
+ correct error messages for --with-sudoers-{mode,uid,gid}
+ [77fc15b1c9db]
+
+ * alloc.c:
+ make the malloc(0) error specific to each function to aid tracking
+ down bugs.
+ [a58c34374b4b]
+
+ * alloc.c:
+ deal with platforms where size_t is signed and there is no SIZE_MAX
+ or SIZE_T_MAX
+ [7192abb4ab4e]
+
+ * auth/kerb5.c:
+ Make this compile w/ Heimdal and fix some gcc warnings.
+ [f52f026f31c2]
+
+ * sudo.c:
+ Use stat_sudoers macro so --with-stow can work
+ [c3674735c139]
+
+ * INSTALL, config.h.in, configure, configure.in:
+ Add support for --with-stow based on patches from Robert Uhl
+ [b274cc1dd52c]
+
+ * env.c:
+ fix indentation
+ [110d9f1721b1]
+
+ * configure.in:
+ back out rev 1.352
+ [1eee91c83f11]
+
+ * lex.yy.c:
+ regen
+ [72fba1c9590b]
+
+ * parse.lex:
+ use strlcpy, not strncpy
+ [4faccbaeccef]
+
+ * set_perms.c:
+ Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
+ [33bf0d18fdc1]
+
+ * logging.c:
+ use pid_t
+ [3e0536993d2c]
+
+2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * strlcat.c, strlcpy.c:
+ Make gcc shutup about unused rcsid
+ [1669a0c74e9e]
+
+ * interfaces.c:
+ Move the n == 0 check for the non-getifaddrs cas
+ [2460be061b2a]
+
+ * auth/rfc1938.c:
+ skeychallenge() on NetBSD take a size parameter
+ [05acc2012801]
+
+ * configure:
+ regen
+ [24bccf4749e8]
+
+ * configure.in:
+ put -ldl after -lpam, not before; fixes static linking on Linux
+ [7f06b7b2b4d8]
+
+ * interfaces.c:
+ Avoid malloc(0) and fix the loop invariant for the getifaddrs()
+ case.
+ [239a55068646]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ regen
+ [4a2eed3981ca]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ regen
+ [2c96ea2cf930]
+
+ * Makefile.in:
+ Preserve copyright notice from .pod file in .man.in file
+ [519fbd09aebc]
+
+ * visudo.pod:
+ Add sudoers(5) to SEE ALSO
+ [77ecfe3aedf1]
+
+2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c:
+ regen
+ [6f5751ce0b74]
+
+ * parse.lex:
+ Don't assume libc can realloc() a NULL string. If malloc/realloc
+ fails, make sure we just return; yyerror() is not terminal.
+ [1b8618623708]
+
+ * lex.yy.c:
+ regen
+ [5d31b46191c6]
+
+ * parse.lex:
+ simplify fill_args a little and use strlcpy for paranoia
+ [0ea35a55542b]
+
+ * sudo.tab.c:
+ regen
+ [5a8d508d708b]
+
+ * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
+ testsudoers.c:
+ Use strlc{at,py} for paranoia's sake and exit on overflow. In all
+ cases the strings were either pre-allocated to the correct size of
+ length checks were done before the copy but a little paranoia can go
+ a long way.
+ [e73d28f1d14e]
+
+ * sudo.h:
+ Add strlc{at,py} protos
+ [748ffc7fc7f4]
+
+ * env.c, interfaces.c:
+ Use erealloc3()
+ [47f2cb46aba8]
+
+ * configure:
+ regen
+ [e7e2fb79f935]
+
+ * alloc.c:
+ Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
+ memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
+ [7e0fa4d6fc1d]
+
+ * sudo.c:
+ snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
+ configure.
+ [09ea4d3959e9]
+
+ * aclocal.m4:
+ In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
+ [31b4fdfdb8bf]
+
+2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Use snprintf() for paranoia
+ [a2659ceb46de]
+
+ * parse.yacc:
+ Use emalloc2 and erealloc3
+ [90a069842401]
+
+ * Makefile.in:
+ strlc{at,py} for those w/o it
+ [bac82dc916ee]
+
+ * strlcat.c, strlcpy.c:
+ stlc{at,py} for those w/o it.
+ [ce7254f5db09]
+
+ * config.h.in, configure, configure.in:
+ Add stlc{at,py} for those w/o it.
+ [00f08219657a]
+
+ * alloc.c, sudo.h:
+ Add erealloc3(), a realloc() version of emalloc2().
+ [c96eaf08bbed]
+
+ * interfaces.c, sudo.c:
+ Use emalloc2() to allocate N things of a certain size.
+ [1e0aba365555]
+
+ * alloc.c, sudo.h:
+ Add emalloc2() -- like calloc() but w/o the bzero and with
+ error/oflow checking.
+ [292150bc4153]
+
+ * alloc.c:
+ Error out on malloc(0); suggested by theo
+ [995279e81326]
+
+2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix a typo; David Krause
+ [f161213a17ab]
+
+2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ fix typo
+ [3ae5ad9a351a]
+
+2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Remove DYLD_ from the environment for MacOS X; from bbraun
+ [38caad5a3935]
+
+2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ not not; Anil Madhavapeddy
+ [d4f4f0bfc66b]
+
+2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ typos; jmc@openbsd.org
+ [868c0f09bf9e]
+
+2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ Add some missing ';' rule terminators that bison warns about.
+ [535b0b8dcce5]
+
+ * config.sub:
+ fix typo I introduced in last merge
+ [81db4e4f43fe]
+
+ * configure:
+ regenerate with autoconf 2.57
+ [ca0c1e9564f8]
+
+ * config.h.in:
+ Add missing "$HOME"
+ [209186197ad1]
+
+ * configure.in:
+ Add some more square backets to make autoconf 2.57 happy
+ [b5639c14faf7]
+
+ * config.sub, mkinstalldirs:
+ Updates from autoconf-2.57
+ [36be35eb331b]
+
+ * config.guess:
+ Updates from autoconf-2.57
+ [ea0f8ca622af]
+
+2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.h:
+ regen
+ [13a65a421567]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [0b529db7cb6d]
+
+ * parse.lex, parse.yacc, sudoers.pod:
+ Add support for Defaults>RunasUser
+ [20d726373175]
+
+2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ fclose() yyin after each yyparse() is done and use fopen() instead
+ of using freopen().
+ [587f8a2df857]
+
+ * parse.lex:
+ Better fix for sudoers files w/o a newline before EOF. It looks
+ like the issue is that yyrestart() does not reset the start
+ condition to INITIAL which is an issue since we parse sudoers
+ multiple times.
+ [920f8326968a]
+
+2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ Work around what appears to be a flex bug when dealing with files
+ that lack a final newline before EOF. This adds a rule to match EOF
+ in the non-initial states which resets the state to INITIAL and
+ throws an error.
+ [b94943bb1f81]
+
+ * visudo.c:
+ o The parser needs sudoers to end with a newline but some editors
+ (emacs) may not add one. Check for a missing newline at EOF and
+ add one if needed. o Set quiet flag during initial sudoers parse (to
+ get options) o Move yyrestart() call and always use freopen() to
+ open yyin after initial sudoers parse.
+ [12d12f9b07aa]
+
+2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Fix pasto/thinko in setresgid()/setregid() usage. Want to set
+ effective gid, not real gid, when reading sudoers.
+ [c7d18b810fcd]
+
+ * set_perms.c:
+ don't compile set_perms_posix if we have setreuid or setresuid
+ [b9cea7a81a29]
+
+2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod:
+ document new prompt escapes
+ [2f088076b640]
+
+ * check.c:
+ Add %U and %H escapes and redo prompt rewriting. "%%" now gets
+ collapsed to "%" as was originally intended. This also gets rid of
+ lastchar (does lookahead instead of lookback) which should simplify
+ the logic slightly.
+ [4b707b77b3c7]
+
+2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Write the prompt *after* turning off echo to avoid some password
+ characters being echoed on heavily-loaded machines with fast
+ typists.
+ [d38c57775915]
+
+ * config.sub:
+ Add support for mipseb; wiz@danbala.tuwien.ac.at
+ [cfdac87ed5c8]
+
+ * configure.in:
+ Fix IRIX fallout from name changes in man dir/sect Makefile
+ variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
+ [9a7618755c23]
+
+ * auth/pam.c:
+ Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
+ the global copy. Problem noted by Peter Pentchev.
+ [d0a3e189cb06]
+
+2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [23b931359087]
+
+ * parse.yacc:
+ Add missing yyerror() calls; YYERROR does not seem to call this for
+ us.
+ [0be7aeb3ac57]
+
+2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix typo in comment; Pedro Bastos
+ [d7406c460e99]
+
+2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ document --disable-setresuid
+ [fbd03d03a027]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Sprinkle some volatile qualifiers to prevent over-enthusiastic
+ optimizers from removing memset() calls.
+ [5370ac0e6129]
+
+ * logging.c, parse.yacc:
+ minor sign fixes pointed out by gcc -Wsign-compare
+ [db872438337f]
+
+ * set_perms.c, sudo.c, sudo.h:
+ Revamp set_perms. We now use a version based on setresuid() or
+ setreuid() when possible since that allows us to support the
+ stay_setuid option and we always know exactly what the semantics
+ will be (various Linux kernels have broken POSIX saved uid support).
+ [523bc212396c]
+
+ * config.h.in, configure:
+ regen from configure.in
+ [351877ea2624]
+
+ * configure.in:
+ Add checks for setresuid() and a way to disable using it
+ [a5b21653d169]
+
+ * compat.h:
+ No long need to emulate set*[ug]id() via setres[ug]id() or
+ setre[ug]id(). The new set_perms stuff only uses things it knows are
+ there.
+ [47884bd5d1d9]
+
+ * sudo.c:
+ Before exec, restore state of signal handlers to be the same as when
+ we were initialy invoked instead of just reseting to SIG_DFL. Fixes
+ a problem when using sudo with nohup. Based on a patch from Paul
+ Markham.
+ [f8f5a1484faa]
+
+ * sudo.c:
+ o timestamp_uid should be uid_t, not int o clarify error message
+ when sudo is run by root and no_root_sudo is set
+ [19dda0734264]
+
+2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ update ftp link for bison
+ [98bc191016e3]
+
+2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Error out if setusercontext() fails and the runas user is not root.
+ [089f9ade4686]
+
+2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid5.c:
+ Fix rcsid
+ [07e9e85dcc2f]
+
+ * configure.in:
+ Fix SecurID API test
+ [5ec201f454a5]
+
+2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ typo in comment
+ [9d385c9ac533]
+
+ * configure.in:
+ securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
+ but I don't see a better way at the moment.
+ [f89e55cbb313]
+
+ * Makefile.in, auth/securid5.c:
+ SecurID API version 5 support from Michael Stroucken
+ [68500ac7e531]
+
+ * configure.in:
+ Add check for SecurID 5.0 API
+ [1ee242e6de6b]
+
+2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * strerror.c:
+ We actually do still need config.h to get the 'const' definition for
+ K&R C.
+ [d9c982032d85]
+
+2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen with autoconf 2.5.3
+ [c71fc086eef5]
+
+ * configure.in:
+ Don't set sysconfdir to '/etc' if the user has specified a --prefix.
+ [d90da1efafd9]
+
+ * configure.in:
+ Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
+ LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
+ [dd67afefa90d]
+
+ * env.c, sudo.c, sudo.h:
+ No need for dump_badenv() now that dump_defaults() knows how to dump
+ lists.
+ [6bcda468501d]
+
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+ version.h:
+ ++version
+ [44e3b8f95f0b]
+
+ * sudoers.pod:
+ document timestampowner
+ [37ebd69e9dd1]
+
+ * check.c:
+ Don't call set_perms() when doing timestamp stuff unless
+ timestamp_uid != 0.
+ [63a63d41d18c]
+
+ * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
+ sudo.h, testsudoers.c:
+ g/c second arg to set_perms--it is no longer used
+ [7ac4ce50c612]
+
+2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, set_perms.c, sudo.c, sudo.h:
+ Add support for non-root timestamp dirs. This allows the timestamp
+ dir to be shared via NFS (though this is not recommended).
+ [faa83dd2b7fb]
+
+ * def_data.c, def_data.h, def_data.in:
+ Add timestampowner, "Owner of the authentication timestamp dir"
+ [d47640d4c86a]
+
+2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Don't try to pre-compute the size of the new envp, just allocate
+ space up front and realloc as needed. Changes to the new env
+ pointer must all be made through insert_env() which now keeps track
+ of spaced used and allocates as needed.
+ [39bc934a9f2c]
+
+2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [0e12c09bb790]
+
+ * configure.in:
+ Fix two typo/pastos; from jrj@purdue.edu
+ [b718a4bf1181]
+
+2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.binary, README:
+ ++version
+ [a1e33027278c] [SUDO_1_6_6]
+
+ * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
+ visudo.cat, visudo.man.in:
+ regen
+ [19eb2be283ef]
+
+ * CHANGES, RUNSON, TODO:
+ Sync with 1.6.6
+ [2ff9a9087f63]
+
+ * check.c:
+ The the loop used to expand %h and %u, the lastchar variable was not
+ being initialized. This means that if the last char in the prompt
+ is '%' and the first char is 'h' or 'u' a extra copy of the host or
+ user name would be copied, for which space had not been allocated.
+ [b2e27197857d]
+
+2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, configure.in, version.h:
+ crank version to 1.6.6
+ [cfd08689e597]
+
+ * auth/afs.c:
+ #undef VOID to get rid of an AFS warning
+ [b40760564dc1]
+
+ * env.c:
+ Use easprintf instead of emalloc + sprintf for some things.
+ [e7bfe2e69a03]
+
+2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [35327104383d]
+
+ * parse.c, parse.lex, parse.yacc, testsudoers.c:
+ Remove Chris Jepeway's email address so people don't bug him ;-)
+ [c03410747a69]
+
+2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
+ endgrent() at the same time.
+ [28b6097d5d1a]
+
+2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Make it clear which configure options take arguments.
+ [38529e7efad0]
+
+2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
+ RLIM_INFINITY, just pretend it is -1. This works because we only
+ check for RLIM_INFINITY and do not set anything to that value.
+ [53173d34e6eb]
+
+2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Zero and free allocated memory when there is a conversation error.
+ [e342133db579]
+
+ * auth/bsdauth.c:
+ Use sigaction() not signal()
+ [126c2790561f]
+
+ * INSTALL:
+ Mention that some linux kernels have broken POSIX saved ID support
+ [571ef1a893d3]
+
+ * CHANGES:
+ checkpoint for 1.6.5p2
+ [9e9e456f7f43]
+
+ * configure:
+ regen
+ [d53703a46708]
+
+ * configure.in:
+ Add --disable-setreuid flag
+ [3b9f2679cb55]
+
+ * INSTALL:
+ Document new --disable-setreuid option and change description for
+ --disable-saved-ids to match new error message.
+ [14fd3e5f60a5]
+
+ * set_perms.c:
+ fatal() now takes an argument that determines whether or not to call
+ perror().
+ [d826b25e62ff]
+
+ * TROUBLESHOOTING:
+ Update for new error messages from set_perms()
+ [78007c3f76a9]
+
+ * PORTING:
+ Update for new error messages from set_perms()
+ [60c545a6bcff]
+
+2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Make this compile w/o warnings
+ [b90843a29af5]
+
+ * auth/pam.c:
+ Mention that we can't use pam_acct_mgmt()
+ [1dfc5a6e0479]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
+ The user's password was not zeroed after use when AIX
+ authentication, BSD authentication, FWTK or PAM was in use.
+ [b18fff30b1e7]
+
+2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Avoid giving PAM a NULL password response, use the empty string
+ instead. This avoids a log warning when the user hits ^C at the
+ password prompt when PAM is in use.
+ [c3315805e4e4]
+
+ * auth/pam.c:
+ Don't check the return value of pam_setcred(). In Linux-PAM 0.75
+ pam_setcred() returns the last saved return code, not the return
+ code for the setcred module. Because we haven't called
+ pam_authenticate(), this is not set and so pam_setcred() returns
+ PAM_PERM_DENIED.
+ [73db145fa179]
+
+ * Makefile.in:
+ Don't need a '/' between $(DESTDIR) and a directory.
+ [0901ca618176]
+
+ * Makefile.binary:
+ Don't need a '/' between $(DESTDIR) and a directory.
+ [cd7eb6098b87]
+
+2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [41b12c039282]
+
+ * configure.in:
+ o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
+ setreuid() o new NetBSD has a real setreuid() o add check for
+ freeifaddrs() if getifaddrs() exists.
+ [a82ee3b01733]
+
+ * config.h.in, interfaces.c:
+ Older BSDi releases lack freeifaddrs() so add a test for that and if
+ it is not present just use free().
+ [6270671ea9d5]
+
+2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, RUNSON:
+ Checkpoint for 1.6.5p1
+ [26134ecf9b36]
+
+ * auth/passwd.c:
+ Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
+ to normal passwords, not AUTH_FATAL (which just causes an exit).
+ [785e0f4bc0e2]
+
+ * visudo.c:
+ Don't use memory after it has been freed.
+ [c60492739fdb]
+
+ * auth/passwd.c:
+ skeyaccess() wants a struct passwd * not a char *; Patch from
+ Phillip E. Lobbes
+ [65a1d3806fcd] [SUDO_1_6_5]
+
+ * BUGS:
+ ++version
+ [b2e1825e692e]
+
+ * CHANGES, RUNSON, TODO:
+ checkpoint for sudo 1.6.5
+ [d730945622e7]
+
+2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [49744c403ac9]
+
+ * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+ version 1.6.5
+ [ec30a5f7fc45]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ sudo version 1.6.5
+ [458a3bed535d]
+
+ * logging.c:
+ o when invoking the mailer as root use a hard-coded environment that
+ doesn't include any info from the user's environment. Basically
+ paranoia.
+
+ o Add support for the NO_ROOT_MAILER compile-time option and run the
+ mailer as the user and not root if NO_ROOT_MAILER is defined.
+ [4df351ec92ce]
+
+ * set_perms.c, sudo.h:
+ Bring back PERM_FULL_USER
+ [edb6039bb284]
+
+ * configure:
+ regen
+ [3eb2943afa03]
+
+ * version.h:
+ version 1.6.5
+ [044fc9a0c72b]
+
+ * INSTALL, config.h.in, configure.in:
+ Add --disable-root-mailer option to run the mailer as the user and
+ not root.
+ [e9f805397963]
+
+ * CHANGES:
+ checkpoint for 1.6.4p2
+ [b58aae5aa98a]
+
+ * PORTING:
+ Mention the "seteuid(0): Operation not permitted" problem here too
+ just for good measure.
+ [90135b37a691]
+
+2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, getspwuid.c, sudo.c:
+ The SHELL environment variable was preserved from the user's
+ environment instead of being reset based on the passwd database when
+ the "env_reset" option was used. Now it is reset as it should be.
+ [300066ef3c71]
+
+ * configure:
+ regen
+ [a47d779e6552]
+
+ * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
+ sudo.c:
+ Add a configure option to turn off use of POSIX saved IDs
+ [fb18cc8e94d0]
+
+ * configure:
+ regen
+ [d4f2f20025b6]
+
+ * configure.in:
+ add --with-efence option
+ [45c4f33a8e88]
+
+ * sudo.c:
+ Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
+ "sudo -l" would not work if always_set_home was set.
+ [c3a6de6c4800]
+
+ * lex.yy.c:
+ regen
+ [417424452998]
+
+ * parse.lex:
+ Quoted commas were not being treated correctly in command line
+ arguments.
+ [753415541b37]
+
+ * sudo.c:
+ o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
+ Otherwise, the set_home option has no effect.
+
+ o Fix use of freed memory when the "fqdn" flag is set. This was
+ introduced by the fix for the "segv when gethostbynam() fails" bug.
+ Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
+ there is no need to check the "fqdn" flag in set_fqdn() itself.
+ [4b6a4245c04e]
+
+ * env.c:
+ Add 'continue' statements to optimize the switch statement. From
+ Solar.
+ [a82c76975ae5]
+
+2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ Regen from new sudoers.pod
+ [6ecc07b3d0e1] [SUDO_1_6_4]
+
+ * sudoers.pod:
+ Add caveat about stay_setuid flag
+ [9d228a7bea1b]
+
+ * sudo.c:
+ If set_perms == set_perms_posix and the stay_setuid flag is not set,
+ set all uids to 0 and use set_perms_fallback().
+ [c4e54d1ec86f]
+
+ * set_perms.c, sudo.h:
+ Remove PERM_FULL_USER (which is no longer used) and add
+ PERM_FULL_ROOT (used when exec'ing the mailer).
+ [15406c522ea2]
+
+ * logging.c:
+ Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
+ never want to run the mailer setuid.
+ [2294853e0666]
+
+2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
+ visudo.pod:
+ Use sudo.ws instead of courtesan.com in URLs
+ [55204002a308]
+
+ * Makefile.binary, Makefile.in:
+ Fix mansect substitution
+ [b7b5cbc3aa91]
+
+ * Makefile.in:
+ Substitute man sections in Makefile.binary
+ [040deb785e56]
+
+ * Makefile.binary:
+ Sync install targets with Makefile.in and substitute in man
+ sections.
+ [77882a275281]
+
+ * INSTALL, INSTALL.binary:
+ version is 1.6.4
+ [0f87aabbcb70]
+
+ * Makefile.in:
+ Repair bindist target
+ [8d43bfe7e2d1]
+
+ * CHANGES:
+ sync for 1.6.4
+ [13ca3d4a0a72]
+
+2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ Fix case where neither whoami nor id are found
+ [424dd270bc47]
+
+2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ If neither whoami nor id exists, just assume we are root.
+ [2d2644e42c53]
+
+ * alloc.c:
+ Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
+ on AIX which for some reason isn't pulling in the malloc prototype.
+ [231440d2ee3b]
+
+2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
+ (c) 2002
+ [700e3b41a68e]
+
+ * CHANGES:
+ checkpoint
+ [33e604bd8d5b]
+
+ * sudo.c:
+ Defer assigning new environment until right before the exec.
+ [f13c49e75c1c]
+
+ * parse.c:
+ kill extra blank line
+ [12ef22e9dae3]
+
+2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [a6cd2d788f74]
+
+ * configure.in:
+ Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
+ compiler doesn't recognise -O2.
+ [5234aa543692]
+
+ * HISTORY:
+ Clarify origins of Root Group sudo a bit based on info from
+ billp@rootgroup.com
+ [4deef01c4208]
+
+2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ 2002
+ [6c8e089dbd1a]
+
+ * CHANGES:
+ checkpoint for 1.6.4rc1
+ [3349eb87a49f]
+
+2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ now generated via autoheader
+ [84657d303cb9]
+
+ * configure:
+ regen
+ [207bfa6a13f6]
+
+ * compat.h:
+ Move in some stuff that was previously in config.h.
+ [e576d8b6480f]
+
+ * aclocal.m4, configure.in:
+ Add info for autoheader.
+ [0549cd5da27c]
+
+2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
+ -g to facilitate non-root installs
+ [619216038f56]
+
+ * install-sh:
+ Add -M option (like -m but only for root) If we can't find "whoami",
+ use "id" w/ some sed.
+ [b39121c8b792]
+
+ * configure:
+ regen
+ [b39b93ff9804]
+
+ * configure.in:
+ allow user to always override mansectsu and mansectform
+ [0fca5e63bd90]
+
+2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkinstalldirs:
+ update from autoconf 2.52
+ [07bd75a508c3]
+
+ * config.guess, config.sub:
+ Update from autoconf 2.52
+ [857b90fe31b7]
+
+ * configure:
+ regen with autoconf 2.52
+ [08e7d1ea2aeb]
+
+ * configure.in:
+ o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
+ mode o Remove compiler-specific checks for HP-UX now that we use
+ AC_PROG_CC_STDC
+ [d433a70b6208]
+
+ * RUNSON:
+ Checkpoint
+ [babf6d2235d1]
+
+ * auth/pam.c:
+ o Add pam_prep_user function to call pam_setcred() for the target
+ user; on Linux this often sets resource limits. o When calling
+ pam_end(), try to convert the auth->result to a PAM_FOO value.
+ This is a hack--we really need to stash the last PAM_FOO value
+ received and use that instead.
+ [6ad6f340dd2a]
+
+ * set_perms.c, sudo.h:
+ o Add pam_prep_user function to call pam_setcred() for the target
+ user; on Linux this often sets resource limits.
+ [67795421ac82]
+
+ * env.c:
+ Fix off by one error in number of bytes allocated via malloc (does
+ not affected any released version of sudo).
+ [5f5915360111]
+
+2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c:
+ regen
+ [8208c0277775]
+
+ * parse.lex:
+ Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
+ requiring that they be quoted.
+ [ae59bc8f68dd]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention that no double quotes are needed when
+ adding/deleting/assigning a single value to a list.
+ [25efc940a1f0]
+
+ * Makefile.in:
+ Don't rely on mkdefaults being executable, call perl explicitly.
+ [6edc97ba5f1d]
+
+ * sudo.tab.c:
+ regen
+ [49130b2e7e4d]
+
+ * parse.yacc:
+ Remove some XXX that are no longer relevant.
+ [d460ac0d3767]
+
+ * defaults.c:
+ o Roll our own loop instead of using strpbrk() for better
+ grokability o When adding to a list we must malloc() and use
+ memcpy(), not strdup() since we must only copy len bytes from str.
+ [649bef08e1f0]
+
+2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [f0bbf2c38c0e]
+
+ * parse.yacc:
+ typo in comment
+ [2563711ff593]
+
+2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint
+ [a6d8a29fb30e]
+
+ * configure:
+ regen
+ [bdfcaaf3bd13]
+
+ * configure.in:
+ avoid the -g flag unless --with-devel was specified
+ [a976707bef30]
+
+ * Makefile.in:
+ mkdefaults, def_data.in and sigaction.c were missing from the
+ tarball
+ [6917ffbaa412]
+
+ * Makefile.in:
+ def_data.c was missing
+ [87c78b11453d]
+
+2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
+ allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
+ [fc8698e6a45e]
+
+ * TODO:
+ Another TODO item
+ [6f251d6cd466]
+
+ * sudoers:
+ Add comment for Default section so folks know where it should go.
+ [7edba626f392]
+
+2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use TCSETAF, not TCSETA to set terminal in termio case
+ [fbd172f6c5d3]
+
+ * sudoers.cat, sudoers.man.in:
+ regen from sudoers.pod
+ [64edd2de816e]
+
+ * sudoers.pod:
+ o Typo, Runas_User_List should be Runas_List o a User_List can not
+ contain a uid o mention that the Defaults section should come after
+ Alias definitions but before the user specifications
+ [54070ba2092b]
+
+2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [e62d1d97693c]
+
+ * sudoers.pod:
+ Fix listpw and verifypw sections, they were not being formatted
+ properly.
+ [123868c2f3e9]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [f94841f8b374]
+
+ * sudoers.pod:
+ fix typos
+ [f278f1c1184e]
+
+ * configure:
+ regen
+ [d2270049ba9f]
+
+ * config.h.in, configure.in:
+ use AC_SYS_POSIX_TERMIOS instead of rolling our own
+ [c1a13f1354b9]
+
+ * README:
+ Reference sudo.ws not courtesan.com
+ [ca13be67ebd7]
+
+ * PORTING:
+ Add notes on shadow passwords
+ [aa13863f2314]
+
+ * BUGS:
+ In list mode (sudo -l), characters escaped with a backslash are
+ shown verbatim with the backslash.
+ [1a75a2858be2]
+
+ * sudoers:
+ Add simple examples from OpenBSD (Marc Espie)
+ [3ae9a9ae4125]
+
+ * tgetpass.c:
+ Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
+ [f8817699ee10]
+
+ * CHANGES:
+ minor prettyification
+ [f523587929b9]
+
+ * CHANGES:
+ Updated change log
+ [39d9010ee7a8]
+
+ * testsudoers.c:
+ Fix CIDR handling here too.
+ [c91db8344c32]
+
+ * auth/pam.c:
+ Apparently a NULL response is OK
+ [83bae61078d9]
+
+ * TODO:
+ Checkpoint for upcoming beta release
+ [efb95c09df2a]
+
+ * TROUBLESHOOTING:
+ Many people believe that adding a runas spec should obviate the need
+ for the -u flag. It does not.
+ [c698bad85b0e]
+
+ * RUNSON:
+ checkpoint update for upcoming 1.6.4 beta
+ [009e465a0a45]
+
+ * config.h.in:
+ o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
+ if HAVE_STRING_H is defined -- this is safe now
+ [d27c035f4e14]
+
+ * PORTING:
+ Add signals section
+ [2d24c13cb3c8]
+
+ * configure:
+ regen
+ [2b80a939e2ed]
+
+ * configure.in:
+ Fix check for sigaction_t
+ [6fa41c89ab20]
+
+ * sudo.c:
+ XXX - should call find_path() as runas user, not root. Can't do
+ that until the parser changes though.
+ [f0b4f85651bd]
+
+ * sudo.c:
+ If find_path() fails as root, try again as the invoking user (useful
+ for NFS). Idea from Chip Capelik.
+ [e03fa7872692]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ Regenerate after pod file changes
+ [48e4bd75ec21]
+
+ * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
+ sudo.pod, sudoers.pod:
+ Add new sudoers option "preserve_groups". Previously sudo would not
+ call initgroups() if the target user was root. Now it always calls
+ initgroups() unless the -P command line option or the
+ "preserve_groups" sudoers option is set. Idea from TJ Saunders.
+ [4f730359f101]
+
+2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h, config.h.in:
+ Use new HAVE_SIGACTION_T define
+ [dfb25f3cae5b]
+
+ * logging.c:
+ Fix compilation on K&C
+ [7355e3275e34]
+
+ * configure:
+ regen
+ [a710584f92f0]
+
+ * configure.in:
+ Add check for sigaction_t -- IRIX already defines this so don't
+ redefine it.
+ [df9c5737f6da]
+
+ * snprintf.c:
+ fix typo
+ [3d782b8134c8]
+
+ * interfaces.c:
+ need stdlib.h here too
+ [c789d8973ab2]
+
+ * configure:
+ regen
+ [44822856bf46]
+
+ * configure.in:
+ Remove redundant checks for string.h, strings.h and unistd.h
+ [933c94f8bbf4]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ Regen from pod files
+ [ad18c590f638]
+
+ * BUGS:
+ Update for 1.6.4
+ [26bc88b69d22]
+
+ * configure, lex.yy.c, sudo.tab.c:
+ regen
+ [bef89fd6fa2d]
+
+ * strerror.c:
+ Return EINVAL if errnum > sys_nerr
+ [0512374e6661]
+
+ * auth/sudo_auth.h:
+ o Update copyright year
+ [a877016db6e2]
+
+ * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
+ config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
+ sudo.pod:
+ o Update copyright year
+ [e15a1b39039f]
+
+ * configure.in:
+ o Don't define STDC_HEADERS unconditionally for IRIX o Update
+ copyright year
+ [82a8cb819e07]
+
+ * README:
+ update version
+ [d82e523a16b4]
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+ auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
+ set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [fe39f76b3795]
+
+ * lsearch.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [764ba3d4fa13]
+
+ * getspwuid.c, goodpath.c, interfaces.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [fb46d46140d4]
+
+ * getcwd.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [b199d70ac7ab]
+
+ * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
+ fnmatch.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [dab8f192a3ed]
+
+ * configure:
+ regen
+ [156658f25cea]
+
+ * tgetpass.c:
+ flags set in signal handlers should be volatile sig_atomic_t
+ [c22931a5535e]
+
+ * config.h.in, configure.in:
+ Add checks for volatile and sig_atomic_t
+ [b03b3341381d]
+
+ * configure, lex.yy.c:
+ regen
+ [ed9daba88217]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
+ sudo.c, sudoers.pod:
+ Remove "secure_path" Defaults option since it cannot work with the
+ existing parser.
+ [c9e54a0f5971]
+
+ * find_path.c, sudo.c:
+ Unset "secure_path" if user_is_exempt()
+ [fb7544565ae8]
+
+ * env.c, pathnames.h.in:
+ o Remove assumption that PATH and TERM are not listed in env_keep o
+ If no PATH is in the environment use a default value o If TERM is
+ not set in the non-reset case also give it a default value.
+ [c987eb7df268]
+
+ * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
+ _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
+ systems that define in paths.h
+ [51865b0cdebf]
+
+ * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
+ Add support for skeyaccess(3) if it is present in libskey.
+ [8add77c7d3e7]
+
+2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only need to do 'lc = login_getclass(NULL)' if lc == NULL
+ [5a3d3cbf2c6d]
+
+ * parse.lex:
+ '\\' is a perfectly legal character to have in a command line
+ argument.
+ [c15a466ef00e]
+
+ * sudo.c:
+ o Defer call to set_fqdn() until it is safe to use log_error() o
+ Don't print errno string value if gethostbyname fails, it is not
+ relevant
+ [c0c6bcf08bcb]
+
+ * parse.c:
+ Fix CIDR -> in_addr_t conversion.
+ [2f307ebeb63f]
+
+2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Remove an extra "User_List" in the User_Spec definition From
+ ybertrand AT snoopymail.com
+ [97bde59ea280]
+
+ * parse.c:
+ Make 'listpw=never' work for users who are not explicitly mentioned
+ in sudoers.
+ [258f0f30a428]
+
+ * sudoers.pod:
+ Remove gratuitous '=' in EBNF grammar; era AT iki.fi
+ [4b0f03872ee1]
+
+ * sudoers.pod:
+ Document new list Defaults type and convert env_keep and env_delete
+ to lists. Document new env_check option.
+ [a07f1f079fe3]
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen parser
+ [e39ac6c6581b]
+
+ * parse.lex:
+ Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
+ to #[0-9-]+.
+ [69c5388908f3]
+
+ * configure:
+ regen
+ [0f1877b88cb3]
+
+ * aclocal.m4:
+ Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
+ [6545503ae361]
+
+ * config.h.in, configure.in:
+ Add check for skeyaccess(3)
+ [6caf69fe6359]
+
+ * visudo.pod:
+ Document new -c, -f, and -q options
+ [13d0203c21d3]
+
+ * visudo.c:
+ o Add -f option (alternate sudoers file) o Convert to use getopt(3)
+ [4c2b664d617d]
+
+ * configure:
+ regen
+ [6d5bd932e7b5]
+
+ * aclocal.m4, config.h.in, configure.in:
+ Add check for isblank and a replacement macro if it doesn't exist.
+ [b524f5e4f953]
+
+2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ In check-only mode, don't create sudoers if it does not already
+ exist.
+ [c748a2d5acad]
+
+ * parse.yacc:
+ o Add a new token, DEFVAR, to indicate a Defaults variable name o
+ Add support for "+=" and "-=" list operators o replace some 1 and 0
+ with TRUE and FALSE for greater legibility.
+ [554cb174b37e]
+
+ * parse.lex:
+ o Use exclusive start conditions to remove some ambiguity in the
+ lexer. Also reorder some things for clarity. o Add support for
+ "+=" and "-=" list operators. o Use the new DEFVAR token to denote
+ a Defaults variable name.
+ [3a2cf8323e26]
+
+ * sudo.h:
+ Prototype init_envtables()
+ [b74916469dab]
+
+ * env.c:
+ o Convert environment handling to use lists instead of strings.
+ This greatly simplifies routines that need to do "foreach" type
+ operations. o Add new init_envtables() function to set env_check
+ and env_delete defaults based on initial_badenv_table and
+ initial_checkenv_table (formerly sudo_badenv_table).
+ [0a8b404658b6]
+
+ * defaults.c, defaults.h:
+ o Add a new LIST type and functions to manipulate it. o This is for
+ use with environment handling variables. o Call new
+ init_envtables() routine inside init_defaults() to initialize the
+ environment lists.
+ [ae73e64f0902]
+
+ * def_data.c, def_data.h, def_data.in:
+ Convert environment options to use the new LIST type and add a new
+ one, env_check that only deletes if the sanity check fails.
+ [3019503936de]
+
+ * testsudoers.c:
+ Add dummy version of init_envtables()
+ [9d9e3ee609d9]
+
+ * parse.yacc:
+ honor quiet mode
+ [8330fba6167c]
+
+ * visudo.c:
+ Add check-only mode
+ [dab411bc8c35]
+
+ * mkdefaults:
+ Fix generation of entries with NULL descriptions.
+ [ea75b9fed02e]
+
+2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use sigaction_t and quiet a gcc warning.
+ [6f67d719c452]
+
+ * sudo.c:
+ Must reset signal handlers before we exec
+ [300418120e1a]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
+ version needs testing. Set SIGTSTP to SIG_DFL during password entry
+ so user can suspend us.
+ [00304aa58747]
+
+ * tgetpass.c:
+ Add support for interrupting/suspending tgetpass via keyboard input.
+ If you suspend sudo from the password prompt and resume it will re-
+ prompt you.
+ [4af2b5101d32]
+
+ * sudo.c:
+ Don't block keyboard interrupt signals, just set them to SIG_IGN.
+ [d46d7f67ef6b]
+
+2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add back HAVE_SIGACTION
+ [c9c7702c603e]
+
+ * configure:
+ regen
+ [09fe669d337f]
+
+ * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
+ Kill POSIX_SIGNALS define and old signal support now that we emulate
+ POSIX ones Also be sure to correctly initialize struct sigaction.
+ [4bc2a6dbb2be]
+
+ * strerror.c:
+ Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
+ [1ad64a19f328]
+
+ * compat.h:
+ Add scaffolding for POSIX signal emulation
+ [945861d4c93b]
+
+ * sigaction.c:
+ o Add missing ';' so this compiles o Can't use NULL since we don't
+ include stdio.h
+ [04d0cac7438f]
+
+ * sigaction.c:
+ Emulate sigaction() using sigvec()
+ [d0b54a989875]
+
+2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Document new behavior of negative values of timestamp_timeout Fix a
+ typo
+ [4c0716570d01]
+
+ * sudo.pod:
+ Add security note about command not being logged after 'sudo su' and
+ friends.
+ [43294851a33c]
+
+ * sudo.pod:
+ Mention that -V prints default values when run as root, including
+ the list of environment variables to clear.
+ [d9e5e550a8c3]
+
+ * Makefile.in:
+ Run pod2man with --quotes=none to avoid stupid quoting of C<>
+ entries.
+ [997b23c35dbe]
+
+2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
+ Add mail_badpass option Also modify mail_always behavior to also
+ send mail when the password is wrong
+ [838d40ccafce]
+
+ * env.c, sudo.c, sudo.h:
+ Dump default bad env table when 'sudo -V' is run by root.
+ [f67f1b8048b0]
+
+ * sudoers.pod:
+ document env_delete
+ [d74f893663a2]
+
+ * env.c:
+ Add support for '*' in env_keep when not resetting the environment
+ (ie: the normal case).
+ [fd4fb62ea8fd]
+
+ * env.c:
+ Add env_delete variable that lets the user replace/add to the
+ bad_env_table. Allow '*' wildcard in env_keep entries.
+ [aa728bc35e29]
+
+2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkinstalldirs:
+ Force umask to 022 to guarantee sane directory permissions.
+ [9ab3cfe70569]
+
+2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
+ [671010465e6f]
+
+ * mkdefaults:
+ fix breakage in last commit
+ [8318f8851e56]
+
+ * Makefile.in:
+ acsite.m4 -> aclocal.m4
+ [30c146873a01]
+
+ * check.c:
+ fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
+ [4dc8b39954da]
+
+ * def_data.c:
+ regenerated from def_data.in
+ [915ea16ce1eb]
+
+ * check.c, defaults.c, defaults.h:
+ Add new T_UINT type that most things use instead of T_INT If
+ timestamp_timeout is < 0 then treat the ticket as never expiring (to
+ be expired manually by the user).
+ [3a3a636a2a5d]
+
+ * def_data.in:
+ change most T_INT -> T_UINT
+ [a2228d2457af]
+
+ * mkdefaults:
+ fix warning when no args
+ [ca70a5394af5]
+
+ * visudo.c:
+ Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
+ we are a signal handler. We no longer print the signal number but
+ the user can just check the exit value for that.
+ [dc424f631fef]
+
+2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ when setting up pipes in child process check for case where stdin ==
+ pipe fd 0
+ [518112d76184]
+
+2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Ignore editor exit value since XPG4 says vi's exit value is the
+ count of editing errors made (failed searches, etc).
+ [b9d952284865]
+
+2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [cb3aa586f03b]
+
+ * configure.in:
+ sco now is identified by config.guess as *-sco-*
+ [46664bbdea61]
+
+ * configure.in:
+ Check for getspnam() in -lgen if not in -lc for UnixWare.
+ [0f152ad1ba93]
+
+2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod, visudo.pod:
+ "upper case" -> "uppercase"
+ [f9151f232326]
+
+ * sudoers.pod:
+ fix typos and grammar; pjanzen@foatdi.harvard.edu
+ [2855d73d0237]
+
+2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Missing word (specify); krapht@secureops.com
+ [65523eb37a2c]
+
+2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ If we fail to lookup a login class, apply the default one.
+ [d4869faa6816]
+
+ * logging.c:
+ In log_error() free message, not logline unconditionally, then free
+ logline if it is not the same as message. No function change but
+ this mirrors how they are allocated.
+ [565e5f6cc643]
+
+2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regenerate
+ [834a48f548a2]
+
+ * configure.in:
+ remove some backslash quotes that are unneeded
+ [50d401d6e2ca]
+
+ * configure.in:
+ o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
+ instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
+ can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
+ to AC_DEFINE things manually.
+ [f502c5f15f92]
+
+ * config.guess, config.sub:
+ Updated from autoconf-2.50
+ [6140205915ef]
+
+2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ Update mailing list section. We use mailman now, not majordomo.
+ [b9a8ca45e6dc]
+
+2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getspwuid.c, logging.c, sudo.c:
+ Use setpwent()/endpwent() + all the shadow variants to make sure we
+ don't inadvertantly leak an fd to the child. Apparently Linux's
+ shadow routines leave the fd open even if you don't call setspent().
+ Reported by mike@gistnet.com; different patch used.
+ [d33792ef6c01]
+
+2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ s/eg./e.g./
+ [bd32a0acaf93]
+
+ * tgetpass.c:
+ select() may return EAGAIN. If so, continue like we do for EINTR.
+ [5f202c943818]
+
+ * logging.c:
+ Fix a non-exploitable buffer overflow in the word splitting code.
+ This should really be rewritten.
+ [4c724363863a]
+
+ * Makefile.in:
+ FAQ link goes away
+ [1d26dd6c8972]
+
+ * INSTALL:
+ Tell people to look in sample.syslog.conf for examples, not FAQ
+ [affcae3f43ca]
+
+ * TROUBLESHOOTING:
+ Update list of env vars that are cleared
+ [234e56f1435a]
+
+ * sudo.c:
+ remove struct env_table decl since that stuff has all moved to env.c
+ [5dd923148777]
+
+2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fileops.c:
+ Fix a pasto in flock-style unlocking and include <sys/file.h> for
+ flock on older systems; twetzel@gwdg.de
+ [d5420d9d2861]
+
+ * configure:
+ regen to get NeXT lockf/flock fix
+ [d3ba6ed70e15]
+
+ * configure.in:
+ force NeXT to use flock since lockf is broken
+ [bd5391dca1bb]
+
+2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Use stashed user_gid when checking against exempt gid since sudo
+ sets its gid to a a value that makes sudoers readable. Previously
+ if you used gid 0 as the exempt group everyone would be exempt. From
+ Paul Kranenburg <pk@cs.few.eur.nl>
+ [0b140cc3a817]
+
+2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [cc455408f32b]
+
+ * aclocal.m4:
+ #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
+ some types (such as ssize_t) therein.
+ [b6aee85ca331]
+
+2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Fix negation of paths in a boolean context. Problem found by
+ apt@UH.EDU
+ [8aee217a7cdf]
+
+2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ pasto
+ [ad32b277bf68]
+
+2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ SA_RESETHAND means the opposite of what I was thinking--oops To
+ block all signals in old-style signals use ~0, not 0xffffffff
+ [6ecdd793590a]
+
+2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ coerce difference of pointers to int when used in a string length
+ printf format; deraadt@openbsd.org
+ [a9d10f07180d]
+
+2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Block all signals in Exit() to avoid a signal race. There is still
+ a tiny window but I'm not going to worry about it.
+ [6661805c0458]
+
+2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ glibc uses the LANGUAGE env var so clear that too; Solar Designer
+ [d4ba95628afb]
+
+ * lex.yy.c:
+ Regenerate with a fix to flex.skl that preserves errno from
+ clobbering by isatty().
+ [607eec736e19]
+
+2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sia.c, auth/sudo_auth.c:
+ Some defaults I_ defines got renamed.
+ [ec19b23caaf3]
+
+ * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
+ defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
+ set_perms.c, sudo.c, sudo.tab.c:
+ Move defaults info into its own files from which we generate .h and
+ .c files. This makes adding or rearranging variables much simpler.
+ [e91b880b5043]
+
+2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix typo in last commit
+ [10a6ee2bae71]
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add check + emulation for setegid (like seteuid).
+ [29492092bd2f]
+
+ * env.c:
+ Make env_keep override badenv_table as documented Fix traversal of
+ badenv_table (broken in last commit)
+ [37c9f0d22673]
+
+ * set_perms.c, sudo.c, sudo.h:
+ Don't try and build saved uid version of set_perms on systems w/o
+ them. Rename set_perms_saved_uid() -> set_perms_posix() Make
+ set_perms_setreuid simply be set_perms_fallback() and simply include
+ the appropriate function at compile time (setreuid() vs. setuid()).
+ [3107333c062c]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ PATH is also preserved when env_reset is in effect
+ [90e45c5711ff]
+
+ * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
+ configure.in, defaults.c, defaults.h, env.c, find_path.c,
+ getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+ sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
+ visudo.c, visudo.cat, visudo.man.in:
+ New Defaults options: o stay_setuid - sudo will remain setuid if
+ system has saved uids or setreuid(2) o env_reset - reset the
+ environment to a sane default o env_keep - preserve environment
+ variables that would otherwise be cleared
+
+ No longer use getenv/putenv/setenv functions--do environment munging
+ by hand. Potentially dangerous environment variables can be cleared
+ only if they contain '/' pr '%' characters to protect buggy
+ programs. Moved environment routines into env.c (new file)
+ [c2f97651db4c]
+
+ * INSTALL:
+ Clear up --without-passwd description
+ [2f336dab6733]
+
+ * putenv.c, sudo_setenv.c:
+ We now build up a new environment from scratch and assign it to
+ "environ".
+ [6ae6152f2238]
+
+2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ Grammatical fixes from Paul Janzen
+ [e03ead2e56f8]
+
+2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ If there was a syntax error and the user just wants to quit, unlink
+ sudoers if it is zero length.
+ [74ba7921f520]
+
+ * visudo.c:
+ 'Q' means ignore parse error, not 'q'
+ [e8d0e4491fe6]
+
+ * visudo.c:
+ Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
+ <dim@xs4all.nl>
+ [b24990a72491]
+
+2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
+ [41a8db10e076]
+
+2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
+ [6052da895d2e]
+
+2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, visudo.c:
+ Use exit(127), not exit(-1)
+ [9ff0c3eada34]
+
+ * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
+ Move set_perms() to its own file and use POSIX saved uid or
+ setreuid() if available.
+
+ Added stay_setuid option for systems that have libraries that
+ perform extra paranoia checks in system libraries for setuid
+ programs (ie: anything with issetugid(2)).
+ [28960f842698]
+
+ * sudo.c:
+ strip more bits from the environment and add a facility for
+ stripping things only if they contain '/' or '%' to address printf
+ format string vulnerabilities in other programs.
+ [b98d6375f299]
+
+2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [7e74e5c91049]
+
+ * configure.in:
+ For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
+ strcasecmp().
+ [a418e9e70442]
+
+ * configure:
+ regen
+ [bbff244a52bc]
+
+ * configure.in:
+ Check for strcasecmp(3) in -lc89 for NCR Unix
+ [361c99576681]
+
+2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Define HAVE_INNETGR #ifdef HAVE__INNETGR
+ [473cdb92b6db]
+
+ * configure:
+ regen
+ [4e6364a195e0]
+
+ * compat.h, config.h.in, configure.in:
+ Add check for _innetgr(3) since NCR systems have that instead of
+ innetgr(3).
+ [25e6852e7494]
+
+2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid.c:
+ check return value of creadcfg() call sd_close() after sd_auth()
+ store username in sd->username so we don't rely on the USER env
+ variable
+ [d106b4f42722]
+
+2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ document --with-bsdauth
+ [f1518ecc2ee9]
+
+ * configure:
+ regen
+ [dceb35071ea8]
+
+ * configure.in:
+ --with-bsdauth assumes --with-logincap
+ [4200778083fd]
+
+ * auth/bsdauth.c, auth/fwtk.c:
+ When prompting for a response to a challenge, if the user just hits
+ return then reprompt with echo turned on.
+ [a539b6474a97]
+
+2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Remove debugging code that should not have been committed, oops.
+ [9862607b77a7]
+
+ * auth/bsdauth.c:
+ Use lower-level routines and get the password ourselves. Checks for
+ a challenge and if there is one echo is not turned off.
+ [2d8fcd166baa]
+
+ * auth/pam.c, auth/sudo_auth.h:
+ minor housekeeping, no real code changes
+ [d0074a277fb4]
+
+2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Fix a coredump in the logging functions if gethostname(2) fails by
+ deferring the call to log_error() until things are better setup.
+
+ Fix return value of set_loginclass() in non-BSD-auth case.
+
+ Hard-code 'sudo' in the usage message so we can fit more options on
+ a line
+ [d9d1b7579818]
+
+ * logging.c:
+ Fix errant ';' (typo) that broken MSG_ONLY
+ [849b2276a470]
+
+2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [bb3c8c6704d1]
+
+ * sudo.pod:
+ Document -a flag
+ [e18316cebaac]
+
+ * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
+ configure, configure.in, getspwuid.c, sudo.c:
+ Add support for BSD authentication.
+ [f374cfd9ca0d]
+
+2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Fix typo; from sato@complex.eng.hokudai.ac.jp
+ [3085fee9766e]
+
+2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Mention negating umask
+ [c9e410294dae]
+
+ * defaults.c:
+ Allow user to specify umask of 0777 (same as !umask)
+ [bb771daa96fe]
+
+2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ Fix a typo and give a URL for the sudo history.
+ [77f73199aedb]
+
+2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, sudo.pod:
+ fix typos; pepper@reppep.com
+ [5532c7421340]
+
+2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo.h, sudo_setenv.c:
+ sudo_setenv() now exits on memory alloc failure instead of returning
+ -1.
+ [71f1cf18f47b]
+
+2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
+ and possibly others.
+ [b69d985b0d22]
+
+ * logging.c:
+ Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
+ that "%m" won't be expanded but we don't use that anyway since the
+ logging routines may splat to stderr as well.
+ [8d37a544d0c0]
+
+ * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
+ sudoers.pod:
+ Add always_set_home variable
+ [dbcaff646e07]
+
+ * configure, configure.in:
+ Have to hard code default values in help since the defaults are set
+ _after_ the help stuff.
+ [7b5d6d72f55c]
+
+2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, parse.lex:
+ Allow special characters (including '#') to be embedded in pathnames
+ if quoted by a '\\'. The quoted chars will be dealt with by
+ fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
+ [3ed33cf09977]
+
+2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ Better path searching for programs we need.
+ [60517cb1f0d6]
+
+ * TROUBLESHOOTING:
+ Add section on "C compiler cannot create executables" errors.
+ [e4ada6eaee59]
+
+ * Makefile.binary, Makefile.in, version.h:
+ Crank version
+ [93d1bd5b7f5e]
+
+ * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+ sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
+ visudo.man.in, visudo.pod:
+ Substitute values from configure into man pages.
+ [619854c356c1]
+
+2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, sudo.c:
+ The listpw and verifypw sudoers options would not take effect
+ because the value of the default was checked *before* sudoers was
+ parsed. Instead of passing in the value of PWCHECK_* to
+ sudoers_lookup(), pass in the arg for def_ival() so the check can be
+ deferred until after sudoers is parsed.
+ [4f596e358f72]
+
+2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ When writing prompt, no need to write the NUL as well;
+ hag@linnaean.org
+ [fbcdd7b431ee]
+
+2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ When looking for chown, check in /sbin too
+ [657ba6653f8c]
+
+2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Remove extraneous call to init_defaults() and set runas_user to NULL
+ betweem parses so init_defaults will reset it each time, thus
+ avoiding a reference to free()d data.
+ [7421fcd692af]
+
+2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, interfaces.c, interfaces.h, sudo.c:
+ Add support for using getifaddrs() to get the list of ip addr /
+ netmask pairs. Currently IPv4-only.
+ [a35bc4f7306d]
+
+ * visudo.c:
+ Add a missing check for UserEditor == NULL Add missing '+' before
+ line number when invoking editor to fix a syntax error
+ [f0d4635f6082]
+
+2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Call clean_env very early in main() for paranoia's sake. Idea from
+ Marc Esipovich.
+ [f8d72ebd0115]
+
+2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ Update proto for evasprintf and easprintf
+ [d147d6e58419]
+
+ * alloc.c:
+ Make easprintf() and evasprintf() return an int.
+ [b2ca5d089667]
+
+ * check.c:
+ If the targetpw flag is set, use target username as part of the
+ timestamp path. If tty tickets are in effect cat the tty and the
+ target username with a ':' as the separator.
+ [de11abc693c2]
+
+2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Backout part of last change; setting PAM_USER to the invoking user
+ breaks things like targetpw.
+ [427218a7387f]
+
+ * auth/pam.c:
+ set tty and username via pam_set_item
+ [85d1922dbcc9]
+
+ * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
+ Fix root, runas, and target authentication for non-passwd file auth
+ methods.
+ [a14535e7b30c]
+
+2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Use B<-Z> not C<-Z> for command line flags in all places. This is
+ more consistent and works around a bug in Pod::Man.
+ [64b5a05f30c5]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Fix an occurence of 'semicolon' that should be 'colon'
+ [4ea5aacae3fb]
+
+2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix --with-badpri help line
+ [3cc40977c043]
+
+2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, logging.c, sudo.c:
+ Bracket calls to syslog with an openlog() and closelog() since some
+ authentication methods (like PAM) may do their own logging via
+ syslog. Since we don't use syslog much (usually just once per
+ session) this doesn't really incur a performance penalty. It also
+ Fixes a SEGV with pam_kafs.
+ [fe1cc28529f6]
+
+2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Fix -H flag. runas_homedir is only valid after
+ set_perms(PERM_RUNAS, mode)
+ [ce9b1c6f68a6]
+
+2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Clarify the fact that insults are not enabled just by including them
+ in the binary.
+ [d5a31d48320c]
+
+2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ Regenerated with perl 5.6.0 pod2man
+ [21751433768b]
+
+ * Makefile.in:
+ Give date string to pod2man since its default is ugly and it ain't
+ got no alibi.
+ [0080b2f6298f]
+
+ * Makefile.in:
+ Do section substitution on the output of pod2man and remove hack
+ needed for old pod2man.
+ [1ef843d5c78b]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Put back real man sections, we will do the substitution later.
+ [f728c1abad7e]
+
+2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Don't bother checking for the path to vi if user specified --with-
+ editor
+ [bf698487e0d5]
+
+2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, visudo.c:
+ Visudo now does its own fork/exec instead of calling system(3).
+ [99bbcd88863b]
+
+ * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.c:
+ Visudo now checks for the existence of an editor and gives a
+ sensible error if it does not exist.
+
+ The path to the editor for visudo is now a colon-separated list of
+ allowable editors. If the user has $EDITOR set and it matches one
+ of the allowed editors that editor will be used. If not, the first
+ editor in the list that actually exists is used.
+ [cc86eb9f5440]
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Clear up confusion wrt sudo's return value.
+ [9385b12d8e79]
+
+2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Strip sudo and visudo for bindist target
+ [a995ddd79177]
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Use @mansectsu@ and @mansectform@ in the man page bodies as well.
+ [5eb9e60a726f] [SUDO_1_6_3]
+
+ * visudo.cat, visudo.man.in, visudo.pod:
+ Typo: @sysconf@ -> @sysconfdir@
+ [f07f52fcd099]
+
+ * Makefile.in:
+ 'make dist' should not cause any files to be modified so remove its
+ dependencies.
+ [7f44a2666a9c]
+
+ * CHANGES:
+ Whoops, forgot to add release marker
+ [16c0f16b35b8]
+
+2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ Final change for 1.6.3 (or so I hope)
+ [473c89da6123]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ Use SYSV man sections since BSD systems will have nroff...
+ [0a6bd154324e]
+
+2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c:
+ When checking to see if the host/user matches in a defaults spec,
+ check against TRUE, not just non-zero since it might be -1.
+ [41f2b7ad3fdd]
+
+ * configure, configure.in:
+ OSF/1 puts file formats in section 4, not 5.
+ [d77c1301afa9]
+
+ * CHANGES, INSTALL, sudo.c:
+ Make login class support work on BSD/OS
+ [e9bbe3c08ade]
+
+ * RUNSON:
+ Update for 1.6.3
+ [c40ce1d76c4d]
+
+ * configure, configure.in:
+ If there is no inet_addr but there *is* an __inet_addr that's ok
+ since inet_addr is probably just a macro then. The better thing to
+ do would be to look for the macro, but this is fine for now.
+ [1b8865ae4d68]
+
+ * configure, configure.in:
+ Don't use shlicc for BSD/OS 4.x
+ [83fbf6dedd2c]
+
+ * Makefile.in, configure, configure.in:
+ *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
+ configure variable so we can deal with this. Also, only remove *.man
+ for 'distclean' not 'clean'.
+ [30d56e6de214]
+
+ * sudo.c:
+ set_loginclass() should be static like the proto says
+ [d570a2d55fb8]
+
+2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ Add #ifdef __STDC__ around the rangematch function header to avoid
+ promotion of test to int, thus violating the prototype. Gcc handles
+ this gracefully but more std ANSI compilers will complain.
+ [7d98c3e332b2]
+
+ * emul/fnmatch.h:
+ Pull in newer fnmatch(3) that supports FNM_CASEFOLD
+ [4e1320852f8b]
+
+ * aclocal.m4, configure, fnmatch.3, fnmatch.c:
+ Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
+ FNM_CASEFOLD in configure
+ [9ef952bf1896]
+
+ * CHANGES, TODO:
+ update for 1.6.3
+ [e4ba6368a0c5]
+
+ * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [fbd2887d9811]
+
+ * parse.h:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [dd7bbe223461]
+
+ * lex.yy.c, parse.c, parse.lex, parse.yacc:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [630d9d205397]
+
+ * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
+ Add support for wildcards in the hostname.
+ [d8d821ed4238]
+
+ * Makefile.in:
+ Add targets for *.man.in, using config.status to generate *.man from
+ *.man.in
+ [640e50ede485]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document set_logname option and enbolden refs to sudo and visudo.
+ [9622b3a48707]
+
+ * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
+ sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
+ visudo.cat, visudo.man.in, visudo.pod:
+ Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
+ from Michael D. Marchionna. configure now does substitution on the
+ man pages, allowing us to fix up the paths and set the section
+ correctly. Based on an idea from Michael D. Marchionna.
+ [463e928a0a2f]
+
+ * auth/passwd.c:
+ Better fix for handling HP-UX aging info.
+ [3950f42d8549]
+
+ * sudo.c:
+ Add support for set_logname run-time default
+ [c6a7cc76b8b4]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ configure does substitution on these to produce *.man
+ [b83fc3c1bfc9]
+
+ * sudo.man, sudoers.man, visudo.man:
+ These files now get generated from *.man.in at configure time.
+ [c499061f79e0]
+
+2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, defaults.h:
+ Add set_logname option so users can turn off setting of LOGNAME/USER
+ environment variables.
+ [6316869180b8]
+
+ * lsearch.c, parse.c, testsudoers.c:
+ kill register
+ [6e104e653748]
+
+2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/passwd.c:
+ HP-UX adds extra info at the end for password aging so when
+ comparing the result of crypt to pw_passwd we only compare the first
+ len(epass) bytes *unless* the user entered an empty string for a
+ password.
+ [3d24d4e4e889]
+
+ * logging.c:
+ Get rid of grandchild hack, it was causing problems and there is
+ really no need for it. This fixes a bug where we spin eating up CPU
+ when the user runs a long-running process like a shell.
+ [5743b10b1e81]
+
+2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ User can always specify a login class if he/she is already root.
+ [710d160cef9f]
+
+ * config.h.in, configure, configure.in, defaults.c, defaults.h,
+ sudo.c, sudo.h:
+ FreeBSD login class (login.conf) support.
+ [026b981d6328]
+
+2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c:
+ HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
+ [9cd4929f1a78]
+
+2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/passwd.c:
+ Truncate unencrypted password to 8 chars if encrypted password is
+ exactly 13 characters (indicateing standard a DES password). Many
+ versions of crypt() do this for you, but not all (like HP-UX's).
+ [a9d0259cb193]
+
+2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, RUNSON:
+ Mention that gcc on dynix may have problems
+ [77b97fa5bf1b]
+
+2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Link visudo with NET_LIBS since we now call syslog via defaults.c
+ [9e3830b277cc]
+
+ * defaults.c:
+ Use Argv[0] as the first arg to openlog() since visudo uses this
+ too.
+ [e61078f328ec]
+
+2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Stash coredumpsize resource limit and retsore it before the exec()
+ Otherwise the child ends up with a coredumpsize of 0.
+ [f6a4783835a3]
+
+2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man, sudo.pod:
+ document -S flag
+ [3ebd805b7142]
+
+ * sudo.c:
+ fix usage string
+ [66b2dfa47fe8]
+
+ * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
+ Added -S flag (read passwd from stdin) and tgetpass_flags global
+ that holds flags to be passed in to tgetpass(). Change echo_off
+ param to tgetpass() into a flags field. There are currently 2
+ possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
+ tgetpass(), abstract the echo set/clear via macros and if (flags &
+ TGP_ECHO) but echo is not set on the terminal, but sure to set it.
+ [a4fcbb712cd0]
+
+ * tgetpass.c:
+ Fixed a bug that caused an infinite loop when the password timeout
+ was disabled.
+ [2be1ffc5a39f]
+
+2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
+ sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
+ Add rootpw, runaspw, and targetpw options.
+ [2d4563e46df7]
+
+ * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
+ visudo.c:
+ enveditor -> env_editor
+ [ddc5f856e583]
+
+2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
+ sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
+ visudo.man:
+ crank versino to 1.6.3
+ [a5f7d3e74360]
+
+ * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
+ sudoers.pod, visudo.c:
+ Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
+ them. This means that visudo will now parse the sudoers file
+ *before* it is edited so a bogus sudoers file will cause a warning
+ to go to stderr. Also, visudo checks the variables once--it does not
+ check them after each editor run since that could be confusing.
+ [9f5af18e9212]
+
+2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ 1.6.2 -> 1.6.2p1
+ [e25b74f1d1af]
+
+ * check.c, sudo.c, sudo.h:
+ Move user_is_exempt prototype into sudo.h
+ [daf26a6ded8a]
+
+2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix thinko, some && should have been || in the last commit
+ [4b9b2d487ded]
+
+ * configure, configure.in:
+ Don't initialized Makefile variables to be NULL since the user may
+ want to import variables from their environment.
+ [7be019f4422c]
+
+2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ typo
+ [38f4d8971f0a]
+
+2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ fix a yacc (skeleton.c) warning
+ [a2da228a937b]
+
+2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, RUNSON, configure, configure.in:
+ Make pam work on HP-UX 11.0;jaearick@colby.edu
+ [b94de0ff6f42]
+
+ * CHANGES:
+ recent changes; prepare for 1.6.2p1
+ [b291635ea141]
+
+ * find_path.c:
+ Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
+ [4306285c4f6e]
+
+2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ Regen with yacc that has a memory leak plugged.
+ [e26383a04eb7]
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ Expanded docs on sudoers 'defaults' options based on INSTALL file
+ info.
+ [54c3d62d6c74]
+
+ * INSTALL:
+ Fix some while lies
+ [d15311782150]
+
+2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ When making a bindist, link FAQ to TROUBLESHOOTING instead of
+ copying.
+ [2d88a6ac88cf]
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ Add netgroup caveat
+ [28d119f466e3] [SUDO_1_6_2]
+
+ * RUNSON:
+ Last minute updates
+ [89fb4ed22d52]
+
+ * TROUBLESHOOTING:
+ PAM entry
+ [a9fd59f39457]
+
+ * auth/pam.c:
+ correct a comment
+ [a29627225ba9]
+
+ * CHANGES, RUNSON:
+ update for 1.6.2
+ [b7f1c40ea732]
+
+ * auth/pam.c:
+ Better detection of PAM errors and fix custom prompts with PAM.
+ Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
+ [ff69234b94a5]
+
+2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ Cast ULONG_MAX to unsigned long long when comparing to an unsigned
+ long long value.
+ [9d918c3a2ecd]
+
+2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, config.h.in, configure, configure.in, visudo.c:
+ Fix sudoers locking in visudo. We now lock the sudoers file itself,
+ not the temp file (since locking the temp file can foul up editors).
+ The previous locking scheme didn't work because the fd was closed
+ too early.
+ [de2011bb11ed]
+
+ * config.h.in, configure, configure.in:
+ Don't need test for ftruncate() any more.
+ [e5f71c848104]
+
+ * configure, configure.in:
+ Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
+ the unbundled HP-UX cc.
+ [2c373612c644]
+
+2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
+ [05360d2c314e]
+
+2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
+ parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
+ version.h, visudo.c:
+ update copyright year on changed files
+ [5792a2a28a4c]
+
+ * RUNSON:
+ updates
+ [edf8f19aa403]
+
+ * CHANGES:
+ aix fix
+ [4d4a243b31e2]
+
+ * INSTALL:
+ Crank version to 1.6.2
+ [bcb5cb411624]
+
+ * configure:
+ Crank version to 1.6.2
+ [32a19f33427f]
+
+ * sudo.c:
+ When using rlimit check for RLIM_INFINITY When computing the value
+ of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
+ [8c16166802e5]
+
+ * CHANGES:
+ recent changes
+ [09fc7112e44d]
+
+ * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
+ sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
+ Crank version to 1.6.2
+ [055fa61a7c61]
+
+ * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
+ Add 'shell_noargs' runtime option back in. We have to defer
+ checking until after the sudoers file has been parsed but since
+ there are now other options that operate that way this one can too.
+ Based on a patch from bguillory@email.com.
+ [231db7a007a6]
+
+ * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
+ Add "listpw" and "verifypw" options.
+ [190683bac878]
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ o Fix some typos/omissions o Add section on verifypw and listpw o
+ Define how NOPASSWD interacts with the -v and -l flags
+ [6feb7350eb79]
+
+2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
+ -D_HPUX_SOURCE to CPPFLAGS.
+ [06cc35d89dc8]
+
+ * defaults.c, defaults.h:
+ In struct sudo_defs_types, move the union to the end and don't
+ initialize the union member since that only works with an ANSI
+ compiler. We set the value of the union by hand in init_defaults()
+ anyway. This allows sudo to compile on a K&R compiler again.
+ [623487e1fcfa]
+
+2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
+ netgr_matches needs to check shost as well as host since they may be
+ different.
+ [3f43ace23d3e]
+
+ * tgetpass.c:
+ End on \r as well as \n
+ [cb7c6e6f4202]
+
+2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
+ from 0400 to whatever SUDOERS_MODE is (converting from the old
+ sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
+ 0400 which should always be the case.
+ [34cd83d49d20]
+
+ * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+ Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
+ w/o a passwd if there is *any* entry for the user on the host with a
+ NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
+ the user on the host w/ the specified runas user have the NOPASSWD
+ flag set.
+ [4b3b85697653]
+
+ * Makefile.in:
+ add check target
+ [3d24d34a76fd]
+
+1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Treat EOF at whatnow prompt like 'x' instead of looping.
+ [5deffc27114c]
+
+1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ recent changes
+ [5836a9452568] [SUDO_1_6_1]
+
+1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Add check for initgroups() since old SYSV lacks this.
+ [657a6005a569]
+
+ * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
+ parse.c, testsudoers.c:
+ o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
+ exists.
+ [17d081e917d6]
+
+1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [b20c14db6029]
+
+ * insults.h:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [028f130204b0]
+
+ * CHANGES, RUNSON:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [974f4780254b]
+
+ * insults.h:
+ Don't care about USE_INSULTS #define since the insult stuff may be
+ overridden at runtime.
+ [b873df8b299c]
+
+ * auth/sudo_auth.c:
+ Honor insults flag.
+ [756111640fdc]
+
+ * CHANGES, parse.c:
+ Don't ask the user for a password if the user is not allowed to run
+ the command and the authenticate flag (in sudoers) is false.
+ [cea9fdc09c76]
+
+ * CHANGES, RUNSON, lex.yy.c, parse.lex:
+ o Whenever we get a bare newline we change to the INITIAL state. o
+ Enter GOTRUNAS when we see Runas_Alias
+
+ This allows #uid to work in a RunasAlias.
+ [a475513e7c7a]
+
+1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, parse.yacc, sudo.tab.c:
+ fix parsing of runas lists: o oprunasuser and runaslist now return a
+ value o in a runasspec, if a runaslist does not return TRUE, set
+ runas_matches to FALSE. Normally, a runaslist only returns FALSE
+ for explicitly denied users. o since runaslist does not modify the
+ stack there is no need for a push/pop in runasalias.
+ [82b305b34a8c]
+
+ * check.c, sudo.c:
+ Don't kill the user's tickets until after sudoers has been parsed
+ since tty_tickets and ticket_dir could be set in sudoers.
+ [f43e25367f3a]
+
+ * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
+ configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
+ sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
+ crank version to 1.6
+ [95f8bdcf9bb2]
+
+ * testsudoers.c:
+ add set_fqdn() stub
+ [bbc81af5b41a]
+
+1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
+ sudoers.man, sudoers.pod, visudo.c:
+ o Kill shell_noargs option, it cannot work since the command needs
+ to be set before sudoers is parsed. o Fix the "set_home" sudoers
+ option (only worked at compile time). o Fix "fqdn" sudoers option.
+ We now set host/shost via set_fqdn which gets called when the
+ "fqdn" option is set in sudoers. o Move the openlog() to
+ store_syslogfac() so this gets overridden correctly from the
+ sudoers file.
+ [3dca861f0f5d]
+
+ * auth/securid.c:
+ SecurID support should compile now.
+ [a544e5c6ea34]
+
+1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
+ visudo.man, visudo.pod:
+ fix some syntactic goofs
+ [b3451f0d5239]
+
+1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudo.html, sudoers.html, visudo.html:
+ No longer need the .html files as they are generated automatically
+ on the web site.
+ [1b4aa4204584]
+
+ * CHANGES, LICENSE:
+ kill characters that made wml unhappy
+ [b988fbc6da56]
+
+ * HISTORY:
+ typo
+ [a418963f7fce]
+
+1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ majordomo@cs.colorado.edu -> majordomo@courtesan.com
+ [5d151e8ffd3b]
+
+ * Makefile.in, configure:
+ Wrap script execution w/ /bin/sh for the benefit of ctm
+ [3a9c4766b2c3]
+
+1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Make the -s flag be exclusive too. Also reorder the flags in the
+ exclusive usage message so they are alphabetical.
+ [4c7af200db34]
+
+1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ make pam errors other than PAM_PERM_DENIED fatal
+ [64bcb3fd2baf]
+
+ * auth/API:
+ fix typo
+ [f3134c88b12e]
+
+ * INSTALL:
+ make it clear that /etc/pam.d/sudo is required on linux
+ [213cc3eaad82]
+
+ * auth/pam.c:
+ fix a warning on redhat and spew an error if pam_authenticate()
+ returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
+ [7e46dd19da89]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Be very clear that the password required is the user's not root's
+ [a6da127347e5]
+
+1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ add sample.syslog.conf to DISTFILES and BINFILES
+ [8661c27c007e]
+
+1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updates from Brian Jackson + some formatting
+ [6d31c6fa63f8]
+
+1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.binary, Makefile.binary, README, RUNSON:
+ o One RUNSon update o Changes for automating real binary releases
+ [dd9585f4406c]
+
+ * Makefile.in:
+ Add bindist target
+ [546ed3fa94bb]
+
+1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ talk about run-time options in addition to compile-time options
+ [1eb813ff0a9a] [SUDO_1_6_0]
+
+ * CHANGES:
+ fix typos
+ [65e92bb70a7b]
+
+ * sudo.c:
+ need sys/time.h if HAVE_SETRLIMIT
+ [ce31655a8a60]
+
+ * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
+ sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ get rid of references to sudo-bugs. Now mention the web site or the
+ sudo@ alias
+ [a9db861fd8c6]
+
+ * sudoers.html:
+ repair pod2html damage
+ [62ece4277f1f]
+
+ * RUNSON, TODO:
+ Update for 1.6 release
+ [98569c57ba2a]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ Add warning about using ALL in a command context.
+ [6c77685ab280]
+
+1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Call yyrestart() on a parse error to reset the lexer state.
+ [1370a27acdb2]
+
+ * lex.yy.c, parse.lex:
+ Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
+ since it might not get called in yywrap if we get a parse error
+ (and we only reread the file on error anyway).
+ [37f4b449e28e]
+
+ * lex.yy.c, parse.lex:
+ Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
+ might still exist. Call yyrestart() instead of using the deprecated
+ YY_NEW_FILE macro.
+ [7d0d873046c6]
+
+ * lex.yy.c, parse.lex:
+ flex doesn't need %N table size declarations
+ [268b020fd60a]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ Mention what characters need to be escaped in names.
+ [72ccbb6b0f31]
+
+1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [65827abb5c7b]
+
+ * INSTALL:
+ clarify Mac OS X entry
+ [8da1549a71f5]
+
+ * RUNSON:
+ update
+ [0cff8df7459f]
+
+ * configure.in:
+ o Use AC_MSG_ERROR throughout o Check syslog configure options for
+ danity
+ [4cb81e642e5c]
+
+1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Fix printing of type T_MODE in dump_defaults()
+ [a868bb6f5515]
+
+ * strcasecmp.c:
+ missing sys/types.h
+ [ca694ca325b6]
+
+ * INSTALL:
+ Break out options that may be overridden at run time into their own
+ section. Add a not about Max OS X and correct some lies.
+ [d8bcfd120593]
+
+1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, config.h.in, configure, configure.in, sudo.c:
+ o Now use getrlimit to find the highest fd when closing all non-std
+ fd's o Turn off core dumps via setrlimit for the sake of paranoia
+ [dd9f651b6def]
+
+ * RUNSON:
+ updates
+ [f581841fe615]
+
+1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [553baa1d44c7]
+
+ * tgetpass.c:
+ When read()'ing, do a single character at a time to be sure we don't
+ go oast the newline.
+ [907d33f55bb4]
+
+ * sudo.c:
+ For the sudo_root option, check against user_uid, not getuid() since
+ at this point, ruid == euid == 0.
+ [92d5c51939b4]
+
+ * RUNSON:
+ some updates
+ [e3ed0c1f312b]
+
+ * logging.h:
+ Fix compilation problem when --with-logging=file was specified.
+ This means that syslog is now required to build sudo but that should
+ not be a problem. If it is it can be fixed trivially with a
+ configure check for syslog() or syslog.h.
+ [839a4b069190]
+
+ * tgetpass.c:
+ Make this work again for things like "sudo echo hi | more" where the
+ tty gets put into character at a time mode. We read until we read
+ end of line or we run out of space (similar to fgets(3)).
+ [c8f746df2e63]
+
+1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ change ital to bold
+ [f860978e530a]
+
+ * RUNSON:
+ update
+ [9bcfbb405568]
+
+1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Error out if syslog parameters are given without a value. For
+ Ultrix or 4.2BSD "syslog" is allowed without a value since there are
+ no facilities in the 4.2BSD syslog.
+ [69e7a686f5f0]
+
+1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Ignore the syslog facility for systems w/ old syslog like Ultrix.
+ [5c250adbbb84]
+
+ * TROUBLESHOOTING:
+ people with "." early in their path can have problems running sudo
+ from the build dir ;-)
+ [20a1744a24a4]
+
+1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Remove -r realm option
+ [127caa537f95]
+
+ * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
+ configure.in, sudo.c:
+ New krb5 code from Frank Cusack <fcusack@iconnet.net>.
+ [7177a3893a62]
+
+ * CHANGES:
+ update to reality
+ [766cfbb512d6]
+
+1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c:
+ include <auth.h> to get function prototypes.
+ [d6c7c12d09fe]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ document -L flag
+ [dc803e1ce0d7]
+
+1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ in set_perms(), always call setuid(0) before changing the ruid/euid
+ so we always know it will succeed.
+ [8cced1b862bf]
+
+ * defaults.h:
+ #undef T_FOO to avoid conflicts with system defines (like on
+ ULTRIX).
+ [d9f0aac092b0]
+
+ * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
+ sudoers.pod:
+ Docuement "Defaults" lines in /etc/sudoers. Still needs some
+ fleshing out but this is a start.
+ [521a1e629bbc]
+
+1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * use strtol, not strtoul since not everyone has not strtoul
+ [988462f093cc]
+
+ * defaults.c:
+ use strtol, not strtoul since not everyone has not strtoul
+ [fce835ce62e3]
+
+ * lex.yy.c, parse.lex:
+ last {WORD} rule should only apply in the INITIAL state
+ [9b57570bfa83]
+
+ * lex.yy.c, parse.lex:
+ o Add support for escaped characters in the WORD macro o Modify
+ fill() to squash escape chars
+ [87572d59e4e0]
+
+ * defaults.c, defaults.h:
+ o Add T_PATH flag to allow simple sanity checks for default values
+ that are supposed to be pathnames. o Fix a duplicate free when
+ visudo finds an error.
+ [bdc6855a6c6d]
+
+1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, defaults.h, logging.c:
+ mail_if_foo -> mail_foo
+ [cbee9415875d]
+
+1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
+ o Add requiretty option o Move O_NOCTTY to compat.h
+ [65b8bf0e1795]
+
+ * logging.c:
+ The exit() in log_error() was mistakenly removed in a previous
+ version. Put it back...
+ [9473449130a4]
+
+1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+ auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
+ configure, configure.in, defaults.c, defaults.h, find_path.c,
+ getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
+ o Change defaults stuff to put the value right in the struct. o
+ Implement mailer_flags o Store syslog stuff both in int and string
+ form. Setting the string form magically updates the int version.
+ o Add boolean attribute to strings where it makes sense to say !foo
+ [4698953f9a36]
+
+ * tgetpass.c:
+ add O_NOCTTY when opening /dev/tty just in case
+ [4c6d1d1bb300]
+
+1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API:
+ cleanup function no longer takes a status arg
+ [0819edbfe7f8]
+
+ * INSTALL:
+ the the
+ [19aadb65ea28]
+
+1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO, config.h.in, configure, configure.in, logging.c:
+ Use strftime() instead of ctime() if it is available.
+ [fb60ea63b514]
+
+1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ fix copyright date
+ [4a53b54aa72f]
+
+ * RUNSON:
+ update ReliantUNIX entry
+ [de618a4f67d9]
+
+ * defaults.c, defaults.h, logging.c:
+ add log_year option
+ [251a9e20568a]
+
+ * configure, configure.in:
+ add --without-sendmail to help output
+ [93162f199902]
+
+ * configure, configure.in:
+ enforce an otctal arg for --with-suoders-mode
+ [45e1b04ccad3]
+
+1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
+ auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
+ auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
+ defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
+ parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
+ testsudoers.c, version.c, visudo.c:
+ Add support for "Defaults" line in sudoers to make configuration
+ variables changable at runtime (and on a global, per-host and per-
+ user basis). Both the names and the internal representation are
+ still subject to change. It was necessary to make sudo_user.runas
+ but a char ** instead of a char * since this value can be changed by
+ a Defaults line. There is a similar (but more complicated) issue
+ with sudo_user.prompt but it is handled differently at the moment.
+
+ Add a "-L" flag to list the name of options with their descriptions.
+ This may only be temporary.
+
+ Move some prototypes to parse.h
+
+ Be much less restrictive on what is allowed for a username.
+ [f71abf7ba80c]
+
+ * sample.syslog.conf:
+ Add more info
+ [e952e6f42d4d]
+
+1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
+ strcasecmp.c:
+ UCB has dropped the advertising clause from their license.
+ [a5602b36a341]
+
+1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.h:
+ move dce_verofy proto to correct section
+ [972c815af558]
+
+ * auth/dce.c:
+ remove XXX
+ [820631855be0]
+
+1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/fnmatch.h:
+ Add fnmatch() prototype
+ [79e84576d92a]
+
+ * fnmatch.c, parse.c, testsudoers.c:
+ Move inclusion of emul/fnmatch.h to be after sudo.h for __P
+ [1182c89fa811]
+
+ * sudo.h:
+ add strcasecmp proto
+ [512d1d8a6a0c]
+
+ * auth/sudo_auth.c:
+ add check for case where there are no auth methods
+ [e4af2b91b43e]
+
+ * configure, configure.in:
+ Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
+ SunOS4 w/ gcc
+ [746ce8bcec23]
+
+ * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
+ include strings.h everywhere we include string.h
+ [6f7d5d437e7b]
+
+ * version.c:
+ nicer output when showing auth methods
+ [0eac4b977f9d]
+
+ * version.c:
+ Add support for SEND_MAIL_WHEN_NO_HOST
+ [9f20a3a3fae6]
+
+ * config.h.in, configure, configure.in:
+ Add _GNU_SOURCE for Linux
+ [c7bd8c511847]
+
+ * lex.yy.c, parse.lex:
+ fix definition of OCTECT
+ [4af30e63244d]
+
+ * configure, configure.in:
+ aix_auth.o not authenticate.o
+ [fe95dfb08df4]
+
+1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
+ keyboard). Since we run with ruid/euid == 0 the user can't really
+ signal us in nasty ways.
+ [a7f6487c0f48]
+
+ * visudo.c:
+ Don't need to worry about catching too many signals since we do
+ locking on the tmp file. If a lockfile is really stale, it will be
+ detected and overwritten.
+ [28983db3e749]
+
+ * INSTALL, Makefile.in:
+ include auth/API in tarball
+ [014991600252]
+
+ * auth/sudo_auth.c:
+ move memset() of plaintext pw outside of verify loop and only do the
+ memset if we are *not* in standalone mode.
+ [66f8e87567e2]
+
+ * auth/sudo_auth.c, auth/sudo_auth.h:
+ DCE is not a standalone method
+ [34963e2d8a1b]
+
+ * sudo.c:
+ fix --enable-noargs-shell
+ [4234062abbb0]
+
+ * snprintf.c:
+ "#ifdef __STDC__" not "#if __STDC__" (I missed one)
+ [c430b80454c6]
+
+ * auth/fwtk.c, auth/sia.c:
+ _cleanup() function returns an int.
+ [d1a1cc071ec1]
+
+ * auth/dce.c:
+ there were still some return(0)'s hanging around, make them
+ AUTH_FAILURE
+ [1002aa1962c3]
+
+ * parse.c:
+ typo in comment
+ [5abc410dbfd2]
+
+ * version.c:
+ add missing semicolon
+ [a262283b52a5]
+
+ * auth/sudo_auth.h:
+ missing backslash
+ [bf89f6bd2900]
+
+1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, config.h.in, configure, configure.in:
+ Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
+ [f1a9bca0cf67]
+
+ * Makefile.in:
+ add parse.h to HDRS
+ [a3d054987766]
+
+ * Makefile.in, configure, configure.in:
+ Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
+ LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
+ network libs like -lsocket, -lnsl go in NET_LIBS. This allows
+ testsudoers to build on Solaris and is a bit cleaner in general.
+ [4e6239e97002]
+
+ * UPGRADE:
+ mention ptmp -> sudoers.tmp
+ [ec3baa0fe8a1]
+
+ * config.h.in, configure, configure.in:
+ Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
+ [6f93dc7f39f5]
+
+ * RUNSON:
+ add 2 reports
+ [ce0fcc00ee4e]
+
+ * auth/kerb5.c:
+ Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
+ return a value more like a system function
+ [0dd56aa21424]
+
+ * auth/dce.c:
+ Add an XXX
+ [58fc8562c212]
+
+ * TODO:
+ more things todo!
+ [5a459d0cf339]
+
+ * sample.sudoers:
+ update based on what is in the man page
+ [1a0477db96fa]
+
+ * parse.yacc, sudo.tab.c:
+ minor change to first line printed in -l mode
+ [69eb57d96952]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+ standard and add "EXAMPLES" section
+ [7e543335ebe1]
+
+ * visudo.cat, visudo.html, visudo.man, visudo.pod:
+ rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+ standard
+ [f82d87ed65c2]
+
+ * logging.c, parse.c, sudo.h:
+ add FLAG_NO_CHECK
+ [c7d69176a2d7]
+
+ * lex.yy.c, parse.lex:
+ make an OCTET really be limited to 0-255
+ [6ee568dd6a02]
+
+ * UPGRADE:
+ mention timestamp changes
+ [e44d5302bf60]
+
+ * PORTING:
+ cosmetic cleanup
+ [36fa3a2664dd]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ new sudoers(8) man page
+ [e674d06283d0]
+
+1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.c:
+ Update comments about syslog name tables
+ [63830a782dcb]
+
+ * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
+ strcasecmp.c, sudo.tab.c:
+ include strcasecmp() for those without it
+ [a0d8e2488bbc]
+
+ * sample.sudoers:
+ Use the : operator some more and fix a typo
+ [18804c70da86]
+
+ * HISTORY:
+ update the history of sudo
+ [9d9b3d5279b3]
+
+ * parse.c, parse.lex, testsudoers.c:
+ CIDR-style netmask support
+ [768644467353]
+
+ * CHANGES:
+ recent changes
+ [a4319e9d07cb]
+
+ * sudo.tab.c, sudo.tab.h:
+ these should be generated with byacc, not bison
+ [f57b9489b752]
+
+ * lex.yy.c:
+ regen
+ [522461f95dfa]
+
+ * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
+ In "sudo -l" mode, the type of the stored (expanded) alias was not
+ stored with the contents. This could lead to incorrect output if
+ the sudoers file had different alias types with the same name.
+ Normal parsing (ie: not in '-l' mode) is unaffected.
+ [823fe2bc4b79]
+
+1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ define _XOPEN_SOURCE to get at crypt() proto on some systems
+ [1b3769b86fb9]
+
+1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ fix comment
+ [fc1264df00f7]
+
+ * tgetpass.c:
+ don't need limits.h
+ [f1631829af45]
+
+ * snprintf.c:
+ kill bogus reference to vfprintf
+ [a0b99b25d389]
+
+ * sample.sudoers, sudoers:
+ better examples
+ [b4d87ea64cc8]
+
+ * snprintf.c:
+ Add some const in the K&R defs. This is safe since we define const
+ away if the compiler doesn't grok it.
+ [614d6e83d45e]
+
+ * aclocal.m4, configure:
+ Better test for working long long support. Ultrix compiler supports
+ basic long long but not all operations on them.
+ [5da1508710ed]
+
+ * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
+ snprintf.c, sudo.c:
+ Add check for LONG_IS_QUAD #undef MAXINT before including
+ hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
+ in snprintf.c and use LONG_IS_QUAD
+ [a1f7993367fc]
+
+1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
+ snprintf.c:
+ UCB-derived snprintf + asprintf support. Supports quads if the
+ compiler does. No floating point yet, perhaps later...
+ [0caf05aba945]
+
+1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
+ goodpath.c, logging.c, parse.c, sudo.c:
+ Run most of the code as root, not the invoking user. It doesn't
+ really gain us anything to run as the user since an attacker can
+ just have an setuid(0) in their egg. Running as root solves
+ potential problems wrt signalling.
+ [408e530dda01]
+
+ * sudo.tab.c:
+ regen
+ [f8cfb37e37de]
+
+1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, sudo.c:
+ Don't wait for child to finish in log_error(), let the signal
+ handler get it if we are still running, else let init reap it for
+ us. The extra time it takes to wait lets the user know that mail is
+ being sent.
+
+ Install SIGCHLD handler in main() and for POSIX signals, block
+ everything
+ *except* SIGCHLD.
+ [d2b6ab0ef3be]
+
+ * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
+ parse.yacc, sudo.c, sudo.h:
+ sudoers_lookup() now returns a bitmap instead of an int. This makes
+ it possible to express things like "failed to validate because user
+ not listed for this host". Some thigns that were previously
+ VALIDATE_FOO are now FLAG_FOO. This may change later on.
+
+ Reorganized code in log_auth() and sudo.c to deal with above
+ changes.
+
+ Safer versions of push/pushcp with in the do { ... } while (0) style
+
+ parse.yacc now saves info on the stack to allow parse.c to determine
+ if a user was listed, but not for the host he/she tried to run on.
+
+ Added --with-mail-if-no-host option
+ [63326cb01efc]
+
+1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
+ visudo.man, visudo.pod:
+ o NewArgv and NewArgc don't need to be externally visible. o If
+ pedantic > 1, it is a parse error. o Add -s (strict) option to
+ visudo which sets pedantic to 2.
+ [5d7d81b55cd5]
+
+ * HISTORY, INSTALL:
+ Just have sudo-bugs contact info in one place
+ [e7f6588ea683]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Add BUGS section
+ [6607d96ea510]
+
+ * Makefile.in, configure, configure.in:
+ Add testsudoers to default build target if --with-devel Don't clean
+ generated parser files unless "distclean".
+ [5827b769dc57]
+
+ * parse.yacc, sudo.tab.c:
+ In pedantic mode we need to save *all* the aliases, not just those
+ that match, or we get spurious warnings.
+ [24f5b1f0e1de]
+
+ * TROUBLESHOOTING:
+ reference samples.sylog.conf
+ [11841668380a]
+
+1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.syslog.conf:
+ Sample entries for syslog.conf
+ [0f7697d878a1]
+
+ * CHANGES:
+ recent changes
+ [8bca8810c6bd]
+
+ * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+ auth/sudo_auth.c, auth/sudo_auth.h:
+ In struct sudo_auth, turn need_root and configured into flags and
+ add a flag to specify an auth method is running alone (the only
+ one). Pass auth methods their sudo_auth pointer, not the data
+ pointer. This allows us to get at the flags and tell if we are the
+ only auth method. That, in turn, allows the method to be able to
+ decide what should/should not be a fatal error. Currently only
+ rfc1938 uses it this way, which allows us to kill the OTP_ONLY
+ define and te hackery that went with it. With access to the
+ sudo_auth struct, methods can also get at a string holding their
+ cannonical name (useful in error messages).
+ [b7e320fc6511]
+
+ * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
+ getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
+ sudo.tab.h:
+ o --with-otp deprecated, use --without-passwd instead o real
+ dependencies in the Makefile o --with-devel option to enable yacc,
+ lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
+ back to being a token, not a string but don't leak memory o rename
+ hsotspec -> host in parse.yacc
+ [912c45226cb2]
+
+1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, CHANGES:
+ recent changes
+ [801fa6e55687]
+
+ * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
+ sudo.c, sudo.h:
+ o Digital UNIX needs to check for *snprintf() before -ldb is added
+ to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
+ for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
+ functions in snprintf.c to fix -Wall o Add missing includes to fix
+ more -Wall
+ [8d207203e126]
+
+ * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
+ configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
+ visudo.c:
+ o Add a "pedentic" flag to the parser. This makes sudo warn in
+ cases where an alias may be used before it is defined. Only turned
+ on for visudo and testsudoers. o Add --disable-authentication option
+ that makes sudo not require authentication by default. The PASSWD
+ tag can be used to require authentication for an entry. We no
+ longer overload --without-passwd.
+ [f307e09adf98]
+
+ * lex.yy.c, parse.lex:
+ Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
+ username can contain just about anything so be very permissive. Also
+ drop the unused \. punctuation.
+ [06a50614ff89]
+
+1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c:
+ o add a 'val' element to aliasinfo struct and move -> parse.h o
+ find_alias() now returns an aliasinfo * instead of boolean o
+ add_alias() now takes a value parameter to store in the
+ aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
+ return: 1) positive match 0) negative match (due to '!')
+ -1) no match This means setting $$ explicitly in all cases, which I
+ should have done in the first place. It also means that we always
+ store a value that is != -1 and when we see a '!' we can set
+ *_matches to !rv if rv != -1. The upshot of all of this is that '!'
+ now works the way it should in lists and some of the rules are more
+ uniform and sensible.
+ [ad8e73b5d581]
+
+ * Makefile.in:
+ add parse.h dependency
+ [4ccccd464d30]
+
+ * parse.h:
+ kill unused *_matched macros
+ [02cba6dcb732]
+
+ * parse.yacc:
+ Allow a list of users as the first thing in a user spec, not just a
+ single entry. This makes things more uniform, though it does allow
+ you to write user specs that are hard to read.
+ [3c4c91c508ca]
+
+ * sudo.tab.c:
+ parse.yacc
+ [feca81881bb6]
+
+ * configure:
+ regen
+ [6f247010bb3b]
+
+ * configure.in:
+ fix check for crypt() in libufc
+ [82770736f4b0]
+
+1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ sudo-users list now exists
+ [4716d2bb0bbf]
+
+ * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
+ Update to reality.
+ [1eda2d57e42a]
+
+ * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
+ config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
+ version.c, visudo.c:
+ o Move lock_file() and touch() into fileops.c so visudo can use them
+ o Visudo now locks the sudoers temp file instead of bailing when the
+ temp file already exists. This fixes the problem of stale temp
+ files but it does *require* that you not try to put the temp file in
+ a world-writable directory. This shoud not be an issue as the temp
+ file should live in the same dir as sudoers. o Visudo now only
+ installs the temp file as sudoers if it changed.
+ [2517cd06c070]
+
+1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ add fcntl locking
+ [c304adeaf515]
+
+ * config.h.in, configure, configure.in, logging.c:
+ Lock the log file.
+ [d8652704fbdf]
+
+ * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
+ visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
+ temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
+ -> _PATH_SUDOERS_TMP
+ [68cad8975807]
+
+1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
+ o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
+ root sudo -V config reporting
+ [cdd2613a9dcf]
+
+ * configure, configure.in:
+ aix_auth.o not authenticate.o
+ [d972e35f6730]
+
+ * config.h.in:
+ Add --with-goodpri and --with-badpri configure options to specify
+ the syslog priority to use.
+ [2595ae50ab86]
+
+ * INSTALL, configure, configure.in, logging.h:
+ Add --with-goodpri and --with-badpri configure options to specify
+ the syslog priority to use.
+ [8276ee9b2b49]
+
+ * compat.h:
+ kill crufty AIX stuff
+ [a4f35ef9854e]
+
+ * Makefile.in:
+ Sigh, some versions of make (like Solaris's) don't deal with $< like
+ I would expect. Both GNU and BSD makes get this right but... So, we
+ just expand $< inline at the cost of some ugliness.
+ [b1b456f8801f]
+
+ * version.c:
+ If the invoking user is root, sudo will now print configure info in
+ -V mode. Currently just prints logging info, to be expanded later.
+ [392f7ed99267]
+
+ * logging.c, logging.h, sudo.c, sudo.h:
+ o new defines for syslog facility and priority o use new
+ print_version() functino for -V mode
+ [78abc5142985]
+
+ * check.c:
+ Don't need version.c
+ [db9a830ad893]
+
+ * aclocal.m4, config.h.in, configure, configure.in:
+ Add check for syslog facilities and priorities tables in syslog.h
+ [b86213e5fc5c]
+
+ * Makefile.in:
+ o authenticate -> aix_auth o add version.c
+ [44b6b9a8d0f5]
+
+ * auth/sudo_auth.c:
+ Missed a prompt -> user_prompt conversion
+ [e4c60b1f210c]
+
+1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sudo should lock its logfile
+ [6d2830b28b07]
+
+ * parse.yacc, sudo.tab.c:
+ o Add '!' correctly when expanding Aliases. o Add shortcut macros
+ for append() to make things more readable. o The separator in
+ append() is now a string instead of a char. o In append(), only
+ prepend the separator if the last char is not a '!'. This is a
+ hack but it greatly simplifies '!' handling. o In -l mode, Runas
+ lists and NOPASSWD/PASSWD tags are now inherited across entries in
+ a list (matches current behavior). o Fix formatting in -l mode such
+ that items in a list are separated by a space. Greatlt improves
+ readability. o Space for name field in struct aliasinfo is now
+ allocated dyanically instead of using a (big) buffer. o In
+ add_alias(), only search the list once (lsearch instead of lfind +
+ lsearch)
+ [51f7e07addb9]
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen
+ [5c19bb05dc21]
+
+ * configure, configure.in:
+ Solais pam doesn't require anye xtra setup
+ [a25ba03d91d1]
+
+ * parse.yacc:
+ o Simpler '!' support now that the lexer deals with multiple !'s for
+ us. o In the case of opFOO, have FOO give a boolean return value and
+ set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
+ it gets fill()'d in parse.lex--fixes a small memory leak. In the
+ long run it may be better to just fix parse.lex and make ALL back
+ into a token. However, having it be a string is useful since it
+ can be easily passed back to the parent rule if we so desire.
+ [b3c64b443018]
+
+ * parse.lex:
+ o Remove some unnecessary backslashes o collapse multiple !'s by
+ using !+ and checking if yyleng is even or odd. this allows us to
+ simplify ! handling in parse.yacc
+ [76330e8da8e3]
+
+ * sudo.c:
+ -u flag was being ignored
+ [e30283207585]
+
+1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ correct fix
+ [a0e2377dec8f]
+
+ * Makefile.in:
+ work around pod2man stupididy
+ [7c755640b67f]
+
+ * Makefile.in:
+ correct dependencies for .cat
+ [5ed7b0653b68]
+
+ * sudo.cat, sudo.man, visudo.cat, visudo.man:
+ regen
+ [b74510dd6a0a]
+
+ * sudo.pod, visudo.pod:
+ Add copyright Update to reality
+ [188e9b046c15]
+
+ * parse.c, sudo.c, sudo.h:
+ rename validate() to the more descriptive sudoers_lookup()
+ [7a1cb652f379]
+
+ * auth/aix_auth.c:
+ use tgetpass
+ [b8ba5daec40a]
+
+1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [e61460cdf4a0]
+
+ * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
+ configure, configure.in, sudo.c:
+ Sudo, not CU Sudo
+ [9061b3573c0c]
+
+ * LICENSE:
+ add 4th term to license similar to term 5 in the apache license
+ [92712e895afb]
+
+ * emul/search.h, emul/utime.h:
+ add 4th term to license similar to term 5 in the apache license
+ [4f93a8b9396e]
+
+ * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
+ auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
+ auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
+ auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
+ logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ add 4th term to license similar to term 5 in the apache license
+ [afae9f2bf9ec]
+
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+ add 4th term to license similar to term 5 in the apache license
+ [c389d3fdafac]
+
+ * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
+ getspwuid.c, goodpath.c:
+ add 4th term to license similar to term 5 in the apache license
+ [969e63dbd38e]
+
+ * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
+ insults.h, logging.c, sudo.c, sudo.h:
+ there was a 1995 release too
+ [5963fd89457a]
+
+1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [254b794f16ab]
+
+ * check.c:
+ Use dirs instead of files for timestamp. This allows tty and non-
+ tty schemes to coexist reasonably. Note, however, that when you
+ update a tty ticket, the mtime on the user dir gets updated as well.
+ [44bfac32f799]
+
+ * configure, configure.in:
+ Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
+ when linking test program, not just -lprot. Also add check for
+ getspnam(). The SCO docs indicate that /etc/shadow can be used but
+ this may be a lie.
+ [2ba21d36cc1e]
+
+1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API:
+ first cut at auth API description
+ [3d10df021eb8]
+
+1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
+ auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
+ auth/sudo_auth.h:
+ auth API change. There is now an init method that gets run before
+ the main loop. This allows auth routines to differentiate between
+ initialization that happens once vs. setup that needs to run each
+ time through the loop.
+ [76df1c0d3478]
+
+ * auth/kerb5.c, logging.c:
+ use easprintf() and evasprintf()
+ [fd97d96dc12f]
+
+ * alloc.c, sudo.h:
+ add easprintf() and evasprintf(), error checking versions of
+ asprintf() and vasprintf()
+ [f54385de20b7]
+
+ * TODO:
+ remove 2 items. One done, one won't do.
+ [64513b47bc7a]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [4aa299de2752]
+
+ * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
+ visudo.html, visudo.man:
+ regen
+ [553c0d1209be]
+
+ * CHANGES:
+ new changes
+ [d7be00b7e36b]
+
+ * sudo.pod:
+ o Document -K flag and update meaning of -k flag. o BSD-style
+ copyright o Document clearing of BIND resolver environment variables
+ o Clarify bit about shared libs o suggest rc files create /tmp/.odus
+ if your OS gives away files
+ [4a4092be1455]
+
+ * visudo.pod:
+ BSD license
+ [ad0bfd0a4630]
+
+ * version.h:
+ BSD-style copyright
+ [ecc6479325be]
+
+ * tgetpass.c:
+ o BSD copyright o no need to block signals, we now do that in main()
+ o cosmetic changes
+ [61958beda7ab]
+
+ * testsudoers.c, visudo.c:
+ o BSD-style copyright o Use "struct sudo_user" instead of old
+ globals. o some cometic cleanup
+ [88c0c6924082]
+
+ * sudo_setenv.c:
+ BSD-style copyright
+ [df20290129a0]
+
+ * sudo.h:
+ o BSD copyright o logging and parser bits moved to their own .h
+ files o new "struct sudo_user" to encapsulate many of the old
+ globals.
+ [50fc86bf25cb]
+
+ * sudo.c:
+ o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
+ logging routines o simplified flow of control o BIND resolver
+ additions to badenv_table
+ [8c53f15bfcb0]
+
+ * strerror.c:
+ BSD-style copyright
+ [7c906c3a82ac]
+
+ * snprintf.c:
+ Now compiles on more K&R compilers
+ [07ab1d3231c7]
+
+ * putenv.c:
+ BSD-style copyright, cosmetic changes
+ [c42371295881]
+
+ * pathnames.h.in:
+ BSD-style copyright
+ [e5c34ebd4cf1]
+
+ * parse.c, parse.h, parse.lex, parse.yacc:
+ BSD-style copyright. Move parser-specific defines and structs into
+ parse.h + other cosmetic changes
+ [d3088efb6228]
+
+ * logging.h:
+ defines for logging routines
+ [13147941c02d]
+
+ * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
+ BSD-style copyright, cosmetic changes
+ [e8205e91a4fa]
+
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.h:
+ BSD-style copyright
+ [b9499da7cdce]
+
+ * configure.in:
+ o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
+ kill --disable-tgetpass o add --without-passwd o changes to fill in
+ AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
+ v?asprintf() o replace --with-AuthSRV with --with-fwtk
+ [9a3f39b9c128]
+
+ * config.h.in:
+ BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
+ HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
+ HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
+ [9a09054db53a]
+
+ * compat.h:
+ BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
+ [25509c566975]
+
+ * alloc.c:
+ BSD-style copyright
+ [4967be892363]
+
+ * TROUBLESHOOTING:
+ no more --with-getpass
+ [afd5b670c196]
+
+ * TODO:
+ Take out things I've done...
+ [375420c8270e]
+
+ * README:
+ Refer to LICENSE
+ [c486c8db30f6]
+
+ * PORTING:
+ --with-getpass no longer exists
+ [db48202df1bb]
+
+ * Makefile.in:
+ BSD-style copyright. Update to reflect reality wrt new files and
+ new auth modules.
+ [61a2ca7940fb]
+
+ * INSTALL:
+ Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
+ --without-passwd.
+ [64e8f9e1c05e]
+
+ * HISTORY:
+ Update history a bit
+ [df60c0a871b8]
+
+ * COPYING, LICENSE:
+ Now distributed under a BSD-style license
+ [d1a184ccabe1]
+
+ * auth/sudo_auth.c:
+ o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
+ options. o skey/opie replaced by rfc1938 code o new struct sudo_user
+ global
+ [891b57060868]
+
+ * auth/pam.c, auth/sia.c:
+ BSD-style copyright and use new log functions
+ [65c44445ea84]
+
+ * auth/kerb5.c:
+ o BSD-style copyright o Use new log functiongs o Use asprintf() and
+ snprintf() where sensible.
+ [1ff0feaacf95]
+
+ * check.c:
+ Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
+ done more reasonably--better sanity checks and tty-based stamps are
+ now done as files in a directory with the same name as the invoking
+ user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
+ to mix tty and non-tty based ticket schemes but this may change in
+ the future (it requires sudo to use a directory instead of a file in
+ the non-tty case). Also, ``sudo -k'' now sets the ticket back to
+ the epoch and ``sudo -K'' really deletes the file. That way you
+ don't get the lecture again just because you killed your ticket in
+ .logout. BSD-style copyright now.
+ [ec3460f85be8]
+
+ * logging.c:
+ o rewritten logging routines. log_error() now takes printf-style
+ varargs and log_auth() for the return value of validate(). o BSD-
+ style copyright
+ [438292025c4e]
+
+ * auth.c, check_sia.c, dce_pwent.c, secureware.c:
+ superceded by new auth API
+ [412060590da7]
+
+ * auth/kerb4.c:
+ BSD-style copyright
+ [cc4e800833c7]
+
+ * auth/fwtk.c:
+ Use snprintf() where it makes sense and add a BSD-style copyright
+ [1b7502388a74]
+
+ * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
+ BSD-style copyright
+ [42583bedae5c]
+
+ * emul/utime.h, utime.c:
+ BSD-style copyright
+ [3985c90aba47]
+
+ * emul/search.h:
+ this has been rewritten so use my BSD-style copyright
+ [176df1b0de6f]
+
+1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ include malloc.h if no stdlib.h
+ [7b123f1d1d03]
+
+ * snprintf.c:
+ KTH snprintf()/asprintf() for systems w/o them
+ [3ca9aefb9d01]
+
+ * strerror.c:
+ strerror() for systems w/o it
+ [7f0bd8a1c1b4]
+
+1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ stylistic changes
+ [6f99aceb7170]
+
+ * parse.c, parse.lex, parse.yacc:
+ Add contribution info in the main comment
+ [e50cec10acd6]
+
+1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ remove missed ref to PAM_nullpw
+ [a43e59692cdb]
+
+ * auth/sudo_auth.h:
+ pasto
+ [891ff138ab89]
+
+ * auth/kerb5.c:
+ more or less complete now--still untested
+ [21036732faa0]
+
+ * auth/afs.c, auth/pam.c:
+ don't use user_name macro, it will go away
+ [def7cf727349]
+
+ * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
+ combine skey/opie code into rfc1938.c
+ [44d88ca93d3e]
+
+ * auth/dce.c, auth/sudo_auth.h:
+ DCE authentication method; basically unchanged from dce_pwent.c
+ [4d468473dd6f]
+
+ * auth/aix_auth.c, auth/sudo_auth.h:
+ AIX authenticate() support. Could probably be much better
+ [000013321a33]
+
+ * auth/sia.c:
+ Fix an uninitialized variable and some cleanup. Now works (tested)
+ [fd6ad88ff055]
+
+ * auth/sia.c, auth/sudo_auth.h:
+ SIA support for digital unix
+ [5335f3e70eab]
+
+ * auth/pam.c:
+ don't use prompt global, it will go away
+ [fadd22dd6ce4]
+
+ * auth/secureware.c:
+ correct copyright years
+ [6aa07c49f51b]
+
+ * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
+ auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
+ auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
+ New authentication API and methods
+ [9debe9b59c79]
+
+1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [84578e82c1a6]
+
+ * parse.yacc:
+ only save an entry if user_matches && host_matches, even if the
+ stack is empty (fix for previous commit)
+ [00984b078d8a]
+
+ * sudo.tab.c:
+ regen
+ [66acf160b4b7]
+
+ * parse.yacc:
+ 1) Always save an entry on the stack if it is empty. This fixes the
+ -l and -v flags that were broken by earlier parser changes.
+
+ 2) In a Runas list, don't negate FALSE -> TRUE since that would make
+ !foo match any time the user specified a runas user (via -u) other
+ than foo.
+ [f322eb54b015]
+
+ * testsudoers.c:
+ interfaces and num_interfaces are now auto, not extern
+ [113add5c6518]
+
+1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth.c:
+ use a static global to keep stae about empty passwords
+ [bc02e30807d8]
+
+ * check_sia.c:
+ make PASSWORD_NOT_CORRECT logging consistent with other modules
+ [21962549d5fd]
+
+1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth.c:
+ PAM prompt code was wrong, looks like we have to kludge it after
+ all.
+ [91f246155ead]
+
+ * auth.c:
+ In the PAM code, when a user hits return at the first password
+ prompt, exit without a warning just like the normal auth code
+ [918f59bacdb7]
+
+ * configure, configure.in:
+ kludge around cross-compiler false positives
+ [5e5fc8356400]
+
+ * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
+ New (correct) PAM code Tgetpass now takes an echo flag for use with
+ PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
+ useless umask setting Change error from BAD_ALLOCATION ->
+ BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
+ for consistency
+ [e71397f09dd8]
+
+ * sudo.c:
+ Some -Wall and kill some trailing spaces
+ [8229b43d5c4e]
+
+ * configure.in:
+ define -D__EXTENSIONS__ for solaris so we get crypt() proto
+ [7533e4436cab]
+
+1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ add Dynix 4.4.4
+ [b69f773efbce]
+
+ * INSTALL, config.h.in, configure, configure.in:
+ for kerberos V < version, fall back on old kerb4 auth code
+ [d685ed3a1d8e]
+
+ * INSTALL:
+ clarify some things
+ [2f5ba2e8e53a]
+
+ * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
+ typos
+ [8925a109c093]
+
+1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ mention why DONT_LEAK_PATH_INFO is not the default
+ [0346260cb4ec]
+
+1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Fix open(2) return value checking, was NULL for fopen, should be -1
+ for open
+ [355878bf6d8a]
+
+ * configure:
+ regen
+ [68bf82871862]
+
+ * configure.in:
+ better wording for solaris pam notice
+ [04e88c7a6c42]
+
+ * CHANGES:
+ document recent changes
+ [7c922c5622ef]
+
+ * TROUBLESHOOTING:
+ Update shadow password section
+ [e8448bae7d66]
+
+ * auth.c:
+ move authentication code from check.c to auth.c
+ [e9f6ecae2399]
+
+ * Makefile.in, check.c, sudo.h:
+ move authentication code to auth.c
+ [124cded85f46]
+
+1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
+ getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
+ logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
+ sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
+ visudo.c:
+ Move interface-related defines to interfaces.h so we don't have to
+ include <netinet/in.h> everywhere.
+ [e7599d8ea0bf]
+
+1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
+ parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
+ o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
+ turns out the old DES crypt does the right thing with passwords
+ longert than 8 characters. o Fix common typo (necesary ->
+ necessary) o Update TODO list
+ [ad75007a6f13]
+
+1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ set $LOGNAME when we set $USER
+ [391596210fd7]
+
+1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ add comment about digital unix and interfaces.c warning with gcc
+ [e20f815901cc]
+
+1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ use modern paths and give examples for some of the new parser
+ features
+ [e7b2e507c695]
+
+1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ fix comment
+ [5eb0d005a65f]
+
+ * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
+ getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
+ parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ Function names should be flush with the start of the line so they
+ can be found trivially in an editor and with grep
+ [3c400abde574]
+
+ * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
+ sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
+ free(3) is already void, no need to cast it
+ [6981e1ebda0f]
+
+ * logging.c, sudo.c, sudo.h:
+ catch case where cmnd_safe is not set (this should not be possible)
+ [3e1e3038546c]
+
+ * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+ testsudoers.c, visudo.c:
+ Stash the "safe" path (ie: the one listed in sudoers) to the command
+ instead of stashing the struct stat. Should be safer.
+ [aa2883fcf57e]
+
+1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, Makefile.in, UPGRADE:
+ notes on updating from an earlier release
+ [df9fffa4ab2c]
+
+ * CHANGES:
+ updated
+ [574f5065d15a]
+
+1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
+ sudoers.man, sudoers.pod:
+ You can now specifiy a host list instead of just a host or alias.
+ Ie: user = host1,host2,ALIAS,!host3 my_command now works.
+ [e3942bb78021]
+
+ * testsudoers.c:
+ Quiet -Wall
+ [a3edc8b08c3a]
+
+ * parse.yacc, sudo.tab.c:
+ Move the push from the beginning of cmndspec to the end. This means
+ we no longer have to do a push at the end of privilege, just reset
+ some values.
+ [8ea66e5860c6]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
+ use "!" most everywhere
+ [aadae4d1c9d5]
+
+1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ modernize paths and update su example based on sample.sudoers one
+ [3f6a37e16c83]
+
+ * sample.sudoers:
+ New runas semantics
+ [756ee92865b7]
+
+ * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
+ strdup.c, sudo.h:
+ In estrdup(), do the malloc ourselves so we don't need to rely on
+ the system strdup(3) which may or may not exist. There is now no
+ need to provide strdup() for those w/o it. Also, the prototype for
+ estrdup() was wrong, it returns char * and its param is const.
+ [5f1f984da8e3]
+
+ * getcwd.c:
+ $Sudo tag
+ [e4188a35e68c]
+
+ * check.c:
+ buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
+ [2aec87c86cde]
+
+ * CHANGES, TODO, parse.yacc, sudo.tab.c:
+ It is now possible to use the '!' operator in a runas list as well
+ as in a Cmnd_Alias, Host_Alias and User_Alias.
+ [a4fdaabda990]
+
+ * logging.c, sudo.h:
+ Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
+ [73d0376785ae]
+
+ * sudo.h:
+ Definitions of *_matched were wrong--user top, not top-2 as
+ subscript.
+ [5f8350a57362]
+
+ * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+ Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
+ command but the NOPASSWD flag was set. Make runasspec, runaslist,
+ runasuser, and nopasswd typeless in parse.yacc Add support for '!'
+ in the runas list Fix double printing of '%' and '+' for groups and
+ netgroups respectively Add *_matched macros (no need for local stack
+ variable). Should only be used directly after a pop (since top must
+ be >= 2).
+ [392b1400c4e6]
+
+ * aclocal.m4, configure.in:
+ Add copyright, somewhat silly
+ [55c2cdd82dca]
+
+1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
+ compat.h, config.h.in, configure, configure.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
+ putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
+ sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
+ visudo.man:
+ Crank version to 1.6 and combine copyright statements
+ [0e1c791658ae]
+
+ * sample.sudoers:
+ Use ! not ^ to do negation
+ [1480a0761730]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [89ca5a46684b]
+
+ * parse.lex, parse.yacc:
+ Make runas and NOPASSWD tags persistent across entris in a command
+ list. Add a PASSWD tag to reverse NOPASSWD. When you override a
+ runas or *PASSWD tag the value given becomes the new default for the
+ rest of the command list.
+ [f1bbb4066542]
+
+1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, RUNSON:
+ update for 1.5.9
+ [a1ae9d4a7d54] [SUDO_1_5_9]
+
+ * visudo.c:
+ Shift return value of system(3) by 8 to get real exit value and if
+ it is not 1 or 0 print the retval along with the error message.
+ [c1ff50d743fb]
+
+1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ testsudoers needs LIBOBJS too
+ [972571b4e4bf]
+
+ * parse.c, parse.yacc, sudo.tab.c:
+ Fix another parser bug. For a sudoers entry like this: millert
+ ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
+ as root.
+ [51968e1eb33d]
+
+ * CHANGES:
+ new change
+ [271c6110bb62]
+
+ * parse.yacc, sudo.tab.c:
+ Save entries that match a ! command on the matching stack too
+ [5afb5107116c]
+
+ * sudo.c:
+ Make sudo's usage info better when mutually exclusive args are given
+ and don't rely on argument order to detect this; nick@zeta.org.au
+ [2422753c88fd]
+
+1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, Makefile.in, RUNSON:
+ updates from CU
+ [b37381e3dafb]
+
+ * Makefile.in:
+ use gzip
+ [94a64e52a166]
+
+ * parse.yacc, sudo.tab.c:
+ Fix off by one error introduced in *alloc changes
+ [95ede581153a]
+
+ * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
+ check_sia.c, compat.h, config.h.in, configure, configure.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
+ sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
+ sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ ++version
+ [c6d88f024e37]
+
+ * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
+ interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+ putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
+ Use emalloc/erealloc/estrdup
+ [44221d97361a]
+
+ * alloc.c:
+ error checking memory allocation routines
+ [5f8c1e7bbc71]
+
+ * parse.yacc, sudo.tab.c:
+ Still not right, this fixes it for real
+ [ad553b6f5339]
+
+ * parse.yacc, sudo.tab.c:
+ Fix for previous commit
+ [4d6f989f9bf2]
+
+ * CHANGES, INSTALL, parse.yacc:
+ Fix a parser bug that was exposed when mixing different runas specs
+ and ! commands. For example: millert ALL=(daemon)
+ /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
+ as well as daemon when it should just allow daemon. The problem was
+ that comma-separated commands in a list shared the same entry on the
+ matching stack. Now they get their own entry iff there is a full
+ match. It may be better to just make the runas spec persistent
+ across all commands in a list like the user and host entries of the
+ matching stack. However, since that is a fairly major change it
+ should gets its own minor rev increase.
+ [c4b939cdcc8e]
+
+1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, config.h.in:
+ Simplify PAM code and fix a PAM-related warning on Linux
+ [2468399523b6]
+
+1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [29d4a997769c]
+
+ * sample.sudoers:
+ better su entry
+ [76d8285a72ba]
+
+ * configure:
+ regen
+ [b7450cc6975d]
+
+ * check.c, configure.in:
+ new pam code that works on solaris, should work on linux too;
+ aelberg@home.com
+ [84c16c0ff259]
+
+1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ more entries
+ [b6bef8660759]
+
+ * config.h.in:
+ only include strings.h if there is no string.h
+ [b66054a32b00]
+
+1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess:
+ Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
+ [c086d2fe63af]
+
+1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ shost must be set before log functions are called #ifdef HOST_IN_LOG
+ [d49a7944358f]
+
+1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, lex.yy.c, parse.lex:
+ Fix a bug wrt quoting characters in command args. Stop processing
+ an arg when you hit a backslash so the quoted-character detection
+ can catch it.
+ [2281438d7f41]
+
+1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
+ [31118a9e9916]
+
+1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ add missing case statement so --without-sendmail works
+ [ca25614f7dd9]
+
+1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ more
+ [4d70e44f7f93]
+
+1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ only search for -lsun in irix <= 4.x
+ [e604238317b1]
+
+ * configure, configure.in:
+ back out last configure.in change now that I've hacked autoconf to
+ fix the real problem and add a missing newline
+ [2dabf59a79b5]
+
+ * CHANGES:
+ updated
+ [bb35d526552f]
+
+ * getcwd.c:
+ add def of dirfd() for those without it
+ [95f0173d8441]
+
+ * configure, configure.in:
+ When falling back to checking for socket() when linking with
+ "-lsocket -lnsl" check for main() instead since autoconf has already
+ cached the results of checking for socket() in -lsocket. This is
+ really an autoconf bug as it should use the extra libs as part of
+ the cache variable name.
+ [a845f8b710ad]
+
+ * configure.in:
+ typo
+ [a7d62f62a478]
+
+1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fix occurrence of $with_timeout that should be
+ $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
+ bochum.de
+ [8c4da2cf73d1]
+
+1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ fix grammar; espie@openbsd.org
+ [7031d9dfbc3e] [SUDO_1_5_8]
+
+1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.c, testsudoers.c:
+ add cast for strdup in places it does not have it
+ [7ce4478d3b0f]
+
+1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ define for_BSD_TYPES irix
+ [858337ff4af8]
+
+1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Make it clear that it is the user's password, not root's, that we
+ want.
+ [ae0f51b35ee4]
+
+ * check.c, sudo.h:
+ If the user enters an empty password and really has no password,
+ accept the empty password they entered. Perviously, they could
+ enter anything
+ *but* an empty password. Also, add GETPASS macro that calls either
+ tgetpass() or getpass() depending on how sudo was configured.
+ Problem noted by jdg@maths.qmw.ac.uk
+ [2fde21ce94c1]
+
+1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ add explicate copyright
+ [d3b4449834a5]
+
+ * CHANGES:
+ mention -lsocket, -lnsl configure changes
+ [9140af4ad8ae]
+
+1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Don't clobber errno after calling check_sudoers().
+ [59bd581b2654]
+
+1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ When linking with both -lsocket and -lnsl be sure to do so in that
+ order. Also, when we can't find socket() or inet_addr() and have to
+ try linking with both libs, issue a warning.
+ [0ee547163067]
+
+ * sudo.cat, sudo.man, sudo.pod:
+ clarify bad timestamp and fmt
+ [70e42cf56c75]
+
+1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, RUNSON:
+ be clear that pam is linux-only and add a RUNSON entry
+ [7fdeab875e0d]
+
+1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, INSTALL, configure, configure.in:
+ fix and correctly document --with-umask; problem noted by
+ adap@adap.org
+ [11cd0481d63a]
+
+1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ only use /usr/{man,catman}/local to store man pages if suer didn't
+ override prefix or mandir
+ [781ad2cbe9be]
+
+ * INSTALL, configure, configure.in:
+ fix typo, make --with-SecurID take an arg
+ [026a9b4014fc]
+
+1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updates from users
+ [2286982b31e6]
+
+ * CHANGES, INSTALL, check.c, configure, configure.in:
+ FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
+ [23aa4e5c6b02]
+
+ * configure, configure.in:
+ better fix for the problem of unresolved symbols in -lnsl or
+ -lsocket
+ [82fe70fc287f]
+
+ * configure, configure.in:
+ when checking for functions in -lnsl and -lsocket link with both of
+ them to avoid unresolved symbols on some weirdo systems
+ [1734a591808e]
+
+1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, CHANGES, RUNSON, TODO:
+ old changes that didn't make it into RCS before the RCS->CVS switch
+ [846eb2b8f9aa]
+
+1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+ configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
+ getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
+ lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
+ sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
+ visudo.pod:
+ add sudo tags
+ [962f81eaa5ab]
+
+ * sudo.h:
+ testing Sudo tag
+ [e84cbc521129]
+
+ * version.h:
+ testing Sudo tag
+ [a8c3a3998b88]
+
+ * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
+ config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
+ find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
+ logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
+ sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
+ utime.c, version.h, visudo.c, visudo.cat, visudo.man:
+ crank version and regen files
+ [23eacf00a1a4]
+
+ * Makefile.in:
+ kill rcs goop in update_version and fix now that version is a const
+ [e6e50bd8d1e1]
+
+ * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
+ sudo.c, sudo.h, sudo.pod:
+ kerb5 support from fcusack@iconnet.net
+ [8134027986e2]
+
+ * realpath.c, sudo_realpath.c:
+ we no longer use realpath
+ [0f5f64abc646]
+
+ * qualify.c:
+ replaced by find_path.c
+ [9e32a87e09c4]
+
+ * options.h:
+ all options are now configure flags
+ [ee6bd9610102]
+
+ * lex.yy.c:
+ regen
+ [bdbf8a18161f]
+
+ * getwd.c:
+ superceded by getcwd.c
+ [1e54ee0990b4]
+
+ * getpass.c:
+ superceded by tgetpass.c
+ [4e0d1edc30e3]
+
+ * SUPPORTED:
+ superceded by RUNSON
+ [854c5a21cb53]
+
+ * OPTIONS:
+ No longer used now that we have configure options for everything.
+ [9b1ae1c89259]
+
+ * configure:
+ regen based on configure.in
+ [3a4d73936973]
+
+ * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
+ sudoers.man, visudo.cat, visudo.html, visudo.man:
+ regen based on sudo.pod, sudoers.pod, and visudo.pod
+ [c267beb90778]
+
+1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fix tty tickets in remove_timestamp (didn't use ':')
+ [fd964a74a32b]
+
+1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ close sock when we are done with it
+ [95de0380f8a4]
+
+1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ never say "error on line -1"
+ [361db1491121]
+
+1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ check for -lnsl before -lsocket
+ [8e966d6bbcb5]
+
+ * configure.in:
+ quote '[', ']' used in ranges correctly
+ [fa4f9c6ff651]
+
+1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add missing NO_ROOT_SUDO noted by drno@tsd.edu
+ [c969f25d1667]
+
+1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ 1.5.7
+ [7a22de0bc148]
+
+ * INSTALL:
+ more info for 1.5.7
+ [30ad9e784799]
+
+ * README:
+ update for 1.5.7
+ [cd03a0a27cd2]
+
+ * parse.yacc:
+ make increases of cm_list_size and ga_list_size be similar to
+ increases of stacksize (ie: >= not > in initial compare).
+ [6bd450a896c7]
+
+ * parse.yacc:
+ when we get a syntax error, report it for the previous line since
+ that's generally where the error occurred.
+ [c4ac84058f0b]
+
+1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in, interfaces.c:
+ add back check for sys/sockio.h but only use it if SIOCGIFCONF is
+ not defined
+ [d197f31fd1e4] [SUDO_1_5_7]
+
+ * config.h.in:
+ define BSD_COMP for svr4
+ [87ac1147ff79]
+
+ * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+ goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+ parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ more -Wall
+ [d98e2d32db2a]
+
+ * configure.in:
+ kill check for sockio,h
+ [4399779014c1]
+
+ * config.h.in:
+ no more HAVE_SYS_SOCKIO_H
+ [67484528e347]
+
+ * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+ goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+ parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ -Wall
+ [2b7e83976788]
+
+1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ add missing inform_user()
+ [8689528c6d55]
+
+1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ return NOT_FOUND if given fully qualified path and it does not exist
+ previously it would perror(ENOENT) which bypasses the option to not
+ leak path info
+ [ccbc3d0130ae]
+
+ * configure.in:
+ for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
+ -ldes
+ [c77d3b484ece]
+
+1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ tty tickets are user:tty now
+ [a53a303a614d]
+
+ * check.c:
+ when using tty tickets make it user:tty not user.tty as a username
+ could have a '.' in it
+ [3160b3f5c890]
+
+1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ add "ignoring foo found in ." for auth successful case
+ [24257169e0bd]
+
+1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ add missing printf param
+ [8c905124f777]
+
+1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
+ go back to printing "command not found" unless --disable-path-info
+ specified. Also, tell user when we ignore '.' in their path and it
+ would have been used but for --with-ignore-dot.
+ [066e118c11e4]
+
+ * check.c, sudo.c:
+ Only one space after a colon, not two, in printf's
+ [38452f4c8007]
+
+1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ document setting $USER
+ [80557fe6aede]
+
+ * check.c:
+ fix bugs with prompt expansion
+ [44c4fca5f009]
+
+ * sudo.c:
+ set $USER for root too
+ [4b525e1c6269]
+
+1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getspwuid.c:
+ typo
+ [5107446f43e0]
+
+ * configure.in:
+ HP-UX's iscomsec is in -lsec, not libc
+ [03c9f700b795]
+
+ * configure.in:
+ remove some entries in the OS case statement that did nothing
+ [ea96e7e0f624]
+
+ * TROUBLESHOOTING:
+ add "cd" section and flush out syslog section
+ [5107f7363b78]
+
+ * Makefile.in:
+ no more sudo-lex.yy.c
+ [ed50826efbbc]
+
+ * check_sia.c:
+ add custom prompt support
+ [6a285cea10b7]
+
+ * testsudoers.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity
+ [eee31052921e]
+
+ * sudo.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity set $USER if -u specified
+ [9f3753461f8a]
+
+ * parse.yacc:
+ kill perror("malloc") since we already have a good error messages
+ [849459088ac3]
+
+ * parse.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity when checking if %group matches, look up
+ user in password file so that %groups works in a RunAs spec.
+ [0489b4ecc59a]
+
+ * logging.c:
+ kill perror("malloc") since we already have a good error messages
+ [3191a18b3526]
+
+ * check.c, getspwuid.c, interfaces.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity
+ [7193fdb38cf9]
+
+1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ the prompt is expanded before tgetpass is called
+ [0f408f508041]
+
+ * sudo.h:
+ tgetpass now has the same args as getpass again
+ [b6778cd9d79f]
+
+ * getspwuid.c:
+ add iscomsec, issecure support
+ [007be7ec7ae7]
+
+ * check.c:
+ we now expand any %h or %u in the prompt before passing to tgetpass
+ [f3db8c9ee387]
+
+ * configure.in:
+ add check for syslog(3) in -lsocket, -lnsl, -linet
+ [5a96f902ce00]
+
+ * config.h.in:
+ add HAVE_ISCOMSEC and HAVE_ISSECURE
+ [f640b0d4cf05]
+
+ * configure.in:
+ add check for iscomsec in HP-UX
+ [b28b249040f0]
+
+ * configure.in:
+ check for issecure if we have getpwanam on SunOS some options are
+ incompatible with DUNIX SIA check for dispcrypt on DUNIX
+ [a49d05d9c913]
+
+1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add HAVE_DISPCRYPT
+ [7376d543d8d6]
+
+ * secureware.c:
+ add back support for non-dispcrypt based checking for older DUNIX
+ [977b98e936be]
+
+ * INSTALL:
+ sia changes
+ [c5387c06e30f]
+
+ * configure.in:
+ SIA becomes the default on Digital UNIX now havbe --disable-sia to
+ turn it off...
+ [3b647558ea13]
+
+ * check.c:
+ move local includes after system ones
+ [b2abad4c4aef]
+
+1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, check_sia.c, sudo.h:
+ add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
+ stderr
+ [547cbf299661]
+
+ * check_sia.c:
+ fix while loop in sia_attempt_auth() that checks the password. Only
+ the first iteration was working.
+ [1886fd1ac831]
+
+1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ don't trust UID_MAX or MAXUID
+ [2aeddb1654d8]
+
+ * configure.in:
+ fix two pastos
+ [c18f0a10b75d]
+
+ * configure.in:
+ fix typo
+ [1eb3190ef12d]
+
+ * getspwuid.c, secureware.c:
+ init crypt_type to INT_MAX since it is legal to be negative in DUNX
+ 5.0
+ [cefbde04822d]
+
+ * configure.in:
+ for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
+ -ldb since DUNX < 4.0 lacks it
+ [e6b11d971068]
+
+1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
+ secureware.c, sudo.c, tgetpass.c:
+ getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
+ minutes if the shadow files don't exist).
+ [2f297d095004]
+
+1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ updated --with-editor blurb
+ [77d8a3ea7328]
+
+ * TROUBLESHOOTING:
+ tell how to put sudoers in a different dir
+ [456cd20eb1d0]
+
+ * configure.in:
+ add missing quotes around $with_editor
+ [22881748ab1b]
+
+ * configure.in:
+ typo in --with-editor bits
+ [ab6964580681]
+
+ * INSTALL:
+ I don't expect it to work on Solaris
+ [1c2fceaaf56e]
+
+ * check.c:
+ add back security/pam_misc.h
+ [6ffd30033c1e]
+
+1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ remove dunix note since configure checks for this now
+ [e9904512b8e8]
+
+ * configure.in:
+ add check for broken dunix prot.h (4.0 < 4.0D is bad)
+ [8a4c1e6aef3b]
+
+ * getspwuid.c, secureware.c, tgetpass.c:
+ new dunix shadow code, use dispcrypt(3)
+ [1b936bc7268c]
+
+ * config.h.in:
+ add HAVE_INITPRIVS
+ [4369f4c4f914]
+
+ * sudo.c:
+ call initprivs() if we have it for getprpwuid later on
+ [11cf5915d826]
+
+ * Makefile.in:
+ clean pathnames.h too
+ [5f1df3262613]
+
+ * configure.in:
+ quote "Sorry, try again." with [] since it has a comma in it set
+ LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
+ getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
+ initprivs later.
+ [e226b0a3f250]
+
+ * INSTALL:
+ update Digital UNIX note about acl.h
+ [80132b71d73a]
+
+ * INSTALL:
+ add --with-sia
+ --without-root-sudo -> --disable-root-sudo some reordering
+ [198386358818]
+
+ * secureware.c:
+ add whitespace
+ [4aadaf1a54b0]
+
+ * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
+ add SIA support
+ [fa3ddbb9cc51]
+
+ * check_sia.c:
+ Initial revision
+ [2968551d40e4]
+
+1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ when checking for -lsocket, -lnsl, and -linet, check for the
+ specific functions we need from them.
+ [8d33e64362a3]
+
+ * config.h.in, sudo.h:
+ move Syslog_* defs into sudo.h
+ [03d1774f25c7]
+
+ * Makefile.in, sudo.h:
+ added check_secureware
+ [e46e3cbb9a97]
+
+ * configure.in:
+ finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
+ [dbefe1856503]
+
+ * insults.h:
+ don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
+ defined. configure now does that for us
+ [e4520ea0581f]
+
+ * configure.in:
+ move some --with options around change a bunch of echo's to
+ AC_MSG_CHECKING, AC_MSG_RESULT pairs
+ [ffdf6869fdd7]
+
+ * configure.in:
+ change $with_foo-bar -> $with_foo_bar kill extra " that caused a
+ syntax error add some echo verbage
+ [3278c49bf74b]
+
+1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ moved SecureWare stuff into secureware.c
+ [42d3d3ac35dc]
+
+ * secureware.c:
+ Initial revision
+ [aa7f72a249cf]
+
+ * INSTALL:
+ update url to solaris gcc bins
+ [36a3eb668777]
+
+ * INSTALL:
+ change option formatter and flesh out someentries
+ [6fbd1db4a8ad]
+
+ * TROUBLESHOOTING, sudo.pod, visudo.pod:
+ environmental variable -> environment variable
+ [6f14d708e32d]
+
+ * BUGS:
+ everything is now done via configure
+ [c217858f58ab]
+
+ * README:
+ prev rev was 1.5.6
+ [7b4177103c35]
+
+ * Makefile.in:
+ passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
+ [31c6b0a5e0e2]
+
+ * config.h.in:
+ SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
+ [d406a1ef6d25]
+
+ * Makefile.in:
+ merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
+ sudoers_mode from configure
+ [1c509500655a]
+
+ * configure.in:
+ SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
+ the Makefile, not config.h
+ [d4482f1492fe]
+
+ * INSTALL:
+ document all --with/--enable options
+ [22d81b312d7f]
+
+1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * insults.h:
+ options.h is no more
+ [560946a33f7f]
+
+ * config.h.in:
+ assimilated options.h
+ [dd8ce74613c1]
+
+ * configure.in:
+ moved options from options.h to configure
+ [d39662f71b4e]
+
+ * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
+ sudo_setenv.c, visudo.c:
+ no more options.h
+ [43924bf0858d]
+
+ * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
+ remove references to options.h
+ [ef3474295395]
+
+ * dce_pwent.c, interfaces.c, sudo.c:
+ kill sys/time.h
+ [4d833f0034e4]
+
+ * tgetpass.c:
+ if select return < -1 still prompt for pw
+ [e0009e5c93a2]
+
+ * options.h:
+ convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
+ configure options
+ [e60a1e546516]
+
+ * parse.c:
+ FAST_MATCH is no longer an optino
+ [c448dbb3464b]
+
+ * check.c:
+ remove_timestamp() if timestamp is preposterous
+ [70d9a86c6ecd]
+
+ * options.h:
+ convert more options to --with/--enable
+ [34646d9b09dc]
+
+ * INSTALL, aclocal.m4:
+ logfile -> logpath
+ [42de502bc637]
+
+ * configure.in:
+ convert more options into --with and --enable
+ [92d0898c9844]
+
+ * tgetpass.c:
+ catch EINTR in select and restart
+ [f045d2f234d7]
+
+ * logging.c:
+ sys/errno -> errno
+ [7f0c5beab6f2]
+
+1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ UMASK -> SUDO_UMASK.
+ [48f308661514]
+
+ * check.c, logging.c:
+ time.h, not sys/time.h
+ [91de049c79e4]
+
+1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ MAILER -> _PATH_SENDMAIL
+ [df65d6896639]
+
+ * INSTALL, configure.in:
+ no more --with-C2, now it is --disable-shadow
+ [18bfcab3b9ab]
+
+ * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
+ getspwuid.c, sudo.c, tgetpass.c:
+ new shadow password scheme. Always include shadow support if the
+ platform supports it and the user did not disable it via configure
+ [2135d93bb4a9]
+
+1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ --with-getpass -> --{enable,disable}-tgetpass
+ [451b33fdd4c7]
+
+ * Makefile.in:
+ pathnames.h -> pathnames.h.in
+ [b109022eca69]
+
+ * check.c:
+ fix version string
+ [761b25c314ea]
+
+ * check.c:
+ move pam_conv to be static to auth function remove pam_misc.h
+ (solaris doesn't have one)
+ [a682e4da987a]
+
+ * aclocal.m4:
+ _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
+ [e6005d0599b5]
+
+ * configure.in:
+ munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
+ [24c0ac2155ef]
+
+ * pathnames.h.in:
+ convert to pathnames.h.in
+ [013bddf7f684]
+
+1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fix typo in sysv4 matching case /.
+ [2994c4f88cf5]
+
+1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ pam stuff needs to run as root, not user, for shadow passwords
+ [d94ff75de503]
+
+1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, README, configure.in:
+ updated version
+ [775adc7de7ac]
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [5ca599fb6b93]
+
+ * check.c:
+ user version.h for long message
+ [47a52ac7e542]
+
+ * check.c:
+ this is version 1.5.6
+ [8451ac79eee2]
+
+1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ remove errant backslash
+ [0222a8a650ff]
+
+1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * options.h, parse.yacc, pathnames.h.in:
+ fix version string
+ [fdee73255d64] [SUDO_1_5_6]
+
+ * BUGS, CHANGES, TODO:
+ updtaed for 1.5.6
+ [752443bf7f26]
+
+ * RUNSON:
+ updated for 1.5.6
+ [0f878123fe6a]
+
+1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ kill unused localhost_mask var copy if name to ifr_tmp after we zero
+ it
+ [8e89c364cef2]
+
+1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Better description of new vs. old sudoers modes fix some typos
+ better description of /usr/ucb/cc gotchas on slowaris
+ [c00b2a6fc1e8]
+
+ * Makefile.in:
+ add sample.pam
+ [ec7f6cc19b00]
+
+ * sudo.c:
+ set NewArgv[0] to user_shell, not basename(user_shell)
+ [1e907cbc9f7b]
+
+1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ mention TROUBLESHOOTING more fix some typos
+ [2c2e6907d4a4]
+
+ * configure.in:
+ move --enable/--disable to be after --with
+ [9b30097f76c1]
+
+ * INSTALL:
+ document --enable/--disable
+ [c522362e38a8]
+
+ * INSTALL:
+ document --with-pam
+ [7e38932c78ac]
+
+1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Add message for pam users
+ [d224f277e3cd]
+
+ * sample.pam:
+ Initial revision
+ [3a84d7045f54]
+
+ * config.h.in:
+ fix HAVE_PAM
+ [2f0f303ebd88]
+
+ * check.c, config.h.in, configure.in:
+ pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
+ [ea3e0a72d707]
+
+1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add HOST_IN_LOG and WRAP_LOG
+ [822c36eeb6a8]
+
+ * logging.c:
+ add WRAP_LOG and HOST_IN_LOG
+ [3cf6052bd27e]
+
+ * configure.in:
+ add --enable-log-host and --enable-log-wrap
+ [c968cc12b353]
+
+ * aclocal.m4:
+ use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
+ [915fef7e11a1]
+
+1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ add howmany macro
+ [9107a057a7c8]
+
+ * tgetpass.c:
+ include sys/param.h to get howmany macro
+ [7e908b5e1f32]
+
+1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+ add RUNAS_DEFAULT
+ [1e76398ea3fd]
+
+1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ bring in stdio.h for NULL
+ [69c016610cbb]
+
+ * aclocal.m4:
+ allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
+ [15ab2972f8d0]
+
+ * sudo.c:
+ use HAVE_SET_AUTH_PARAMETERS
+ [8abfdc8c80f7]
+
+ * config.h.in:
+ add HAVE_SET_AUTH_PARAMETERS
+ [673a5ebd5539]
+
+ * configure.in:
+ add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
+ [a401f5a7469a]
+
+ * config.sub:
+ add support for HI-UX/MPP SR220001 02-03 0 SR2201
+ [cb657b7acaae]
+
+ * interfaces.c:
+ initialize previfname
+ [26a1902f56dc]
+
+ * interfaces.c:
+ Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
+ it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
+ kludging it
+ [fa5c890c313b]
+
+ * configure.in:
+ typo
+ [bff579fbe95c]
+
+ * Makefile.in:
+ don't need special build line for sudo.tab.o
+ [10c0a0a912e4]
+
+ * Makefile.in:
+ don't clean sudo.tab.[ch]
+ [c40d5968efbb]
+
+ * sudo.c:
+ Sudo should prompt for a password before telling the user that a
+ command could not be found.
+ [d718c85a0047]
+
+ * BUGS:
+ for 1.5.6
+ [0cc1fe5b9129]
+
+ * INSTALL, README:
+ no longer require yacc
+ [d9096fc5b8b6]
+
+ * Makefile.in:
+ typo
+ [70feb1aefbd5]
+
+ * Makefile.in:
+ y.tab -> sudo.tab include pre-yacc'd parse.yacc
+ [cc802025fd44]
+
+ * parse.lex:
+ include sudo.tab.h, not y.tab.h don't break out of command args if
+ you get a '='
+ [728ad26dbda5]
+
+ * insults.h:
+ fix version ,
+ [242bbce1b2d4]
+
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+ fix version
+ [2bb9086fea1e]
+
+ * compat.h:
+ fix version
+ [7e634d498ce6]
+
+ * getcwd.c:
+ getcwd(3) from OpenBSD for those without it.
+ [6c68d0df8f6c]
+
+ * sudo.h:
+ HAVE_GETWD -> HAVE_GETCWD
+ [2ad1e64d60c0]
+
+ * configure.in:
+ pretend sunos doesn't have getcwd(3) since it opens a pipe to
+ getpwd!
+ [677992ba5a6a]
+
+ * parse.c:
+ use NAMLEN() macro
+ [8f5685aa3165]
+
+ * fnmatch.c:
+ remove duplicate include of string.h
+ [6024f3051ac3]
+
+ * configure.in:
+ call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+ [3d82a9c22cc2]
+
+ * aclocal.m4:
+ add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+ [53fbc47282f9]
+
+ * config.h.in:
+ add dev_t and ino_t
+ [5929bb0c7e1a]
+
+1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fix OTP_ONLY for opie
+ [7edcfa78f2ec]
+
+1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * testsudoers.c, tgetpass.c:
+ include stdlib.h for malloc proto
+ [c9f4b99a2fe9]
+
+1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ make update_version saner
+ [d522f93ee04a]
+
+ * config.h.in:
+ add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
+ [c9a2d21dc608]
+
+ * configure.in:
+ check for waitpid and wait3 or no waitpid
+ [1f18c3224184]
+
+ * logging.c:
+ used waitpid or wait3 if we have 'em
+ [391c3279ee65]
+
+1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
+ [fbf53b18178f]
+
+1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ don't need to explicately mention -lsocket -lnsl for sequent
+ [1898dc055352]
+
+1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ dynix should not link with -linet
+ [278a4b9cfe2a]
+
+1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention that HP-UX doesn't ship with yacc
+ [bde5147198c0]
+
+1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ ignore kerberos if we can't get the local realm
+ [1e311a091a27]
+
+1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, README, configure.in:
+ ++version
+ [499ffc746018]
+
+ * version.h:
+ ++
+ [35ba1ee01bd3]
+
+ * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
+ find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [b4990a513f31]
+
+ * check.c, sudo.h:
+ fix version
+ [5710795834e8]
+
+ * getcwd.c:
+ don't use popen/pclose. Do it inline.
+ [29e57b0646a4]
+
+ * lsearch.c:
+ add rcsid
+ [b2b55c39858d]
+
+ * sudo.c:
+ typo
+ [d381ac39ed0f]
+
+ * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
+ sudo.h:
+ updated version
+ [462d6e1a2d75]
+
+ * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
+ MAX* + 1 -> MAX*
+ [2c2eeb78d34f]
+
+ * Makefile.in:
+ getwd.c -> getcwd.c
+ [7d718c32fc02]
+
+ * config.h.in:
+ kill HAVE_GETWD
+ [6ad3d702343f]
+
+ * configure.in:
+ getcwd, not getwd
+ [33e5b9841f58]
+
+ * getcwd.c:
+ use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
+ purpose
+ [24e58d340161]
+
+1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS, options.h:
+ add STUB_LOAD_INTERFACES
+ [d747cb23ca83]
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [0798229312cc]
+
+ * configure.in:
+ support *-ccur-sysv4 and fix two typos
+ [24a823ad7cc9]
+
+1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ don't echo about with_logfile and with_timedir
+ [31e4a1e2d9ad]
+
+ * INSTALL:
+ document --with-logfile and --with-timedir
+ [674f811a40e0]
+
+ * aclocal.m4:
+ support --with-logfile and --with-timedir
+ [2fc36b35db12]
+
+ * configure.in:
+ Add --with-logfile and --with-timedir
+ [09045bf07e29]
+
+ * sudo.c:
+ change size computation of NewArgv for UNICOS
+ [b50df07da3a1]
+
+1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ treate -*-sysv4* like *-*-svr4
+ [471b7ef4dbf2]
+
+1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fix spacing for --with-authenticate help
+ [8321cb37c410]
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [dc1ab97312eb]
+
+ * parse.yacc:
+ fix off by one error in push macro
+ [bece59c8c3a9]
+
+1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ removed bogus alloca hack
+ [a68dd720462d]
+
+ * check.c:
+ added AIX 4.x authenticate() support
+ [12985eb448a0]
+
+ * parse.yacc:
+ include alloca.h if using bison and not gcc and it exists. fixes an
+ alloca problem on hpux 10.x
+ [e3b5c4f26072]
+
+ * INSTALL:
+ mention --with-authenticate
+ [78a1c96820e7]
+
+ * configure.in:
+ added AIX authenticate() support
+ [c983193ec252]
+
+ * config.h.in:
+ add HAVE_AUTHENTICATE
+ [7b0e5f5db5d9]
+
+ * interfaces.c:
+ dynamically size ifconf buffer
+ [10afb0e9b2f9]
+
+ * configure.in:
+ quote '[' and ']'
+ [8fc38a4defad]
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [5f66de71ec61]
+
+ * visudo.pod:
+ add ERRORS section
+ [3df3edb73cf6]
+
+1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ add busy stmp file explanation
+ [6c555d469b6f]
+
+1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ the name of the cached var that signals whether or not you are cross
+ compiling changed. It is now ac_cv_prog_cc_cross
+ [123911c0658c]
+
+1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention glibc 2.07 is fixed wrt lsearch()\.
+ [ded758524582]
+
+1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers, sudoers.pod:
+ better example of su but not root su
+ [b3199610be21]
+
+1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [46922b84e86b]
+
+ * Makefile.in:
+ correct regexp for updating version
+ [8032728b2a8a]
+
+ * tgetpass.c:
+ remove bogus flush of stderr spew prompt before turning off echo.
+ Seems to fix a weird problem where if sudo complained about a bogus
+ stamp file the user would sometimes not have a chance to enter a
+ password
+ [7aa1493cc141]
+
+ * check.c:
+ fix bogus flush of stderr
+ [6d047871c5e8]
+
+ * sudo.c:
+ close fd's <=2 not <=3 and move that chunk of code up
+ [553e4faac195]
+
+ * configure.in:
+ support hpux1[0-9] not just hpux10
+ [5a34a000ff8a]
+
+1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ set sudoers_fp to nil after closing
+ [221a8b4bbf34]
+
+1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ updated from autoconf 2.12
+ [6fc86a0fc61b]
+
+ * configure.in:
+ add *-*-svr4 rule
+ [38f0427f7c9d]
+
+1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ fix select usage for high fd's (dynamically allocate readfds)
+ [c2d1f76e0321]
+
+ * check.c:
+ kill extra whitespace
+ [d784b6c9c514]
+
+ * sudo.c:
+ do an initgroups() before running a command, unless the target user
+ is root.
+ [4ca561287480]
+
+1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ tell people to use tabs, not spaces, in syslog.conf
+ [8ae90a205134]
+
+1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
+ parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
+ updated version
+ [4d855ff5de26]
+
+ * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
+ updated version
+ [8e007e178b33]
+
+ * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
+ updated version
+ [9ddea5c8814d]
+
+ * Makefile.in:
+ more tweaks to update_version
+ [047698752855]
+
+ * Makefile.in:
+ fixed up update_version rule
+ [47b6fa34b77f]
+
+ * configure.in:
+ ++version
+ [c1ca664e30b7]
+
+ * Makefile.in:
+ removed supe of check.c
+ [8f340a05296a]
+
+ * INSTALL:
+ ++version I missed
+ [a298e6c17491]
+
+ * RUNSON:
+ updated
+ [a14f6057bc15]
+
+ * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+ parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ updated version
+ [02231b1a3ab3]
+
+ * CHANGES:
+ updated for 1.5.5
+ [634e5fcaf40b]
+
+ * Makefile.in:
+ add rules to update version stuff in files so I don't need to do it
+ by hand
+ [3620ad60485a]
+
+ * sudo.h:
+ sudoers_fp is now extern
+ [88c6e9b9ea84]
+
+ * sudo.c:
+ in check_sudoers, cache the sudoers file handle in sudoers_fp so we
+ don't have to open it again in the parse. This may help with weird
+ solaris problems where EAGAIN sometime occurrs.
+ [d3c26451ed1d]
+
+ * parse.c:
+ sudoers file open is now done only in check_sudoers() so we just do
+ a rewind() instead of an open. May help people on solaris who were
+ getting EAGAIN.
+ [c8b8c7722fa5]
+
+1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention that newer glibc is fixed
+ [20f06f5d3ef3]
+
+1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
+ _RLD* instead of _RLD_*
+ [1e22c588d602]
+
+ * parse.c:
+ typo
+ [d0b7cb85f08a]
+
+ * parse.c:
+ fix that bug for real
+ [5a6eeca6d04b]
+
+ * INSTALL:
+ document Linux's libc6 brokenness.
+ [0246c1aa64ee]
+
+ * parse.yacc:
+ -Wall
+ [d0e452fb1e2d]
+
+ * RUNSON:
+ updated
+ [4949a1bbd0a9] [SUDO_1_5_4]
+
+ * TROUBLESHOOTING:
+ remind people to HUP syslogd
+ [590962faa4f0]
+
+ * Makefile.in:
+ add -O flag to tar
+ [622d02de339d]
+
+ * RUNSON:
+ updated
+ [a72930d6e615]
+
+ * TODO:
+ updated
+ [4a51bd458390]
+
+ * sudo.pod:
+ remove author's email addr. people should mail sudo-bugs
+ [9b6bbdb3a6d9]
+
+ * INSTALL:
+ fix version
+ [246274c6c8af]
+
+ * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
+ find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [f532ff4ee766]
+
+ * RUNSON:
+ updated
+ [62d5c71358b5]
+
+ * INSTALL, Makefile.in:
+ ++version
+ [1a7c7628edfc]
+
+ * CHANGES:
+ updated fort 1.5.4
+ [7e4873508c99]
+
+ * check.c:
+ exit(1) if user enters no passwd
+ [f382c0e35e4e]
+
+ * BUGS:
+ ++version
+ [fab6a867ab67]
+
+ * parse.c:
+ commands can start with ./* not just /* -- fixes a serious security
+ hole.
+ [244d2fe35ee3]
+
+1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Don't set the tty variable to NULL when we lack a tty, leave it as
+ "unknown".
+ [193b26daba03]
+
+1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ fix usage of (username) in conjunction with , and !
+ [7ae68607f68f]
+
+ * visudo.c:
+ catch the case where the user is not in the passwd file
+ [31650258deb0]
+
+ * tgetpass.c:
+ use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
+ select(2)
+ [60ab2d9a9ee8]
+
+ * sudo.c:
+ define tty global to an initial value to avoid dumping core in
+ logging functions when passwd file is unavailable.
+ [77056c7bc908]
+
+ * sudo.c:
+ do the set_perms(PERM_USER, sudo_mode) after we have gotten the
+ passwd entry
+ [1fdb8e579a5a]
+
+ * sudo.pod:
+ talk about problem of ALL
+ [1cd1905c9f6f]
+
+1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ new web location
+ [d24dc26f6da5]
+
+ * INSTALL:
+ fdesc bug is fixed in Open/Net BSD
+ [7d4d81b08ac3]
+
+ * HISTORY:
+ updates from Nieusma
+ [3a43769a1b78]
+
+1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * dce_pwent.c:
+ move compat.h after the system includes
+ [5ea43a5968ac]
+
+1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ save errno from being clobbered by wait(). From Theo
+ [f2d1c48cd592]
+
+1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ fix an occurence of setresuid -> setreuid (typo)
+ [394de35c9b1c]
+
+1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ check for path to strip
+ [2b7ef824bd55]
+
+1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ deal with maxfilelen < 0 case
+ [f0af095178d7]
+
+ * OPTIONS:
+ fixed descriptin
+ [629f60bd4b5f]
+
+1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ correct error message if mode/owner wrong and not statable by owner
+ but is statable by root.
+ [cb631ce2e85e]
+
+1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ autoconf 2.11
+ [f3cbe59e0756]
+
+1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, RUNSON, TODO:
+ sudo 1.5.3.
+ [2be3229b8626]
+
+1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.h:
+ command_alias -> generic_alias
+ [c404ca8c510d] [SUDO_1_5_3]
+
+ * sample.sudoers:
+ added Runas_Alias example and fixed syntax errors
+ [c304053f4a8a]
+
+ * OPTIONS, options.h:
+ updated MAILSUBJECT
+ [18d1573fcd2a]
+
+ * logging.c:
+ added %h expansion
+ [a4bff9b284fd]
+
+ * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+ parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ ++version
+ [211ff20f956f]
+
+ * BUGS, emul/utime.h:
+ ++version
+ [cde5376579e3]
+
+ * sudoers.pod:
+ document Runas_Alias
+ [b1a58f28fb2c]
+
+ * visudo.pod:
+ q (uid) -> Q
+ [d256649a0e6b]
+
+ * visudo.c:
+ buffer oflow checking q (uit) -> Q if yyparse() fails drop into
+ whatnow
+ [1cb183d15626]
+
+ * parse.yacc:
+ add size params to sprintf
+ [9228f698921f]
+
+ * parse.lex:
+ allow trailing space after '\\' but before '\n'
+ [f51dbbf69fdf]
+
+ * find_path.c:
+ off by one error in path size check
+ [a6d75ccd7632]
+
+ * check.c:
+ sprintf paranoia
+ [3ffb12d198dd]
+
+1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fixed more_aliases
+ [aab12f2a50af]
+
+ * visudo.c:
+ now warns if killed by signal ./
+ [310c186a0fd7]
+
+1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fix Runas_Alias stuff Alias's in runas list now get expanded (but it
+ is gross)
+ [45590b83120f]
+
+ * sudo.c:
+ Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
+ [d53e01c14c58]
+
+ * parse.yacc:
+ add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
+ [7a4a040aae2d]
+
+ * parse.lex:
+ Add Runas_Alias and simplify a rule.
+ [6f794a769a37]
+
+ * parse.yacc:
+ always store User_Alias's since they can be used inside of a runas
+ list. Sigh. Really need a Runas_Alias instead.
+ [3bab058a873e]
+
+1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ deal with case where there is no sudoers file
+ [fa38b3bb244d]
+
+1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ added one
+ [e61346d06725]
+
+1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, testsudoers.c:
+ developement -> development
+ [4df55e293941]
+
+ * INSTALL:
+ added a note
+ [3845fb83dbc0]
+
+ * RUNSON:
+ for 1.5.2
+ [5489b7298942]
+
+ * CHANGES:
+ updated
+ [0741834929e6]
+
+1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * PORTING:
+ removed seteuid() notes
+ [1010a60f281d] [SUDO_1_5_2]
+
+1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ better seteuid() emulatino
+ [e807623b662c]
+
+ * configure.in:
+ added check for seteuid
+ [8cf9fabc6f4f]
+
+ * config.h.in:
+ added HAVE_SETEUID
+ [596db46aa828]
+
+1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ first stab at sequent support
+ [b85a7bfcac76]
+
+ * config.h.in:
+ added HAVE_SYS_SELECT_H
+ [93ecdd042463]
+
+ * compat.h:
+ sequent -> _SEQUENT_
+ [63a38b6da98c]
+
+ * compat.h:
+ added seteuid() macro for DYNIX
+ [695bd63c5ea6]
+
+ * tgetpass.c:
+ _AIX -> HAVE_SYS_SELECT_H
+ [b31221211bc2]
+
+1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
+ parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ ++version
+ [8052992fd453]
+
+ * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
+ getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
+ pathnames.h.in, version.h:
+ ++version
+ [f7ad15e1598a]
+
+ * sudo.pod:
+ added -H and SUDO_PS1
+ [bb965241e30c]
+
+ * configure.in:
+ use SUDO_FUNC_FNMATCH
+ [6a8350d85fb2]
+
+ * aclocal.m4:
+ added SUDO_FUNC_FNMATCH
+ [45b32c91c4ba]
+
+ * sudo.c:
+ added -H flag
+ [11ebc6872fd6]
+
+ * sudo.h:
+ added MODE_RESET_HOME /
+ [67a7f8bcbbd6]
+
+1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention OPIE
+ [5723515d5bbd]
+
+ * options.h:
+ SKEY -> OTP
+ [c1d268130bc4]
+
+ * configure.in:
+ added opie support
+ [123872b41b20]
+
+ * compat.h, config.h.in:
+ added HAVE_OPIE
+ [528c71afc1e5]
+
+ * check.c:
+ added HAVE_OPIE and changed to *_OTP_*
+ [4c62f5db872a]
+
+ * OPTIONS:
+ SKEY -> OTP
+ [bd858e5e9652]
+
+1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ moved fclose() in skey stuff.
+ [11f7dc8431a6]
+
+1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * putenv.c:
+ index -> strchr remove unnecesary stuff
+ [af2d05238062]
+
+ * check.c:
+ now call skeychallenge() to get challenge instead of making one up
+ ourselves. this way, we get extra goodies in the prompt.
+ [49b770d98d3a]
+
+1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ added one
+ [3f5149357e2a] [SUDO_1_5_1]
+
+ * parse.lex:
+ allow logins to start with a number (YUCK!)
+ [7ed7ef324741]
+
+1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ added soalris 2.5 vs 2.4 note
+ [16160a251aae]
+
+ * configure.in:
+ DUNIX doesn't need -lnsl
+ [be924cc322c3]
+
+ * CHANGES:
+ *** empty log message ***
+ [1b2937521981]
+
+ * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
+ getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
+ options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
+ utime.c, version.h, visudo.c:
+ courtesan
+ [5f203589bbfe]
+
+ * PORTING, README, RUNSON:
+ courtesan
+ [d72517f4937e]
+
+ * INSTALL, Makefile.in, TROUBLESHOOTING:
+ courtesan
+ [5c007e3c7a71]
+
+ * visudo.pod:
+ *** empty log message ***
+ [37ebe85bd4e1]
+
+ * sudo.pod, visudo.pod:
+ courtesan
+ [37f02e2130ea]
+
+1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ added courtesan ./
+ [b01435226276]
+
+1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added $SUDO_PROMPT support
+ [cb1fa72c093d]
+
+1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ print long skey challemged to stderr, not stdout
+ [750fc775b3b2]
+
+1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated for 1.5.1
+ [9b615f393057]
+
+ * emul/utime.h:
+ ++version
+ [a94de18deafb]
+
+1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated for 1.5.1
+ [4092f20ab634]
+
+1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ use shost, not host for tgetpass
+ [6061c49ff9be]
+
+ * sudo.pod:
+ documented %u and %h
+ [6d2922d29897]
+
+ * OPTIONS:
+ documented %u and %h
+ [1a71da13a864]
+
+ * configure.in:
+ fixed typo
+ [1230dec2b062]
+
+ * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [65ce8eabf77a]
+
+ * BUGS:
+ ++version
+ [afecab53aab7]
+
+1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure.in, version.h:
+ ++version
+ [fb3ff940d672]
+
+ * sudo.h:
+ new tgetpass() params
+ [9eccc5b0f8ae]
+
+ * check.c:
+ pass use and host to tgetpass
+ [c56d9d13c401]
+
+ * tgetpass.c:
+ added %u and %h escapes
+ [04ae775d3e5d]
+
+ * OPTIONS, check.c, options.h:
+ added NO_MESSAGE
+ [3927dad19057]
+
+ * configure.in:
+ added cray (unicos) support
+ [1122210c5fb1]
+
+1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS, options.h, sudo.c:
+ added SHELL_SETS_HOME
+ [0b26909b0929]
+
+1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ added note about "make install"
+ [7e56ea76d4b4]
+
+ * parse.yacc:
+ changed length/size params from int to size_t
+ [5654e5ceb1b3]
+
+ * OPTIONS:
+ now get CSOPS insults as well by default
+ [297323d0179a]
+
+ * insults.h:
+ use csops insults too by default
+ [07fafc136169]
+
+ * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
+ version = 1.5
+ [4b8772b11e3b]
+
+ * sudo.c:
+ added runas_homedir
+ [b0e0d4417a15]
+
+ * TODO:
+ updated for 1.5
+ [66259df825d5]
+
+ * RUNSON:
+ updated for 1.5
+ [e08bc9ebfe95]
+
+ * CHANGES:
+ 1.5 release
+ [8c16942fea41]
+
+ * INSTALL:
+ added "upgrading" notes
+ [210d968964ff]
+
+1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now do chmod and chown after edit of temp file and before rename
+ [de174e34faa7] [SUDO_1_5_0]
+
+1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ++version added INSTALL.configure
+ [c9e9214f52ae]
+
+ * configure.in, version.h:
+ ++version
+ [5985abed3eb2]
+
+ * TROUBLESHOOTING:
+ *** empty log message ***
+ [d65c540ec52e]
+
+ * parse.yacc:
+ added missing cast
+ [e7247319a7d5]
+
+ * sudo.c:
+ sets $HOME to pw_dir of runas user
+ [d3f7f4d05752]
+
+ * sudo.pod:
+ document $HOME change
+ [854454d458c4]
+
+1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ fixed up some wording
+ [b0c8582f2c97]
+
+ * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
+ strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ ++version
+ [748be723fd8b]
+
+ * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, options.h, pathnames.h.in, sudo.h:
+ ++version
+ [acdf8b1b2a1b]
+
+ * emul/utime.h:
+ ++version
+ [b3f35298ab8d]
+
+ * sudo.h:
+ name nad type changes
+ [db24ab3da141]
+
+ * testsudoers.c:
+ now works with new sudo
+ [379346c42cc2]
+
+ * parse.yacc:
+ fixed some XXX
+ [f5fe4c990052]
+
+ * parse.yacc:
+ some variable name changes + comment headers for functions.
+ [3dc3bd9aa73d]
+
+ * tgetpass.c:
+ added extra paren's to make compilers happy
+ [9e4968a34d56]
+
+ * sudo.c:
+ *** empty log message ***
+ [70c924c1ed69]
+
+ * parse.c:
+ now uses init_parser() if not in sudoers and tries "list" or
+ "validate" scold but don't be nasty.
+ [c0d8fb3f8c9e]
+
+ * TROUBLESHOOTING:
+ now can use upper case login names
+ [c772fffcefe5]
+
+ * visudo.c:
+ now uses init_parser()
+ [b9efae7243fd]
+
+ * INSTALL, README:
+ updated
+ [27dc8283fdc8]
+
+ * PORTING:
+ added info about PASSWORD_TIMEOUT
+ [980e15d892f8]
+
+ * INSTALL.configure:
+ Initial revision
+ [8292e89a08d3]
+
+ * BUGS:
+ fixed a bug ,
+ [c6e46f5624f9]
+
+ * parse.yacc:
+ now dynamically allocates memory for the stacks -- no more
+ overflows!
+ [8615c35b6ad3]
+
+ * sudo.pod:
+ -l now explands command aliases
+ [39f45605935d]
+
+ * parse.yacc:
+ hacks to expand command aliases for `sudo -l'
+ [e4eb752608f9]
+
+ * sudo.c:
+ remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
+ [01327ca5084b]
+
+ * sudo.h:
+ added struct command_alias
+ [dd2f32764082]
+
+ * sudo.pod:
+ fixed a bug
+ [e708ff08d2eb]
+
+ * lsearch.c:
+ in compar() key should be first arg
+ [fc14c3fa62ee]
+
+1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS:
+ fixed some bugs
+ [639dfe425bd5]
+
+ * parse.yacc:
+ can now deal with upcase HOST and USER names
+ [c6aa7bcfb00d]
+
+ * sudo.c:
+ don't yell too loudly at non-sudoers if they do "sudo -l"
+ [4ef146128d89]
+
+ * sudo.pod:
+ fixed thinko
+ [830f2f0f22e7]
+
+ * parse.c:
+ fix comment
+ [d20ce9e17ddc]
+
+1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, parse.yacc:
+ added support for new `sudo -l' stuff
+ [7dceaef3c733]
+
+ * sudo.c:
+ now uses list_matches()
+ [293364821b61]
+
+ * sudo.h:
+ added struct sudo_match
+ [b2684179d179]
+
+ * configure.in:
+ now more -lgnumalloc
+ [4f8ae42617d8]
+
+1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ added more paths for chown and whoami
+ [6e685a19426c]
+
+1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ typo
+ [3adfa01c04bc]
+
+1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ fixed DUNIX check for shadow pw
+ [c25324bcd27b]
+
+ * tgetpass.c:
+ now only turn off echo if it is already on. this fixes a race when
+ you use sudo in a pipelin
+ [28388c2de21c]
+
+ * INSTALL:
+ updated
+ [b45ac9366b7e]
+
+ * configure.in:
+ changed "test -z $foo && do_this" to if; then construct
+ [2183c4426bca]
+
+1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added missing defines of SHADOW_TYPE
+ [be89ea68a7f3]
+
+1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
+ only in dunix 4.x
+ [1e7c1c677263]
+
+ * getspwuid.c:
+ added AUTH_CRYPT_C1CRYPT support
+ [88d6b0058b20]
+
+ * parse.c:
+ no longer return VALIDATE_NOT_OK if there was a runas that didn't
+ match. Now we can have runas stuff on more than one line.
+ [52b68920d7b7]
+
+ * getspwuid.c, sudo.c, tgetpass.c:
+ use SHADOW_TYPE instead of HAVE_C2_SECURITY
+ [cf401dfcbc06]
+
+ * configure.in:
+ got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
+ something
+ [c7a233c4dd93]
+
+ * config.h.in:
+ removed HAVE_C2_SECURITY added SPW_BSD
+ [8314405e9754]
+
+ * compat.h:
+ use SHADOW_TYPE instead of HAVE_C2_SECURITY
+ [6f94870df17f]
+
+ * check.c:
+ SHADOW_TYPE is always defined so just against its value
+ [72c69a55d02f]
+
+ * aclocal.m4:
+ added SUDO_CHECK_SHADOW_DUNIX
+ [ef025ae9d496]
+
+1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ * -> ?* in one example added another instance of (runas) and one of
+ NOPASSWD:
+ [d74fe1dcbe7d]
+
+1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added back check for config.cache from other host type
+ [0ba87871f585]
+
+ * parse.lex:
+ removed an instance of \"
+ [1e008d3709f6]
+
+ * sample.sudoers:
+ added an example
+ [dbfcf68ee330]
+
+ * sudoers.pod:
+ updated wrt new wildcard matching
+ [193fa44a475b]
+
+ * configure.in:
+ new check for shadow passwords if we don't know anything
+ [67465df7dc9a]
+
+ * aclocal.m4:
+ new SUDO_CHECK_SHADOW_GENERIC
+ [3563b16a41b8]
+
+ * configure.in:
+ added back check for -lsocket (oops)
+ [a80882ee1cb6]
+
+ * configure.in:
+ better (working) check for shadow passwd type if we know to use C2.
+ [3cdd2a59a641]
+
+ * configure.in:
+ now uses AC_CANONICAL_HOST to figure out os type
+ [80db7fe6e704]
+
+ * Makefile.in:
+ added config.{guess,sub}
+ [c6be7e3ca384]
+
+ * aclocal.m4:
+ removed unused stuff to figure out os type
+ [c9a0f3b57123]
+
+ * config.sub:
+ added openbsd
+ [bfc6bfec3668]
+
+ * config.sub:
+ Initial revision
+ [e6e06ce0d17d]
+
+ * config.guess:
+ Initial revision
+ [99dd06f79199]
+
+ * testsudoers.c:
+ don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+ pathname. need to check against sudoers_args even if user_args is
+ nil
+ [66e6cf77f5d6]
+
+ * parse.c:
+ don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+ pathname need to check against sudoers_args even if user_args is nil
+ [74374df17311]
+
+1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
+ [cbb00261c415]
+
+ * testsudoers.c:
+ now takes command line args and uses cmnd_args
+ [f0c2fd35a527]
+
+ * parse.lex:
+ fill_args was adding an extra leading space
+ [692fc999b2e8]
+
+1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ fixed dummy command_matches()
+ [93d9543db6e2]
+
+ * parse.yacc:
+ fixed prototype
+ [7b0addfbd429]
+
+ * sudo.h:
+ added cmnd_args
+ [8f47c4ae65ef]
+
+ * parse.yacc:
+ now uses flat args string
+ [016e65877da3]
+
+ * parse.c, parse.lex:
+ now uses flat arg string
+ [5b5f2e3f4c09]
+
+ * visudo.c:
+ added cmnd_args def
+ [876867134775]
+
+ * sudo.c:
+ now sets cmnd_args global
+ [e6fee70cb59b]
+
+ * logging.c:
+ cmnd_args is now exported from sudo.[ch]
+ [7a9cd36e356f]
+
+1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ can't rely on cmnd_matches as much as I thought -- added some $$
+ stuff back in to prevent namespace pollution problems.
+ [3c45fedb5af3]
+
+ * parse.yacc:
+ Simplified parse rules wrt runas and NOPASSWD (more consistent).
+ [e6d838c8a4c7]
+
+1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ NOPASSWD may now have blanks before the ':' '(' only starts a
+ 'runas' if in the initial state to avoid collision with command args
+ [c5c01172f499]
+
+ * configure.in:
+ added checks for specific shadow passwd schemes
+ [b7e3d1f7b84f]
+
+ * aclocal.m4:
+ added routines to check for specific shadow passwd types
+ [e5e1d19960a6]
+
+1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added support for ncr boxen
+ [bea9dc5aae7f]
+
+ * aclocal.m4:
+ added support for detecting ncr boxen
+ [8653a158a924]
+
+1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added sinix support
+ [5de2b2173ee1]
+
+1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ added info about "config.cache from other other" error.
+ [845b10198e0b]
+
+ * aclocal.m4:
+ now makes sure you don't have a config.cache file from another OS
+ [4fe32571c021]
+
+ * configure.in:
+ now sets $LIBS when needed to configure links with libs when doing
+ tests hpux10 now uses SPW_SECUREWARE for C2 added check for
+ bigcrypt(3) if SPW_SECUREWARE
+ [2df6b8ca538f]
+
+ * getspwuid.c:
+ fixed typo
+ [fe1cb1d792d6]
+
+ * tgetpass.c:
+ now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
+ [f71138372c07]
+
+ * getspwuid.c:
+ no more SPW_HPUX10
+ [cfdeb18bc16b]
+
+ * config.h.in:
+ no more SPW_HPUX10 added HAVE_BIGCRYPT
+ [00d296479a61]
+
+ * compat.h:
+ now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
+ [6c6d9e680417]
+
+ * check.c:
+ SPW_SECUREWARE now uses bigcrypt
+ [be71fc66690f]
+
+1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ fixed 2 syntax errors
+ [45eee19ef4ac]
+
+ * sudoers:
+ root may now run ALL as ALL
+ [1b54c6b9b212]
+
+1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ fixed a typo/thinko that broke BSD's with sa_len
+ [603438360126]
+
+1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, configure.in:
+ updated AFS support
+ [e572eb8d177a]
+
+ * TROUBLESHOOTING:
+ added entry about /usr/ucb/cc
+ [025b353aa9d3]
+
+ * INSTALL:
+ prep no longer holds gcc binaries
+ [8b0942958049]
+
+ * INSTALL:
+ updated AFS note
+ [7af6efd5abe4]
+
+ * Makefile.in:
+ added @AFS_LIBS@
+ [97b6fe6ad7d6]
+
+ * compat.h:
+ AFS allows long passwords
+ [5fb17122c302]
+
+ * testsudoers.c:
+ fixed -u user support
+ [b1a0c1648639]
+
+ * parse.c:
+ sudo -v now groks VALIDATE_OK_NOPASS
+ [74fc03fffe7e]
+
+ * parse.yacc:
+ fixed no_passwd vs. runas_matched
+ [549a9b791a6a]
+
+ * TROUBLESHOOTING:
+ took out stuff about NFS-mounting since it is no longer an issue
+ [d95ab7fbbc61]
+
+ * INSTALL:
+ added --with-libraries > --with-libpath --with-incpath
+ [d5d15a7a0f4c]
+
+ * parse.yacc:
+ was setting runas_matches to -1 in wrong place
+ [db2b1deb8d33]
+
+ * check.c:
+ removed usersec.h which is not present in new AFS versions
+ [618b016dd17f]
+
+ * tgetpass.c:
+ now deals with timeout <= 0
+ [ba53a1257255]
+
+ * OPTIONS:
+ updated
+ [75093bd8fdca]
+
+ * configure.in:
+ BSD/OS >= 2.0 now uses shlicc instead of just gcc
+ [ff6dbf7825c2]
+
+ * sudo.c:
+ fixed backwards compatibility with sudo 1.4 sudoers mode for root
+ readable/writable filesystems
+ [2694ed627221]
+
+ * Makefile.in:
+ now gives INSTALL -c flag
+ [63db055a2fd1]
+
+ * parse.yacc:
+ slightly simpler initialization of no_passwd and runas_matches
+ [463a1b5fa323]
+
+ * testsudoers.c:
+ added -u username support
+ [38b072fcd6b3]
+
+ * configure.in:
+ improved --with-libraries support
+ [047dbc5f0af2]
+
+1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added --with-incpath, --with-libpath, --with-libraries
+ [20f20d6c718c]
+
+ * parse.yacc:
+ now initializes some fields that weren't getting set to -1 pretty
+ gross -- need a rewrite.
+ [021c160390c6]
+
+1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alloca.c:
+ removed emacs'isms
+ [9d4ec2efe057]
+
+ * configure.in:
+ no longer add -lPW to *_LIBS since we include alloca.c
+ [a626d1bbea80]
+
+ * config.h.in:
+ added HAVE_ALLOCA_H
+ [15491e2a6cff]
+
+ * Makefile.in:
+ added alloca.c
+ [0400f25e1fe4]
+
+ * alloca.c:
+ Initial revision
+ [06d033aa4882]
+
+ * configure.in:
+ ++version
+ [f52c0fb98f90]
+
+1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
+ not always set to a valid uid.
+ [c2669f77704d]
+
+ * OPTIONS:
+ fixed entry for SUDO_MODE
+ [d7272f6035b8]
+
+ * sudo.c:
+ Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
+ being set to -2. Now beat NFS to the punch and set uid to "nobody"
+ ourselves, preserving group 0 to read sudoers.
+ [b1fbc5dd1e34]
+
+ * parse.c:
+ moved set_perms(PERM_ROOT) to be before yyparse()
+ [7619d8080735]
+
+ * logging.c:
+ fixed a typo
+ [318acc48cde0]
+
+ * configure.in:
+ no longer need AC_PROG_INSTALL
+ [de01b1336dc8]
+
+ * Makefile.in:
+ always use install-sh to avoid install(1)'s that use get{pw,gr}nam
+ [ea2351986406]
+
+ * INSTALL:
+ make clean -> make distclean
+ [704a98e8ba10]
+
+1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ removed some unnecsary if's
+ [f00db6508132]
+
+ * Makefile.in, version.h:
+ ++version
+ [bdb6740b24c8]
+
+ * parse.c, testsudoers.c:
+ now includes netgroup.h
+ [93f5a06352bc]
+
+ * interfaces.c:
+ removed cats of ioctl to int since they didn't shut up -Wall
+ [83e9f912cd7a]
+
+ * interfaces.c:
+ explicately cast ioctl() to int since it it not always declared
+ [2ff9294e469e]
+
+ * sudo.h:
+ added declarations for yyparse() and yylex()
+ [6071321ab771]
+
+ * parse.yacc:
+ fixed an occurence of '==' -> '='
+ [2c46d2e11d57]
+
+ * config.h.in, configure.in:
+ added check for netgroup.h
+ [73403050f4e3]
+
+ * sudo.c:
+ fixed 2 compiler warnings
+ [680929b0bd97]
+
+ * sudo.c:
+ SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
+ initialized
+ [18707ecd07c2]
+
+1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ fixed a typo
+ [e4b5c12aa130]
+
+1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fixed a formatting thingie
+ [c79327b6f19b]
+
+ * parse.c, parse.yacc:
+ fixed -u support with multiple user lists on a line
+ [e4d1066adca2]
+
+ * configure.in:
+ unixware needs -lgen
+ [b5bf9bca63cc]
+
+ * README:
+ updated ftp location
+ [b25a033f7921]
+
+ * sudoers.pod:
+ add net_addr/netmask support
+ [674e83516d1e]
+
+ * sample.sudoers:
+ added net_addr/mask example
+ [774878e89b28]
+
+ * parse.c, parse.lex:
+ added support for net_addr/netmask
+ [e33de27325d8]
+
+1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ ^ -> !
+ [1a084950d6ef]
+
+1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated for 1.4.3
+ [c82019025d09]
+
+ * CHANGES:
+ udpated for 1.4.3
+ [ceaa81adb8f0]
+
+ * BUGS, TODO, TROUBLESHOOTING:
+ updated
+ [ff94fae4b853]
+
+ * sample.sudoers:
+ updated with examples of new stuff
+ [99d0b4cb4c9c]
+
+ * INSTALL, README:
+ ++version
+ [b763b80fe836]
+
+ * sudoers.pod:
+ updated wrt -u and NOPASSWD
+ [0b5b722ea0f4]
+
+ * sudo.pod:
+ updated wrt -u and CAVEATS
+ [71d5d53b5d18]
+
+1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fixed usage()
+ [114c7d09b550]
+
+ * parse.lex:
+ now use :foo: character classes (makes no diff for generated lexer)
+ [7b0aeb737a02]
+
+1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed LONG_SKEY_PROMPT stuff
+ [0efe78b4bdda]
+
+1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ fixed a comment
+ [3d289017104b]
+
+ * lsearch.c:
+ make more like NetBSD one -- now compiles w/o warnings
+ [932206296a54]
+
+ * emul/search.h:
+ fixed decls of lsearch()
+ [c58cf4584c45]
+
+ * config.h.in, configure.in, getspwuid.c:
+ added SPW_HPUX10
+ [d74e5eaa5f17]
+
+ * check.c:
+ hpux 10 uses bigcrypt() if C2
+ [359eb63f4021]
+
+1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ now always uses fnmatch to match args
+ [a9d91f35256a]
+
+ * tgetpass.c:
+ back to using stdio instead of raw i/o since that caused some
+ problems
+ [e7ce2bc92974]
+
+1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now give usage warning if use -l,-v,-k with args
+ [6b48180c4fea]
+
+1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ NewArgc is now set to 1 for -l, -v, -k
+ [7497cb1416a8]
+
+ * sudo.c:
+ now sets sudoers to correct group if mode is 0400
+ [484c43d99718]
+
+ * install-sh:
+ updated to version used by inn and bind
+ [28683ad8725a]
+
+ * configure.in:
+ now uses -lgnumalloc if it exists
+ [3651ca4415a2]
+
+ * Makefile.in:
+ "make install" now sets uid/gid and mode on sudoers if it exists
+ [1f5216191ae9]
+
+ * sudo.c:
+ rmeoved debugging statements
+ [aeda278e2c26]
+
+ * parse.yacc:
+ added a missing free()
+ [592c9482a159]
+
+ * sudo.c:
+ now uses user_gid instead of getegid (which was wrong anyway) to set
+ SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
+ (logging.c depends on args being in the environment)
+ [9f5328a3b942]
+
+ * logging.c:
+ now uses SUDO_COMMAND envariable to get command args rather than
+ building it up again.
+ [7f8edc5bccb7]
+
+ * parse.c:
+ now uses user_gid
+ [4b9303ae45fe]
+
+ * sudo.c:
+ fixed off by one error in allocation NewArgv
+ [921ea1a4e7c6]
+
+ * parse.c:
+ in sudoers, 'command ""' now means command with no args
+ [a5273648ace2]
+
+ * configure.in:
+ added check for fnmatch(3) and fnmatch.h
+ [258916a7866f]
+
+ * config.h.in:
+ added HAVE_FNMATCH
+ [b9860d361e93]
+
+ * Makefile.in:
+ replaced wildcat.* with fnmatch.*
+ [03ad9ee21a1c]
+
+ * testsudoers.c:
+ now uses fnmatch()
+ [5a7f7de987a9]
+
+1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ now uses fnmatch() instead of wildmat a trailing star (*) by itself
+ now matches multiple args added support for wildcards in the
+ pathname in sudoers
+ [1f7fb950b868]
+
+1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ now includes compat.h and config.h
+ [090206b95cf8]
+
+ * config.h.in:
+ added HAVE_FNMATCH_H
+ [90eb42150173]
+
+ * configure.in:
+ now checks for alloca() (if needed by bison or dce) and links with
+ -lPW if it contains alloca() and libv and compiler do not.
+ [cfa2b3cef49a]
+
+ * emul/fnmatch.h, fnmatch.3, fnmatch.c:
+ Initial revision
+ [20b1f762a32a]
+
+1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now fixes mode on sudoers if set to 0400 to aid in upgrade
+ [d4bdfd521820]
+
+1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fixed pod2man usage
+ [5adf2ec77b27]
+
+ * Makefile.in, configure.in, version.h:
+ ++version
+ [b4029de876d0]
+
+ * testsudoers.c, visudo.c:
+ runas_user is now initialized to "root"
+ [8537d97bff39]
+
+ * sudo.h:
+ removed PERM_FULL_ROOT
+ [241f8bbf647f]
+
+ * sudo.c:
+ runas_user defaults to "root" so no more need to PERM_RUNAS
+ [fc0c0dfc72ba]
+
+ * parse.c:
+ will now only running commands as root if there was no runas list
+ (or if root is in the runas list)
+ [40c587666c81]
+
+ * logging.c:
+ now logs "USER=%s"
+ [b733504c87fd]
+
+ * parse.yacc:
+ runas_matches is now set to false if we get a negative match
+ [5495b150b300]
+
+ * parse.lex:
+ make #uid work + some minor cleanup
+ [07851bbce03a]
+
+ * sample.sudoers:
+ added support for NOPASSWD and "runas" from garp@opustel.com /
+ [7a9c67b51fa5]
+
+ * visudo.c:
+ added support for "runas" from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
+ SUDOERS_MODE
+ [e714209b9885]
+
+ * testsudoers.c:
+ added support for "runas" from garp@opustel.com
+ [b837f856da10]
+
+ * sudo.h:
+ added support for NO_PASSWD and runas from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
+ fro SUDOERS_MODE
+ [cea6f26679b7]
+
+ * sudo.c:
+ added support for NO_PASSWD and runas from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
+ SUDOERS_MODE
+ [61b5434237c5]
+
+ * parse.yacc:
+ added support for NO_PASSWD and runas from garp@opustel.com
+ [72ebd3056f22]
+
+ * parse.c, parse.lex:
+ added support for NO_PASSWD and runas from garp@opustel.com
+ [fef6dbdd114d]
+
+ * logging.c:
+ added support for SUDOERS_WRONG_MODE and "runas"
+ [e794efc2b443]
+
+ * configure.in:
+ added --with-CC only link with -lshadow on linux (with shadow pw) if
+ libc lacks getspnam()
+ [3ecf4ae21002]
+
+ * OPTIONS, options.h:
+ removed NO_PASSWD since it is not possible to do this in the sudoers
+ file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
+ SUDOERS_GID. Added SUDOERS_MODE.
+ [2eaa4891ef48]
+
+ * Makefile.in:
+ now uses SUDOERS_UID and SUDOERS_GID
+ [8d615f0fdb2a]
+
+1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ added --with-CC
+ [a1b8286a81b8]
+
+1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ added double quote support
+ [a5e4fc7e3a2b]
+
+ * sudoers.pod:
+ documented double quoting
+ [c6ea47969a44]
+
+1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkinstalldirs:
+ Initial revision
+ [dcb86d65ad8f]
+
+ * check.c:
+ fixed some indentation
+ [4d1c5ab8072b]
+
+ * Makefile.in:
+ fixed a typo
+ [0d27eebc7227]
+
+ * Makefile.in:
+ added install-dirs .
+ [f499b99b8be7]
+
+1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * dce_pwent.c:
+ new version from "Jeff A. Earickson" <jaearick@colby.edu>
+ [422481be5fbd]
+
+1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ $CSOPS -> $with_csops (whoops, missed one)
+ [b04c6948130e]
+
+ * BUGS:
+ updated
+ [c4d5713e227d]
+
+ * parse.lex:
+ FQHOST now has same constraints as non-FQHOST
+ [e1c3bf2381d1]
+
+ * INSTALL:
+ added note about OS's w/ shadow passwords turned on by default
+ [166257f43be4]
+
+1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fixed a typo
+ [e5c3e2e9a359]
+
+ * configure.in:
+ added support for --without-THING sanitized shadow pw situtation by
+ adding support for
+ --without-C2
+ [65dc6bf64cce]
+
+ * tgetpass.c:
+ fixed a typo wrt placement of an end paren
+ [a8780f818231]
+
+ * check.c:
+ was closing an fd that may not have been opened
+ [760271c7bdc9]
+
+1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS, options.h, sudo.c:
+ added NO_PASSWD
+ [28ff1dc93d7a]
+
+1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now always use shadow pw on some arches
+ [069161ccffda]
+
+1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added pyramid support
+ [a0eb57a3a531]
+
+ * configure.in:
+ no longer check for C2 if alternate passwd method is used no longer
+ check for some libs twice
+ [2d0c3c902b40]
+
+ * parse.yacc:
+ moved fqdn stuff into parse.lex (FQHOST)
+ [d9c9abd481d8]
+
+ * parse.lex:
+ added FQHOST rules
+ [4a1695acff6d]
+
+ * tgetpass.c:
+ now define TCSASOFT in necesary
+ [3fac2e21c9ab]
+
+ * tgetpass.c:
+ now uses read/write instead of stdio string goop to avoid problems
+ with select(2)
+ [67fd174e518c]
+
+ * OPTIONS, find_path.c, options.h:
+ -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
+ [d05ba5100d28]
+
+1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ added note about no shadow auto-detect if using alternate auth
+ schemes
+ [b425592232a3]
+
+ * configure.in:
+ don't check for C2 if AFS or DCE (unless they said --with-C2)
+ [61342962171a]
+
+ * testsudoers.c:
+ now groks shost
+ [85dda17303f6]
+
+ * OPTIONS, find_path.c, options.h:
+ added NO_DOT_PATH
+ [c261ca1fb196]
+
+1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ checkdot now works correctly
+ [3bc4835bb3e9]
+
+1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ can't have DCE and C2 passwords both...
+ [fb9a8ab7ca66]
+
+1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.c, sudo.h, visudo.c:
+ now uses shost even if not FQDN
+ [87f7498b3a1f]
+
+ * configure.in:
+ now looks for skey in /usr/lib and doesn't require libskey to be in
+ /usr/local/lib just because skey.h is (for my netbsd box :-)
+ [ceb1763e37d2]
+
+ * aclocal.m4, config.h.in, pathnames.h.in:
+ _SUDO_PATH_ -> _CONFIG_PATH_
+ [84d97ad13d75]
+
+ * aclocal.m4, sudo.pod:
+ /var/run/.odus -> /var/run/sudo
+ [922da220b8f5]
+
+ * pathnames.h.in:
+ now uses _SUDO_PATH_TIMEDIR
+ [5ecab0155fdf]
+
+ * OPTIONS:
+ udpated FQDN
+ [361b6f7440c0]
+
+ * aclocal.m4, configure.in:
+ added SUDO_TIMEDIR
+ [368c95c8c950]
+
+ * config.h.in:
+ added _SUDO_PATH_TIMEDIR
+ [3879864d808c]
+
+ * sudo.pod:
+ updated wrt /var/run/sudo
+ [9e14f2a429d3]
+
+ * sudo.c, sudo.h:
+ added support for shost if FQDN
+ [51a3f51a09a1]
+
+ * parse.yacc, visudo.c:
+ now uses shost if FQDN
+ [d19da2e92b42]
+
+ * check.c:
+ Now use skeylookup() instead off skeychallenge()
+ [4c7438bb2ae0]
+
+1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ mail_argv should not contain ALERTMAIL as it includes "-t"
+ [67ffaaa8f843]
+
+1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, Makefile.in, README, configure.in, version.h:
+ ++version
+ [e08fd4a809fc]
+
+ * compat.h:
+ added more _PASSWD_LEN stuff -- now uses PASS_MAX too
+ [2f20c3153689]
+
+ * tgetpass.c:
+ now includes limits.h moved _PASSWD_LEN -> compat.h
+ [b1ca3cafdacc]
+
+1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, README:
+ ++version
+ [3eacf32803f5]
+
+ * Makefile.in:
+ ++versoin
+ [3b91c317630a]
+
+ * Makefile.in:
+ fixed a typo
+ [3661ac4a7803]
+
+ * configure.in:
+ ++version
+ [60e842973745]
+
+1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated
+ [def2c3c24195]
+
+ * CHANGES:
+ done for 1.4.1 (I hope)
+ [2ab543769a40]
+
+ * sudoers.pod:
+ added info on wildcards
+ [ce3bd41bc063]
+
+ * sample.sudoers:
+ added wildcard example
+ [762feb0577bd]
+
+ * Makefile.in:
+ now uses *.pod to build *.man and *.cat & *.html
+ [3ec14962028b]
+
+ * configure.in:
+ addedSUDO_PROG_BSHELL !ll
+ [3c80b320bf16]
+
+ * visudo.pod:
+ fixed up some formatting
+ [12166c434526]
+
+ * sudoers.pod:
+ redid section describing sample sudoers stuff
+ [b8065cceec71]
+
+ * sudo.pod:
+ fixed some formatting
+ [aa9a681add0f]
+
+ * getspwuid.c:
+ now treats "" as bourne shell
+ [30194a72ad56]
+
+ * Makefile.in:
+ TESTOBJS nwo includes wildmat.o
+ [86cc6500f84d]
+
+ * testsudoers.c:
+ now works with NewArg[cv]
+ [2f72674ce942]
+
+ * sudo.c:
+ removed an XXX (fixed it in getspwuid.c)
+ [e791ee0d1a68]
+
+ * aclocal.m4:
+ added check for bourne shell
+ [a2fd51676b8a]
+
+ * pathnames.h.in:
+ added _PATH_BSHELL
+ [e7c10011d47b]
+
+ * config.h.in:
+ added _SUDO_PATH_BSHELL
+ [6a1182898de9]
+
+1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ unixware vi returns 256 instead of 0
+ [234ffc7c6786]
+
+ * INSTALL:
+ added Linux note
+ [5f85efcd2b58]
+
+ * logging.c:
+ fixed up some XXX's. file log format now looks a little more like
+ real syslog(3) format.
+ [6df55707bfc3]
+
+ * README, TROUBLESHOOTING:
+ updated wrt lex/flex
+ [eb787d69156b]
+
+ * Makefile.in:
+ commented out rule to build lex.yy.c from parse.lex since we ship
+ with a pre-flex'd parser
+ [7507e2ce4a95]
+
+ * parse.c, parse.yacc, visudo.c:
+ path_matches -> command_matches
+ [0bd469424f86]
+
+ * logging.c:
+ eliminated some strcat()'s
+ [9878a79bc374]
+
+ * configure.in:
+ no longer checks for lex/flex (now assumes flex)
+ [a086ccc73798]
+
+ * configure.in:
+ now checks for $kerb_dir_candidate/krb.h instead of just
+ kerb_dir_candidate
+ [9133bc3c5208]
+
+1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ now use a 'hook' expression instead of an iffy one :-)
+ [9560df01b8c0]
+
+1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now works with new sudo arg stuff
+ [310a0d43ddad]
+
+ * parse.yacc:
+ fixed dereferencing deadbeef
+ [474ef8a8006b]
+
+ * sudo.c:
+ changed an occurrence of Argv to NewArgv
+ [205b012b7691]
+
+ * parse.lex:
+ took out support for quoted commands since there is no need...
+ [5c5036d353b1]
+
+ * parse.c:
+ fixed a typo in a for() loop
+ [7e8d5283c43b]
+
+ * logging.c:
+ protected against dereferencing rogue pointers
+ [56debd517717]
+
+ * sudo.c:
+ now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
+ also allows us to eliminate some kludges in parse_args() and
+ eliminate superfluous code.
+ [5122f66ad150]
+
+ * logging.c:
+ no longer uses cmnd_args, now uses NewArgv instead.
+ [abddd23cf068]
+
+ * sudo.h:
+ added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
+ (no longer used)
+ [78410984fb05]
+
+ * Makefile.in:
+ added wildmat.c to SRCS & SUDOBJS
+ [3800efb41794]
+
+ * parse.yacc:
+ COMMAND is now a struct containing the path and args
+ [5c32822c5b94]
+
+ * parse.lex:
+ replaced append() with fill_cmnd() and fill_args. command args from
+ a sudoers entry are now stored in an arrary for easy matching.
+ [a981d7f4eb0d]
+
+ * parse.c:
+ command line args from sudoers file are now in an array like ones
+ passed in from the command line
+ [1d9e37e84519]
+
+1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ wildwat stuff now works
+ [49d16488531f]
+
+1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ ++version
+ [53e55463ef89]
+
+ * Makefile.in:
+ ++version added wildmat.*
+ [0508297a4711]
+
+1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ added support for quoted commands (w/ or w/o args)
+ [b9a637155673]
+
+1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ cleaned up formatting
+ [4591d4195437]
+
+ * sudo.pod, visudo.pod:
+ Initial revision
+ [7564a8242750]
+
+1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ looks reasonable, could be mroe readable
+ [a5be2d19d9e0]
+
+ * sudoers.pod:
+ Initial revision
+ [957888be31a6]
+
+1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated
+ [633743aa924b]
+
+ * OPTIONS:
+ updated NO_ROOT_SUDO entry
+ [f1c15b1dec9e]
+
+1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ *** empty log message ***
+ [5b63de579ff7] [SUDO_1_4_0]
+
+ * sudo.c:
+ fixed SECURE_PATH
+ [6002889f606d]
+
+ * RUNSON:
+ udpa`ted for 1.4
+ [6014a8592815]
+
+ * configure.in:
+ AIX aixcrypt.exp now uses $(srcdir)
+ [b0d57674fef4]
+
+ * TROUBLESHOOTING:
+ added entry for anal ansi compilers
+ [4193cec1c6b1]
+
+1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ added info on libcrypt_i for SCO
+ [575497d56698]
+
+ * TODO:
+ *** empty log message ***
+ [d0aaf67b9913]
+
+ * sample.sudoers:
+ added comments
+ [a7773f7eda8d]
+
+ * TODO:
+ 1.4 release
+ [1dade29e9fd9]
+
+ * CHANGES:
+ ++version
+ [67241be40780]
+
+ * INSTALL, OPTIONS, README, config.h.in, configure.in:
+ ++version
+ [2e0a37897f68]
+
+ * BUGS:
+ ++version and fixed ISC
+ [78963f01a0e3]
+
+ * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
+ sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ ++version
+ [b6227f29b3d9]
+
+ * interfaces.c:
+ added STUB_LOAD_INTERFACES ++version
+ [d8150a3fd577]
+
+ * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
+ version.h:
+ ++version
+ [da9e90e69bdc]
+
+ * PORTING:
+ added info about fd_set in tgetpass added info on interfaces.c
+ [a39902febd17]
+
+1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * dce_pwent.c:
+ added sudo header
+ [fc0f2c48682e]
+
+ * tgetpass.c:
+ fixed a typo
+ [43d40b72ee8f]
+
+ * Makefile.in:
+ tgetpass.o is now only linked in with sudo (not visudo)
+ [7407c5ff11f8]
+
+1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
+ configure.in:
+ ++version
+ [9b82ad805d6b]
+
+ * emul/utime.h:
+ added copyright notice
+ [4380f16cd075]
+
+ * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [32717fdb5d05]
+
+ * tgetpass.c:
+ minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
+ [326864428da2]
+
+ * configure.in:
+ ISC now gets -lcrypt now check for sys/bsdtypes.h
+ [e064799c054b]
+
+ * config.h.in:
+ added check for sys/bsdtypes.h
+ [9adb9533c363]
+
+1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ removed debugging stuff (setting freed ptr to NULL)
+ [02fe8eec63a0]
+
+ * TROUBLESHOOTING:
+ added 2 entries
+ [02884e2733e2]
+
+ * Makefile.in:
+ added FAQ
+ [074d8dfcf28d]
+
+ * TROUBLESHOOTING:
+ added section on syslog
+ [e6bc02a22b86]
+
+ * configure.in:
+ added AC_ISC_POSIX for better ISC support
+ [8436b3e12af2]
+
+ * config.h.in:
+ fixed typo
+ [f1b3922babf4]
+
+ * config.h.in:
+ added define for _POSIX_SOURCE
+ [ded6d92b34f9]
+
+1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fixed check for lsearch()
+ [75baa5bc28a3]
+
+1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ fixed for AIX now deal if num_interfaces == 0 (should not happen)
+ [ae450e859227]
+
+1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now only define HAVE_LSEARCH if there is a corresponding search.h
+ [8ce645c5d17f]
+
+ * interfaces.c:
+ works on ISC again
+ [ccac920d424c]
+
+1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now define HAVE_LSEARCH if we find lsearch() in libcompat
+ [7343e4313a87]
+
+ * lsearch.c:
+ char * -> const char *
+ [1c0b11c2300a]
+
+ * configure.in:
+ now looks in -lcompat for lsearch()
+ [a1cc1d6fcd09]
+
+ * Makefile.in:
+ remove sudo.core visudo.core for clan target
+ [b523456a85df]
+
+ * aclocal.m4:
+ added UID_MAX support in check for MAX_UID_T_LEN
+ [7ab262b1173f]
+
+ * Makefile.in:
+ fixed another occurence of sudo_getpwuid.*
+ [fb5809c07da2]
+
+ * Makefile.in, getspwuid.c:
+ sudo_getpwuid.c -> getspwuid.c
+ [875f2ef808b4]
+
+ * configure.in:
+ moved the "echo"
+ [ad7b8f966076]
+
+ * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
+ compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
+ getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+ parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+ sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ version.h, visudo.c:
+ ++version
+ [ee57c6410ffa]
+
+ * testsudoers.c:
+ added group support
+ [54d8097df8bd]
+
+ * sample.sudoers:
+ added group entry
+ [50994d31fd49]
+
+ * sudoers.man:
+ documented group support
+ [0a16707f8fed]
+
+ * parse.c, parse.lex, parse.yacc, visudo.c:
+ added group support
+ [427218c879c8]
+
+1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ tkfile was too short and overflowed the kerberos realm
+ [53823a1ff5af]
+
+1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now copy command args directly from Argv
+ [77408278b6fd]
+
+ * sudo.c:
+ replaced code to copy cmnd_args so that is does not use realloc
+ since most realloc()'s really stink
+ [b29a0ff73fb6]
+
+1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ syslog() fixed in hpux 10.01
+ [2648e6f0cdb0]
+
+1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
+ [8f108b8d8711]
+
+ * configure.in:
+ better error if cannot find skey incs or libs
+ [5887662ee9d3]
+
+ * aclocal.m4:
+ now use a temp file for determining max len of uid_t in string form.
+ the old hacky way broke on netbsd
+ [b68f470fa9f8]
+
+ * sudo.c:
+ added set of parens and a space
+ [8a3d4826d022]
+
+1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * dce_pwent.c:
+ fixes from Jeff Earickson <jaearick@colby.edu> ,
+ [bde0f0b756ec]
+
+ * check.c:
+ modified a comment
+ [e2a97f1afbbe]
+
+ * Makefile.in:
+ fixed up testsudoers target
+ [d39c4e7bb609]
+
+ * configure.in:
+ DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
+ SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
+ [da7a1c433828]
+
+ * Makefile.in:
+ LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
+ VISUDO_LDFLAGS
+ [4b69503e8487]
+
+1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fix for C2 on hpux 10 now uses -linet if it exists
+ [8d300112263d]
+
+ * check.c:
+ LONG_SKEY_PROMPT is less of a klusge /
+ [dcc144abaac3]
+
+ * configure.in:
+ fixed typos w/ dce stuff
+ [f7dfd6d4e149]
+
+ * Makefile.in:
+ added dce_pwent.c
+ [79047acdc516]
+
+1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ amended section on combining authentication mechanisms
+ [dc5138c7c716]
+
+ * PORTING:
+ minor updates for 1.3.6
+ [fe80c13bd994]
+
+ * TROUBLESHOOTING:
+ added 2 more entries
+ [c7201439a0f5]
+
+ * BUGS:
+ updated for 1.3.6
+ [979b414d2a2d]
+
+ * README:
+ overhauled
+ [3af8b60eb594]
+
+ * INSTALL:
+ rewrote for sudo 1.3.6
+ [b16027b9c726]
+
+ * TROUBLESHOOTING:
+ added 3 entries
+ [934c9ee3f153]
+
+1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c, getspwuid.c, sudo.c:
+ added explict casts for strdup since many includes don't prototype
+ it. gag me.
+ [3e19a11f2fcc]
+
+ * sudo.h:
+ removed prototype for sudo_getpwuid() since convex C compiler choked
+ on it.
+ [c3ea74ca67b0]
+
+ * sudo.c:
+ added prototype for sudo_getpwuid()
+ [4a8e3cdc2b98]
+
+ * lsearch.c:
+ now compiles on strict ANSI compilers
+ [3ce5d72d0b08]
+
+ * check.c:
+ added LONG_SKEY_PROMPT support
+ [48a18b8a2332]
+
+ * Makefile.in:
+ added extra $'s for make to eat up, yum.
+ [2995b214e12b]
+
+ * OPTIONS, options.h:
+ added LONG_SKEY_PROMPT
+ [f23ae799b5a4]
+
+1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ s/key support now works with normal s/key as well as logdaemon
+ [d67573f523bf]
+
+ * OPTIONS, options.h:
+ added SKEY_ONLY
+ [bbf07654e0de]
+
+ * compat.h:
+ set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
+ [205895b96a36]
+
+ * INSTALL:
+ added DCE note added more AIX notes
+ [6345403b3522]
+
+ * sudo.c:
+ now include pthread.h for DCE support
+ [6fe02865f679]
+
+ * check.c:
+ dce_pwent() is ok after all .,
+ [d26a8746a55d]
+
+ * logging.c:
+ now uses SYSLOG() macro that equates to either syslog() or
+ syslog_wrapper
+ [42ac4cff8045]
+
+ * dce_pwent.c:
+ minor formatting changes. renamed check() to somthing less generic
+ [71859f217be1]
+
+ * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
+ visudo.c:
+ now uses user_pw_ent and simple macros to get at the contents
+ [f4cbf3e7145a]
+
+1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ simpler dec unix C2 support
+ [86bc8f75250e]
+
+ * getspwuid.c:
+ now sets crypt_type for DEC unix C2
+ [99aeadd18266]
+
+1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added csops paths for skey
+ [b8ca672e2117]
+
+ * getspwuid.c:
+ now includes string.h for strdup() prototype
+ [3605259c3620]
+
+ * getspwuid.c:
+ fixed a few typos
+ [46c97e4ea417]
+
+ * check.c:
+ now includes skey.h
+ [11e611ce1b61]
+
+ * getspwuid.c:
+ fixed up comments
+ [223dac56f0c8]
+
+ * check.c:
+ moved a lot of the shadow passwd crap to sudo_getpwuid()
+ [97d8887fb7d3]
+
+ * sudo.c:
+ now uses sudo_pw_ent
+ [d014dadbef48]
+
+ * testsudoers.c:
+ now uses sudo_pw_ent
+ [d92936ed7e34]
+
+ * visudo.c:
+ now sets sudo_pw_ent
+ [ff75cdfcf8b3]
+
+ * getspwuid.c:
+ Initial revision
+ [6deb6df9d7bc]
+
+ * tgetpass.c:
+ moved dce stuff into compat.h
+ [1124284396e7]
+
+ * logging.c, sudo.h:
+ now uses sudo_pw_ent
+ [404ff20a5067]
+
+ * Makefile.in:
+ added sudo_getpwuid.c
+ [6666d0644512]
+
+ * compat.h:
+ added dce support
+ [3c3b36a7ce0e]
+
+ * parse.yacc:
+ now uses sudo_pw_ent
+ [9f5e8d11bd68]
+
+1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed exempt_group stuff for OS's that don't put base gid in group
+ vector
+ [003f153bd396]
+
+ * check.c:
+ S/Key support now works with sunos4 shadow passwords
+ [1eb64a5efff1]
+
+ * Makefile.in:
+ fixed clean rule
+ [5695a2c62816]
+
+ * config.h.in, configure.in:
+ added DCE support
+ [f53c766c1947]
+
+ * tgetpass.c:
+ DCE & KERB support
+ [904cf436506a]
+
+ * check.c:
+ first stab at dce support
+ [aea5ca07b1e3]
+
+ * dce_pwent.c:
+ now smells like sudo
+ [8b3d609b49cd]
+
+ * dce_pwent.c:
+ Initial revision
+ [b573555f2399]
+
+ * check.c:
+ skey'd sudo now works w/ normal password as well
+ [8d038f9f6e94]
+
+1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
+ getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+ parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+ sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ version.h, visudo.c:
+ updated version number
+ [ba7e346d7904]
+
+ * README:
+ updated to reflect version change
+ [1d15cf1d8cc8]
+
+ * configure.in:
+ --with options now line up ++version
+ [08ebf625fbca]
+
+ * sudo.h:
+ removed unecesary S/Key stuff
+ [68188cba90af]
+
+ * configure.in:
+ fixed S/Key support
+ [f6d9cbc36618]
+
+ * Makefile.in:
+ -I stuff now goes in CPPFLAGS
+ [7b8e53c5b046]
+
+ * check.c:
+ fixed SKey support
+ [52c1a5cf4435]
+
+ * README:
+ updated version
+ [bed6498a10bb]
+
+ * OPTIONS:
+ fixed description of EXEMPTGROUP
+ [cfeead55edc2]
+
+ * sudo.c:
+ more people use _RLD_ than just alphas...
+ [6a3c7090a6f6]
+
+ * Makefile.in:
+ replaced $man_prefix with $mandir
+ [dc4b36a550e2]
+
+ * configure.in:
+ fixed a typo
+ [a38a4acddcaf]
+
+ * Makefile.in:
+ now use more GNU'ish dir names
+ [c5498391a520]
+
+ * configure.in:
+ now set *dir correctly (can override from command line)
+ [523ff98fd438]
+
+ * sudo.c:
+ now deal with situations where we getwd() fails
+ [88a9e61dccbb]
+
+1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ added etc_dir, bin_dir, sbin_dir
+ [75fd08d92842]
+
+ * configure.in:
+ added sbin_dir
+ [3cb318c0d8d1]
+
+ * Makefile.in:
+ now ship a flex-generated lex.yy.c
+ [4d083ed70dce]
+
+ * Makefile.in:
+ now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
+ [4d51dc9c3780]
+
+ * pathnames.h.in:
+ _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
+ [773fd163d52f]
+
+ * options.h:
+ no more error for redefining SUDOERS_OWNER
+ [4ba336644c6a]
+
+ * OPTIONS:
+ expanded SUDOERS_OWNER section
+ [12fae405759e]
+
+1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now warn if chown(2) failed
+ [d0d1db6e3a1f]
+
+ * logging.c:
+ better default warning for NO_SUDOERS_FILE
+ [5260b458ac64]
+
+ * sudo.c:
+ added missing set_perms() no more cryptic message if the sudoers
+ file is zero length, now just give a parse error
+ [b81ea724838a]
+
+ * logging.c:
+ better diagnostics if NO_SUDOERS_FILE
+ [877e878663c5]
+
+ * sudo.c:
+ check_sudoers() now catches sudoers files that are not readable (but
+ are stat'able).
+ [fea05663b3de]
+
+1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now add -D__STDC__ for convex cc (not gcc)
+ [c80fc53ff51b]
+
+ * configure.in:
+ MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
+ [fe238226a057]
+
+ * Makefile.in:
+ now uses exec_prefix & prefix from configure
+ [f62fca5f56bd]
+
+ * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
+ parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
+ utime.c, visudo.c:
+ options.h is now <> instead of "" so shadow build trees can have a
+ custom copy of options.h
+ [e6782676099c]
+
+ * check.c:
+ user_is_exempt() is no longer a hack, it now uses getgrnam()
+ [287f8d5356f7]
+
+ * options.h:
+ EXEMPTGROUP is now "sudo"
+ [61487304dbe1]
+
+ * configure.in:
+ MAN_POSTINSTALL now contains a leading space
+ [eaad4ac34012]
+
+ * Makefile.in:
+ removed leading tab if @MAN_POSTINSTALL@ not defined now removes
+ testsudoers in clean:
+ [e01711baceb8]
+
+ * tgetpass.c:
+ includes pwd.h to get _PASSWD_LEN definition
+ [8ec174f263f1]
+
+1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ unset the KRB_CONF envariable if using kerberos so we don't get
+ spoofed into using a bogus server
+ [2561a0274fca]
+
+1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ now explicately initialize match[] tp be FALSE
+ [0e45e5c47766]
+
+1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ removed unused variable now passes -Wall
+ [3452508bc16d]
+
+ * parse.yacc:
+ yyerror and dumpaliases are now void's now passes -Wall
+ [2769dfb51993]
+
+ * parse.lex:
+ added prototype for yyerror
+ [1f3f0c1b4ab4]
+
+ * check.c, logging.c, parse.c:
+ now passes -Wall
+ [eab57e5e81d2]
+
+ * interfaces.c:
+ rmeoved unused cruft now passes -Wall
+ [7a47e1866f4b]
+
+ * Makefile.in:
+ fixed headers that moved to emul dir
+ [e680c1e5049b]
+
+ * logging.c:
+ fixed deref of nil pointer if no args
+ [973b9bea432f]
+
+1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS:
+ added a caveat to FQDN section
+ [dcf6e2a5fff4]
+
+1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ more $srcdir support for install targets
+ [f6eac78436dd]
+
+ * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
+ strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
+ don't include malloc.h if we include stdlib.h
+ [fca2ff307cd8]
+
+ * parse.yacc:
+ local search.h now lives in emul
+ [51c458904424]
+
+ * check.c, utime.c:
+ local utime.h now lives in emul dir
+ [f92fc9e8c8de]
+
+ * lsearch.c:
+ local search.h now lives in emul
+ [579efc407439]
+
+ * Makefile.in:
+ added support for building in other than the sourcedir
+ [2ab53a43f7d4]
+
+1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS:
+ annotated CSOPS_INSULTS option
+ [9e57d45a0afa]
+
+ * TROUBLESHOOTING:
+ updated shadow passwords blurb
+ [39b785bc7253]
+
+ * sudo.c:
+ if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
+ passes along foo as the arguments
+ [a91077aa8fc5]
+
+1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ collapsed pathname and dir sections into one -- its now less
+ expensive
+ [89caa03bec25]
+
+ * parse.lex:
+ fixed spacing quoting [,:\\=] now works correctly append() and
+ fill() now take args to make the above work
+ [09d023d9ef3a]
+
+ * sudo.c:
+ fixed a typo that caused commands with no tty on fd 0 but a tty on
+ fd 1 to erroneously have "none" as their tty
+ [07d2c0e7977c]
+
+1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ timestampfile is now a global static removed decl of timestampfile
+ in remove_timestamp since we can just use the global one
+ [f0cbdc6aab1c]
+
+ * check.c:
+ created touch() to update timestamps added USE_TTY_TICKETS support
+ (bit of a kludge)
+ [cee1dd0318f8]
+
+ * compat.h:
+ added _S_IFDIR and S_ISDIR
+ [b4a51cc9628e]
+
+ * OPTIONS, options.h:
+ added USE_TTY_TICKETS
+ [b4e22f81f25e]
+
+ * parse.yacc:
+ removed const from casts for lsearch() & lfind() to placate irix 4.x
+ C compiler
+ [5003081f76ea]
+
+1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now only strip '/dev/' off of a tty if it starts with '/dev/'
+ [7f62bcd24039]
+
+ * pathnames.h.in:
+ added _PATH_DEV
+ [6375f44d1910]
+
+ * configure.in:
+ AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
+ have termios.h
+ [9c60391235fd]
+
+ * tgetpass.c:
+ fixed incorrect #ifdef termio uses "unsigned short" not int for
+ c_?flag
+ [d032e6a29845]
+
+ * parse.lex, parse.yacc:
+ fixed a spelling error
+ [cad6a944c7b1]
+
+ * Makefile.in:
+ fixed typo
+ [204a65403e7c]
+
+1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fixed a comment
+ [268f760e57ad]
+
+ * parse.yacc:
+ added dotcat() to cat 2 strings w/ a dot effeciently now that we
+ dynamically allocate strings they need to be free()'d
+ [ec2e2152f415]
+
+ * parse.lex:
+ dynamically allocates space for strings
+ [d10ac3533d66]
+
+ * sudo.h:
+ no more MAXCOMMANDLENGTH
+ [e2e1219bff8a]
+
+ * sudo.h:
+ added decl of tty
+ [c8ae81303ee5]
+
+ * logging.c, sudo.c:
+ moved tty stuff into sudo.c
+ [e028abefeb07]
+
+1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ fixed a logic bug. Was denying a command if user gave command line
+ args but there were none in the sudoers file which is wrong.
+ [7489a99b8e8a]
+
+ * sudo.h:
+ MAXCOMMMANDLEN dropped down to 1K
+ [38ef54ba290b]
+
+ * parse.lex:
+ return foo; -> return(foo);
+ [0e8be1b57001]
+
+ * parse.yacc:
+ fixed netgr_matches() prototype
+ [e69f15910464]
+
+ * parse.lex:
+ added support for escaping "termination" characters
+ [8bd4ef50f35c]
+
+ * parse.c:
+ buf is now of size MAXPATHLEN+1 since it never holds command args
+ [2ce4b763058c]
+
+ * sudo.c:
+ fixed comments
+ [0c74a3d2ebb0]
+
+ * goodpath.c:
+ fixed negation problem (doh!)
+ [782814e3a2d1]
+
+ * parse.yacc:
+ fixed 2nd parameter to lfind()
+ [63d7b1623c08]
+
+ * parse.lex:
+ now do bounds checking in fill() and append()
+ [54381b563251]
+
+ * sudo.c:
+ include netdb.h as we should added a missing void cast added
+ SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
+ realloc actually moved the string instead of shrinking it
+ [897ccdec9c06]
+
+ * sample.sudoers:
+ updated with examples of new features
+ [9b3ed00e8aa6]
+
+ * goodpath.c:
+ now set errno to EACCES if not a regular file or not executable
+ [2d069548a5ea]
+
+ * find_path.c:
+ if given a fully-qualified or relative path we now check it with
+ sudo_goodpath() and error out with the appropriate error message if
+ the file does not exist or is not executable
+ [590f89dd8dec]
+
+ * emul/search.h, lsearch.c:
+ now use correct args for lfind
+ [fccdcdbf020e]
+
+ * logging.c:
+ added a comment
+ [fab9f49708ea]
+
+ * insults.h:
+ added in CSOps insults
+ [ad8eb1862adc]
+
+ * ins_csops.h:
+ Initial revision
+ [de5a475ec018]
+
+ * tgetpass.c:
+ added RCS id
+ [c3ffd550a482]
+
+ * sudo.h:
+ increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
+ [aba25c90d08a]
+
+ * OPTIONS:
+ added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
+ [e27bd62e9ccf]
+
+ * sudo.c:
+ fixed -k load_interfaces() now gets called if FQDN is set
+ -p now works with -s
+ [07ca2a34bae8]
+
+ * parse.c:
+ don't try to stat() "pseudo commands" like "validate"
+ [75527045984b]
+
+ * options.h:
+ added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
+ [07b157a0eafd]
+
+ * configure.in:
+ added SecurID support added other insults to --with-csops
+ [6c992ceb244c]
+
+ * config.h.in:
+ added HAVE_SECURID
+ [e734ff617fe8]
+
+ * Makefile.in:
+ added clobber target added ins_csops.h now gets CFLAGS from
+ configure
+ [d1e29c7cec25]
+
+ * aclocal.m4:
+ relaxed SUDO_FULL_VOID
+ [fb4084f27406]
+
+ * visudo.c:
+ function comment blocks are now in same style as rest of code
+ [04a2931354c5]
+
+ * testsudoers.c:
+ added support for command line args in /etc/sudoers
+ [bfe4e1bcc655]
+
+ * sudoers.man:
+ updated to have command args in the sudoers file
+ [1cd34355e9ea]
+
+ * sudo.man:
+ added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
+ [930b48023b68]
+
+1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ PATH renamed to COMMAND
+ [4e109a6de3cd]
+
+ * parse.lex:
+ it is now a parse error for directories to have args attached to
+ them
+ [2ab10a146b54]
+
+ * logging.c:
+ now say command args if telling user to buzz off
+ [933de26ded8b]
+
+ * sudo.c:
+ -s no longer indicates end of args sped up loading on cmnd_args in
+ load_cmnd()
+ [eac99a4da862]
+
+ * parse.c:
+ removed an unreachable statement
+ [634302623c49]
+
+ * parse.lex:
+ made more efficient by pulling out the terminators when in GOTCMND
+ state and making them their own rule
+ [80798f1e1166]
+
+1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ removed MAXLOGLEN since it is no longer used
+ [102824196b71]
+
+ * parse.lex:
+ now allows command args
+ [d29dfa1e5254]
+
+ * parse.c:
+ now groks command arguments
+ [6c414cb7f105]
+
+ * logging.c:
+ now sets tty correctly when piped input
+ [de46a30c0406]
+
+ * sudo.c:
+ fixed loading of cmnd_args (was including command name too)
+ [15319a425ea6]
+
+ * logging.c:
+ fixed a core dump due to incorrect if construct
+ [582363c7d7fa]
+
+1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
+ [da591fe9b931]
+
+ * aclocal.m4:
+ fixed check for ISC
+ [52e59f2082a7]
+
+ * sudo.c:
+ now sets cmnd_args used by log_error() and that will be used by the
+ parse to check against command args
+ [c6804389723b]
+
+ * sudo.h:
+ added cmnd_args
+ [4d00446b4a8d]
+
+ * logging.c:
+ now dynamically allocate logline since we can guess at its size
+ [4bed8c8446aa]
+
+1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
+ "register" since the compiler knows more than I do now do a
+ "basename" of the tty
+ [3b1bbf0b3da1]
+
+1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ ++version
+ [5ce552f9a5f1]
+
+ * sudo.h:
+ added shell extern changed MODE_* to be bit masks to allow for
+ several options together
+ [06f9dc4f400c]
+
+ * sudo.c:
+ added -s (shell) option made MODE_* masks so we can do bitwise & and
+ | to see if multiple flags are set.
+ [01f8143010ad]
+
+ * check.c:
+ added securid support
+ [909e078005fe]
+
+1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ removed a bunch of unnecesary strncpy()'s and replaced with strcat()
+ [644506b57d61]
+
+1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, version.h:
+ ++version
+ [3cd6f1fbc3d9]
+
+1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fixed free() of an uninitialized pointer (yuck)
+ [8c404ee502ee]
+
+ * testsudoers.c:
+ added netgr_matches
+ [e7c9fa2f774c]
+
+ * parse.c:
+ cleaned up netgr_matches
+ [8108f00b810e]
+
+1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated for 1.3.4
+ [4741704310a1]
+
+1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ now installs sudoers.man -- really should clean this up though.
+ [455631d45a1d]
+
+ * Makefile.in:
+ added sudoers.cat and sudoers.man
+ [0bdedd6c7363]
+
+ * sudo.man:
+ pulled out stuff on the sudoers file format into a separate man page
+ [de215d999cb9]
+
+ * sudoers.man:
+ Initial revision
+ [f25eafbb7095]
+
+ * HISTORY:
+ fixed up my email address
+ [254fbf80be74]
+
+ * configure.in:
+ added checks for innetgr and getdomainname
+ [24a99cb7e97e]
+
+ * visudo.c:
+ added dummy netgr_matches function
+ [1841ff2c01da]
+
+ * parse.c:
+ added netgr_matches
+ [ec90db6a97b8]
+
+ * parse.lex, parse.yacc:
+ added NETGROUP support
+ [c9dd93e3bc4b]
+
+ * config.h.in:
+ added HAVE_INNETGR & HAVE_GETDOMAINNAME
+ [14abd494d875]
+
+1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ rewrote clean_env() that has rm_env() builtin
+ [55cb43818a95]
+
+1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ now cast uid to long in sprintf
+ [b549eea40aeb]
+
+ * OPTIONS:
+ added _INSULTS suffix to HAL & GOONS end
+ [ed620d0aad30]
+
+ * options.h:
+ added _INSULTS suffix to HAL & GOONS
+ [9f72e9b83afd]
+
+ * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
+ converted to new scheme of insult "unions" end
+ [2f6d2b412132]
+
+ * sudo.c:
+ now uses MAX_UID_T_LEN
+ [c1df79e0f389]
+
+ * configure.in:
+ added SUDO_UID_T_LEN !l
+ [195f0b9f5f84]
+
+ * config.h.in:
+ added MAX_UID_T_LEN
+ [73f42ae4f14d]
+
+ * check.c:
+ now use MAX_UID_T_LEN
+ [df9c063234cb]
+
+ * aclocal.m4:
+ added check for max len of uid_t fixed sco vs. isc check
+ [d558f36d2223]
+
+1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ corrected version
+ [828dd1571e86]
+
+ * configure.in:
+ added sco support
+ [af1e2f616638]
+
+ * aclocal.m4:
+ hack to check for sco
+ [549ab99a9a43]
+
+ * interfaces.c:
+ removed #include <net/route.h> since it was hosing some OS's
+ [ac78a7c04005]
+
+1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ fixed prreadlink() prototype
+ [b380fe1f2b11]
+
+ * check.c:
+ added parens in #if's
+ [e96ade691b82]
+
+ * configure.in:
+ added SPW_ prefix
+ [a302683a1483]
+
+ * sudo.h:
+ moved SPW_* to config.h.in
+ [6b3be70e34cf]
+
+ * sudo.c:
+ added a set of parens
+ [8188d735d695]
+
+ * config.h.in:
+ added SPW_*
+ [5ead6371cf60]
+
+ * sudo.h:
+ added SPW_* reordered error codes
+ [dead25b4ed0a]
+
+ * check.c:
+ moved SPW_* to sudo.h
+ [ca51fb04caf4]
+
+1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ SPW_AUTH -> SPW_SECUREWARE
+ [6b512b2bc5dc]
+
+ * logging.c:
+ GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
+ [defdd0944e2f]
+
+ * configure.in:
+ AUTH -> SECUREWARE
+ [d1f8a17001dd]
+
+ * check.c:
+ SPW_AUTH -> SPW_SECUREWARE
+ [af0e8d8b89b2]
+
+ * check.c:
+ now uses SHADOW_TYPE to make shadow pw support more readable and
+ modular. It's a start...
+ [8c2a59667014]
+
+ * configure.in:
+ added autodetection of shadow passwords
+ [85f81fa54b1b]
+
+ * sudo.c:
+ now uses SHADOW_TYPE define
+ [355e5dc09b07]
+
+ * config.h.in:
+ added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
+ [c0c06e83e483]
+
+ * aclocal.m4:
+ added SUDO_CHECK_SHADOW
+ [464301301639]
+
+1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
+ memmove() since we dno longer use it...
+ [8aefa87d7d31]
+
+ * CHANGES:
+ updated
+ [ce97b3fd7182]
+
+ * logging.c:
+ added BROKEN_SYSLOG support
+ [a45c3bca36f6]
+
+ * config.h.in:
+ added BROKEN_SYSLOG
+ [6f6abf0a6268]
+
+ * check.c:
+ now only bitch it timestamp > time_now + 2 * timeout to allow for a
+ machine udpating its time from a server
+ [546bc8d35325]
+
+ * sudo.man:
+ added 2 security notes updated Nieusma's email addr
+ [616756c56977]
+
+ * lsearch.c:
+ changed a memmove() to memcpy() since we don't have to worry about
+ overlapping segments.
+ [30baa478526b]
+
+1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ cleanup up the loop when interfaces are groped in so that it is
+ readable
+ [1fa39446bd69]
+
+ * Makefile.in, version.h:
+ ++version
+ [b46bd2b1770f]
+
+1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ annotated 124-126
+ [b82a2b3ec7ce]
+
+1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed permissions check on /tmp/.odus
+ [cc2431a65468]
+
+1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed some comments
+ [8896d09b4fda]
+
+ * check.c:
+ now checks owner & mode of timedir also checks for bogus dates on
+ timestamp file
+ [a0fad5df5b0a]
+
+ * OPTIONS:
+ updated TIMEOUT info
+ [033cc22d9e04]
+
+ * logging.c, sudo.h:
+ added BAD_STAMPDIR and BAD_STAMPFILE
+ [31d9ce691101]
+
+ * compat.h:
+ added definition of S_IRWXU
+ [ff2dab091a9b]
+
+ * CHANGES:
+ updated
+ [a40df90284f1]
+
+1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ added #ifdef to make it compile on strange arches
+ [4a127f12afce]
+
+1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ fixed check for fulkl void impl.
+ [b6f2a4a361d8]
+
+ * check.c:
+ added mssing "static"
+ [520552f2772b]
+
+ * insults.h:
+ replaced #elif with #else #if constructs for ancient C compilers
+ [39ab2d365b57]
+
+ * INSTALL:
+ updated irix c2 & kerb5 info
+ [ae79b99b4905]
+
+ * configure.in:
+ added shadow pw support for irix
+ [632469d9c528]
+
+1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, TODO:
+ updated
+ [2a96bb18ac30]
+
+ * CHANGES:
+ last changes for sudo 1.3.3
+ [c1c0cd1034b8]
+
+ * configure.in:
+ now calls SUDO_SOCK_SA_LEN
+ [14ea78159d45]
+
+ * config.h.in:
+ added HAVE_SA_LEN
+ [cc2a346aa905]
+
+ * aclocal.m4:
+ added SUDO_SOCK_SA_LEN
+ [456a2025644a]
+
+ * interfaces.c:
+ now works with ip implementations that use sa_len in sockaddr
+ [90be6e028077]
+
+ * INSTALL:
+ added note about buggy AIX compiler
+ [c0f6d427e4e4]
+
+ * interfaces.c:
+ now include sys/time.h for AIX
+ [2510858ab38b]
+
+1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ getcwd -> getwd
+ [66085ebca98e]
+
+ * interfaces.c:
+ now works for ISC and others. yay.
+ [f336d4ffc927]
+
+1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, version.h:
+ version++
+ [836cffc2078d]
+
+1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ fixed test for full void impl
+ [fb004107e7b9]
+
+ * sudo.c:
+ now check to see that st_dev is non-zero before assuming that we are
+ being spoofed
+ [1b0e1c30c506]
+
+1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure.in:
+ SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
+ [4953379bfb01]
+
+1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ fixed include file order for SUDO_FUNC_UTIME_POSIX
+ [ff64ab7df44f]
+
+ * logging.c:
+ added cast for ttyname()
+ [444f05f56758]
+
+ * configure.in:
+ fixed typo
+ [de068e748431]
+
+ * check.c:
+ now deal correctly with all known variation of utime() -- yippe
+ [b778a4195a89]
+
+ * configure.in:
+ added SUDO_FUNC_UTIME_POSIX
+ [cf635f2269d6]
+
+ * aclocal.m4:
+ added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
+ [d79593be4b73]
+
+ * config.h.in:
+ added HAVE_UTIME_POSIX
+ [c67b4ac0dca5]
+
+ * check.c:
+ fixed a typo
+ [b14df5680f59]
+
+ * check.c:
+ no longer assume !HAVE_UTIME_NULL means old BSD utime()
+ [0aeaf4b2f38b]
+
+ * check.c:
+ fixed fascist C compiler warning
+ [c61ddf2f1f93]
+
+ * interfaces.c:
+ now set strioctl.ic_timout in STRSET() now initialize num_interfaces
+ to 0 (just to be anal)
+ [c54cc2ba0052]
+
+1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
+ [74cf585a54fb]
+
+ * logging.c:
+ added tty logging
+ [e27d8dcfbd78]
+
+ * interfaces.c:
+ reworked the ISC code
+ [bcf57ce8ae69]
+
+ * Makefile.in, version.h:
+ updated version
+ [032941c9b94d]
+
+ * check.c:
+ now expect old-style utime(3) if utime() can't take NULL as an arg
+ [018dd4a73030]
+
+ * configure.in:
+ added check for utime.h
+ [0b76e8feb618]
+
+ * config.h.in:
+ added HAVE_UTIME_H
+ [62ee42feda46]
+
+ * Makefile.in:
+ added CPPFLAGS STATIC_FLAGS -> LDFLAGS
+ [fa3201d294e1]
+
+ * configure.in:
+ now search for kerb libs and includes
+ [cc332401e571]
+
+ * check.c:
+ added support for utime(2)'s that can't take a NULL parameter
+ [98797fedf69f]
+
+ * utime.c:
+ moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
+ [6ce6d825fb44]
+
+ * configure.in:
+ added utime(s) stuff
+ [a2afb744403e]
+
+ * check.c:
+ now use utime()
+ [48902240a51e]
+
+ * config.h.in:
+ added HAVE_UTIME and HAVE_UTIME_NULL
+ [9a56ab65d4f4]
+
+1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * utime.c:
+ now use HAVE_UTIME_NULL
+ [e3944de09a92]
+
+ * emul/utime.h, utime.c:
+ Initial revision
+ [a2cbf2ef3427]
+
+ * check.c:
+ need to setuid(0) to make kerb4 stuff work.
+ [c6cfda4039d7]
+
+ * tgetpass.c:
+ no more special case for kerberos
+ [4a5c33145be9]
+
+ * config.h.in:
+ took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
+ emulation)
+ [a607ee43e650]
+
+ * compat.h:
+ no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
+ kerberos
+ [02fb274cc136]
+
+ * check.c:
+ now use private ticket file for kerberos support to avoid trouncing
+ on system one
+ [28d8b6b812c7]
+
+1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ added SPOOF_ATTEMPT & cmnd_st
+ [d3b42a1f4d0d]
+
+ * sudo.c:
+ added anti-spoofing support
+ [ab1e2aa44a57]
+
+ * parse.c:
+ now use global cmnd_st
+ [47018265a1a6]
+
+ * logging.c:
+ added SPOOF_ATTEMPT suypport
+ [7bbe9dd2a021]
+
+ * testsudoers.c, visudo.c:
+ added void casts where appropriate
+ [f191441ba333]
+
+ * parse.yacc:
+ fixed up spacing and added void casts where appropriate
+ [15d886fc809c]
+
+ * sudo.c:
+ fixed problem with "-p prompt" but no args
+ [6fc048261a3e]
+
+1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man:
+ added BUGS and annotated -l description
+ [e5c506de2603]
+
+ * sudo.h:
+ validate() now takes a flag
+ [26627becc60a]
+
+ * sudo.c:
+ validate() now takes a flag added -l
+ [a4f7bb97fe54]
+
+ * parse.yacc:
+ added support for -l
+ [e7a9b10b0ad3]
+
+ * parse.c:
+ validate() now takes a flag that says whether or not to check the
+ command
+ [9e1e67f4e281]
+
+1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ now deals with Argv == 1
+ [0acb637ab635]
+
+ * sudo.man:
+ added -p option
+ [e60382fc0561]
+
+ * sudo.c:
+ added prompt support reworked parse_args()
+ [2f605267ed4a]
+
+ * sudo.h:
+ added prompt
+ [5ab021bdb419]
+
+ * options.h:
+ added PASSPROMPT
+ [614727ff44a2]
+
+ * check.c:
+ now use BUFSIZ as length of kerb password added kpass so pass is
+ always a char * now use prompt global when asking for a password
+ [76be09af784f]
+
+ * tgetpass.c:
+ now use BUFSIZ as _PASSWD_LEN if using kerberos
+ [1e907eed312b]
+
+ * OPTIONS:
+ added PASSPROMPT
+ [ddb2f405ce40]
+
+1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ only look for -lufc or -lcrypt if crypt() not in libc
+ [9717d315661f]
+
+ * check.c:
+ don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
+ (unknown user) silently fail
+ [2b48693d4ee9]
+
+ * INSTALL:
+ added kerb4 note
+ [986e393f740c]
+
+ * tgetpass.c:
+ HAVE_KERBEROS -> HAVE_KERB4
+ [e438bfb5e6aa]
+
+ * check.c:
+ removed debugging printf
+ [1cf9f5cbffa5]
+
+ * configure.in:
+ KERBEROS -> KERB4 added checks for setreuid & setresuid
+ [01e9945beb1e]
+
+ * config.h.in:
+ HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
+ [0e0bb5b8ac3e]
+
+ * compat.h:
+ added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
+ with setresuid if applic
+ [9dae24c47696]
+
+ * check.c:
+ HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
+ no setreuid() or a broken one
+ [1fca642bdb8e]
+
+1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added kerberos support
+ [da5639b9b8e7]
+
+ * config.h.in:
+ added HAVE_KERBEROS
+ [fcc5be550e65]
+
+ * tgetpass.c:
+ added KERBEROS support (long passwords)
+ [303ba6924dd2]
+
+ * check.c:
+ added kerberos support
+ [e40afe98fc1d]
+
+1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ added MODE_BACKGROUND
+ [9b483c932016]
+
+ * sudo.man:
+ escaped dashes added -b option
+ [62e84f1a7714]
+
+ * sudo.c:
+ added -b option
+ [7e78aaefeb95]
+
+ * check.c:
+ added crypt() for osf/1 3.x enhanced secuiry
+ [e9aa5abdb7d5]
+
+ * configure.in:
+ now check for -lcrypt
+ [5cb9c67e9fa2]
+
+ * interfaces.c:
+ added ENXIO like EADDRNOTAVAIL
+ [74223bb1ba75]
+
+1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now emulate getwd(), not getcwd()
+ [3e5439d9a5f4]
+
+ * sudo.c:
+ getcwd() -> getwd()
+ [6392a96a658e]
+
+ * getwd.c:
+ getcwd -> getwd
+ [1b0ab9bae11e]
+
+1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ins_2001.h, ins_classic.h, ins_goons.h:
+ Initial revision
+ [86db60d8cf00]
+
+ * insults.h:
+ broke out insults into separate include files
+ [0a01993bd38a]
+
+ * OPTIONS, options.h:
+ added GOONS
+ [e283203c6515]
+
+ * Makefile.in:
+ added ins_2001.h ins_classic.h ins_goons.h
+ [2a39cd6a4cd2]
+
+ * Makefile.in, version.h:
+ ++version
+ [05ebf4f5e41a]
+
+ * visudo.c:
+ moved signal handler setup to setup_signals()
+ [3dd976c04540]
+
+ * sudo.h:
+ added load_interfaces()
+ [af2d473b09e2]
+
+ * sudo.c:
+ moved load_interfaces to interfaces.c
+ [5c8c138e5d4c]
+
+ * parse.yacc:
+ added clearaliases
+ [aeb4ff301daa]
+
+ * OPTIONS, options.h:
+ added FAST_MATCH
+ [f49ea3d1b525]
+
+ * parse.lex:
+ now uses clearaliases variable
+ [a2dda415bf61]
+
+ * interfaces.c:
+ Initial revision
+ [a1990e3f5c69]
+
+ * Makefile.in:
+ added interfaces.[co]
+ [1e8e5984de97]
+
+ * testsudoers.c:
+ now uses ip addrs and netmasks via load_interfaces()
+ [54b8f7a6835e]
+
+ * sudo.c:
+ now remove IFS instead of setting to "sane" value
+ [ce7eec9f115e]
+
+1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ added FAST_MATCH
+ [816d4f5fe81a]
+
+1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ sudo_goodpath.c-> goodpath.c
+ [a5072c4e1de2]
+
+ * sudo.c:
+ added Andy's new ISC changes
+ [caa6bbee358e]
+
+1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS:
+ added a sentence to SECURE_PATH info
+ [cad6e1569d15]
+
+ * BUGS:
+ added one
+ [4b35cf699a83]
+
+ * CHANGES:
+ updated
+ [5fded9dc62f0]
+
+ * RUNSON:
+ updated
+ [33cb993cfd39]
+
+1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated for beta3
+ [a05dc6a91995]
+
+ * Makefile.in, version.h:
+ ++version
+ [54aaf3fadc75]
+
+ * aclocal.m4:
+ sendmail is now looked for in �/usr/ucblib
+ [231ac1a4662f]
+
+ * sudo.c:
+ fixed indentation
+ [fb137400c8c2]
+
+ * aclocal.m4:
+ fixed a typo
+ [e03f1acc468b]
+
+ * sudo.c:
+ updated ISC mods
+ [070290d4754b]
+
+ * configure.in:
+ added unixware case
+ [e90250bae0d9]
+
+ * check.c:
+ user_is_exempt is no longer hidden
+ [1a341765b8af]
+
+ * RUNSON:
+ updated
+ [a9c4898b26dd]
+
+ * aclocal.m4:
+ isc and riscos changes
+ [98b5d86585d1]
+
+ * OPTIONS:
+ added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
+ [e1ecc464ce4b]
+
+ * Makefile.in:
+ fixed a typo and added testsudoers stuff
+ [435d60e163dc]
+
+ * testsudoers.c:
+ Initial revision
+ [6ce14a448662]
+
+1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ applied fixed patch from Chris
+ [cd6144203d13]
+
+1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fixed a typo
+ [34f8a54ba041]
+
+ * parse.yacc:
+ added a set of braces for bison
+ [f0e43b938914]
+
+ * parse.yacc:
+ merged in Chris' changes to dekludge the parser.
+ [82d6e373ab1c]
+
+ * logging.c:
+ send_mail() was calling find_path() which is wrong since find_path()
+ stores cmnd in a static var. Anyhow, it doesn't make much sense
+ since MAILER should always be fully qualified
+ [6eae6a0b8098]
+
+1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ added User_Alias stuff
+ [aaba8c8e918d]
+
+ * aclocal.m4:
+ SUDO_NEXT now looks for /usr/lib/NextStep/software_version
+ [52bd81f34b32]
+
+ * RUNSON:
+ added DEC UNIX 3.0 w/ gcc
+ [7daf570775b5]
+
+ * visudo.c:
+ Exit was being used in places where exit should be used
+ [6026a89c07ed]
+
+ * sudoers:
+ added "User alias specification"
+ [a487b6e234f8]
+
+ * parse.yacc:
+ fixed probs caused by making nslots and naliases a size_t
+ [0be919384f3f]
+
+ * RUNSON:
+ added KSR, upped rev to 1.3.1b2
+ [ce04ee6faadf]
+
+ * logging.c, parse.yacc:
+ 1024 -> BUFSIZ
+ [cd6dda45fa11]
+
+ * parse.yacc:
+ void * -> VOID * naliases and nslots are now size_t to appease
+ lsearch on 64-bit machines
+ [bf2f807c0dc1]
+
+1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ did a bunch of things and added a bunch :-)
+ [42afd957b829]
+
+ * PORTING:
+ updated
+ [972f95c85776]
+
+ * visudo.man:
+ closer to BSD manpage style
+ [07ae88f50325]
+
+ * sudo.man:
+ closer to standard BSD man format
+ [372c28dcc135]
+
+ * compat.h, config.h.in, emul/search.h, insults.h, options.h,
+ pathnames.h.in, sudo.h, version.h:
+ added RCS id
+ [c0ec90b81002]
+
+ * sudo.h:
+ removed crufty #defines that are no longer used
+ [35e2b4b477f0]
+
+ * BUGS:
+ fixed a bug
+ [5bb3e1bee85e]
+
+ * sudo.man:
+ updated based on sudo changes
+ [e65de1cae438]
+
+ * parse.yacc:
+ now allow ALL keyword in User_Aliases now allow ALL keyword as well
+ as a NAME or ALIAS
+ [1fb31404dd0f]
+
+ * CHANGES:
+ updated
+ [b24018ac610b]
+
+ * sudo.c:
+ now sets SUDO_COMMAND and SUDO_GID envariables.
+ [e9d791557fb7]
+
+ * aclocal.m4:
+ fixed bug with full void impl check
+ [35715301023c]
+
+ * parse.yacc:
+ fixed User_Alias supoprt
+ [4c30dfbaaa07]
+
+ * parse.yacc:
+ added stubs for User_Alias support
+ [f4afbd247edf]
+
+ * sudo.c:
+ now sets removes # bogus interfaces from num_interfaces
+ [6f077fac9ab1]
+
+ * parse.lex:
+ added User_Alias support
+ [bc7997e5df85]
+
+1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ removed extraneous TODO
+ [bc87a3b14d6d]
+
+1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ ntwk_matches -> addr_matches
+ [475044e288b8]
+
+ * parse.yacc:
+ ntwk_matches -> addr_matches
+ [dd1f4093fd2d]
+
+ * parse.c:
+ ntwk_matches -> addr_matches now use inet_addr() not inet_network()
+ (which expects octet boundaries) fixes for OSF (sizeof(int) !=
+ sizeof(long))
+ [acd2f556940f]
+
+ * sudo.c:
+ took out debugging info
+ [044023063eca]
+
+ * aclocal.m4:
+ OS was being set to unknown before non-uname based host checks.
+ This caused no checks to happen since $OS was not zero-length.
+ [335a7267479d]
+
+ * sudo.c:
+ fixed loading of interfaces struct still has debugging info in
+ though
+ [2d1a18998c1e]
+
+ * parse.c:
+ fixed typo
+ [175674a3a9fa]
+
+1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ++version
+ [55d191b5daa3]
+
+ * version.h:
+ ++
+ [d7d1f115696a]
+
+ * visudo.c:
+ removed extraneous extern decl of "top
+ [50355621047d]
+
+ * visudo.c:
+ now zeros "top"
+ [4e683210345b]
+
+ * parse.yacc:
+ removed parser_cleanup (no need for it now)
+ [afa59f222b6c]
+
+ * parse.lex:
+ now calls reset_aliases() directly
+ [3a23cbd60fc0]
+
+1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS:
+ added a sentence to SECURE_PATH description
+ [c5bf75b85af0]
+
+ * parse.c:
+ fixed my stupid bug where I used NAMLEN on something I wanted to
+ just get the name from. argh.
+ [111f460f6540]
+
+1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lsearch.c:
+ fixed argument order of memmove() that i hosed when converting from
+ bcopy(). arghh.
+ [2f5336045c8b]
+
+ * Makefile.in:
+ finally fixed DISTFILES line
+ [a1b419e73a63]
+
+ * Makefile.in:
+ tabs -> spaces
+ [280fb03e5764]
+
+ * Makefile.in:
+ added missing files to DISTFILES
+ [991fc1cd2263]
+
+ * Makefile.in:
+ SUPPORTED -> RUNSON
+ [7580e65b05fb]
+
+1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ updated
+ [fe764a29c1cc]
+
+ * RUNSON:
+ updated for pl5b1 release
+ [aefc35bd2291]
+
+ * BUGS, TODO:
+ updated
+ [8f0ea249b687]
+
+ * check.c:
+ fixed bug where if you hit return at first sudo prompt it would
+ still log as a failure
+ [24539c854692]
+
+ * CHANGES:
+ updated
+ [251cc7b3ede4]
+
+ * aclocal.m4:
+ better test for bogus void * implementation
+ [efe23180cb88]
+
+ * logging.c:
+ added PASSWORDS_NOT_CORRECT
+ [bd12c73f83f7]
+
+ * check.c:
+ added PASSWORDS_NOT_CORRECT stuff]
+ [90de391a979f]
+
+ * sudo.h:
+ added PASSWORDS_NOT_CORRECT
+ [727fbeb76fc5]
+
+ * tgetpass.c:
+ moved pathnames.h
+ [4f910e5a8df7]
+
+ * sudo.c:
+ removed some unused vars and fixed up uid2str
+ [70e92c7f9076]
+
+ * putenv.c:
+ moved compat.h
+ [b271091586f6]
+
+ * getcwd.c, getwd.c:
+ added pathnames.h
+ [6f25218f133f]
+
+1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fixed a typo I introduced in the last checkin :-(
+ [62c3af75c4fe]
+
+ * parse.lex:
+ can't have #ifdef's where N is defined so just do this the broken
+ way for AIX
+ [c5648a5594e4]
+
+ * parse.yacc:
+ better hack from Chris (but still a hack)
+ [6b6d8aed93f3]
+
+ * parse.lex:
+ stupid hack for broken aix lex
+ [efc3f9e5280e]
+
+ * tgetpass.c:
+ now includes compat.h �
+ [401822173f77]
+
+ * visudo.c:
+ now includes fcntl.h
+ [63865c2f8ac6]
+
+ * compat.h:
+ added FD_SET and FD_ZERO for 4.2BSD
+ [00c5597c0bb0]
+
+ * parse.yacc:
+ dirty hack to fix parser bug. i don't really like this but it works
+ for now...
+ [5b8bbdc81569]
+
+ * sudo.c:
+ uid2str is now static like the prototype says
+ [f2a97b5cb870]
+
+1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
+ updated
+ [6f79c3e92716]
+
+ * RUNSON:
+ Initial revision
+ [12a09ef9e884]
+
+ * sudo.c:
+ check_sudoers now returns an error code and sudo calls inform_user
+ and log_error based on the return value.
+ [340eca188d9a]
+
+ * logging.c, sudo.h:
+ added entries for new errors
+ [6050d8542e1f]
+
+ * parse.c:
+ now set uid to that of SUDOERS_OWNER while parsing sudoers file
+ [3683c42bc9b0]
+
+ * Makefile.in:
+ took out testsudoers �
+ [65317d49db48]
+
+ * sudo.c:
+ now explicately checks that it is setuid root
+ [2fe1be60ef6a]
+
+ * sudo.c:
+ If a user has no passwd entry sudo would segv (writing to a garbage
+ pointer). Now allocate space before writing :-)
+ [d08e7eb5e5ef]
+
+ * configure.in:
+ reordered AC_CHECK_FUNCS
+ [4c82e56c6f4f]
+
+ * config.h.in:
+ fixed memset macro
+ [77ede6b714ab]
+
+ * tgetpass.c, visudo.c:
+ bzero -> memset
+ [1a005bb322c8]
+
+ * logging.c:
+ bzero -> memset when a parse error is logged the line number of the
+ error is now logged too
+ [a42d68047723]
+
+ * INSTALL:
+ added Sunos to blurb about c2 security
+ [af750a1d131e]
+
+ * configure.in:
+ added a SUN4 define for C2 security
+ [6ad5b23a3eb0]
+
+ * config.h.in:
+ bcopy -> memmove bzero -> memset
+ [5494460c8464]
+
+ * lsearch.c:
+ bcopy -> memmove char * -> VOID *
+ [a15f5c316e16]
+
+ * check.c:
+ added support for sunos with C2 security
+ [03fea5bb21e6]
+
+ * OPTIONS, options.h:
+ reordered
+ [1686265af3e1]
+
+ * pathnames.h.in:
+ _PATH_SUDO_LOGFILE now set based on configure
+ [5867b58e4a04]
+
+ * configure.in:
+ added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
+ [1984d9fd1b5c]
+
+ * config.h.in:
+ added _SUDO_PATH_LOGFILE
+ [dd3eebe62580]
+
+ * aclocal.m4:
+ added SUDO_LOGFILE to find where to put sudo.log added
+ SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
+ SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
+ [c589a515a99a]
+
+1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ Initial revision
+ [f42f1baba3a8]
+
+ * sudo.c:
+ now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
+ to work around a problem is trusted hpux shadow passwords. yuck.
+ [ae1f13b54687]
+
+ * parse.yacc:
+ backed out a change in malloc/realloc
+ [ab868db0ad69]
+
+ * parse.yacc:
+ now include stdlib.h
+ [957eef0631eb]
+
+ * visudo.c:
+ now do an freopen() of the stmp file so that yyin will always point
+ to the same thing. This is important for flex since we are doing a
+ YY_NEWFILE
+ [44558922fd3e]
+
+ * parse.yacc:
+ replaced yywrap() with parser_cleanup() since yywrap() needs to be
+ in parse.lex to be able to use YY_NEW_FILE. sigh.
+ [12dd09921074]
+
+ * parse.lex:
+ now have a rule that matches anything that doesn't match an
+ explicite rule. well, you know what i mean (. matches anything not
+ yet matched). However, this means that there is input still queued
+ up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
+ into parse.lex and it calls parser_cleanup() which is most of the
+ old yywrap() sigh.
+ [7f4042bc48d6]
+
+ * SUPPORTED:
+ no longer used
+ [8f220be4da94]
+
+ * getcwd.c, getwd.c:
+ moved compat.h to be the last include file
+ [9f3a65e2d485]
+
+ * parse.yacc:
+ fixed type of aliascmp() args
+ [1c27eb989bdf]
+
+ * find_path.c:
+ NULL -> '\0'
+ [5c8d8cf1692e]
+
+ * parse.yacc:
+ added casts to lfind and lsearch args for irix
+ [61027ddeecf8]
+
+ * Makefile.in:
+ bsdinstall -> install-sh
+ [61de6612c5a5]
+
+ * INSTALL:
+ added info about make realclean
+ [29c6324d727f]
+
+ * Makefile.in:
+ updated VERSION added dependencies for visudo.cat
+ [09077d7229d4]
+
+ * version.h:
+ -> pl5b1
+ [5d21c7ad1a41]
+
+ * sudo.c:
+ took out -l
+ [fc1478d81b38]
+
+ * Makefile.in:
+ now there is a real visudo.man and visudo.cat
+ [58aeac43a6dd]
+
+ * sudo.man:
+ took out visudo stuff
+ [4a6ac4393343]
+
+ * visudo.man:
+ Initial revision
+ [cba348843db8]
+
+ * parse.c, parse.lex, parse.yacc:
+ updated copyright
+ [ffa16b70944a]
+
+ * README:
+ updated for pl5
+ [a26e423e9e5f]
+
+ * sudo.man:
+ updated Nieusma & Hieb email addresses
+ [f0083e71989d]
+
+ * INSTALL:
+ updated to include options.h and OPTIONS
+ [ee59e2b76c94]
+
+ * CHANGES, TODO:
+ updated
+ [51e011ad5220]
+
+ * BUGS:
+ eliminated bug #1 (yay)
+ [e7e88515494e]
+
+ * configure.in:
+ sunos no longer gets linked statically
+ [2e5b3ff3108f]
+
+1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ prototype now uses __P()
+ [68ecdcab4c70]
+
+ * parse.lex:
+ make fill() non-ansi
+ [d6509972260b]
+
+ * parse.c:
+ made -v (validate) work
+ [13c9d520638c]
+
+ * logging.c:
+ now gives host
+ [f04859cdba5a]
+
+ * find_path.c:
+ don't check for execute/statable if fq or relative path given
+ [4bbe851f3973]
+
+ * parse.c:
+ added a cast
+ [345c308f72f3]
+
+ * visudo.c:
+ now include ctype.h for islower and tolower macros
+ [582c0aa332d5]
+
+ * goodpath.c:
+ moved _S_IFMT & _S_ISREG to compat.h
+ [828e4ca4e7b4]
+
+ * sudo.c:
+ moved a set of parens
+ [5783474ecf37]
+
+ * strdup.c:
+ now include compat.h
+ [75e2036b94af]
+
+ * emul/search.h:
+ void * -> VOID *
+ [cedcfaf04161]
+
+ * parse.yacc:
+ now cast malloc & realloc return vals added search for HAVE_LSEARCH
+ now use strcmp if no strcasecmp available
+ [d6a42bc3d4ae]
+
+ * lsearch.c:
+ void * -> VOID *
+ [886adc44f607]
+
+ * config.h.in:
+ removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
+ HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
+ [3b50d7fb4349]
+
+ * compat.h:
+ added _S_IFMT, _S_IFREG, and S_ISREG
+ [73d506c7d53c]
+
+ * aclocal.m4:
+ took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
+ to most SUDO_* macros
+ [8442155f5936]
+
+ * Makefile.in:
+ no more -I.
+ [63462f195bd4]
+
+ * configure.in:
+ various 1.x ro 2.x autoconf changes now check for strcasecmp now use
+ AC_INSTALL_PROG instead of custom one added check for fully woorking
+ void implementation
+ [5ac6b6e6230f]
+
+ * Makefile.in:
+ added lsearch & search.h visudo links into $(LIBOBJS)
+ [bc119cda4598]
+
+ * aclocal.m4:
+ partial 1.x to 2.x changes added SUDO_FULL_VOID
+ [1194d01fa5c5]
+
+ * visudo.c:
+ whatnow_help was prototyped to be static be was not declared as
+ such
+ [0f85489dd426]
+
+ * configure.in:
+ autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
+ for dirent/dir/ndir.h
+ [7408f3854948]
+
+ * parse.c:
+ now use groovy gnu autoconf macro AC_HEADER_DIRENT
+ [e465db9f5dfa]
+
+ * getcwd.c, getwd.c:
+ MAXPATHLEN -> MAXPATHLEN+1
+ [714d87424e21]
+
+ * emul/search.h, lsearch.c:
+ Initial revision
+ [55d79482c535]
+
+1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ eliminated bison warnings
+ [61ca0a96da22]
+
+ * parse.lex:
+ added missing case
+ [6be0f849747c]
+
+ * visudo.c:
+ now iincludes signal.h
+ [221e0fcc144f]
+
+ * parse.yacc:
+ only clear data structures on a parse error
+ [7b1c0f1a4527]
+
+ * visudo.c:
+ whatnow() now gives help on invalid input
+ [e5a4cd88c587]
+
+ * visudo.c:
+ added a whatnow() function (sort of like mh)
+ [932d9b145f1c]
+
+ * parse.yacc:
+ kill_aliases -> reset_aliases yywrap() now cleans up by calling
+ reset_aliases() and clearing top took reset stuff out of yyerror()
+ since it doesn't beling there (and doesn't work anyway). errorlineno
+ is now initially set to -1 so we can set it to the first error that
+ occurrs (it was getting set to the last)
+ [2f71f95a974c]
+
+ * parse.lex:
+ added a void cast
+ [18ae6042dce4]
+
+ * visudo.c:
+ rewrote from scratch based on 4.3BSD vipw.c
+ [2f6814f18576]
+
+1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo.h:
+ removed ocmnd
+ [a31735f41ad4]
+
+ * sudo.h:
+ no more sudo_realpath() and find_path() changed params
+ [8e85c3b39159]
+
+ * sudo.c:
+ find_path() changed since no more realpath()
+ [b25366c7f2ee]
+
+ * parse.yacc:
+ on error, errorlineno is set to the line where the error occurred
+ added kill_aliases() to free the aliases struct now clean up in
+ yyerror() so we can reparse cleanly
+ [2342f578c27a]
+
+ * options.h, parse.c:
+ no more USE_REALPATH
+ [cfc59babeaff]
+
+ * logging.c:
+ changed to use new find_path()
+ [91c7a38e7751]
+
+ * find_path.c:
+ removed all the realpath() stuff
+ [cc21a43a8562]
+
+ * Makefile.in:
+ sudo_realpath.c -> sudo_goodpath.c
+ [03a9b1ddec2f]
+
+ * visudo.c:
+ now works correctly with utk parser
+ [08aa554a0ce8]
+
+ * goodpath.c:
+ Initial revision
+ [1ea607e1ffb2]
+
+ * sudo_realpath.c:
+ eliminated a compiler warning
+ [198bcccc55b6]
+
+ * sudo.c:
+ elinated compiler warning
+ [e2384f9a878b]
+
+ * sudo_realpath.c:
+ added sudo_goodpath()
+ [43878c4cc540]
+
+ * sudo.h:
+ added prototype for sudo_goodpath
+ [23e8627a2265]
+
+ * parse.c:
+ added support for /sys/dir.h
+ [eca897087741]
+
+ * options.h:
+ USE_REALPATH turned off
+ [620ac8b63d85]
+
+ * find_path.c:
+ added calls to sudo_goodpath()
+ [ad170904fbcd]
+
+ * configure.in:
+ added check for dirent.h
+ [7964a8c26855]
+
+ * config.h.in:
+ added HAVE_DIRENT_H
+ [1f785fec7e19]
+
+ * configure.in:
+ added in linux shadow pass stuff �
+ [e585a5785f50]
+
+1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ added back host, user, cmnd, parse_error
+ [0ec19f3d64f4]
+
+ * visudo.c:
+ added in utk changes plus some minor cosmetic changes
+ [c5c1921c8a58]
+
+ * sudo.c, sudo_realpath.c:
+ added void casts for printf's
+ [9c6ff11c0082]
+
+ * options.h:
+ added a define of USE_REALPATH
+ [db3711c9efc5]
+
+ * configure.in:
+ there is no more visudoers/Makefile
+ [36e1bc1f78d0]
+
+ * Makefile.in:
+ added in utk changes (visudo is now built from the toplevel)
+ [76203d4b345d]
+
+ * find_path.c:
+ added (void) casts to printf's
+ [dd5cb1e060ac]
+
+ * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
+ merged in utk changes
+ [35563307fd8e]
+
+1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ now check to see that what we are trying to run is a file (or a link
+ to a file, we do a stat(2) so there is no diff)
+ [05889c4bcace]
+
+1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [3e8047bb26fb]
+
+ * Makefile.in:
+ aclocal.m4 -> acsite.m4 make realclean updated for new autoconf �
+ [0bdbaa7c4c7d]
+
+ * sudo.man:
+ added myself as maintainer
+ [77a9d75aab84]
+
+1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ changed setegid -> setgid
+ [7f4788d73b6f]
+
+1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fixed the test for irix 5.x to skip bad libs
+ [bfef896de013]
+
+ * aclocal.m4:
+ now initialize OS and OSREV
+ [cc302756e440]
+
+1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ irix5 changes
+ [ac985b23f5f2]
+
+ * configure.in:
+ AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
+ compatibility
+ [0cf8c92a06d7]
+
+1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
+ thing wrt yyrestart (grrrr)
+ [18e8eabfbb82]
+
+1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ added visudoers/compat.h to DISTFILES
+ [db23b574b034]
+
+ * configure.in:
+ fixed an echo
+ [7cbc0462b89d]
+
+ * sudo.c:
+ added ocmnd declaration adjusted for find_path()'s new parameters
+ [d929cd156474]
+
+ * sudo.h:
+ added ocmnd extern adjusted find_path() prototype
+ [e0004daf5d3c]
+
+ * parse.c:
+ cmndcmp() now takes 3 arguments and checks against the qualified as
+ well as the unqualified pathname. more code that should use
+ cmndcmp() but did not, now does
+ [6f70a8c17bee]
+
+ * options.h:
+ added to a comment
+ [7a78680426b2]
+
+ * logging.c:
+ changed to use new find_path() parameter passing
+ [840981d30db4]
+
+ * find_path.c:
+ find_path() now takes 2 copyout parameters (one for the qualified
+ pathname and one for the unqualified pathname). The third parameter
+ may be NULL.
+ [851503b005e9]
+
+ * configure.in:
+ no longer munge pathnames.h
+ [427d8796c5a9]
+
+ * pathnames.h.in:
+ changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
+ as a result, pathnames.h does not need to be run through configure
+ and the user can override the configured values easily.
+ [2e378f2ebe88]
+
+ * config.h.in:
+ added _SUDO_PATH_* entries
+ [0857de7cebab]
+
+ * aclocal.m4:
+ _PATH* -> _SUDO_PATH_*
+ [7601193f56cc]
+
+ * Makefile.in:
+ updated DISTFILES and HDRS .o's now depend on config.h
+ [39d8601965cf]
+
+1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ removed extraneous #endif
+ [27d4c5f2ce7e]
+
+ * aclocal.m4:
+ added SUDO_PROG_MV
+ [76dda3bdd816]
+
+ * configure.in:
+ added SUDO_PROG_MV added riscos and isc os types took out
+ -DSHORT_MESSAGE from --with-csops since it is now the default
+ [68c206ad976e]
+
+ * sudo.c:
+ move the include of id.h to compat.h now includes options.h
+ [45a1eaafb3a8]
+
+ * sudo.h:
+ moved compatibility #defines to compat.h
+ [0eee27057698]
+
+ * pathnames.h.in:
+ added _PATH_MV
+ [e830797ab320]
+
+ * config.h.in:
+ move __P to compat.h
+ [188e12e0ba93]
+
+ * getcwd.c, getwd.c, putenv.c:
+ now includes compat.h
+ [c72cb6d73981]
+
+ * compat.h:
+ Initial revision
+ [d4d2f359ae03]
+
+1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ pull user-configurable stuff out and put in options.h
+ [ef929467b070]
+
+1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex, parse.yacc, visudo.c:
+ now includes options.h
+ [e36d7c82add1]
+
+ * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
+ sudo_setenv.c:
+ now includes options.h
+ [f186ba03de07]
+
+ * Makefile.in:
+ added visudoers/options.h
+ [e5350c476494]
+
+ * OPTIONS, options.h:
+ Initial revision
+ [9b6b5001e318]
+
+ * Makefile.in:
+ added OPTIONS and options.h
+ [25448341e16a]
+
+ * logging.c:
+ changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
+ [5dd6385dd1d3]
+
+ * check.c, sudo.h:
+ changed PASSWORD_TIMEOUT to minutes
+ [0ec6aab98738]
+
+1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now only do Editor +line_num if line_num != 0
+ [b69f04b5e3c7]
+
+1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now use mv if rename(2) fails
+ [83210dca1bab]
+
+ * BUGS:
+ added a visudo bug
+ [d61a806f9aa7]
+
+ * check.c:
+ expanded comment
+ [641f2cba94cb]
+
+1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
+ [7a11135039a8]
+
+1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added mips & isc support
+ [e258dc053119]
+
+ * parse.c:
+ added support for non-root owned sudoers file
+ [fea07e65a0fc]
+
+ * check.c:
+ added exempt group support
+ [928fb4bd9ad5]
+
+ * sudo.h:
+ added set_perms() support added SUDOERS_OWNER so can have non-root
+ own sudoers file added exempt group support added isc support
+ [61c578d31fc1]
+
+ * visudo.c:
+ now copy sudoers to temp file via read/write (not stdio) now chown
+ new sudoers file to SUDOERS_OWNER
+ [a5176c59df70]
+
+1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added skey support
+ [35a8d2fabdb7]
+
+ * sudo_realpath.c:
+ be_* -> setperms()
+ [a1631d686e1c]
+
+ * sudo.h:
+ fixed typo added set_perms support added skey support added
+ seteuid()/setegid() emulation for AIX
+ [c0c8d6771406]
+
+ * sudo.c:
+ be_* -> setperms() now check to make sure sudoers file is owned by
+ root nread/write by only root
+ [13ab1e261f1a]
+
+ * logging.c, parse.c:
+ be_* -> setperms()
+ [21499d845c8f]
+
+ * check.c:
+ be_* -> set_perms() added skey support
+ [df51b56871c1]
+
+1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ++version
+ [3c1abbe4e43c]
+
+ * version.h:
+ ++
+ [1d2f9b540a95]
+
+1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now sets IFS
+ [eabbb41b9f08]
+
+ * insults.h:
+ fixed typo
+ [c7997f19216e]
+
+1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ added HAVE_SKEY
+ [da948ec4186b]
+
+1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [f4b55ab007ea]
+
+ * Makefile.in:
+ ++version
+ [0489068b8c95]
+
+ * version.h:
+ ++
+ [d189faedf423]
+
+ * sudo.c:
+ now bail if ARgv[1] > MAXPATHLEN
+ [0cea8ecc9dc2]
+
+ * configure.in:
+ added function check for tcgetattr(3)
+ [e03289b22c2f]
+
+ * config.h.in:
+ only define HAVE_TERMIOS_H if you have tcgetattr(3)
+ [757eab83d1a2]
+
+ * config.h.in:
+ added check for tcgetattr
+ [c5ae92715930]
+
+1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [cbc419883108]
+
+1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ now only include unistd.h for linux
+ [e9adeab95ef0]
+
+1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ added visudo.8 generation
+ [d6a3f0f887f8]
+
+ * configure.in:
+ added -Wl,-bI:./aixcrypt.exp to aix flags
+ [72594a21edcf]
+
+1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS:
+ added one
+ [9993a349e096]
+
+ * CHANGES:
+ updated
+ [297b31ec4cdd]
+
+ * README:
+ added mailing list info
+ [10372f94a2b2]
+
+ * parse.yacc:
+ now use sudolineno instead of yylineno fixed bison warnings
+ [25a83e62057b]
+
+ * configure.in:
+ now use -no_library_replacement for osf don't make a static binary
+ for hpux >= 9.0
+ [1fa7b892f1a3]
+
+ * tgetpass.c:
+ added string.h/strings.h inclusion
+ [71faa98fc0a1]
+
+ * config.h.in:
+ added ssize_t def
+ [406284bd1ac0]
+
+ * parse.lex:
+ added inclusion of string.h/strings.h
+ [6985b1df5d09]
+
+ * aclocal.m4:
+ fixed uname | sed (needed to quote the '[')
+ [4cd2d3415c1a]
+
+ * parse.lex:
+ replaced yylineno with sudolineno fixed bison syntax errors
+ [0bd31a5fab26]
+
+ * visudo.c:
+ changed yylineno to sudolineno since yylineno cannot be counted
+ upon.
+ [38c30104d0ae]
+
+ * TODO:
+ updated
+ [5d4746f1a752]
+
+ * parse.c:
+ added code to support command listings
+ [030172e133fd]
+
+ * sudo.c:
+ added code for -l flag
+ [801dbbc82778]
+
+ * sudo.man:
+ fixed typo added info for -l flag
+ [8916ca945d65]
+
+ * configure.in:
+ AC_SSIZE_T -> SUDO_SSIZE_T
+ [c61f7f47013f]
+
+ * aclocal.m4:
+ added SUDO_SSIZE_T
+ [0ccdb77be84d]
+
+ * sudo.h:
+ added MODE_LIST
+ [9b2bd844c76c]
+
+ * configure.in:
+ added AC_SSIZE_T
+ [35cca208f9b5]
+
+ * find_path.c, sudo_realpath.c:
+ readlink() is now declared as returning ssize~_t
+ [0640a08d1407]
+
+ * configure.in:
+ added -laud for OSF c2
+ [b7539c905efc]
+
+1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, visudo.c:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+ [067fd9bcb5e1]
+
+ * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+ [fc46e7c7110a]
+
+ * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
+ parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
+ sudo_setenv.c, tgetpass.c, version.h:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
+ [d1d4fbc53a98]
+
+1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ++version
+ [b7066d97633f]
+
+ * version.h:
+ ++
+ [65ec69d88110]
+
+ * logging.c:
+ added host to alertmail messages
+ [d973c19ce777]
+
+ * CHANGES, TODO:
+ udpated
+ [5a65eb16faeb]
+
+ * logging.c:
+ fixed logging problem where mail would not say which user it was
+ [35723edcc5d2]
+
+ * configure.in:
+ added -laud for gcc if osf & c2
+ [18f1e0ae5548]
+
+ * check.c:
+ moved set_auth_parameters to sudo.c
+ [d23112fe01db]
+
+ * sudo.c:
+ added set_auth_parameters for osf
+ [eb70f65214ac]
+
+ * configure.in:
+ cleaned up -static stuff
+ [01e9575f0422]
+
+ * Makefile.in:
+ ++version
+ [7ac3bff5c770]
+
+ * version.h:
+ ++
+ [10a4ff478469]
+
+ * sudo.c:
+ changed setenv() to sudo_setenv()
+ [40a78abb9946]
+
+ * check.c:
+ fixed osf problem
+ [3d69b118efb8]
+
+ * configure.in:
+ added OSF C2 stuff
+ [38cff3ad4093]
+
+ * CHANGES:
+ updated
+ [cd341dd0581a]
+
+ * check.c:
+ added osf auth support & removed some extra spaces
+ [a448cdd81514]
+
+ * INSTALL, SUPPORTED:
+ added osf C2 stuff
+ [f70484796146]
+
+1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ added 2 suggestions
+ [695fbdbd86e6]
+
+ * Makefile.in:
+ removed README.v1.3.1 and added VERSION stuff
+ [f69403eb04c6]
+
+ * version.h:
+ pl1
+ [21580c0f8cb1]
+
+1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ 1.3.1final
+ [630114970298]
+
+ * Makefile.in:
+ added HISTORY
+ [901bff251614]
+
+ * sudo.man:
+ mention HISTPRY file
+ [86dbcfd4326e]
+
+ * sudo.c:
+ use sizeof instead of a constant in 1 place
+ [d819604c68ca]
+
+ * parse.yacc:
+ added unistd.h
+ [6f9500f9fe7e]
+
+ * parse.lex:
+ added unistd.h
+ [468b81a276eb]
+
+ * README:
+ udpated
+ [7e275618923a]
+
+ * HISTORY:
+ Initial revision
+ [5db1b0a3939b]
+
+1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ ++
+ [7dfbb4a810bb] [SUDO_1_3_1]
+
+ * CHANGES:
+ updated
+ [7820ee610bf8]
+
+ * sudo_setenv.c:
+ added unistd.h include
+ [30cf2b654525]
+
+1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added sys/time.h for AIX
+ [199fc8caf3a3]
+
+1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added check for -lsocket and sys/sockio.h
+ [f9abfbb31031]
+
+ * config.h.in:
+ took out libshadow check and added in sys/sockio.h check
+ [0c4b0393ac80]
+
+ * sudo.c:
+ now include sockio.h instead of ioctl.h if it exists "sudo -" now
+ gets a better error message
+ [53041bea5483]
+
+ * sample.sudoers:
+ now has a dir and subnet entry
+ [56b820f65438]
+
+1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ removed if_ether.h
+ [b4f64507493e]
+
+ * TODO:
+ added an item
+ [ea2a1bb6922a]
+
+ * sudo.man:
+ added network and ip addresses to man page
+ [01c85016511f]
+
+ * sudo.c:
+ no error if can't get interfaces or netmask since networking may not
+ be in the kernel.
+ [50b8890e2134]
+
+ * parse.c:
+ nwo check for interfaces == NULL
+ [dc1b3eef0db2]
+
+ * parse.c:
+ fixed a bug that caused directory specs in a Cmnd_Alias to fail if
+ the last entry in the spec failed (ie: it was only looking at the
+ last entry). CLeaned things up by adding the cmndcmp() function--all
+ neat & tidy
+ [007e93578e5e]
+
+ * CHANGES:
+ added one
+ [40e8a2cef497]
+
+1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now do two passes to skip bogus interfaces (lo0, etc)
+ [465e30aecaf7]
+
+ * parse.lex, parse.yacc, visudo.c:
+ added include of netinet/in.h
+ [11e3816ed362]
+
+ * logging.c, sudo_realpath.c, sudo_setenv.c:
+ added ninclude of netinet/in.h
+ [daccfa40fe1e]
+
+ * check.c, find_path.c, getcwd.c, getwd.c:
+ added include of netinet/in.h
+ [0222f95e06ad]
+
+ * version.h:
+ ++
+ [d6b0cfa35a38]
+
+ * sudo.h:
+ added interfaces global
+ [ba52fa8ad75e]
+
+ * parse.c:
+ now uses new interfaces global
+ [17473ad5ecba]
+
+ * sudo.c:
+ now ip addresses are gleaned fw/o dns
+ [8828bb2007e0]
+
+1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added load_ip_addrs() to load the ip_addrs global var
+ [60c825f04238]
+
+ * parse.c:
+ added hostcmp() to compare hostnames, ip addrs, and network addrs
+ [ab0e40e37537]
+
+ * sudo.h:
+ added ip_addrs def added load_ip_addrs prototype
+ [c41c565d0777]
+
+1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [2a128dbe9bcb]
+
+ * Makefile.in:
+ removed multiple entries in DISTFILES
+ [2490f4f371e6]
+
+ * visudo.c:
+ ansified the !STDC_HEADERS decls
+ [646ba06d17ae]
+
+ * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
+ don't do malloc decl if gnuc
+ [f1bad1925f98]
+
+ * sudo.c:
+ can't use getopt(3) since it munges args to the command to be run as
+ root don't do malloc decl if gnuc
+ [38e78f6da14e]
+
+ * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
+ sudo_realpath.c, sudo_setenv.c:
+ ansi-fied !STDC_HEADER function prottypes
+ [51d8cad89976]
+
+ * getcwd.c, getwd.c:
+ added missing paren
+ [6a1fae70e27e]
+
+ * Makefile.in:
+ added putenv.c to DISTFILES
+ [a5e4523eabbb]
+
+ * sudo_setenv.c:
+ added params to func decls when STDC_HEADERS is not defined now can
+ count on putenv() being there
+ [fd587796189b]
+
+ * sudo_realpath.c:
+ took out errno decl since sudo.h does it for us fixed up a next cc
+ warning added params to func decls when STDC_HEADERS is not defined
+ [70fa5152ace6]
+
+ * sudo.h:
+ took out environ extern added local declaratio of putenv() if local
+ version is needed
+ [a84bae6c020d]
+
+ * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
+ added params to func decls when STDC_HEADERS is not defined
+ [f406f0e47ac0]
+
+ * config.h.in:
+ added memcpy check check to see that ansi vs bsd macros are ntot
+ already defiend before defining (ie: avoid redefinition)
+ [879ae026e19f]
+
+ * configure.in:
+ removed fluff setenv check plus check w/ replace for putenv if also
+ no setenv
+ [e3c03814ad4b]
+
+ * putenv.c:
+ Initial revision
+ [3cff63e2dc1b]
+
+1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_setenv.c:
+ Initial revision
+ [4d637631fa6b]
+
+ * sudo.h:
+ rm'd s realp[ath added sudo_realpath and sudo_setenv
+ [07ba001ff57e]
+
+ * sudo.c:
+ now use sudo_setenvc
+ [fd81e04d5ef0]
+
+ * configure.in:
+ added puteenv and setenv, removed realpath
+ [27bfacfb513b]
+
+ * config.h.in:
+ added putenv & setenv
+ [515f14eaf6e4]
+
+ * Makefile.in:
+ added sudo_setenv
+ [217731a717c5]
+
+ * version.h:
+ ++
+ [eadb346d7129]
+
+1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added MAN_POSTINSTALL and /usr/share/catman for irix
+ [2a9496c1bdba]
+
+ * Makefile.in:
+ added MAN_POSTINSTALL
+ [89b0d4695529]
+
+ * CHANGES:
+ added
+ [48c021ba8a70]
+
+ * sudo.man:
+ added SUDO_* plus new options
+ [c0759cff5683]
+
+ * CHANGES:
+ added one
+ [7d44a3922d56]
+
+ * configure.in:
+ took out shadow lib
+ [07cf3de18701]
+
+ * TODO:
+ adde done
+ [a27a578e8afe]
+
+ * visudo.c:
+ now use yyrestart() if flex now reset yylineno to 0
+ [77d67ce0b677]
+
+ * Makefile.in:
+ support for installing a cat page instead of a man page if no nroff
+ [44671c0fc0fa]
+
+ * configure.in:
+ now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
+ to determine whether or not to install a cat or man page
+ [0562d069c135]
+
+ * config.h.in:
+ added HAVE_FLEX
+ [c5490bae39d3]
+
+ * sudo.c:
+ not set ret to MODE_RUN initially
+ [88b4983c195b]
+
+ * find_path.c:
+ made command (and therefor cmnd dynamically allocated)
+ [95b82e32b6de]
+
+ * TODO:
+ did #8
+ [fb6f41308cdf]
+
+ * version.h:
+ ++
+ [14112ecab5ae]
+
+ * sudo_realpath.c:
+ changed bufs from MAXPATHLEN to MAXPATHLEN+1
+ [0ad4f34e55c0]
+
+ * sudo.h:
+ added MODE_ removed validate_only and added remove_timestamp()
+ [dd5f99c57728]
+
+ * sudo.c:
+ usage() now takes an int (exit value) added parse_args() to parse
+ command line arguments moved call to find_path() from load_globals
+ to new function load_cmnd() removed validate_only global -- now use
+ the concept of "modes" added -h and -k options
+ [c3887090b28a]
+
+ * parse.c:
+ no longer use global validate_only now checks for command called
+ "validate" removed check for non-fully qualified commands since that
+ is done by find_path
+ [7d56fbd26369]
+
+ * find_path.c:
+ changed MAXPATHLEN r to MAXPATHLEN+1
+ [a86e8664d971]
+
+ * find_path.c:
+ fixed off by one error with MAXPATHLEN and fixed a comment
+ [58adcef8c981]
+
+ * check.c:
+ check_timestamp no longer runs reminder(), it is implied in the
+ return val added remove_timestamp()
+ [42ab5a77066f]
+
+ * CHANGES:
+ updated
+ [8e69b31df024]
+
+1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS:
+ fixed on
+ [bc34f1ac4280]
+
+ * sudo_realpath.c:
+ took out old_errno
+ [a168d00a0768]
+
+ * CHANGES:
+ updated
+ [04ba80922df7]
+
+1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ moved send_mail to after syslog
+ [4d4188087834]
+
+ * sudo.c:
+ now set SUDO_ envariables
+ [e5963f1bd3bb]
+
+1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ ++
+ [2a4534845d8c]
+
+ * sudo_realpath.c:
+ now print error if chdir fails
+ [0d75c8973d49]
+
+ * find_path.c:
+ removed an XXX
+ [e2077bcb35aa]
+
+1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [e30a2b39b41a]
+
+ * configure.in:
+ no more static binaries for aix
+ [77a0beb6bd80]
+
+1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ fixed typo
+ [ba5e0d391bc4]
+
+ * sudo_realpath.c:
+ took out stuff not needed for sudo now does be_root/be_user itself
+ now uses cwd global
+ [4f6d4641d793]
+
+ * version.h:
+ +=2
+ [97da927b297c]
+
+ * logging.c, sudo.c:
+ be_root/be_user is now down in sudo_realpath()
+ [f331662fa50f]
+
+ * logging.c, sudo.h:
+ now works with 4.2BSD syslog (blech)
+ [98e39d89dd36]
+
+ * find_path.c:
+ now use sudo_realpath()
+ [ab436a8ebd02]
+
+ * config.h.in:
+ took out realpth() stuff since we now use sudo_realpath()
+ [8de5ef9f6044]
+
+ * configure.in:
+ ultrix enhanced sec
+ [815fb7fffcc0]
+
+ * SUPPORTED:
+ added ultrix enhanced sec.
+ [6466766c8062]
+
+ * INSTALL:
+ updated
+ [d681a634297a]
+
+ * check.c:
+ ultrix enhanced security suport
+ [f10c8decbcc2]
+
+ * Makefile.in:
+ added sudo_realpath.c
+ [6b9bcd3be022]
+
+ * CHANGES:
+ updated
+ [2fa8084c1b53]
+
+ * tgetpass.c:
+ increased passwd len to 24 for c2 security
+ [ec64838be62d]
+
+ * BUGS:
+ updated BUGS
+ [ca00d8fec2ce]
+
+1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ now use user global var
+ [568769719013]
+
+ * configure.in:
+ took out -ls
+ [490a44180d5f]
+
+1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added AFS libs
+ [4fb40c8c01ba]
+
+ * sudo.h:
+ user is now a char * added epasswd
+ [27a919fafdfb]
+
+ * sudo.c:
+ added tzset() to load_globals added epasswd (encrypted password)
+ global made user dynamically allocated
+ [b99ef9bdbfce]
+
+ * configure.in:
+ added tzset test
+ [27592dd1214b]
+
+ * config.h.in:
+ added HAVE_TZSET
+ [b13f4213f3d0]
+
+ * check.c:
+ cleaned up encrypted passwd grab somewhat
+ [c8ba9a4db38a]
+
+ * configure.in:
+ fixed AFS typo
+ [2bfcbce237b6]
+
+ * INSTALL:
+ added AFS not
+ [80c67329393c]
+
+ * CHANGES:
+ udpated
+ [2f09ecdd5d31]
+
+ * logging.c:
+ can now log to both syslog & a file
+ [4d5c0932bc01]
+
+ * sudo.h:
+ added BOTH_LOGS
+ [623c539be824]
+
+ * CHANGES:
+ updated
+ [a1c7f5ef3616]
+
+ * configure.in:
+ --with-AFS
+ [28718d8f5daf]
+
+ * config.h.in:
+ added HAVE_AFS
+ [2e32bb4e63e4]
+
+ * check.c:
+ added afs changes
+ [fe4d0ff320a2]
+
+ * sudo.h:
+ removed AFS stuff :-)
+ [a40387e6fa27]
+
+ * tgetpass.c:
+ include sys/select for AIX
+ [f32c5a8f2c84]
+
+ * sudo.h:
+ added AFS
+ [da2ab3dd0348]
+
+ * version.h:
+ ++
+ [452d4dfe25af]
+
+1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, SUPPORTED:
+ updated
+ [e7dfe6f23a37]
+
+ * logging.c:
+ can now have MAILER undefined
+ [1d33b98b35e1]
+
+ * INSTALL:
+ new sub-note about MAILER
+ [d35c636a0574]
+
+ * sudo.man:
+ added blurb about password timeout
+ [70c2ee50de20]
+
+ * configure.in:
+ convex c2 changes
+ [367138a6232e]
+
+ * aclocal.m4:
+ took out duplicate define of _CONVEX_SOURCE
+ [647182138450]
+
+ * Makefile.in:
+ added OSDEFS
+ [7fdcd50602d1]
+
+ * config.h.in:
+ added spaces
+ [f2b8a05e48f3]
+
+ * tgetpass.c:
+ added a goto if fgets fails
+ [68a6586d9c45]
+
+ * sudo.h:
+ use __hpux not hpux convex c2 stuff
+ [5c377a8d5f34]
+
+ * sudo.c:
+ use __hpux not hpux
+ [9363bc0f9f9e]
+
+ * logging.c:
+ convex c2 stuff
+ [ea5630975ac4]
+
+ * config.h.in:
+ define ansi-ish cpp os defines if non-ansi are defined for hpux &
+ convex
+ [664f53a5e786]
+
+ * INSTALL:
+ updated to say we support sonvex C2
+ [5f2f8b87013e]
+
+ * check.c:
+ added convex c2 support
+ [9a665d4918fa]
+
+1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ no more ioctl never returns NULL uses fgets() and select() to
+ timeout
+ [b333e6d63e97]
+
+1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ things were testing -n "$GCC" instead of -z "$GCC"
+ [059a9b15ede2]
+
+ * tgetpass.c:
+ now works + uses fgets()
+ [353d7ebcb7bb]
+
+1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ select doesn't seem to recognize a single '\n' as input waiting so
+ we can;t use it, sigh.
+ [f76e3218b835]
+
+1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * PORTING:
+ updated tgetpass() blurb
+ [95baac736b49]
+
+ * configure.in:
+ added --with-getpass
+ [42ac0bdf58ed]
+
+ * Makefile.in:
+ added tgetpass stuff
+ [e2b38c635663]
+
+ * tgetpass.c:
+ now uses stdio
+ [36af8ff66e35]
+
+ * version.h:
+ ++
+ [4e81c9db19bd]
+
+1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * PORTING:
+ updated ,.
+ [54f523770a05]
+
+ * config.h.in:
+ added USE_GETPASS && HAVE_C2_SECURITY
+ [86b355cb2953]
+
+ * configure.in:
+ fixed a test aded --with-C2 and --with-tgetpass
+ [abf6181588ef]
+
+ * check.c:
+ added hpux C2 shit
+ [20d4177ffa88]
+
+ * Makefile.in:
+ took out tgetpass.*
+ [cc82fd9984b4]
+
+ * INSTALL:
+ added C2 blurb
+ [1d2bfc35e4b6]
+
+1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ no termio(s) for ultrix since it is broken
+ [d3e82e835350]
+
+ * check.c:
+ added a space (yeah, anal)
+ [05e4b31ca68c]
+
+ * realpath.c, sudo_realpath.c:
+ fixed it (duh, rtfm)
+ [f13097cb8cb6]
+
+1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ took out bsd signal stuff for irix
+ [e179cdafc97a]
+
+ * visudo.c:
+ comments in #endif
+ [e3a629190f5e]
+
+ * configure.in:
+ don't define BSD signals for irix
+ [3ce57bffb7f0]
+
+ * TODO:
+ did some...
+ [274241cd0f74]
+
+ * CHANGES:
+ updated
+ [8f29fc755faf]
+
+ * realpath.c, sudo_realpath.c:
+ took out unneeded code by changing where a strings was terminated
+ [b5564d62d30e]
+
+1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * realpath.c, sudo_realpath.c:
+ fix bug where /dirname would return NULL
+ [b85f470daf26]
+
+ * sudo.h:
+ move __P to config.h
+ [7763c0ff3f28]
+
+ * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
+ added errno definition
+ [4cc9d2d9782a]
+
+ * config.h.in:
+ added __P
+ [ca06f5aa58f3]
+
+ * config.h.in:
+ added HAVE_FCHDIR
+ [206d714641e0]
+
+ * strdup.c:
+ now include stdio
+ [0d8458da0e1d]
+
+ * realpath.c, sudo_realpath.c:
+ now works if no fchdir
+ [e035911b6722]
+
+ * visudo.c:
+ define SA_RESETHAND to null if not defined
+ [afec03e84342]
+
+ * configure.in:
+ added check & replace
+ [c1a65481441c]
+
+ * configure.in:
+ took out -static for nextstep -- it doesn't work
+ [fa1a1a611743]
+
+1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ moved #endif to where it belongs
+ [07d3a8972097]
+
+ * SUPPORTED:
+ correction
+ [0c1ecba3e5a3]
+
+ * configure.in:
+ now checks for strdup realpath getcwd bzero
+ [f029a1917515]
+
+ * config.h.in:
+ emulate bzero
+ [d792352e44a3]
+
+ * visudo.c:
+ added posic signals
+ [2ed0005f90fc]
+
+ * tgetpass.c:
+ bzero cast
+ [6d91b1a1526f]
+
+ * logging.c:
+ added posix signals
+ [67ede9c22a05]
+
+ * configure.in:
+ removed BROKEN_GETPASS added new srcs toreplace missing functions
+ [cf44274bb1c8]
+
+ * config.h.in:
+ added posix signal stuff
+ [a3c1c98fe8ef]
+
+ * Makefile.in:
+ added new srcs
+ [b6a079afee47]
+
+ * visudo.c:
+ updated useag
+ [589ed091c44f]
+
+ * tgetpass.c:
+ now uses posix signals
+ [30f74964074f]
+
+ * PORTING:
+ updated sto reflect major changes
+ [bcfc309e017b]
+
+ * CHANGES, TODO:
+ updated
+ [23aacbd54278]
+
+ * tgetpass.c:
+ uses sysconf() if available
+ [a27431c90bab]
+
+ * sudo.h:
+ added PASSWORD_TIMEOUT + prototypes for new functions
+ [d7473c2f77c4]
+
+ * realpath.c, sudo_realpath.c:
+ for those w/o this in libc
+ [1e47aa7a9d46]
+
+ * getcwd.c, getwd.c:
+ Initial revision
+ [c90dea57a84f]
+
+ * find_path.c:
+ rewrote to use realpath(3) - nis now all my code
+ [d2c3bb8fb37d]
+
+ * config.h.in:
+ added HAVE_REALPATH
+ [02c10352a8c7]
+
+ * check.c:
+ now use tgetpass
+ [b5c021fc179f]
+
+ * Makefile.in:
+ added LIBOBJS use tgetpass.c
+ [230a7b3eeaa3]
+
+1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ works now :-)
+ [025e7a3875ba]
+
+ * tgetpass.c:
+ Initial revision
+ [3316ab33b230]
+
+ * pathnames.h.in:
+ added /dev/tty
+ [29242585e53f]
+
+1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ incremented
+ [f2e54b48280f]
+
+ * sudo.c:
+ always use getcwd
+ [c6068e8a4029]
+
+ * config.h.in:
+ added check for getwd
+ [ab1e102ad673]
+
+ * configure.in:
+ replace strdup & realpath & getcwd if missing
+ [b0eb14f2a1c3]
+
+ * pathnames.h.in:
+ added _PATH_PWD
+ [309d2388f69a]
+
+ * aclocal.m4:
+ added SUDO_PROG_PWD
+ [e16e85deb96c]
+
+ * strdup.c:
+ Initial revision
+ [810efdc15007]
+
+ * realpath.c, sudo_realpath.c:
+ Initial revision
+ [d85eee438e09]
+
+1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ quoted quare brackets
+ [d0e7ca111d98]
+
+1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ no need to strdup() a constant
+ [a8c44712df9a]
+
+ * CHANGES:
+ updated
+ [71364129cca0]
+
+ * sudo.man:
+ added validate
+ [0bb198095a26]
+
+ * sudo.c:
+ added -v to usage
+ [31ea71f11dbb]
+
+ * parse.c, sudo.c, sudo.h:
+ added validate_only stuff
+ [9bcd853d3c90]
+
+1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now finds sed
+ [6374bb0d3f28]
+
+ * aclocal.m4:
+ $OSREV is now an int
+ [ace0666d66cf]
+
+1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added mtxinu to caser
+ [73a776887b16]
+
+ * sudo.h:
+ added EXEC macro
+ [2e8eb28b710a]
+
+ * sudo.c:
+ now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
+ [56afb4f658d5]
+
+ * logging.c:
+ changed mail_argv[] def now use EXEC() macro
+ [ddcabd28edb1]
+
+ * check.c:
+ took out crypt() definition
+ [0e657724cf5f]
+
+ * version.h:
+ upped the version
+ [62c5d66119fc]
+
+ * configure.in:
+ always look for -lnsl
+ [d7b594f0313b]
+
+ * aclocal.m4:
+ added an echo
+ [1caae3491dc5]
+
+ * sudo.h:
+ SHORT_MESSAGE is now the default
+ [cfce35c3119a]
+
+ * config.h.in:
+ fixed typo
+ [6499a564bf75]
+
+ * configure.in:
+ added missing AC_DEFINE(SVR4) for solaris
+ [feef0b17b94f]
+
+ * sudo.man:
+ documented the -v flag
+ [a6429f2bc2cf]
+
+ * SUPPORTED:
+ updated
+ [088886e79540]
+
+ * check.c:
+ proto-ized crypt()
+ [801e4ff5b121]
+
+ * config.h.in:
+ added LIBSHADOW undef
+ [8df588e9ee2b]
+
+ * configure.in:
+ nwo set OS to be lowercase
+ [561ebed833e4]
+
+1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now use SUDO_OSTYPE to set $OS
+ [0e60aee23098]
+
+ * aclocal.m4:
+ now use uname to determine os
+ [99705e58d400]
+
+ * visudo.c:
+ added prototypes & moved sig handler around
+ [1f0bc8d23b51]
+
+ * sudo.h:
+ added prototyppes
+ [be3935a2b163]
+
+ * check.c, logging.c, sudo.c:
+ added prototypes
+ [2079b4605ab8]
+
+ * parse.c:
+ added comment
+ [a34d147d8399]
+
+ * config.h.in:
+ nwo use _BSD_SIGNALS not _BSD_COMPAT
+ [63663195f047]
+
+ * aixcrypt.exp:
+ Initial revision
+ [890aed08357e]
+
+ * Makefile.in:
+ added aixcrypt.exp
+ [1005a183105f]
+
+ * parse.lex, parse.yacc:
+ moved config.h to top of includes
+ [9569c49aa5f3]
+
+1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ now don't bitch if get EACCESS (treat like EPERM)
+ [dbeffb638de4]
+
+ * visudo.c:
+ added -v flag and usage()
+ [4d44ed60ed75]
+
+ * version.h:
+ fixed a typo
+ [cf3f9347ae41]
+
+ * sudo.c:
+ cast Argv to a const for exec added -v flag
+ [d11b6efc0e45]
+
+ * logging.c:
+ mail_argv is now a const
+ [93bb5d90bb6f]
+
+ * configure.in:
+ only set RETSIGTYPE if it is not set already
+ [c97aac260b77]
+
+ * aclocal.m4:
+ now defines & STDC_HEADERS for Irix
+ [9c2b24ad1fc5]
+
+ * Makefile.in:
+ added version.h
+ [9f79e880229a]
+
+ * insults.h, sudo.h:
+ prevent multiple inclusion
+ [d68c8a9243ce]
+
+ * version.h:
+ Initial revision
+ [dbb39c5ef8d9]
+
+ * parse.lex, parse.yacc:
+ now includes config.h
+ [f117e036a56b]
+
+ * aclocal.m4:
+ now talks about sunos 4.x
+ [c9054aa92d4e]
+
+ * visudo.c:
+ calls to Exit now pass an arg
+ [a92104670551]
+
+1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ signal handler now takes an int argument
+ [26f480c41523]
+
+ * CHANGES:
+ updated
+ [8c166a9d796b]
+
+ * sudo.c:
+ ok, the getcwd() is now *really* done as the user
+ [ab86cf85134a]
+
+ * configure.in:
+ changed AIX STATIC_FLAGS
+ [b9c0a3ba5663]
+
+ * aclocal.m4:
+ solaris now defines SVR4
+ [c3e20cac96f5]
+
+ * sudo.h:
+ added cwd and fixed stupid core dump that makes no sense. sigh.
+ [7a9755436dbb]
+
+ * sudo.c:
+ moved getcwd stuff into load_globals
+ [ec2bc90df1f3]
+
+ * parse.c:
+ took out externs that are in suod.h
+ [93c4b3f856d7]
+
+ * logging.c:
+ moved cwd into load_globals
+ [050de754d228]
+
+ * find_path.c:
+ moved cwd stuff
+ [22f3f3b4c34d]
+
+ * Makefile.in:
+ fixed make distclean & realclean
+ [c9964d89bcef]
+
+ * TODO:
+ updated .,
+ [e513581ef0e3]
+
+ * CHANGES:
+ added solaris changes
+ [505d930daf27]
+
+ * aclocal.m4:
+ added solaris changes, need to rework
+ [33f20fb16c49]
+
+ * configure.in:
+ cleaned up for solaris
+ [2fb8cfa05d0f]
+
+ * logging.c:
+ reinstall reapchild signal handler for non-bsd signals
+ [3d1dc545113d]
+
+ * sudo.h:
+ took out getdtablesize() emulation for HP-UX (no longer needed)
+ [1fc83d170f34]
+
+ * sudo.c:
+ support for HAVE_SYSCONF
+ [50ca2a7a224a]
+
+ * visudo.c:
+ added <fcntl.h> for solaris & reorg'd the includes + minor prettying
+ up /
+ [0a570e826dd4]
+
+ * config.h.in:
+ added HAVE_SYSCONF
+ [2b9a9f3a4e94]
+
+1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now tells you what os you are running /.
+ [06c6332a895b]
+
+ * aclocal.m4:
+ took out extra ','
+ [e8c75ce59f4a]
+
+1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ added _BSD_COMPAT
+ [73c5099806c2]
+
+ * aclocal.m4:
+ fixed for irix5
+ [1047d1f6c0eb]
+
+ * CHANGES:
+ updated
+ [1bc4969fee96]
+
+ * sudo.c:
+ uid seinitialized to -2
+ [8d7812b1878b]
+
+1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now removes LIBPATH for AIX
+ [075392eb1dd9]
+
+1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now uses ufc if it finds it
+ [ab6ce30a5958]
+
+1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ no longer define yyval & yylval since yacc does it
+ [09d250aea50a]
+
+ * parse.lex:
+ now defines yylval as extenr
+ [8ec2b88952bc]
+
+ * configure.in:
+ BROKEN_GETPASS is now an OPTION
+ [3714f4bb8312]
+
+ * config.h.in:
+ took out BROKEN_GETPASS
+ [9c4f6aa50137]
+
+ * Makefile.in:
+ took out big comment
+ [4c13cff0e556]
+
+ * README:
+ updated
+ [b8b9902b620d]
+
+ * Makefile.in:
+ took out README.beta
+ [ed2cd861e82b]
+
+ * SUPPORTED:
+ Initial revision
+ [2fffc51e6606]
+
+ * INSTALL:
+ now reference SUPPORTED .,
+ [d112c30be1f2]
+
+ * config.h.in:
+ now check for convex OR __convex__
+ [a0e5701a3069]
+
+ * aclocal.m4:
+ now check for convex or __convex__
+ [5dae2bfbe3bc]
+
+ * Makefile.in:
+ added dist target
+ [400a54de57db]
+
+ * aclocal.m4:
+ use __convex__
+ [58a19470ed0b]
+
+ * find_path.c:
+ now use _S_* stat stuff to be ansi-like
+ [28cce560e048]
+
+ * INSTALL:
+ updated for configure directions
+ [a034ccc7c30a]
+
+ * Makefile.in:
+ distclean now removes config.h and pathnames.h
+ [300f2349b4ab]
+
+ * CHANGES:
+ updated
+ [646f7e9430c1]
+
+ * TODO:
+ fixed typoe
+ [70fd6361b2bc]
+
+ * visudo.c:
+ updated version
+ [cf13d87d789f]
+
+ * Makefile.in:
+ updated version
+ [8c5dacc27a7a]
+
+ * config.h.in, pathnames.h.in:
+ added copyright header
+ [747ce3d3d6b7]
+
+ * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
+ parse.yacc, sudo.c, sudo.h:
+ udpated version
+ [4751c39bad18]
+
+ * visudo.c:
+ udpated to use configure + pathnames.h
+ [d45dff76a1cd]
+
+ * aclocal.m4:
+ updated
+ [f05a367a55be]
+
+ * Makefile.in, config.h.in, configure.in:
+ updated
+ [524778598879]
+
+ * sudo.h:
+ now works with configure
+ [83fc40e533f4]
+
+ * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
+ updated to work with configure + pathnames.h
+ [cb67fa6ab52d]
+
+ * Makefile.in:
+ added LEXLIB
+ [f43cad4ab0a2]
+
+1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * COPYING:
+ updated gnu general licence to versio 2
+ [2b0b56112ddc]
+
+ * config.h.in, pathnames.h.in:
+ Initial revision
+ [4b586f39ec2d]
+
+ * sudo.h:
+ changed to work with configure
+ [13f3506ddf16]
+
+1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4, configure.in:
+ Initial revision
+ [a8636ae77371]
+
+ * visudo.c:
+ now uses defines used by configure
+ [de438d118993]
+
+1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ sudo won't bitch about EPERM now, for real
+ [ce26d9ef7e3f]
+
+1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ renamed exec_argv to eliminate a libc name clash with ksros
+ [bcb4350d8411]
+
+ * CHANGES:
+ corrected
+ [dae68d422efd]
+
+ * logging.c, sudo.c, sudo.h:
+ execve -> execv
+ [40cc2c4bdb15]
+
+ * TODO:
+ upated
+ [9275a8b8fc45]
+
+ * PORTING:
+ added 2 mroe items
+ [6cbb5c56993c]
+
+ * CHANGES:
+ updated
+ [73f34f8e571a]
+
+ * sudo.h:
+ added UMASK and mode_t declaration
+ [7c2015e1d171]
+
+ * sudo.c:
+ added UMASK
+ [d37be7523680]
+
+ * logging.c:
+ now opens log file with mode 077
+ [0825cc3ee841]
+
+ * check.c:
+ saved current umask ans restores it
+ [659c1aaae8e8]
+
+ * sudo.h:
+ added MAXLOGFILELEN
+ [34331c7dee90]
+
+ * logging.c:
+ split long log lines. FOr syslog, split into multiple entries, for
+ a log file, indent the extra for readability
+ [72c9e4cdba6e]
+
+1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ added changes
+ [81196833673d]
+
+ * sudo.h:
+ MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
+ [1aa69e903840]
+
+1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ added input from Brett M Hogden <hogden@rge.com>
+ [80f01fc88ce9]
+
+1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added rmenv() to remove stuff from environ. can now uses execvp()
+ OR execve() becuase of this.
+ [e7fc2535bd67]
+
+ * logging.c:
+ now uses execvp() OR execve()
+ [56391aa1f99d]
+
+ * sudo.h:
+ added USE_EXECVE
+ [f21f38050b95]
+
+ * sudo.h:
+ added environ
+ [6b805e23c6f6]
+
+ * find_path.c:
+ now ignore EPERM
+ [c8fd7117a1d7]
+
+ * sudo.h:
+ moved some func decls out of sudo.h and into sudo.c as statics /.
+ [5f555c267d27]
+
+ * CHANGES:
+ updated
+ [431f478af320]
+
+ * sudo.h:
+ took out Envp
+ [6f722be7793d]
+
+1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS:
+ Initial revision
+ [4a8ecf0da95c]
+
+1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ added SECURE_PATH
+ [1c72cb222609]
+
+ * sudo.c, sudo.h:
+ added SECURE_PATH
+ [5bf5357a63c5]
+
+ * sudo.h:
+ added SECURE_PATH
+ [3976a74405ac]
+
+ * INSTALL:
+ added sample.sudoers note
+ [1b395d29aaeb]
+
+ * sudoers:
+ Initial revision
+ [485888d07477]
+
+1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ fixed typo
+ [bfc3cc4d41ca]
+
+ * PORTING:
+ took out SAVED_UID garbage
+ [b7c2d3469661] [SUDO_1_3_0]
+
+ * INSTALL:
+ mentioned HAL
+ [253d6695df90]
+
+ * sudo.h:
+ added HAL line
+ [29ec1a4ac6de]
+
+ * insults.h:
+ added HAL insults
+ [7d7c96d77c74]
+
+ * TODO:
+ updated
+ [aa2ed9790586]
+
+ * logging.c:
+ more verbose error if mailer not found
+ [fca47fd00cb6]
+
+ * check.c:
+ now do getpwent as root for soem shadow password systems (bsdi)
+ [e0339e110d46]
+
+1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ took out SAVED_UID garbade
+ [fcb0e81dcdb5]
+
+ * sudo.c:
+ took out SAVED_UID garbage since it don't work
+ [507e9513e9c2]
+
+1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ updated
+ [d2b6b253dae5]
+
+ * insults.h:
+ added a missing space :-)
+ [8940ea991f87]
+
+ * sudo.c, sudo.h:
+ took out multimax cruft
+ [c2606b365181]
+
+ * INSTALL:
+ minor update
+ [05fb6ee73131]
+
+ * PORTING:
+ finished
+ [c4ac47c84dc5]
+
+ * sudo.c:
+ fixed a typo + indentation
+ [7eab40aae8fa]
+
+1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ took outumoved some defines to the config file ,. ,.
+ [defff05beb52]
+
+ * PORTING:
+ Initial revision
+ [c803e9127959]
+
+ * TODO:
+ did #6
+ [c6fa1c946c31]
+
+ * sudo.h:
+ added HAS_SAVED_UID
+ [6a88a39c0a07]
+
+ * sudo.c:
+ put back AIX cruft
+ [a24d2507ddd4]
+
+1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ aix changes
+ [1663915f754a]
+
+1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [a8cc73747cae]
+
+ * check.c, logging.c, parse.c, sudo.c, sudo.h:
+ now is only root when abs necesary
+ [3c9d12c5cdfe]
+
+ * check.c:
+ added missing %s\n
+ [609320b72d89]
+
+1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ Initial revision
+ [b5bba140a175]
+
+ * TODO:
+ updated
+ [c9d2eba602af]
+
+ * CHANGES:
+ updated
+ [932f1fc3bb14]
+
+ * sudo.c:
+ now removed _RLD_* for alphas
+ [54a36e648158]
+
+ * INSTALL:
+ updated for new config scheme
+ [61c8ae800444]
+
+ * find_path.c:
+ more verbose eror messages
+ [b4fd123db42d]
+
+1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ now have solaris
+ [371002fbf266]
+
+ * sudo.h:
+ define __svr4__ for SOLARIS
+ [0b5cf5ed936d]
+
+ * check.c:
+ added svr4 junk for shadow pws for solaris 2.x
+ [91ed58f21618]
+
+ * check.c, sudo.c:
+ took out setuid(0) and setreuid(udi) garbage. Its not needed since
+ we start out setuid with the correct perms.
+ [07689e782b0b]
+
+ * check.c, sudo.c, sudo.h:
+ now use setreuid()
+ [7d64d685d78e]
+
+1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man:
+ revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
+ sectoin
+ [b26967b1e19b]
+
+ * visudo.c:
+ now uses ENV_EDITOR if you want to use the EDITOR envar
+ [a4f8fcb9bd1d]
+
+ * sudo.h:
+ now uses ENV_EDITOR if you want to use the EDITOR envar >> .
+ [028cc55c4328]
+
+1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ rewrote most of this
+ [a6750923f9c9]
+
+ * README:
+ minor update + spell fix
+ [a411717a7249]
+
+ * sudo.h:
+ added all options that are in the Makefile
+ [6db3b3b841b3]
+
+ * getpass.c:
+ now use USE_TERMIO #define for sgi & hpux
+ [b91f89ae6be1]
+
+ * TODO:
+ todo: posix sigs
+ [4548a56eb2ef]
+
+1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, find_path.c:
+ always include strings.h
+ [1fc20bda92c0]
+
+ * visudo.c:
+ added STATICEDITOR
+ [0596f820716e]
+
+ * sudo.h:
+ sgi has vi in /usr/bin too
+ [94203b62bfd9]
+
+ * sudo.man:
+ added VISUAL
+ [87c2844c4cac]
+
+1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ sue /usr/bin/vi on some systems
+ [e3ad9190f35e]
+
+ * sudo.c:
+ fixed warning (include strings.h)
+ [0b896de4d8a0]
+
+ * sudo.man:
+ added John_Rouillard@dl5000.bc.edu's changes (new features)
+ [f41b4205a8cf]
+
+ * CHANGES:
+ changes from John_Rouillard@dl5000.bc.edu
+ [6bdef8e948d5]
+
+ * visudo.c:
+ added EDITOR envar
+ [5c4bf716de21]
+
+ * check.c, find_path.c, parse.c, sudo.c:
+ added patches from John_Rouillard directory spec
+ uses EDITOR
+ [f62a435f8c41]
+
+1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getpass.c:
+ added flush for hpux
+ [07cfdd6a7b55]
+
+1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ no longer assume malloc returns a char *
+ [7480bd2756f3]
+
+ * sudo.c:
+ alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
+ gets removed correctly
+ [8587166c6ac8]
+
+ * sudo.h:
+ added STD_HEADERS macro
+ [480f5a9a516c]
+
+ * sudo.c:
+ now uses STD_HEADERS macor for ansi
+ [c5018806fd59]
+
+ * find_path.c:
+ now uses STD_HEADERS macro
+ [ad821e0788ea]
+
+ * check.c:
+ niceties for C compiler bitches -- no real change
+ [0fc0b1a5fb64]
+
+1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now doesn't fclose a file never opened.
+ [ee888ec9427d]
+
+1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man:
+ added visudo line
+ [698d51c66407]
+
+ * sudo.man:
+ added error stuff added me in there...
+ [d202fd34b906]
+
+ * CHANGES:
+ noted insults
+ [998a22c2230c]
+
+ * INSTALL:
+ added blurb about reading stuff
+ [e71db100798f]
+
+ * sudo.h:
+ added insults
+ [c110431cec56]
+
+ * insults.h:
+ corrected somments and removed newlines
+ [493706fd488c]
+
+ * check.c:
+ now uses insults
+ [6d23cf06a0ef]
+
+ * insults.h:
+ Initial revision
+ [83153c26b4a3]
+
+ * INSTALL:
+ added dec syslog note
+ [555437273237]
+
+ * sample.sudoers:
+ added real stuff in there
+ [53442a7fba78]
+
+ * TODO:
+ added a todo
+ [c630472bd4dc]
+
+ * TODO:
+ added one
+ [806464453284]
+
+1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ Initial revision
+ [7db0a9f1ca8f]
+
+ * sudo.man:
+ updated with changes
+ [d9bf254c6c08]
+
+ * sudo.man:
+ Initial revision
+ [dd6f11174ac6]
+
+ * indent.pro:
+ Initial revision
+ [dbfbb494fad9]
+
+ * CHANGES, COPYING, INSTALL, README, TODO:
+ Initial revision
+ [6d98f489a079]
+
+ * visudo.c:
+ updated version number and took out jeff's old addr since it is no
+ good
+ [ee47c24818cb]
+
+ * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
+ sudo.c, sudo.h:
+ updated version number and took out jeff's email (since it is
+ invalid)
+ [54616458a52e]
+
+1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ added fflush()
+ [145c881f4fb4]
+
+1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ now return NULL instead pf��of exiting for nopn��n-fatal errors
+ [8bc74f8cb1ae]
+
+1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ new banner
+ [5387ab2af516]
+
+ * parse.lex:
+ now sudo.h gets included first
+ [2acb01c18e18]
+
+1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ now can use flex
+ [164d3839adf0]
+
+ * sudo.h:
+ linux patch
+ [f1b6b1b1a2ca]
+
+ * sudo.c:
+ hpux 9 fix, removes SHLIB_PATH linux patch
+ [67611dc1737f]
+
+ * check.c:
+ linux diff
+ [c24536682397]
+
+1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ stat now ignores EINVAL
+ [c7761a5dc642]
+
+1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c, sudo.c:
+ now declare strdup as extern
+ [6b7d6f8784b5]
+
+1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ reformatted with indent + by hand
+ [9d43084e4990]
+
+ * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
+ used indent to "fix" coding style
+ [489ffacbdc70]
+
+ * find_path.c:
+ now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
+ move the code that does this into the loop body. makes it messier
+ tho. hmmm.
+ [c4d22b48da9a]
+
+1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ redid the fix for non-executable files in an easier to read way plus
+ some minor aethetic changes
+ [84fe337f1426]
+
+ * find_path.c:
+ fixed bug with non-executable tings of same name in path introduced
+ by checkig errno after stat(2).
+ [c2a812cfcbc1]
+
+1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fixed off by one error
+ [fabb7cee0041]
+
+ * find_path.c:
+ now handles decending below '/' correctly
+ [5d2ddfc0b220]
+
+ * sudo.c:
+ now actually builds Envp instead of munging envp
+ [bdc4b08f6898]
+
+1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ now includes sys/param.h
+ [efbb494ab4de]
+
+ * visudo.c:
+ now includes sys/param.h
+ [ad6c91d59958]
+
+ * sudo.h:
+ fixed ifndef -> ifdef
+ [7aebe822d863]
+
+ * qualify.c:
+ make more like find_path.c
+ [853b2dab2e03]
+
+ * find_path.c:
+ rewritten by millert
+ [c6a043cc11b3]
+
+ * sudo.h:
+ fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
+ about new defines in the comment
+ [39ffefce3aec]
+
+ * logging.c:
+ now uses USE_CWD
+ [fa0f3b118bb3]
+
+ * sudo.h:
+ added delc for clean_envp() and Envp
+ [a12034e300c2]
+
+ * sudo.c:
+ now rips LD_* env vars out of envp and passed sanitized Envp to exec
+ [d201a218e056]
+
+ * logging.c:
+ now uses execve()
+ [f3e01032cd33]
+
+ * find_path.c:
+ ENOTDIR is ok now too (in case part of the path is bogus)
+ [b5cbbb201bb5]
+
+ * qualify.c:
+ now works correctly (ttaltotal rewrite)
+ [0c25d64a5c68]
+
+ * parse.lex:
+ now includes sys/param.h didn't match trailing / -- fix from
+ rouilj@cs.umb.edu
+ [b6363ba110af]
+
+1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ moved around the #ifndef _AIX
+ [7d4330950c20]
+
+ * check.c, logging.c, parse.c:
+ Initial revision
+ [c101e9572d7f]
+
+1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * qualify.c:
+ Initial revision
+ [5a5f21d0e0bf]
+
+1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ now works if you do sudo bin/test
+ [07835120ce43]
+
+ * find_path.c:
+ works
+ [c3da8b5efa20]
+
+1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ Initial revision
+ [28a1caa38b72]
+
+ * visudo.c:
+ Initial revision
+ [0e5cd7c3cdbe]
+
+ * parse.lex, parse.yacc:
+ Initial revision
+ [5f2d0cccb06b]
+
+1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ took out errno.h
+ [7466431a2655]
+
+ * sudo.c:
+ now spews error if exec fails and exits with -1
+ [e5c41ea725c1]
+
+ * sudo.c:
+ Initial revision
+ [8aeabe39a0c2]
+
+ * find_path.c:
+ now only execs files with (an) executable bit set.
+ [0a451f9c0e58]
+
+ * find_path.c:
+ Initial revision
+ [02a534891a35]
+
+1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getpass.c:
+ added nice comment
+ [ea8b2aaa9389]
+
+ * getpass.c:
+ now works on sgi's
+ [bf2b7c6d0960]
+
+ * getpass.c:
+ Initial revision
+ [9f4de251c1b5]
+
diff --git a/sudo-1.7.4p4/HISTORY b/sudo-1.7.4p4/HISTORY
new file mode 100644
index 0000000..63c7f9f
--- /dev/null
+++ b/sudo-1.7.4p4/HISTORY
@@ -0,0 +1,56 @@
+A brief history of sudo:
+
+Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer
+around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on
+a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel,
+Cliff Spencer, Gretchen Phillips, John LoVerso and Don Gworek, was posted to
+the net.sources Usenet newsgroup in December of 1985.
+
+In the Summer of 1986, Garth Snyder released an enhanced version of sudo.
+For the next 5 years, sudo was fed and watered by a handful of folks at
+CU-Boulder, including Bob Coggeshall, Bob Manchek, and Trent Hein.
+
+In 1991, Dave Hieb and Jeff Nieusma wrote a new version of sudo with an
+enhanced sudoers format under contract to a consulting firm called "The Root
+Group". This version was later released under the GNU public license.
+
+In 1994, after maintaining sudo informally within CU-Boulder for some time,
+Todd Miller made a public release of "CU sudo" (version 1.3) with bug fixes
+and support for more operating systems. The "CU" was added to differentiate
+it from the "official" version from "The Root Group".
+
+In 1995, a new parser for the sudoers file was contributed by Chris Jepeway.
+The new parser was a proper grammar (unlike the old one) and could work with
+both sudo and visudo (previously they had slightly different parsers).
+
+In 1996, Todd, who had been maintaining sudo for several years in his spare
+time, moved distribution of sudo from a CU-Boulder ftp site to his domain,
+courtesan.com.
+
+In 1999, the "CU" prefix was dropped from the name since there had been no
+formal release of sudo from "The Root Group" since 1991 (the original
+authors now work elsewhere). As of version 1.6, Sudo no longer contains any
+of the original "Root Group" code and is available under an ISC-style
+license.
+
+In 2001, the sudo web site, ftp site and mailing lists were moved from
+courtesan.com to the sudo.ws domain (sudo.org was already taken).
+
+In 2003, Nationwide Mutual Insurance Company contributed code written by
+Aaron Spangler to store the sudoers data in LDAP. These changes were
+incorporated into Sudo 1.6.8.
+
+In 2005, Todd rewrote the sudoers parser to better support the features that
+had been added in the past ten years. This new parser removes some
+limitations of the previous one, removes ordering constraints and adds
+support for including multiple sudoers files.
+
+In 2010, Quest Software began sponsoring Sudo development by hiring Todd to
+work on Sudo as part of his full-time job.
+
+sudo, in its current form, is maintained by:
+
+ Todd Miller <Todd.Miller@courtesan.com>
+
+Todd continues to enhance sudo and fix bugs.
+
diff --git a/sudo-1.7.4p4/INSTALL b/sudo-1.7.4p4/INSTALL
new file mode 100644
index 0000000..8d92b4c
--- /dev/null
+++ b/sudo-1.7.4p4/INSTALL
@@ -0,0 +1,774 @@
+Installation instructions for Sudo 1.7
+======================================
+
+Sudo uses a `configure' script to probe the capabilities and type
+of the system in question. In this release, `configure' takes many
+more options than it did before. Please read this document fully
+before configuring and building sudo. You may also wish to read the
+file INSTALL.configure which explains more about the `configure' script.
+
+Simple sudo installation
+========================
+
+For most systems and configurations it is possible simply to:
+
+ 0) If you are upgrading from a previous version of sudo
+ please read the info in the UPGRADE file before proceeding.
+
+ 1) Read the `OS dependent notes' section for any particular
+ "gotchas" relating to your operating system.
+
+ 2) `cd' to the source or build directory and type `./configure'
+ to generate a Makefile and config.h file suitable for
+ building sudo. Before you actually run configure you
+ should read the `Available configure options' section
+ to see if there are any special options you may want
+ or need.
+
+ 3) Edit the configure-generated Makefile if you wish to
+ change any of the default paths (alternatively, you could
+ have changed the paths via options to `configure'.
+
+ 5) Type `make' to compile sudo. If you are building sudo
+ in a separate build tree (apart from the sudo source)
+ GNU make will probably be required. If `configure' did
+ its job properly (and you have a supported configuration)
+ there won't be any problems. If this doesn't work, take
+ a look at the files TROUBLESHOOTING and PORTING for tips
+ on what might have gone wrong. Please mail us if you have a
+ fix or if you are unable to come up with a fix (address at EOF).
+
+ 6) Type `make install' (as root) to install sudo, visudo, the
+ man pages, and a skeleton sudoers file. Note that the install
+ will not overwrite an existing sudoers file. You can also
+ install various pieces the package via the install-binaries,
+ install-doc, and install-sudoers make targets.
+
+ 7) Edit the sudoers file with `visudo' as necessary for your
+ site. You will probably want to refer the sample.sudoers
+ file and sudoers man page included with the sudo package.
+
+ 8) If you want to use syslogd(8) to do the logging, you'll need
+ to update your /etc/syslog.conf file. See the sample.syslog.conf
+ file included in the distribution for an example.
+
+Available configure options
+===========================
+
+This section describes flags accepted by the sudo's `configure' script.
+Defaults are listed in brackets after the description.
+
+Configuration:
+ --cache-file=FILE
+ Cache test results in FILE
+
+ --config-cache, -C
+ Alias for `--cache-file=config.cache'
+
+ --help, -h
+ Print the usage/help info
+
+ --no-create, -n
+ Do not create output files
+
+ --quiet, --silent, -q
+ Do not print `checking...' messages
+
+Directory and file names:
+ --prefix=PREFIX
+ Install architecture-independent files in PREFIX This really only
+ applies to man pages. [/usr/local]
+
+ --exec-prefix=EPREFIX
+ Install architecture-dependent files in EPREFIX This includes the
+ sudo and visudo executables. [same as prefix]
+
+ --bindir=DIR
+ Install `sudo' in DIR [EPREFIX/bin]
+
+ --sbindir=DIR
+ Install `visudo' in DIR [EPREFIX/sbin]
+
+ --sysconfdir=DIR
+ Install `sudoers' file in DIR [/etc]
+
+ --mandir=DIR
+ Install man pages in DIR [PREFIX/man]
+
+ --srcdir=DIR
+ Find the sources in DIR [configure dir or ..]
+
+Special features/options:
+ --with-CC=PATH
+ Specifies path to C compiler you wish to use.
+
+ --with-incpath=DIR
+ Adds the specified directory (or directories) to CPPFLAGS
+ so configure and the compiler will look there for include
+ files. Multiple directories may be specified as long as
+ they are space separated.
+ Eg: --with-incpath="/usr/local/include /opt/include"
+
+ --with-libpath=DIR
+ Adds the specified directory (or directories) to LDFLAGS
+ so configure and the compiler will look there for libraries.
+ Multiple directories may be specified as with --with-incpath.
+
+ --with-rpath
+ Tells configure to use -Rpath in addition to -Lpath when
+ passing library paths to the loader. This option is on
+ by default for Solaris and SVR4.
+
+ --with-blibpath[=PATH]
+ Tells configure to construct a -blibpath argument to the
+ loader. If a PATH is specified, it will be used as the
+ base. Otherwise, "/usr/lib:/lib:/usr/local/lib" will be
+ used for gcc and "/usr/lib:/lib" for non-gcc. Additional
+ library paths will be appended as needed by configure.
+ This option is only valid for AIX where it is on by default.
+
+ --with-libraries=LIBRARY
+ Adds the specified library (or libaries) to SUDO_LIBS and
+ and VISUDO_LIBS so sudo will link against them. If the
+ library doesn't start with `-l' or end in `.a' or `.o' a
+ `-l' will be prepended to it. Multiple libraries may be
+ specified as long as they are space separated.
+
+ --with-efence
+ Link with the "electric fence" debugging malloc.
+
+ --with-bsm-audit
+ Enable support for sudo BSM audit logs on systems that support
+ it. Currently only supported under FreeBSD and Mac OS X.
+
+ --with-linux-audit
+ Enable audit support for Linux systems. Audits attempts
+ to run a command as well as SELinux role changes.
+
+ --with-csops
+ Add CSOps standard options. You probably aren't interested in this.
+
+ --with-skey[=DIR]
+ Enable S/Key OTP (One Time Password) support. If specified,
+ DIR should contain include and lib directories with skey.h
+ and libskey.a respectively.
+
+ --with-opie[=DIR]
+ Enable NRL OPIE OTP (One Time Password) support. If specified,
+ DIR should contain include and lib directories with opie.h
+ and libopie.a respectively.
+
+ --with-SecurID[=DIR]
+ Enable SecurID support. If specified, DIR is directory containing
+ sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.
+
+ --with-fwtk[=DIR]
+ Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
+ DIR is the base directory containing the compiled FWTK package
+ (or at least the library and header files).
+
+ --with-kerb4[=DIR]
+ Enable Kerberos IV support. If specified, DIR is the base
+ directory containing the Kerberos IV include and lib dirs.
+ This uses Kerberos passphrases for authentication but does
+ not use the Kerberos cookie scheme.
+
+ --with-kerb5[=DIR]
+ Enable Kerberos V support. If specified, DIR is the base
+ directory containing the Kerberos V include and lib dirs.
+ This This uses Kerberos passphrases for authentication but
+ does not use the Kerberos cookie scheme. Will not work for
+ Kerberos V older than version 1.1.
+
+ --with-ldap[=DIR]
+ Enable LDAP support. If specified, DIR is the base directory
+ containing the LDAP include and lib directories. Please see
+ README.LDAP for more information.
+
+ --with-ldap-conf-file=PATH
+ Path to LDAP configuration file. If specified, sudo reads
+ this file instead of /etc/ldap.conf to locate the LDAP server.
+
+ --with-ldap-secret-file=PATH
+ Path to LDAP secret password file. If specified, sudo uses
+ this file instead of /etc/ldap.secret to read the secret password
+ when rootbinddn is specified in the ldap config file.
+
+ --with-nsswitch[=PATH]
+ Path to nsswitch.conf or "no" to disable nsswitch support.
+ If specified, sudo uses this file instead of /etc/nsswitch.conf.
+ If nsswitch is disabled but LDAP is enabled, sudo will check
+ LDAP first, then the sudoers file.
+
+ --with-netsvc[=PATH]
+ Path to netsvc.conf or "no" to disable netsvc.conf support.
+ If specified, sudo uses this file instead of /etc/netsvc.conf
+ on AIX systems.
+
+ --with-aixauth
+ Enable support for the AIX 4.x general authentication function.
+ This will use the authentication scheme specified for the user
+ on the machine. It is on by default for AIX systems that
+ support it.
+
+ --with-pam
+ Enable PAM support. This is on by default for Darwin, FreeBSD,
+ Linux, Solaris and HP-UX (version 11 and higher).
+
+ NOTE: on RedHat Linux and Fedora you *must* have an /etc/pam.d/sudo
+ file install. You may either use the sample.pam file included with
+ sudo or use /etc/pam.d/su as a reference. The sample.pam file
+ included with sudo may or may not work with other Linux distributions.
+ On Solaris and HP-UX 11 systems you should check (and understand)
+ the contents of /etc/pam.conf. Do a "man pam.conf" for more
+ information and consider using the "debug" option, if available,
+ with your PAM libraries in /etc/pam.conf to obtain syslog output
+ for debugging purposes.
+
+ --with-pam-login
+ Enable a specific PAM session when sudo is given the -i option.
+ This changes the PAM service name when sudo is run with the -i
+ option from "sudo" to "sudo-i", allowing for a separate pam
+ configuration for sudo's initial login mode.
+
+ --with-AFS
+ Enable AFS support with Kerberos authentication. Should work under
+ AFS 3.3. If your AFS doesn't have -laudit you should be able to
+ link without it.
+
+ --with-DCE
+ Enable DCE support for systems without PAM. Known to work on
+ HP-UX 9.X, 10.X, and 11.0; other systems may require source
+ code and/or `configure' changes. On systems with PAM support
+ (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the
+ DCE PAM module (usually libpam_dce) should be used instead.
+
+ --with-logincap
+ This adds support for login classes specified in /etc/login.conf.
+ It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and
+ NetBSD (where available). By default, a login class is not applied
+ unless the 'use_loginclass' option is defined in sudoers or the user
+ specifies a class on the command line.
+
+ --with-bsdauth
+ Enable support for BSD authentication. This is the default
+ for BSD/OS and OpenBSD systems that support it.
+ It is not possible to mix BSD authentication with other
+ authentication methods (and there really should be no need
+ to do so). Note that only the newer BSD authentication API
+ is supported. If you don't have /usr/include/bsd_auth.h
+ then you cannot use this.
+
+ --with-project
+ Enable support for Solaris project resource limits.
+ This option is only available on Solaris 9 and above.
+
+ --with-noexec[=PATH]
+ Enable support for the "noexec" functionality which prevents
+ a dynamically-linked program being run by sudo from executing
+ another program (think shell escapes). Please see the
+ "PREVENTING SHELL ESCAPES" section in the sudoers man page
+ for details. If specified, PATH should be a fully qualified
+ path name, e.g. /usr/local/libexec/sudo_noexec.so. If PATH
+ is "no", noexec support will not be compiled in. The default
+ is to compile noexec support if libtool supports building
+ shared objects on your OS.
+
+ --disable-pam-session
+ Disable sudo's PAM session support. This may be needed on
+ older PAM implementations or on operating systems where
+ opening a PAM session changes the utmp or wtmp files. If
+ PAM session support is disabled, resource limits may not
+ be updatedin for command being run.
+
+ --disable-root-mailer
+ By default sudo will run the mailer as root when tattling
+ on a user so as to prevent that user from killing the mailer.
+ With this option, sudo will run the mailer as the invoking
+ user which some people consider to be safer.
+
+ --disable-setreuid
+ Disable use of the setreuid() function for operating systems
+ where it is broken. Mac OS X has setreuid() but it doesn't
+ really work.
+
+ --disable-setresuid
+ Disable use of the setresuid() function for operating systems
+ where it is broken (none currently known).
+
+ --disable-sia
+ Disable SIA support. This is the "Security Integration
+ Architecture" on Digital UNIX. If you disable SIA sudo will
+ use its own authentication routines.
+
+ --disable-shadow
+ Disable shadow password support. Normally, sudo will compile
+ in shadow password support and use a shadow password if it
+ exists.
+
+ --with-sudoers-mode=MODE
+ File mode for the sudoers file (octal). Note that if you
+ wish to NFS-mount the sudoers file this must be group
+ readable. Also note that this is actually set in the
+ Makefile. The default mode is 0440.
+
+ --with-sudoers-uid=UID
+ User id that "owns" the sudoers file. Note that this is
+ the numeric id, *not* the symbolic name. Also note that
+ this is actually set in the Makefile. The default is 0.
+
+ --with-sudoers-gid=GID
+ Group id that "owns" the sudoers file. Note that this is
+ the numeric id, *not* the symbolic name. Also note that
+ this is actually set in the Makefile. The default is 0.
+
+ --without-interfaces
+ This option keeps sudo from trying to glean the ip address
+ from each attached ethernet interface. It is only useful
+ on a machine where sudo's interface reading support does
+ not work, which may be the case on some SysV-based OS's
+ using STREAMS.
+
+ --without-passwd
+ This option excludes authentication via the passwd (or
+ shadow) file. It should only be used when another, alternative,
+ authentication scheme is in use.
+
+ --with-otp-only
+ This option is now just an alias for --without-passwd.
+
+ --with-stow
+ Properly handle GNU stow packaging. The sudoers file will
+ physically live in ${prefix}/etc and /etc/sudoers will be
+ a symbolic link.
+
+ --with-selinux
+ Enable support for role based access control (RBAC) on
+ systems that support SELinux.
+
+ --with-libvas=[NAME]
+ Enable non-Unix group support using Quest Authentication
+ Services. If NAME is specified, it should be the name of
+ the shared library providing QAS support (libvas.so by default).
+
+ --with-libvas-rpath=[PATH]
+ The path to search when loading libvas.so (or an alternate
+ name as specified by --with-libvas). This option only has
+ an effect when --with-libvas is specified.
+
+The following options are also configurable at runtime:
+
+ --with-long-otp-prompt
+ When validating with a One Time Password scheme (S/Key or
+ OPIE), a two-line prompt is used to make it easier to cut
+ and paste the challenge to a local window. It's not as
+ pretty as the default but some people find it more convenient.
+
+ --with-logging=TYPE
+ How you want to do your logging. You may choose "syslog",
+ "file", or "both". Setting this to "syslog" is nice because
+ you can keep all of your sudo logs in one place (see the
+ sample.syslog.conf file). The default is "syslog".
+
+ --with-logfac=FACILITY
+ Determines which syslog facility to log to. This requires
+ a 4.3BSD or later version of syslog. You can still set
+ this for ancient syslogs but it will have no effect. The
+ following facilities are supported: authpriv (if your OS
+ supports it), auth, daemon, user, local0, local1, local2,
+ local3, local4, local5, local6, and local7.
+
+ --with-goodpri=PRIORITY
+ Determines which syslog priority to log successfully
+ authenticated commands. The following priorities are
+ supported: alert, crit, debug, emerg, err, info, notice,
+ and warning.
+
+ --with-badpri=PRIORITY
+ Determines which syslog priority to log unauthenticated
+ commands and errors. The following priorities are supported:
+ alert, crit, debug, emerg, err, info, notice, and warning.
+
+ --with-logpath=PATH
+ Override the default location of the sudo log file and use
+ "path" instead. By default will use /var/log/sudo.log if
+ there is a /var/log dir, falling back to /var/adm/sudo.log
+ or /usr/adm/sudo.log if not.
+
+ --with-loglen=NUMBER
+ Number of characters per line for the file log. This is only used if
+ you are to "file" or "both". This value is used to decide when to wrap
+ lines for nicer log files. The default is 80. Setting this to 0
+ will disable the wrapping.
+
+ --with-ignore-dot
+ If set, sudo will ignore '.' or '' (current dir) in $PATH.
+ The $PATH itself is not modified.
+
+ --with-mailto=USER|MAIL_ALIAS
+ User (or mail alias) that mail from sudo is sent to.
+ This should go to a sysadmin at your site. The default is "root".
+
+ --with-mailsubject="SUBJECT OF MAIL"
+ Subject of the mail sent to the "mailto" user. The token "%h"
+ will expand to the hostname of the machine.
+ Default is "*** SECURITY information for %h ***".
+
+ --without-mail-if-no-user
+ Normally, sudo will mail to the "alertmail" user if the user invoking
+ sudo is not in the sudoers file. This option disables that behavior.
+
+ --with-mail-if-no-host
+ Send mail to the "alermail" user if the user exists in the sudoers
+ file, but is not allowed to run commands on the current host.
+
+ --with-mail-if-noperms
+ Send mail to the "alermail" user if the user is allowed to use sudo but
+ the command they are trying is not listed in their sudoers file entry.
+
+ --with-passprompt="PASSWORD PROMPT"
+ Default prompt to use when asking for a password; can be overridden
+ via the -p option and the SUDO_PROMPT environment variable. Supports
+ the "%H", "%h", "%U" and "%u" escapes as documented in the sudo
+ manual page. The default value is "Password:".
+
+ --with-badpass-message="BAD PASSWORD MESSAGE"
+ Message that is displayed if a user enters an incorrect password.
+ The default is "Sorry, try again." unless insults are turned on.
+
+ --with-fqdn
+ Define this if you want to put fully qualified hostnames in the sudoers
+ file. Ie: instead of myhost you would use myhost.mydomain.edu. You may
+ still use the short form if you wish (and even mix the two). Beware
+ that turning FQDN on requires sudo to make DNS lookups which may make
+ sudo unusable if your DNS is totally hosed. Also note that you must
+ use the host's official name as DNS knows it. That is, you may not use
+ a host alias (CNAME entry) due to performance issues and the fact that
+ there is no way to get all aliases from DNS.
+
+ --with-timedir=PATH
+ Override the default location of the sudo timestamp directory and
+ use "path" instead.
+
+ --with-sendmail=PATH
+ Override configure's guess as to the location of sendmail.
+
+ --without-sendmail
+ Do not use sendmail to mail messages to the "mailto" user.
+ Use only if don't run sendmail or the equivalent.
+
+ --with-umask=MASK
+ Umask to use when running the root command. The default is 0022.
+
+ --without-umask
+ Preserves the umask of the user invoking sudo.
+
+ --with-runas-default=USER
+ The default user to run commands as if the -u flag is not specified
+ on the command line. This defaults to "root".
+
+ --with-exempt=GROUP
+ Users in the specified group don't need to enter a password when
+ running sudo. This may be useful for sites that don't want their
+ "core" sysadmins to have to enter a password but where Jr. sysadmins
+ need to. You should probably use NOPASSWD in sudoers instead.
+
+ --with-passwd-tries=NUMBER
+ Number of tries a user gets to enter his/her password before sudo logs
+ the failure and exits. The default is 3.
+
+ --with-timeout=NUMBER
+ Number of minutes that can elapse before sudo will ask for a passwd
+ again. The default is 5, set this to 0 to always prompt for a password.
+
+ --with-password-timeout=NUMBER
+ Number of minutes before the sudo password prompt times out.
+ The default is 5, set this to 0 for no password timeout.
+
+ --without-tty-tickets
+ By default, sudo uses a different ticket file for each user/tty combo.
+ With this option disabled, a single ticket will be used for all
+ of a user's login sessions.
+
+ --with-insults
+ Define this if you want to be insulted for typing an incorrect password
+ just like the original sudo(8). This is off by default.
+
+ --with-insults=disabled
+ Include support for insults but disable them unless explicitly
+ enabled in sudoers.
+
+ --with-all-insults
+ Include all the insult sets listed below. You must either specify
+ --with-insults or enable insults in the sudoers file for this to
+ have any effect.
+
+ --with-classic-insults
+ Uses insults from sudo "classic." If you just specify --with-insults
+ you will get the classic and CSOps insults. This is on by default if
+ --with-insults is given.
+
+ --with-csops-insults
+ Insults the user with an extra set of insults (some quotes, some
+ original) from a sysadmin group at CU (CSOps). You must specify
+ --with-insults as well for this to have any effect. This is on by
+ default if --with-insults is given.
+
+ --with-hal-insults
+ Uses 2001-like insults when an incorrect password is entered.
+ You must either specify --with-insults or enable insults in the
+ sudoers file for this to have any effect.
+
+ --with-goons-insults
+ Insults the user with lines from the "Goon Show" when an incorrect
+ password is entered. You must either specify --with-insults or
+ enable insults in the sudoers file for this to have any effect.
+
+ --with-pc-insults
+ Replace politically incorrect insults with less objectionable ones.
+
+ --with-secure-path[=PATH]
+ Path used for every command run from sudo(8). If you don't trust the
+ people running sudo to have a sane PATH environment variable you may
+ want to use this. Another use is if you want to have the "root path"
+ be separate from the "user path." You will need to customize the path
+ for your site. NOTE: this is not applied to users in the group
+ specified by --with-exemptgroup. If you do not specify a path,
+ "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used.
+
+ --without-lecture
+ Don't print the lecture the first time a user runs sudo.
+
+ --with-editor=PATH
+ Specify the default editor path for use by visudo. This may be a
+ single path name or a colon-separated list of editors. In the latter
+ case, visudo will choose the editor that matches the user's VISUAL
+ or EDITOR environment variables or the first editor in the list that
+ exists. The default is the path to vi on your system.
+
+ --with-env-editor
+ Makes visudo consult the VISUAL and EDITOR environment variables before
+ falling back on the default editor list (as specified by --with-editor).
+ Note that this may create a security hole as it allows the user to
+ run any arbitrary command as root without logging. A safer alternative
+ is to use a colon-separated list of editors with the --with-editor
+ option. visudo will then only use the VISUAL or EDITOR variables
+ if they match a value specified via --with-editor.
+
+ --with-askpass=PATH
+ Set PATH as the "askpass" program to use when no tty is
+ available. Typically, this is a graphical password prompter,
+ similar to the one used by ssh. The program must take a
+ prompt as an argument and print the received password to
+ the standard output.
+
+ --disable-authentication
+ By default, sudo requires the user to authenticate via a
+ password or similar means. This options causes sudo to
+ *not* require authentication. It is possible to turn
+ authentication back on in sudoers via the PASSWD attribute.
+
+ --disable-root-sudo
+ Don't let root run sudo. This can be used to prevent people from
+ "chaining" sudo commands to get a root shell by doing something
+ like "sudo sudo /bin/sh".
+
+ --enable-gss-krb5-ccache-name
+ Use the gss_krb5_ccache_name() function to set the Kerberos
+ V credential cache file name. By default, sudo will use
+ the KRB5CCNAME environment variable to set this. While
+ gss_krb5_ccache_name() provides a better API to do this it
+ is not supported by all Kerberos V and SASL combinations.
+
+ --enable-log-host
+ Log the hostname in the log file.
+
+ --enable-noargs-shell
+ If sudo is invoked with no arguments it acts as if the "-s" flag had
+ been given. That is, it runs a shell as root (the shell is determined
+ by the SHELL environment variable, falling back on the shell listed
+ in the invoking user's /etc/passwd entry).
+
+ --enable-shell-sets-home
+ If sudo is invoked with the "-s" flag the HOME environment variable
+ will be set to the home directory of the target user (which is root
+ unless the "-u" option is used). This option effectively makes the
+ "-s" flag imply "-H".
+
+ --disable-path-info
+ Normally, sudo will tell the user when a command could not be found
+ in their $PATH. Some sites may wish to disable this as it could
+ be used to gather information on the location of executables that
+ the normal user does not have access to. The disadvantage is that
+ if the executable is simply not in the user's path, sudo will tell
+ the user that they are not allowed to run it, which can be confusing.
+
+ --disable-iologdir
+ Disable sudo's I/O logging support. This can be used to allow sudo
+ to be compiled on systems without pseudo-tty support.
+
+ --enable-iologdir[=DIR]
+ By default, sudo stores I/O log files in either /var/log/sudo-io,
+ /var/adm/sudo-sudo-io or /usr/log/sudo-io. If DIR is
+ specified, I/O logs will be stored in the indicated directory
+ instead.
+
+ --enable-zlib[=DIR]
+ Enable the use of the zlib compress library when storing
+ I/O log files. If specified, DIR is the base directory
+ containing the zlib include and lib directories. By default
+ zlib is used if it is found on the system and I/O logging
+ support is not disabled.
+
+ --disable-zlib
+ Disable the use of the zlib compress library when storing
+ I/O log files.
+
+ --enable-warnings
+ Enable compiler warnings when building sudo with gcc.
+
+ --enable-admin-flag
+ Enable the creation of an Ubuntu-style admin flag file
+ the first time sudo is run.
+
+Shadow password and C2 support
+==============================
+
+Shadow passwords (also included with most C2 security packages) are
+supported on most major platforms for which they exist. The
+`configure' script will attempt to determine if your system can use
+shadow passwords and include support for them if so. Shadow password
+support is now compiled in by default (it doesn't hurt anything if you
+don't have them configured). To disable the shadow password support,
+use the --disable-shadow option to configure.
+
+Shadow passwords are known to work on the following platforms:
+
+ SunOS 4.x
+ Solaris 2.x
+ HP-UX >= 9.x
+ Ultrix 4.x
+ Digital UNIX
+ IRIX >= 5.x
+ AIX >= 3.2.x
+ Linux
+ SCO >= 3.2.2
+ Pyramid DC/OSx
+ UnixWare
+ SVR4 (and variants using standard SVR4 shadow passwords)
+ 4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and Mac OS X)
+ Systems using SecureWare's C2 security.
+
+OS dependent notes
+==================
+
+Linux:
+ PAM and LDAP headers are not installed by default on most Linux
+ systems. You will need to install the "pam-dev" package if
+ /usr/include/security/pam_appl.h is not present on your system.
+ If you wish to build with LDAP support you will also need the
+ openldap-devel package.
+
+ Versions of glibc 2.x previous to 2.0.7 have a broken lsearch().
+ You will need to either upgrade to glibc-2.0.7 or use sudo's
+ version of lsearch(). To use sudo's lsearch(), comment out
+ the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o
+ to the LIBOBJS line in the Makefile.
+
+ If you are using a Linux kernel older than 2.4 it is not possible
+ to access the sudoers file via NFS. This is due to a bug in
+ the Linux client-side NFS implementation that has since been
+ fixed. There is a workaround on the sudo ftp site, linux_nfs.patch,
+ if you need to NFS-mount sudoers on older Linux kernels.
+
+Solaris 2.x:
+ You need to have a C compiler in order to build sudo. Since
+ Solaris 2.x does not come with one by default this means that
+ you either need to install the Sun Studio compiler suite,
+ available for free from www.sun.com, or have a copy of the GNU
+ C compiler (gcc) which is distributed on the Solaris Companion
+ CD. You can also get them from various places on the net,
+ including http://www.sunfreeware.com/
+ NOTE: sudo will *not* build with the sun C compiler in BSD
+ compatibility mode (/usr/ucb/cc). Sudo is designed to
+ compile with the standard C compiler (or gcc) and will
+ not build correctly with /usr/ucb/cc. You can use the
+ `--with-CC' option to point `configure' to the non-ucb
+ compiler if it is not the first cc in your path. Some
+ sites link /usr/ucb/cc to gcc; configure will not notice
+ this and still refuse to use /usr/ucb/cc, so make sure gcc
+ is also in your path if your site is setup this way.
+ Also: Older versions of Solaris come with a broken syslogd.
+ If you have having problems with sudo logging you should
+ make sure you have the latest syslogd patch installed.
+ This is a problem for Solaris 2.4 and 2.5 at least.
+
+Mac OS X:
+ The pseudo-tty support in the Mac OS X kernel has bugs related
+ to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals.
+ It does not restart reads and writes when those signals are
+ delivered. This may cause problems for some commands when I/O
+ logging is enabled. The issue has been reported to Apple and
+ is bug id #7952709.
+
+HP-UX:
+ The default C compiler shipped with HP-UX does not support
+ creating position independent code and so is unable to support
+ sudo's "noexec" functionality. You must use either the HP ANSI
+ C compiler or gcc for noexec to work. Binary packages of gcc
+ are available http://hpux.connect.org.uk/.
+
+ To prevent PAM from overriding the value of umask on HP-UX 11,
+ you will need to add a line like the following to /etc/pam.conf:
+
+ sudo session required libpam_hpsec.so.1 bypass_umask
+
+Digital UNIX:
+ By default, sudo will use SIA (Security Integration Architecture)
+ to validate a user. If you want to use an alternative authentication
+ method that does not go through SIA, you need to use the
+ --disable-sia option to configure. If you use gcc to compile
+ you will get warnings when building interfaces.c. These are
+ harmless but if they really bug you, you can edit
+ /usr/include/net/if.h around line 123, right after the comment:
+ /* forward decls for C++ */
+ change the line:
+ #ifdef __cplusplus
+ to:
+ #if defined(__cplusplus) || defined(__GNUC__)
+ If you don't like the idea of editing the system header file
+ you can just make a copy in gcc's private include tree and
+ edit that.
+
+AIX 3.2.x:
+ I've had various problems with the AIX C compiler producing
+ incorrect code when the -O flag was used. When optimization
+ is not used, the problems go away. Gcc does not appear
+ to have this problem.
+
+SCO ODT:
+ You'll probably need libcrypt_i.a available via anonymous ftp
+ from sosco.sco.com. The necessary files are /SLS/lng225b.Z
+ and /SLS/lng225b.ltr.Z.
+
+SunOS 4.x:
+ The /bin/sh shipped with SunOS blows up while running configure.
+ You can work around this by installing bash or zsh. If you
+ have bash or zsh in your path, configure will use it instead
+ automatically.
+
+ULTRIX 4.x:
+ The /bin/sh shipped with ULTRIX blows up while running configure.
+ You can work around this by installing bash or zsh. If you
+ have bash or zsh in your path, configure will use it instead
+ automatically.
+
+ ULTRIX ships with the 4.2BSD syslog(3) which does not
+ allow things like logging different facilities to different
+ files, redirecting logs to a single loghost and other niceties.
+ You may want to just grab and install:
+ ftp://www.sudo.ws/pub/sudo/misc/jtkohl-syslog-complete.tar.gz
+ (available via anonymous ftp) which is a port if the 4.3BSD
+ syslog/syslogd that is backwards compatible with the Ultrix version.
+ I recommend it highly. If you do not do this you probably want
+ to run configure with --with-logging=file
diff --git a/sudo-1.7.4p4/INSTALL.configure b/sudo-1.7.4p4/INSTALL.configure
new file mode 100644
index 0000000..9053561
--- /dev/null
+++ b/sudo-1.7.4p4/INSTALL.configure
@@ -0,0 +1,174 @@
+Basic Installation
+==================
+
+ These are generic installation instructions.
+
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, a file
+`config.cache' that saves the results of its tests to speed up
+reconfiguring, and a file `config.log' containing compiler output
+(useful mainly for debugging `configure').
+
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If at some point `config.cache'
+contains results you don't want to keep, you may remove or edit it.
+
+ The file `configure.in' is used to create `configure' by a program
+called `autoconf'. You only need `configure.in' if you want to change
+it or regenerate `configure' using a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+ 1. `cd' to the directory containing the package's source code and type
+ `./configure' to configure the package for your system. If you're
+ using `csh' on an old version of System V, you might need to type
+ `sh ./configure' instead to prevent `csh' from trying to execute
+ `configure' itself.
+
+ Running `configure' takes awhile. While running, it prints some
+ messages telling which features it is checking for.
+
+ 2. Type `make' to compile the package.
+
+ 3. Optionally, type `make check' to run any self-tests that come with
+ the package.
+
+ 4. Type `make install' to install the programs and any data files and
+ documentation.
+
+ 5. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+
+Compilers and Options
+=====================
+
+ Some systems require unusual options for compilation or linking that
+the `configure' script does not know about. You can give `configure'
+initial values for variables by setting them in the environment. Using
+a Bourne-compatible shell, you can do that on the command line like
+this:
+ CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+
+Or on systems that have the `env' program, you can do it like this:
+ env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+
+Compiling For Multiple Architectures
+====================================
+
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. `cd' to the directory where you want the object files
+and executables to go and run the `configure' script. `configure'
+automatically checks for the source code in the directory that `configure'
+is in and in `..'.
+
+Installation Names
+==================
+
+ By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc. You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+ In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files. Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+ Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+ There may be some features `configure' can not figure out
+automatically, but needs to determine by the type of host the package
+will run on. Usually `configure' can figure that out, but if it prints
+a message saying it can not guess the host type, give it the
+`--host=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name with three fields:
+ CPU-COMPANY-SYSTEM
+
+See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the host type.
+
+ If you are building compiler tools for cross-compiling, you can also
+use the `--target=TYPE' option to select the type of system they will
+produce code for and the `--build=TYPE' option to select the type of
+system on which you are compiling the package.
+
+Sharing Defaults
+================
+
+ If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Operation Controls
+==================
+
+ `configure' recognizes the following options to control how it
+operates.
+
+`--cache-file=FILE'
+ Use and save the results of the tests in FILE instead of
+ `./config.cache'. Set FILE to `/dev/null' to disable caching, for
+ debugging `configure'.
+
+`--help'
+ Print a summary of the options to `configure', and exit.
+
+`--quiet'
+`--silent'
+`-q'
+ Do not print messages saying which checks are being made.
+
+`--srcdir=DIR'
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+
+`--version'
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+
+`configure' also accepts some other, not widely useful, options.
+
diff --git a/sudo-1.7.4p4/LICENSE b/sudo-1.7.4p4/LICENSE
new file mode 100644
index 0000000..6e9a547
--- /dev/null
+++ b/sudo-1.7.4p4/LICENSE
@@ -0,0 +1,78 @@
+Sudo is distributed under the following ISC-style license:
+
+ Copyright (c) 1994-1996, 1998-2010
+ Todd C. Miller <Todd.Miller@courtesan.com>
+
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+ Sponsored in part by the Defense Advanced Research Projects
+ Agency (DARPA) and Air Force Research Laboratory, Air Force
+ Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+Additionally, fnmatch.c, fnmatch.h, getcwd.c, glob.c, glob.h and snprintf.c
+bear the following UCB license:
+
+ Copyright (c) 1987, 1989, 1990, 1991, 1992, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+nonunix.h and vasgroups.c bear the following license:
+
+ Copyright (c) 2006 Quest Software, Inc. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of Quest Software, Inc. nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
diff --git a/sudo-1.7.4p4/Makefile.in b/sudo-1.7.4p4/Makefile.in
new file mode 100644
index 0000000..0114ca7
--- /dev/null
+++ b/sudo-1.7.4p4/Makefile.in
@@ -0,0 +1,563 @@
+#
+# Copyright (c) 1996, 1998-2005, 2007-2010
+# Todd C. Miller <Todd.Miller@courtesan.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Sponsored in part by the Defense Advanced Research Projects
+# Agency (DARPA) and Air Force Research Laboratory, Air Force
+# Materiel Command, USAF, under agreement number F39502-99-1-0512.
+#
+# @configure_input@
+#
+
+#### Start of system configuration section. ####
+
+srcdir = @srcdir@
+devdir = @devdir@
+authdir = $(srcdir)/auth
+top_builddir = .
+
+# Compiler & tools to use
+CC = @CC@
+FLEX = @FLEX@
+YACC = @YACC@
+NROFF = @NROFFPROG@ -Tascii
+LIBTOOL = @LIBTOOL@
+AR=@AR@
+RANLIB=@RANLIB@
+
+# Our install program supports extra flags...
+INSTALL = $(SHELL) $(srcdir)/install-sh -c
+
+# Libraries
+LIBS = @LIBS@
+NET_LIBS = @NET_LIBS@
+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS)
+
+# C preprocessor flags
+CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
+
+# Usually -O and/or -g
+CFLAGS = @CFLAGS@
+
+# Flags to pass to the link stage
+LDFLAGS = -L. @LDFLAGS@
+SUDO_LDFLAGS = @SUDO_LDFLAGS@ $(LDFLAGS)
+
+# Where to install things...
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+sbindir = @sbindir@
+sysconfdir = @sysconfdir@
+libexecdir = @libexecdir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+mandir = @mandir@
+timedir = @timedir@
+noexecfile = @NOEXECFILE@
+noexecdir = @NOEXECDIR@
+
+# Directory in which to install sudo.
+sudodir = $(bindir)
+
+# Directory in which to install visudo
+visudodir = $(sbindir)
+
+# Directory in which to install the sudoers file
+sudoersdir = $(sysconfdir)
+
+# Directory in which to install the man page
+mantype = @MANTYPE@
+mansectsu = @mansectsu@
+mansectform = @mansectform@
+mandirsu = $(mandir)/$(mantype)$(mansectsu)
+mandirform = $(mandir)/$(mantype)$(mansectform)
+
+# User and group ids the installed files should be "owned" by
+install_uid = 0
+install_gid = 0
+
+# User, group, and mode the sudoers file should be "owned" by (configure)
+sudoers_uid = @SUDOERS_UID@
+sudoers_gid = @SUDOERS_GID@
+sudoers_mode = @SUDOERS_MODE@
+
+# Pass in paths and uid/gid + OS dependent defined
+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
+
+#### End of system configuration section. ####
+
+SHELL = @SHELL@
+
+PROGS = @PROGS@
+
+SRCS = aix.c alias.c alloc.c audit.c boottime.c bsm_audit.c check.c \
+ closefrom.c def_data.c defaults.c env.c error.c exec.c exec_pty.c \
+ fileops.c find_path.c fnmatch.c get_pty.c getcwd.c getprogname.c \
+ getspwuid.c gettime.c glob.c goodpath.c gram.c gram.y interfaces.c \
+ iolog.c isblank.c lbuf.c ldap.c linux_audit.c list.c logging.c match.c \
+ mksiglist.c mkstemps.c memrchr.c nanosleep.c parse.c parse_args.c \
+ pwutil.c set_perms.c setsid.c sigaction.c snprintf.c strcasecmp.c \
+ strerror.c strlcat.c strlcpy.c strsignal.c sudo.c sudo_noexec.c \
+ sudo_edit.c sudo_nss.c term.c testsudoers.c tgetpass.c toke.c toke.l \
+ tsgetgrpw.c utimes.c vasgroups.c visudo.c zero_bytes.c redblack.c \
+ selinux.c sesh.c sudoreplay.c getdate.c getdate.y getline.c \
+ timestr.c $(AUTH_SRCS)
+
+AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
+ auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
+ auth/secureware.c auth/securid.c auth/securid5.c auth/sia.c \
+ auth/sudo_auth.c
+
+HDRS = alloc.h bsm_audit.h compat.h def_data.h defaults.h error.h ins_2001.h \
+ ins_classic.h ins_csops.h ins_goons.h insults.h interfaces.h lbuf.h \
+ linux_audit.h list.h logging.h missing.h mksiglist.h nonunix.h \
+ redblack.h parse.h sudo.h sudo_exec.h sudo_nss.h gram.h \
+ auth/sudo_auth.h emul/charclass.h emul/fnmatch.h emul/glob.h \
+ emul/timespec.h emul/utime.h
+
+AUTH_OBJS = sudo_auth.o @AUTH_OBJS@
+
+COMMON_OBJS = alias.o alloc.o defaults.o error.o gram.o \
+ list.o match.o pwutil.o timestr.o toke.o redblack.o \
+ term.o zero_bytes.o @COMMON_OBJS@
+
+SUDO_OBJS = $(AUTH_OBJS) @SUDO_OBJS@ audit.o boottime.o check.o env.o \
+ exec.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o \
+ interfaces.o lbuf.o logging.o parse.o parse_args.o set_perms.o \
+ sudo.o sudo_edit.o sudo_nss.o tgetpass.o
+
+VISUDO_OBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o
+
+REPLAY_OBJS = getdate.o sudoreplay.o
+
+TEST_OBJS = interfaces.o testsudoers.o tsgetgrpw.o
+
+LIB_OBJS = @LIBOBJS@
+
+VERSION = @PACKAGE_VERSION@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+
+DISTFILES = $(SRCS) $(HDRS) ChangeLog HISTORY INSTALL INSTALL.configure \
+ LICENSE Makefile.in NEWS PORTING README README.LDAP \
+ TROUBLESHOOTING UPGRADE aclocal.m4 aixcrypt.exp config.guess \
+ config.h.in config.sub configure configure.in def_data.in \
+ indent.pro install-sh ltmain.sh m4 mkdefaults mkinstalldirs \
+ mkpkg pathnames.h.in pp sample.pam sample.syslog.conf \
+ sample.sudoers schema.ActiveDirectory schema.OpenLDAP \
+ schema.iPlanet siglist.in sudo.cat sudo.man.in sudo.pod sudo.pp \
+ sudo_usage.h.in sudoers.in sudoers.cat sudoers.man.in sudoers.pod \
+ sudoers.ldap.cat sudoers.ldap.man.in sudoers.ldap.pod \
+ sudoers2ldif sudoreplay.cat sudoreplay.man.in sudoreplay.pod \
+ visudo.cat visudo.man.in visudo.pod auth/API sudo.man.pl \
+ sudoers.man.pl
+
+SUDODEP = $(srcdir)/sudo.h $(srcdir)/alloc.h $(srcdir)/compat.h \
+ $(srcdir)/defaults.h $(srcdir)/error.h $(srcdir)/list.h \
+ $(srcdir)/logging.h $(srcdir)/missing.h $(srcdir)/sudo_nss.h \
+ $(devdir)/def_data.h pathnames.h config.h
+
+AUTHDEP = $(SUDODEP) $(authdir)/sudo_auth.h
+
+INSDEP = $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \
+ $(srcdir)/ins_goons.h $(srcdir)/insults.h
+
+all: $(PROGS)
+
+.SUFFIXES: .o .c .h .l .y .lo
+
+.c.o:
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
+
+.c.lo:
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
+
+libsudo.a: $(LIB_OBJS) $(COMMON_OBJS)
+ $(AR) rv $@ $(LIB_OBJS) $(COMMON_OBJS)
+ $(RANLIB) $@
+
+sudo: libsudo.a $(SUDO_OBJS)
+ $(CC) -o $@ $(SUDO_OBJS) $(SUDO_LDFLAGS) -lsudo $(SUDO_LIBS) @ZLIB@
+
+visudo: libsudo.a $(VISUDO_OBJS)
+ $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
+
+sudoreplay: libsudo.a $(REPLAY_OBJS)
+ $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) -lsudo $(LIBS) @ZLIB@
+
+testsudoers: $(TEST_OBJS)
+ $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
+
+sudo_noexec.lo: $(srcdir)/sudo_noexec.c
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
+
+libsudo_noexec.la: sudo_noexec.lo
+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
+
+# Uncomment the following if you want "make distclean" to clean the parser
+@DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate
+
+# Uncomment the lines before -@true if you intend to modify gram.y
+$(devdir)/gram.c $(devdir)/gram.h: $(srcdir)/gram.y
+@DEV@ $(YACC) -d $(srcdir)/gram.y
+@DEV@ mv -f y.tab.c gram.c
+@DEV@ if cmp -s y.tab.h gram.h; then rm -f y.tab.h; else mv -f y.tab.h gram.h; fi
+ -@true
+
+# Uncomment the lines before -@true if you intend to modify toke.l
+$(devdir)/toke.c: $(srcdir)/toke.l
+@DEV@ $(FLEX) $(srcdir)/toke.l
+@DEV@ mv -f lex.yy.c toke.c
+ -@true
+
+# Uncomment the lines before -@true if you intend to modify getdate.y
+$(devdir)/getdate.c: $(srcdir)/getdate.y
+@DEV@ echo "expect 10 shift/reduce conflicts"
+@DEV@ $(YACC) $(srcdir)/getdate.y
+@DEV@ mv -f y.tab.c getdate.c
+ -@true
+
+# Uncomment the following if you intend to modify def_data.in
+@DEV@$(devdir)/def_data.h $(devdir)/def_data.c: $(srcdir)/def_data.in
+@DEV@ perl $(srcdir)/mkdefaults -o def_data $(srcdir)/def_data.in
+
+siglist.c: mksiglist
+ ./mksiglist > $@
+
+mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(srcdir)/compat.h $(top_builddir)/config.h
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/mksiglist.c -o $@
+
+@DEV@$(srcdir)/mksiglist.h: $(srcdir)/siglist.in
+@DEV@ awk 'BEGIN {print "/* public domain */\n"} /^ [A-Z]/ {printf("#ifdef SIG%s\n if (my_sys_siglist[SIG%s] == NULL)\n\tmy_sys_siglist[SIG%s] = \"%s\";\n#endif\n", $$1, $$1, $$1, substr($$0, 13))}' < $(srcdir)/siglist.in > $@
+
+# Dependencies (not counting auth functions)
+aix.o: $(srcdir)/aix.c
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/aix.c
+alias.o: $(srcdir)/alias.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/redblack.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alias.c
+alloc.o: $(srcdir)/alloc.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alloc.c
+audit.o: $(srcdir)/audit.c $(SUDODEP) $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/audit.c
+boottime.o: $(srcdir)/boottime.c config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/boottime.c
+bsm_audit.o: $(srcdir)/bsm_audit.c $(SUDODEP) $(srcdir)/bsm_audit.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/bsm_audit.c
+check.o: $(srcdir)/check.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/check.c
+closefrom.o: $(srcdir)/closefrom.c config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/closefrom.c
+defaults.o: $(srcdir)/defaults.c $(SUDODEP) $(srcdir)/def_data.c $(authdir)/sudo_auth.h $(devdir)/gram.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/defaults.c
+env.o: $(srcdir)/env.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/env.c
+error.o: $(srcdir)/error.c $(srcdir)/compat.h $(srcdir)/error.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/error.c
+exec.o: $(srcdir)/exec.c $(SUDODEP) $(srcdir)/sudo_exec.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/exec.c
+exec_pty.o: $(srcdir)/exec.c $(SUDODEP) $(srcdir)/sudo_exec.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/exec_pty.c
+fileops.o: $(srcdir)/fileops.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fileops.c
+find_path.o: $(srcdir)/find_path.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/find_path.c
+fnmatch.o: $(srcdir)/fnmatch.c $(srcdir)/emul/fnmatch.h $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fnmatch.c
+get_pty.o: $(srcdir)/get_pty.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/get_pty.c
+getcwd.o: $(srcdir)/getcwd.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getcwd.c
+getdate.o: $(srcdir)/getdate.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getdate.c
+getline.o: $(srcdir)/getline.c config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getline.c
+getprogname.o: $(srcdir)/getprogname.c config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getprogname.c
+getspwuid.o: $(srcdir)/getspwuid.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getspwuid.c
+gettime.o: $(srcdir)/gettime.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/gettime.c
+glob.o: $(srcdir)/glob.c $(srcdir)/emul/glob.h $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/glob.c
+goodpath.o: $(srcdir)/goodpath.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/goodpath.c
+gram.o: $(devdir)/gram.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/gram.c
+interfaces.o: $(srcdir)/interfaces.c $(SUDODEP) $(srcdir)/interfaces.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/interfaces.c
+iolog.o: $(srcdir)/iolog.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/iolog.c
+isblank.o: $(srcdir)/isblank.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/isblank.c
+lbuf.o: $(srcdir)/lbuf.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/lbuf.c
+ldap.o: $(srcdir)/ldap.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ldap.c
+linux_audit.o: $(srcdir)/linux_audit.c $(SUDODEP) $(srcdir)/linux_audit.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/linux_audit.c
+list.o: $(srcdir)/list.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/list.c
+logging.o: $(srcdir)/logging.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logging.c
+match.o: $(srcdir)/match.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/match.c
+memrchr.o: $(srcdir)/memrchr.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/memrchr.c
+mkstemps.o: $(srcdir)/mkstemps.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/mkstemps.c
+nanosleep.o: $(srcdir)/nanosleep.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/nanosleep.c
+parse.o: $(srcdir)/parse.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse.c
+parse_args.o: $(srcdir)/parse_args.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse_args.c
+pwutil.o: $(srcdir)/pwutil.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pwutil.c
+redblack.o: $(srcdir)/redblack.c $(SUDODEP) $(srcdir)/redblack.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/redblack.c
+set_perms.o: $(srcdir)/set_perms.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/set_perms.c
+setsid.o: $(srcdir)/setsid.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/setsid.c
+sigaction.o: $(srcdir)/sigaction.c $(srcdir)/compat.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sigaction.c
+siglist.o: siglist.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/siglist.c
+snprintf.o: $(srcdir)/snprintf.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/snprintf.c
+strcasecmp.o: $(srcdir)/strcasecmp.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strcasecmp.c
+strerror.o: $(srcdir)/strerror.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strerror.c
+strlcat.o: $(srcdir)/strlcat.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcat.c
+strlcpy.o: $(srcdir)/strlcpy.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcpy.c
+strsignal.o: $(srcdir)/strsignal.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strsignal.c
+selinux.o: $(srcdir)/selinux.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/selinux.c
+sudo.o: $(srcdir)/sudo.c $(SUDODEP) sudo_usage.h $(srcdir)/interfaces.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo.c
+sudoreplay.o: $(srcdir)/sudoreplay.c $(srcdir)/alloc.h $(srcdir)/compat.h $(srcdir)/error.h $(srcdir)/missing.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudoreplay.c
+sudo_edit.o: $(srcdir)/sudo_edit.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_edit.c
+sudo_noexec.o: $(srcdir)/sudo_noexec.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
+sudo_nss.o: $(srcdir)/sudo_nss.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_nss.c
+term.o: $(srcdir)/term.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/term.c
+testsudoers.o: $(srcdir)/testsudoers.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/testsudoers.c
+tgetpass.o: $(srcdir)/tgetpass.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tgetpass.c
+timestr.o: $(srcdir)/timestr.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/timestr.c
+toke.o: $(devdir)/toke.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/toke.c
+tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tsgetgrpw.c
+utimes.o: $(srcdir)/utimes.c $(srcdir)/compat.h $(srcdir)/emul/utime.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/utimes.c
+vasgroups.o: $(srcdir)/vasgroups.c $(srcdir)/nonunix.h $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/vasgroups.c
+visudo.o: $(srcdir)/visudo.c $(SUDODEP) $(devdir)/gram.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/visudo.c
+zero_bytes.o: $(srcdir)/zero_bytes.c $(srcdir)/compat.h config.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/zero_bytes.c
+sudo_auth.o: $(authdir)/sudo_auth.c $(AUTHDEP) $(INSDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sudo_auth.c
+afs.o: $(authdir)/afs.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/afs.c
+aix_auth.o: $(authdir)/aix_auth.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/aix_auth.c
+bsdauth.o: $(authdir)/bsdauth.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/bsdauth.c
+dce.o: $(authdir)/dce.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/dce.c
+fwtk.o: $(authdir)/fwtk.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/fwtk.c
+kerb4.o: $(authdir)/kerb4.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb4.c
+kerb5.o: $(authdir)/kerb5.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb5.c
+pam.o: $(authdir)/pam.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/pam.c
+passwd.o: $(authdir)/passwd.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/passwd.c
+rfc1938.o: $(authdir)/rfc1938.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/rfc1938.c
+secureware.o: $(authdir)/secureware.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/secureware.c
+securid.o: $(authdir)/securid.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid.c
+securid5.o: $(authdir)/securid5.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid5.c
+sia.o: $(authdir)/sia.c $(AUTHDEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
+
+@DEV@varsub: $(srcdir)/configure.in
+@DEV@ printf 's#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#/etc#g\ns#@%s@#/usr/local#g\ns#@%s@#4#g\ns#@%s@#1m#g\n' SEMAN BAMAN LCMAN sysconfdir prefix mansectform mansectsu > $@; sed -n '/Begin initial values for man page substitution/,/End initial values for man page substitution/{;p;}' $(srcdir)/configure.in | sed -e '/^#/d' -e 's/^/s#@/' -e 's/=[\\"]*/@#/' -e 's/[\\"]*$$/#g/' >> $@
+
+@DEV@$(srcdir)/sudo.man.in: $(srcdir)/sudo.pod
+@DEV@ mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/sudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p $(srcdir)/sudo.man.pl >> $@
+
+sudo.man: $(srcdir)/sudo.man.in
+ $(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/sudo.cat: varsub $(srcdir)/sudo.man.in
+@DEV@ sed -f varsub $(srcdir)/sudo.man.in | $(NROFF) -man > $@
+
+@DEV@$(srcdir)/visudo.man.in: $(srcdir)/visudo.pod
+@DEV@ mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/visudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/visudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@
+
+visudo.man: $(srcdir)/visudo.man.in
+ $(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/visudo.cat: varsub $(srcdir)/visudo.man.in
+@DEV@ sed -f varsub $(srcdir)/visudo.man.in | $(NROFF) -man > $@
+
+@DEV@$(srcdir)/sudoers.man.in: $(srcdir)/sudoers.pod
+@DEV@ mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/sudoers.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectform --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/sudoers.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p $(srcdir)/sudoers.man.pl >> $@
+
+sudoers.man: $(srcdir)/sudoers.man.in
+ $(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/sudoers.cat: varsub $(srcdir)/sudoers.man.in
+@DEV@ sed -f varsub $(srcdir)/sudoers.man.in | $(NROFF) -man > $@
+
+@DEV@$(srcdir)/sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.pod
+@DEV@ mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/sudoers.ldap.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectform --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/sudoers.ldap.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@
+
+sudoers.ldap.man: $(srcdir)/sudoers.ldap.man.in
+ $(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/sudoers.ldap.cat: varsub $(srcdir)/sudoers.ldap.man.in
+@DEV@ sed -f varsub $(srcdir)/sudoers.ldap.man.in | $(NROFF) -man > $@
+
+@DEV@$(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.pod
+@DEV@ mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/sudoreplay.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/sudoreplay.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@
+
+sudoreplay.man: $(srcdir)/sudoreplay.man.in
+ $(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/sudoreplay.cat: varsub $(srcdir)/sudoreplay.man.in
+@DEV@ sed -f varsub $(srcdir)/sudoreplay.man.in | $(NROFF) -man > $@
+
+@DEV@HISTORY: $(srcdir)/history.pod
+@DEV@ pod2text -l -i0 $(srcdir)/history.pod > $@
+@DEV@
+@DEV@LICENSE: $(srcdir)/license.pod
+@DEV@ pod2text -l -i0 $(srcdir)/license.pod | sed '1,2d' > $@
+
+sudoers: $(srcdir)/sudoers.in
+ (cd $(top_builddir) && $(SHELL) config.status --file=plugins/sudoers/$@)
+
+# The 1.7 branch started Jan 18, 2010
+ChangeLog:
+ if test -d $(srcdir)/.hg; then \
+ hg log --style=changelog -b 1.7 > $@; \
+ hg log --style=changelog -b default --date '<2010-01-18 00:00:00' >> $@; \
+ fi
+
+install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-doc
+
+install-dirs:
+ $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \
+ $(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir) \
+ $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \
+ $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform)
+ $(SHELL) $(srcdir)/mkinstalldirs -m 0700 $(DESTDIR)$(timedir)
+
+install-binaries: install-dirs $(PROGS)
+ $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo
+ rm -f $(DESTDIR)$(sudodir)/sudoedit
+ ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
+ if [ -f sudoreplay ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
+ $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo
+ if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi
+
+install-noexec: install-dirs libsudo_noexec.la
+ if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
+
+install-sudoers: install-dirs
+ $(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \
+ $(DESTDIR)$(sudoersdir)/sudoers.d
+ test -f $(DESTDIR)$(sudoersdir)/sudoers || \
+ $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
+ sudoers $(DESTDIR)$(sudoersdir)/sudoers
+
+install-doc: install-dirs ChangeLog
+ (cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
+ @LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
+ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
+ @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
+ ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
+ @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
+ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
+ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
+ @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
+@MAN_POSTINSTALL@
+
+check:
+ @echo nothing to check
+
+clean:
+ -rm -f *.a *.o *.lo stamp-* varsub $(PROGS) testsudoers core *.core core.*
+
+mostlyclean: clean
+
+distclean: clean
+ -rm -rf Makefile pathnames.h config.h config.status config.cache \
+ config.log libtool sudoers sudo_noexec.lo .libs $(GENERATED) \
+ sudo.man sudoers.man sudoers.ldap.man sudoreplay.man \
+ visudo.man sudo_usage.h Makefile.binary
+
+clobber: distclean
+
+realclean: distclean
+ rm -f TAGS tags
+
+cleandir: realclean
+
+dist: ChangeLog
+ pax -w -x ustar -s '/^/$(PACKAGE_TARNAME)-$(VERSION)\//' \
+ -f ../$(PACKAGE_TARNAME)-$(VERSION).tar $(DISTFILES)
+ gzip -9f ../$(PACKAGE_TARNAME)-$(VERSION).tar
+ ls -l ../$(PACKAGE_TARNAME)-$(VERSION).tar.gz
+
+package: sudo.pp
+ DESTDIR=`cd $(top_builddir) && pwd`/destdir; rm -rf $$DESTDIR; \
+ $(MAKE) install DESTDIR=$$DESTDIR && \
+ $(SHELL) $(srcdir)/pp $(PPFLAGS) \
+ --destdir=$$DESTDIR \
+ $(srcdir)/sudo.pp \
+ bindir=$(bindir) \
+ sbindir=$(sbindir) \
+ libexecdir=$(libexecdir) \
+ timedir=$(timedir) \
+ mandir=$(mandir) \
+ docdir=$(docdir) \
+ sysconfdir=$(sysconfdir) \
+ sudoersdir=$(sudoersdir) \
+ sudoers_uid=$(sudoers_uid) \
+ sudoers_gid=$(sudoers_gid) \
+ sudoers_mode=$(sudoers_mode) \
+ version=$(VERSION) $(PPVARS)
+
+.PHONY: ChangeLog
diff --git a/sudo-1.7.4p4/NEWS b/sudo-1.7.4p4/NEWS
new file mode 100644
index 0000000..21d4e61
--- /dev/null
+++ b/sudo-1.7.4p4/NEWS
@@ -0,0 +1,259 @@
+What's new in Sudo 1.7.4?
+
+ * Sudoedit will now preserve the file extension in the name of the
+ temporary file being edited. The extension is used by some
+ editors (such as emacs) to choose the editing mode.
+
+ * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
+ /var/lib/sudo or /var/adm/sudo. The directories are checked for
+ existence in that order. This prevents users from receiving the
+ sudo lecture every time the system reboots. Time stamp files older
+ than the boot time are ignored on systems where it is possible to
+ determine this.
+
+ * The tty_tickets sudoers option is now enabled by default.
+
+ * Ancillary documentation (README files, LICENSE, etc) is now installed
+ in a sudo documentation directory.
+
+ * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
+ in ldap.conf.
+
+ * Defaults settings that are tied to a user, host or command may
+ now include the negation operator. For example:
+ Defaults:!millert lecture
+ will match any user but millert.
+
+ * The default PATH environment variable, used when no PATH variable
+ exists, now includes /usr/sbin and /sbin.
+
+ * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
+ for cross-platform packing.
+
+ * On Linux, sudo will now restore the nproc resource limit before
+ executing a command, unless the limit appears to have been modified
+ by pam_limits. This avoids a problem with bash scripts that open
+ more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
+ will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
+
+ * The HOME and MAIL environment variables are now reset based on the
+ target user's password database entry when the env_reset sudoers option
+ is enabled (which is the case in the default configuration). Users
+ wishing to preserve the original values should use a sudoers entry like:
+ Defaults env_keep += HOME
+ to preserve the old value of HOME and
+ Defaults env_keep += MAIL
+ to preserve the old value of MAIL.
+
+ * Fixed a problem in the restoration of the AIX authdb registry setting.
+
+ * Sudo will now fork(2) and wait until the command has completed before
+ calling pam_close_session().
+
+ * The default syslog facility is now "authpriv" if the operating system
+ supports it, else "auth".
+
+What's new in Sudo 1.7.3?
+
+ * Support for logging I/O for the command being run.
+ For more information, see the documentation for the "log_input"
+ and "log_output" Defaults options in the sudoers manual. Also
+ see the sudoreplay manual for how to replay I/O log sessions.
+
+ * The use_pty sudoers option can be used to force a command to be
+ run in a pseudo-pty, even when I/O logging is not enabled.
+
+ * On some systems, sudo can now detect when a user has logged out
+ and back in again when tty-based time stamps are in use. Supported
+ systems include Solaris systems with the devices file system,
+ Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
+ only).
+
+ * On AIX systems, the registry setting in /etc/security/user is
+ now taken into account when looking up users and groups. Sudo
+ now applies the correct the user and group ids when running a
+ command as a user whose account details come from a different
+ source (e.g. LDAP or DCE vs. local files).
+
+ * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
+ When multiple entries are listed, sudo will try each one in the
+ order in which they are specified.
+
+ * Sudo's SELinux support should now function correctly when running
+ commands as a non-root user and when one of stdin, stdout or stderr
+ is not a terminal.
+
+ * Sudo will now use the Linux audit system with configure with
+ the --with-linux-audit flag.
+
+ * Sudo now uses mbr_check_membership() on systems that support it
+ to determine group membership. Currently, only Darwin (Mac OS X)
+ supports this.
+
+ * When the tty_tickets sudoers option is enabled but there is no
+ terminal device, sudo will no longer use or create a tty-based
+ ticket file. Previously, sudo would use a tty name of "unknown".
+ As a consequence, if a user has no terminal device, sudo will
+ now always prompt for a password.
+
+ * The passwd_timeout and timestamp_timeout options may now be
+ specified as floating point numbers for more granular timeout
+ values.
+
+ * Negating the fqdn option in sudoers now works correctly when sudo
+ is configured with the --with-fqdn option. In previous versions
+ of sudo the fqdn was set before sudoers was parsed.
+
+What's new in Sudo 1.7.2?
+
+ * A new #includedir directive is available in sudoers. This can be
+ used to implement an /etc/sudo.d directory. Files in an includedir
+ are not edited by visudo unless they contain a syntax error.
+
+ * The -g option did not work properly when only setting the group
+ (and not the user). Also, in -l mode the wrong user was displayed
+ for sudoers entries where only the group was allowed to be set.
+
+ * Fixed a problem with the alias checking in visudo which
+ could prevent visudo from exiting.
+
+ * Sudo will now correctly parse the shell-style /etc/environment
+ file format used by pam_env on Linux.
+
+ * When doing password and group database lookups, sudo will only
+ cache an entry by name or by id, depending on how the entry was
+ looked up. Previously, sudo would cache by both name and id
+ from a single lookup, but this breaks sites that have multiple
+ password or group database names that map to the same uid or
+ gid.
+
+ * User and group names in sudoers may now be enclosed in double
+ quotes to avoid having to escape special characters.
+
+ * BSM audit fixes when changing to a non-root uid.
+
+ * Experimental non-Unix group support. Currently only works with
+ Quest Authorization Services and allows Active Directory groups
+ fixes for Minix-3.
+
+ * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
+ paths may be specified as a directory or a file. However, version
+ 5.0 of the SDK only appears to support using a directory (despite
+ documentation to the contrary). If SSL client initialization
+ fails and the certificate or key paths look like they could be
+ default file name, strip off the last path element and try again.
+
+ * A setenv() compatibility fix for Linux systems, where a NULL
+ value is treated the same as an empty string and the variable
+ name is checked against the NULL pointer.
+
+What's new in Sudo 1.7.1?
+
+ * A new Defaults option "pwfeedback" will cause sudo to provide visual
+ feedback when the user is entering a password.
+
+ * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
+ function for file name globbing instead of glob(). When this option
+ is enabled, sudo will not check the file system when expanding wildcards.
+ This is faster but a side effect is that relative paths with wildcard
+ will no longer work.
+
+ * New BSM audit support for systems that support it such as FreeBSD
+ and Mac OS X.
+
+ * The file name specified with the #include directive may now include
+ a %h escape which is expanded to the short form of hostname.
+
+ * The -k flag may now be specified along with a command, causing the
+ user's timestamp file to be ignored.
+
+ * New support for Tivoli-based LDAP START_TLS, present in AIX.
+
+ * New support for /etc/netsvc.conf on AIX.
+
+ * The unused alias checks in visudo now handle the case of an alias
+ referring to another alias.
+
+What's new in Sudo 1.7.0?
+
+ * Rewritten parser that converts sudoers into a set of data structures.
+ This eliminates a number of ordering issues and makes it possible to
+ apply sudoers Defaults entries before searching for the command.
+ It also adds support for per-command Defaults specifications.
+
+ * Sudoers now supports a #include facility to allow the inclusion of other
+ sudoers-format files.
+
+ * Sudo's -l (list) flag has been enhanced:
+ o applicable Defaults options are now listed
+ o a command argument can be specified for testing whether a user
+ may run a specific command.
+ o a new -U flag can be used in conjunction with "sudo -l" to allow
+ root (or a user with "sudo ALL") list another user's privileges.
+
+ * A new -g flag has been added to allow the user to specify a
+ primary group to run the command as. The sudoers syntax has been
+ extended to include a group section in the Runas specification.
+
+ * A uid may now be used anywhere a username is valid.
+
+ * The "secure_path" run-time Defaults option has been restored.
+
+ * Password and group data is now cached for fast lookups.
+
+ * The file descriptor at which sudo starts closing all open files is now
+ configurable via sudoers and, optionally, the command line.
+
+ * Visudo will now warn about aliases that are defined but not used.
+
+ * The -i and -s command line flags now take an optional command
+ to be run via the shell. Previously, the argument was passed
+ to the shell as a script to run.
+
+ * Improved LDAP support. SASL authentication may now be used in
+ conjunction when connecting to an LDAP server. The krb5_ccname
+ parameter in ldap.conf may be used to enable Kerberos.
+
+ * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
+ to specify the sudoers order. E.g.:
+ sudoers: ldap files
+ to check LDAP, then /etc/sudoers. The default is "files", even
+ when LDAP support is compiled in. This differs from sudo 1.6
+ where LDAP was always consulted first.
+
+ * Support for /etc/environment on AIX and Linux. If sudo is run
+ with the -i flag, the contents of /etc/environment are used to
+ populate the new environment that is passed to the command being
+ run.
+
+ * If no terminal is available or if the new -A flag is specified,
+ sudo will use a helper program to read the password if one is
+ configured. Typically, this is a graphical password prompter
+ such as ssh-askpass.
+
+ * A new Defaults option, "mailfrom" that sets the value of the
+ "From:" field in the warning/error mail. If unspecified, the
+ login name of the invoking user is used.
+
+ * A new Defaults option, "env_file" that refers to a file containing
+ environment variables to be set in the command being run.
+
+ * A new flag, -n, may be used to indicate that sudo should not
+ prompt the user for a password and, instead, exit with an error
+ if authentication is required.
+
+ * If sudo needs to prompt for a password and it is unable to disable
+ echo (and no askpass program is defined), it will refuse to run
+ unless the "visiblepw" Defaults option has been specified.
+
+ * Prior to version 1.7.0, hitting enter/return at the Password: prompt
+ would exit sudo. In sudo 1.7.0 and beyond, this is treated as
+ an empty password. To exit sudo, the user must press ^C or ^D
+ at the prompt.
+
+ * visudo will now check the sudoers file owner and mode in -c (check)
+ mode when the -s (strict) flag is specified.
+
+ * A new Defaults option "umask_override" will cause sudo to set the
+ umask specified in sudoers even if it is more permissive than the
+ invoking user's umask.
diff --git a/sudo-1.7.4p4/PORTING b/sudo-1.7.4p4/PORTING
new file mode 100644
index 0000000..861e0c0
--- /dev/null
+++ b/sudo-1.7.4p4/PORTING
@@ -0,0 +1,85 @@
+Sudo porting hints
+==================
+
+Before trying to port sudo to a new architecture, please join the
+sudo-workers mailing list (see the README file) and ask if anyone
+has a port working or in-progress. Sudo should be fairly easy to
+port. Since it uses a configure script, most of the work is often
+done for you. As long as your operating system is reasonably POSIX
+compliant porting should be easy. If your operating system has a
+separate library for POSIX compatibility you may need to add it by
+using configure's --with-libraries option.
+
+If your OS is an SVR4 derivative (or some approximation thereof), it may
+be sufficient to tell configure you are runnng SVR4, something like:
+ configure foo-bar-sysv4
+where foo is the hardware architecture and bar is the vendor.
+
+A possible pitfall is getdtablesize(2) which is used to get the
+maximum number of open files the process can have. If an OS has
+the POSIX sysconf(2) it will be used instead of getdtablesize(2).
+ulimit(2) or getrlimit(2) can also be used on some OS's. If all
+else fails you can use the value of NOFILE in <sys/param.h>.
+
+Sudo tries to clear the environment of dangerous environment variables
+such as LD_* to prevent shared library spoofing. If you are porting
+sudo to a new OS that has shared libraries you'll want to mask out
+the variables that allow one to change the shared library path.
+See initial_badenv_table() in env.c to see how this is done for
+various operating systems.
+
+It is possible that on a really weird system, tgetpass() may not
+compile. (The most common cause for this is that the "fd_set" type
+is not defined in a place that sudo expects it to be. If you can
+find the header file where "fd_set" is typedef'd, have tgetpass.c
+include it and send in a bug report.)
+Alternately, tgetpass.c may compile but not work (nothing happens
+at the Password: prompt). It is possible that your C library
+contains a broken or unusable crypt() function--try linking with
+-lcrypt if that exists. Another possibility is that select() is
+not fully functional; running configure with --with-password-timeout=0
+will disable the use of select(). If sudo prompts you for a
+password but never accepts it, see below.
+
+Sudo detects and recognizes most common shadow password schemes
+automatically. If you find that sudo is not accepting your password
+and you are sure that it has been typed in correctly there are two
+likely problems. One possibility is that your C library has a
+broken crypt() function (see above). The other is that your operating
+system is using shadow passwords and sudo has not detected that
+fact. Look in config.h to see what, if any, shadow password scheme
+was detected. The most common are SVR4 (HAVE_GETSPNAM will be
+defined) and SecureWare (HAVE_GETPRPWNAM will be defined). Check
+the manual pages on your system for "getspnam" and "getprpwnam".
+If one of those exist but the appropriate define does not exist in
+config.h then the problem is most likely that those routines live
+in a library that sudo does not know to link against. The manual
+page should tell you what library this is. You can then use the
+--with-libraries option to configure to tell sudo to link with the
+library in question. For example:
+ --with-libraries='-lgen'
+would cause sudo to link in libgen which contains "getspnam" on SCO
+systems.
+
+If you are trying to port to a system without standard Berkeley
+networking you may find that interfaces.c will not compile. This
+is most likely on OS's with STREAMS-based networking. It should
+be possible to make it work by modifying the ISC streams support
+(see the _ISC #ifdef's). However, if you don't care about ip address
+and network address support, you can just run configure with the
+--without-interfaces flag to get a do-nothing load_interfaces()
+stub function.
+
+Sudo wants POSIX signals (sigaction and friends). If your system
+lacks sigaction but has the 4.3BSD sigvec() function, sigvec() will
+be used instead via the wrapper functions in sigaction.c. It is
+not currently possible to use the old SVR3 and 4.2BSD signals, but
+this is due more to my lack of a test machine than anything else.
+
+If you port sudo to a new architecture, please send the output of
+"configure", the config.log file and your changes to:
+ sudo@courtesan.com
+
+If you are unable to get sudo working, and you are willing to
+give me an account on a machine, send mail to sudo@courtesan.com.
+Note, however, that I can't make any promises.
diff --git a/sudo-1.7.4p4/README b/sudo-1.7.4p4/README
new file mode 100644
index 0000000..4f6f454
--- /dev/null
+++ b/sudo-1.7.4p4/README
@@ -0,0 +1,97 @@
+This is Sudo version 1.7.4
+
+The sudo philosophy
+===================
+Sudo is a program designed to allow a sysadmin to give limited root privileges
+to users and log root activity. The basic philosophy is to give as few
+privileges as possible but still allow people to get their work done.
+
+Where to find sudo
+==================
+Before you try and build sudo, *please* make sure you have the current
+version. The latest sudo may always be gotten via anonymous ftp from
+ftp.sudo.ws in the directory /pub/sudo/ or from the sudo web site,
+http://www.sudo.ws/
+
+The distribution is sudo-M.m.tar.gz where `M' is the major
+version number and `m' is the minor version number.
+BETA versions of sudo may also be available. If you join
+the `sudo-workers' mailing list you will get the BETA announcements
+(see the `Mailing lists' section below).
+
+What's new
+==========
+See the NEWS file for a list of major changes in this release.
+For a complete list of changes, see the ChangeLog file. For a
+summary of major changes to the current stable release, see the web
+page, http://www.sudo.ws/sudo/stable.html.
+
+If you are upgrading from an earlier version of Sudo, please see
+the UPGRADE file.
+
+For a history of sudo please see the HISTORY file.
+
+System requirements
+===================
+To build sudo from the source distribution you need a machine running
+Unix (most flavors of BSD, SYSV, or POSIX will do), a working C
+compiler, and the make utility.
+
+If you wish to modify the parser then you will need flex version
+2.5.2 or later and either bison or byacc (sudo comes with a pre-flex'd
+tokenizer and pre-yacc'd grammar parser). You'll also have to
+uncomment a few lines from the Makefile or run configure with the
+--with-devel option. You can get flex via anonymous ftp from
+ftp://ftp.ee.lbl.gov/pub/flex* as well as any GNU mirror. You can
+get GNU bison from ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU
+mirror.
+
+Building the release
+====================
+Please read the installation guide in the `INSTALL' file before
+trying to build sudo. Pay special attention to the "OS dependent notes"
+section.
+
+Copyright
+=========
+Sudo is distributed under an ISC-style license.
+Please refer to the `LICENSE' file included with the release for details.
+
+Mailing lists
+=============
+sudo-announce This list receives announcements whenever a new version
+ of sudo is released.
+ http://www.sudo.ws/mailman/listinfo/sudo-announce
+
+sudo-users This list is for questions and general discussion about sudo.
+ http://www.sudo.ws/mailman/listinfo/sudo-users
+
+sudo-workers This list is for people working on and porting sudo.
+ http://www.sudo.ws/mailman/listinfo/sudo-workers
+
+sudo-commits This list receives a message for each commit made to
+ the sudo source repository.
+ http://www.sudo.ws/mailman/listinfo/sudo-commits
+
+To subscribe to a list, visit its url (as listed above) and enter
+your email address to subscribe. Digest versions are available but
+these are fairly low traffic lists so the digest versions are not
+a significant win.
+
+Mailing list archives are also available. See the mailing list web sites
+for the appropriate links.
+
+Web page
+========
+There is a sudo web page at http://www.sudo.ws/ that contains
+an overview of sudo, documentation, downloads, information about
+beta versions and other useful info.
+
+Bug reports
+===========
+If you have found what you believe to be a bug, you can file a bug
+report in the sudo bug database, on the web at http://www.sudo.ws/bugs/.
+
+Please read over the `TROUBLESHOOTING' file *before* submitting a bug
+report. When reporting bugs, please be sure to include the version of
+sudo you are using as well as the platform you are running it on.
diff --git a/sudo-1.7.4p4/README.LDAP b/sudo-1.7.4p4/README.LDAP
new file mode 100644
index 0000000..5b7f6d8
--- /dev/null
+++ b/sudo-1.7.4p4/README.LDAP
@@ -0,0 +1,178 @@
+This file explains how to build the optional LDAP functionality of SUDO to
+store /etc/sudoers information. This feature is distinct from LDAP passwords.
+
+For general sudo LDAP configuration details, see the sudoers.ldap manual that
+comes with the sudo distribution. A pre-formatted version of the manual may
+be found in the sudoers.ldap.cat file.
+
+The sudo binary compiled with LDAP support should be totally backward
+compatible and be syntactically and source code equivalent to its
+non LDAP-enabled build.
+
+LDAP philosophy
+===============
+As times change and servers become cheap, an enterprise can easily have 500+
+UNIX servers. Using LDAP to synchronize Users, Groups, Hosts, Mounts, and
+others across an enterprise can greatly reduce the administrative overhead.
+
+In the past, sudo has used a single local configuration file, /etc/sudoers.
+While the same sudoers file can be shared among machines, no built-in
+mechanism exists to distribute it. Some have attempted to workaround this
+by synchronizing changes via CVS/RSYNC/RDIST/RCP/SCP and even NFS.
+
+By using LDAP for sudoers we gain a centrally administered, globally
+available configuration source for sudo.
+
+For information on OpenLDAP, please see http://www.openldap.org/.
+
+Definitions
+===========
+Many times the word 'Directory' is used in the document to refer to the LDAP
+server, structure and contents.
+
+Many times 'options' are used in this document to refer to sudoer 'defaults'.
+They are one and the same.
+
+Build instructions
+==================
+The simplest way to build sudo with LDAP support is to include the
+'--with-ldap' option.
+
+ $ ./configure --with-ldap
+
+If your ldap libraries and headers are in a non-standard place, you will need
+to specify them at configure time. E.g.
+
+ $ ./configure --with-ldap=/usr/local/ldapsdk
+
+Sudo is developed using OpenLDAP but Netscape-based LDAP libraries
+(such as those present in Solaris) are also known to work.
+
+Your mileage may vary. Please let the sudo workers mailing list
+<sudo-workers@sudo.ws> know if special configuration was required
+to build an LDAP-enabled sudo so we can improve sudo.
+
+Schema Changes
+==============
+You must add the appropriate schema to your LDAP server before it
+can store sudoers content.
+
+For OpenLDAP, copy the file schema.OpenLDAP to the schema directory
+(e.g. /etc/openldap/schema). You must then edit your slapd.conf and
+add an include line the new schema, e.g.
+
+ # Sudo LDAP schema
+ include /etc/openldap/schema/sudo.schema
+
+In order for sudoRole LDAP queries to be efficient, the server must index
+the attribute 'sudoUser', e.g.
+
+ # Indices to maintain
+ index sudoUser eq
+
+After making the changes to slapd.conf, restart slapd.
+
+For Netscape-derived LDAP servers such as SunONE, iPlanet or Fedora Directory,
+copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif.
+
+On Solaris, schemas are stored in /var/Sun/mps/slapd-`hostname`/config/schema/.
+For Fedora Directory Server, they are stored in /etc/dirsrv/schema/.
+
+After copying the schema file to the appropriate directory, restart
+the LDAP server.
+
+Finally, using an LDAP browser/editor, enable indexing by editing the
+client profile to provide a Service Search Descriptor (SSD) for sudoers,
+replacing example.com with your domain:
+
+ serviceSearchDescriptor: sudoers: ou=sudoers,dc=example,dc=com
+
+If using an Active Directory server, copy schema.ActiveDirectory
+to your Windows domain controller and run the following command:
+
+ ldifde -i -f schema.ActiveDirectory -c dc=X dc=example,dc=com
+
+Importing /etc/sudoers into LDAP
+================================
+Importing sudoers is a two-step process.
+
+Step 1:
+Ask your LDAP Administrator where to create the ou=SUDOers container.
+
+For instance, if using OpenLDAP:
+
+ dn: ou=SUDOers,dc=example,dc=com
+ objectClass: top
+ objectClass: organizationalUnit
+ ou: SUDOers
+
+(An example location is shown below). Then use the provided script to convert
+your sudoers file into LDIF format. The script will also convert any default
+options.
+
+ # SUDOERS_BASE=ou=SUDOers,dc=example,dc=com
+ # export SUDOERS_BASE
+ # ./sudoers2ldif /etc/sudoers > /tmp/sudoers.ldif
+
+Step 2:
+Import into your directory server. The following example is for
+OpenLDAP. If you are using another directory, provide the LDIF
+file to your LDAP Administrator.
+
+ # ldapadd -f /tmp/sudoers.ldif -h ldapserver \
+ -D cn=Manager,dc=example,dc=com -W -x
+
+Managing LDAP entries
+=====================
+Doing a one-time bulk load of your ldap entries is fine. However what if you
+need to make minor changes on a daily basis? It doesn't make sense to delete
+and re-add objects. (You can, but this is tedious).
+
+I recommend using any of the following LDAP browsers to administer your SUDOers.
+ * GQ - The gentleman's LDAP client - Open Source - I use this a lot on Linux
+ and since it is Schema aware, I don't need to create a sudoRole template.
+ http://biot.com/gq/
+
+ * LDAP Browser/Editor - by Jarek Gawor - I use this a lot on Windows
+ and Solaris. It runs anywhere in a Java Virtual Machine including
+ web pages. You have to make a template from an existing sudoRole entry.
+ http://www.iit.edu/~gawojar/ldap
+ http://www.mcs.anl.gov/~gawor/ldap
+ http://ldapmanager.com
+
+ * Apache Directory Studio - Open Source - an Eclipse-based LDAP
+ development platform. Includes an LDAP browser, and LDIF editor,
+ a schema editor and more.
+ http://directory.apache.org/studio
+
+ There are dozens of others, some Open Source, some free, some not.
+
+Configure your /etc/ldap.conf and /etc/nsswitch.conf
+====================================================
+The /etc/ldap.conf file is meant to be shared between sudo, pam_ldap, nss_ldap
+and other ldap applications and modules. IBM Secureway unfortunately uses
+the same file name but has a different syntax. If you need to change where
+this file is stored, re-run configure with the --with-ldap-conf-file=PATH
+option.
+
+See the "Configuring ldap.conf" section in the sudoers.ldap manual
+for a list of supported ldap.conf parameters and an example ldap.conf
+
+Make sure you sudoers_base matches the location you specified when you
+imported the sudoers ldif data.
+
+After configuring /etc/ldap.conf, you must add a line in /etc/nsswitch.conf
+to tell sudo to look in LDAP for sudoers. See the "Configuring nsswitch.conf"
+section in the sudoers.ldap manual for details. Note that sudo will use
+/etc/nsswitch.conf even if the underlying operating system does not support it.
+To disable nsswitch support, run configure with the --with-nsswitch=no option.
+This will cause sudo to consult LDAP first and /etc/sudoers second, unless the
+ignore_sudoers_file flag is set in the global LDAP options.
+
+Debugging your LDAP configuration
+=================================
+Enable debugging if you believe sudo is not parsing LDAP the way you think it
+should. Setting the 'sudoers_debug' parameter to a value of 1 shows moderate
+debugging. A value of 2 shows the results of the matches themselves. Make
+sure to set the value back to zero so that other users don't get confused by
+the debugging messages.
diff --git a/sudo-1.7.4p4/TROUBLESHOOTING b/sudo-1.7.4p4/TROUBLESHOOTING
new file mode 100644
index 0000000..57e2012
--- /dev/null
+++ b/sudo-1.7.4p4/TROUBLESHOOTING
@@ -0,0 +1,191 @@
+Troubleshooting tips and FAQ for Sudo
+=====================================
+
+Q) When I run configure, it says "C compiler cannot create executables".
+A) This usually means you either don't have a working compiler. This
+ could be due to the lack of a license or that some component of the
+ compiler suite could not be found. Check config.log for clues as
+ to why this is happening. On many systems, compiler components live
+ in /usr/ccs/bin which may not be in your PATH environment variable.
+
+Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root."
+ and sudo quits.
+A) Sudo must be setuid root to do its work. You need to do something like
+ `chmod 4111 /usr/local/bin/sudo'. Also, the file system sudo resides
+ on must *not* be mounted (or exported) with the nosuid option or sudo
+ will not be able to work. Another possibility is you may have '.' in
+ your $PATH before the directory containing sudo. If you are going
+ to have '.' in your path you should make sure it is at the end.
+
+Q) Sudo never gives me a chance to enter a password using PAM, it just
+ says 'Sorry, try again.' three times and exits.
+A) You didn't setup PAM to work with sudo. On Redhat Linux or Fedora
+ Core this generally means installing sample.pam as /etc/pam.d/sudo.
+ See the sample.pam file for hints on what to use for other Linux
+ systems.
+
+Q) Sudo says 'Account expired or PAM config lacks an "account"
+ section for sudo, contact your system administrator' and exits
+ but I know my account has not expired.
+A) Your PAM config lacks an "account" specification. On Linux this
+ usually means you are missing a line like:
+ account required pam_unix.so
+ in /etc/pam.d/sudo.
+
+Q) Sudo is setup to log via syslog(3) but I'm not getting any log
+ messages.
+A) Make sure you have an entry in your syslog.conf file to save
+ the sudo messages (see the sample.syslog.conf file). The default
+ log facility is authpriv (changeable via configure or in sudoers).
+ Don't forget to send a SIGHUP to your syslogd so that it re-reads
+ its conf file. Also, remember that syslogd does *not* create
+ log files, you need to create the file before syslogd will log
+ to it (ie: touch /var/log/sudo).
+ Note: the facility (e.g. "auth.debug") must be separated from the
+ destination (e.g. "/var/log/auth" or "@loghost") by
+ tabs, *not* spaces. This is a common error.
+
+Q) When sudo asks me for my password it never accepts what I enter even
+ though I know I entered my password correctly.
+A) If your system uses shadow passwords, it is possible that sudo
+ didn't detect this. Take a look at the generated config.h file
+ and verify that the C function used for shadow password lookups
+ was detected. For instance, for SVR4-style shadow passwords,
+ HAVE_GETSPNAM should be defined (you can search for the string
+ "shadow passwords" in config.h with your editor). Note that
+ there is no define for 4.4BSD-based shadow passwords since that
+ just uses the standard getpw* routines.
+
+Q) I don't want the sudoers file in /etc, how can I specify where it
+ should go?
+A) Use the --sysconfdir option to configure. Ie:
+ configure --sysconfdir=/dir/you/want/sudoers/in
+
+Q) Can I put the sudoers file in NIS/NIS+ or do I have to have a
+ copy on each machine?
+A) There is no support for making an NIS/NIS+ map/table out of
+ the sudoers file at this time. A good way to distribute the
+ sudoers file is via rdist(1). It is also possible to NFS-mount
+ the sudoers file.
+
+Q) I don't run sendmail on my machine. Does this mean that I cannot
+ use sudo?
+A) No, you just need to run use the --without-sendmail argument to configure
+ or add "!mailerpath" to the Defaults line in /etc/sudoers.
+
+Q) When I run visudo it uses vi as the editor and I hate vi. How
+ can I make it use another editor?
+A) Your best bet is to run configure with the --with-env-editor switch.
+ This will make visudo use the editor specified by the user's
+ EDITOR environment variable. Alternately, you can run configure
+ with the --with-editor=/path/to/another/editor.
+
+Q) Sudo appears to be removing some variables from my environment, why?
+A) Sudo removes the following "dangerous" environment variables
+ to guard against shared library spoofing, shell voodoo, and
+ kerberos server spoofing.
+ IFS
+ LOCALDOMAIN
+ RES_OPTIONS
+ HOSTALIASES
+ NLSPATH
+ PATH_LOCALE
+ TERMINFO
+ TERMINFO_DIRS
+ TERMPATH
+ TERMCAP
+ ENV
+ BASH_ENV
+ LC_ (if it contains a '/' or '%')
+ LANG (if it contains a '/' or '%')
+ LANGUAGE (if it contains a '/' or '%')
+ LD_*
+ _RLD_*
+ SHLIB_PATH (HP-UX only)
+ LIBPATH (AIX only)
+ KRB_CONF (kerb4 only)
+ KRBCONFDIR (kerb4 only)
+ KRBTKFILE (kerb4 only)
+ KRB5_CONFIG (kerb5 only)
+ VAR_ACE (SecurID only)
+ USR_ACE (SecurID only)
+ DLC_ACE (SecurID only)
+
+Q) How can I keep sudo from asking for a password?
+A) To specify this on a per-user (and per-command) basis, use the 'NOPASSWD'
+ tag right before the command list in sudoers. See the sudoers man page
+ and sample.sudoers for details. To disable passwords completely,
+ run configure with the --without-passwd option or add "!authenticate"
+ to the Defaults line in /etc/sudoers. You can also turn off authentication
+ on a per-user or per-host basis using a user or host-specific Defaults
+ entry in sudoers.
+
+Q) When I run configure, it dies with the following error:
+ "no acceptable cc found in $PATH".
+A) /usr/ucb/cc was the only C compiler that configure could find.
+ You need to tell configure the path to the "real" C compiler
+ via the --with-CC option. On Solaris, the path is probably
+ something like "/opt/SUNWspro/SC4.0/bin/cc". If you have gcc
+ that will also work.
+
+Q) When I run configure, it dies with the following error:
+ Fatal Error: config.cache exists from another platform!
+ Please remove it and re-run configure.
+A) configure caches the results of its tests in a file called
+ config.cache to make re-running configure speedy. However,
+ if you are building sudo for a different platform the results
+ in config.cache will be wrong so you need to remove config.cache.
+ You can do this by "rm config.cache" or "make realclean".
+ Note that "make realclean" will also remove any object files
+ and configure temp files that are laying around as well.
+
+Q) I built sudo on a Solaris >= 2.6 machine but the resulting binary
+ doesn't work on Solaris <= 2.5.1. Why?
+A) Starting with Solaris 2.6, snprintf(3) is included in the standard
+ C library. To build a version of sudo on a >= 2.6 machine that
+ will run on a <= 2.5.1 machine, edit config.h and comment out the lines:
+ #define HAVE_SNPRINTF 1
+ #define HAVE_VSNPRINTF 1
+ and run make.
+
+Q) When I run "visudo" it says "sudoers file busy, try again later."
+ and doesn't do anything.
+A) Someone else is currently editing the sudoers file with visudo.
+
+Q) When I try to use "cd" with sudo it says "cd: command not found".
+A) "cd" is a shell built-in command, you can't run it as a command
+ since a child process (sudo) cannot affect the current working
+ directory of the parent (your shell).
+
+Q) When I try to use "cd" with sudo the command completes without
+ errors but nothing happens.
+A) Even though "cd" is a shell built-in command, some operating systems
+ include a /usr/bin/cd command for some reason. A standalone
+ "cd" command is totally useless since a child process (cd) cannot
+ affect the current working directory of the parent (your shell).
+ Thus, "sudo cd /foo" will start a child process, change the
+ directory and immediately exit without doing anything useful.
+
+Q) When I run sudo it says I am not allowed to run the command as root
+ but I don't want to run it as root, I want to run it as another user.
+ My sudoers file entry looks like:
+ bob ALL=(oracle) ALL
+A) The default user sudo tries to run things as is always root, even if
+ the invoking user can only run commands as a single, specific user.
+ This may change in the future but at the present time you have to
+ work around this using the 'runas_default' option in sudoers.
+ For example:
+ Defaults:bob runas_default=oracle
+ would achieve the desired result ofr the preceding sudoers fragment.
+
+Q) When I try to run sudo via ssh, I get the error:
+ sudo: no tty present and no askpass program specified
+A) ssh does not allocate a tty by default when running a remote command.
+ Without a tty, sudo cannot disable echo when prompting for a password.
+ You can use ssh's "-t" option to force it to allocate a tty.
+ Alternately, if you do not mind your password being echoed to the
+ screen, you can use the "visiblepw" sudoers option to allow this.
+
+Q) How do you pronounce `sudo'?
+A) The official pronunciation is soo-doo (for su "do"). However, an
+ alternate pronunciation, a homophone of "pseudo", is also common.
diff --git a/sudo-1.7.4p4/UPGRADE b/sudo-1.7.4p4/UPGRADE
new file mode 100644
index 0000000..fb27119
--- /dev/null
+++ b/sudo-1.7.4p4/UPGRADE
@@ -0,0 +1,176 @@
+Notes on upgrading from an older release
+========================================
+
+o Upgrading from a version prior to 1.7.4:
+
+ Starting with sudo 1.7.4, the time stamp files have moved from
+ /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo.
+ The directories are checked for existence in that order. This
+ prevents users from receiving the sudo lecture every time the
+ system reboots. Time stamp files older than the boot time are
+ ignored on systems where it is possible to determine this.
+
+ Additionally, the tty_tickets sudoers option is now enabled by
+ default. To restore the old behavior (single time stamp per user),
+ add a line like:
+ Defaults !tty_tickets
+ to sudoers or use the --without-tty-tickets configure option.
+
+ The HOME and MAIL environment variables are now reset based on the
+ target user's password database entry when the env_reset sudoers option
+ is enabled (which is the case in the default configuration). Users
+ wishing to preserve the original values should use a sudoers entry like:
+ Defaults env_keep += HOME
+ to preserve the old value of HOME and
+ Defaults env_keep += MAIL
+ to preserve the old value of MAIL.
+
+ NOTE: preserving HOME has security implications since many programs
+ use when searching for configuration files. Adding HOME to env_keep
+ may enable a user to run unrestricted commands via sudo.
+
+ The default syslog facility has changed from "local2" to "authpriv"
+ (or "auth" if the operating system doesn't have "authpriv").
+ The --with-logfac configure option can be used to change this
+ or it can be changed in the sudoers file.
+
+o Upgrading from a version prior to 1.7.0:
+
+ Starting with sudo 1.7.0, comments in the sudoers file must not
+ have a digit or minus sign immediately after the comment character
+ ('#'). Otherwise, the comment may be interpreted as a user or
+ group ID.
+
+ When sudo is build with LDAP support the /etc/nsswitch.conf file is
+ now used to determine the sudoers seach order. sudo will default to
+ only using /etc/sudoers unless /etc/nsswitch.conf says otherwise.
+ This can be changed with an nsswitch.conf line, e.g.:
+ sudoers: ldap files
+ Would case LDAP to be searched first, then the sudoers file.
+ To restore the pre-1.7.0 behavior, run configure with the
+ --with-nsswitch=no flag.
+
+ Sudo now ignores user .ldaprc files as well as system LDAP defaults.
+ All LDAP configuration is now in /etc/ldap.conf (or whichever file
+ was specified by configure's --with-ldap-conf-file option).
+ If you are using TLS, you may now need to specify:
+ tls_checkpeer no
+ in sudo's ldap.conf unless ldap.conf references a valid certificate
+ authority file(s).
+
+ Please also see the NEWS file for a list of new features in
+ sudo 1.7.0.
+
+o Upgrading from a version prior to 1.6.9:
+
+ Starting with sudo 1.6.9, if an OS supports a modular authentication
+ method such as PAM, it will be used by default by configure.
+
+ Environment variable handling has changed significantly in sudo
+ 1.6.9. Prior to version 1.6.9, sudo would preserve the user's
+ environment, pruning out potentially dangerous variables.
+ Beginning with sudo 1.6.9, the envionment is reset to a default
+ set of values with only a small number of "safe" variables
+ preserved. To preserve specific environment variables, add
+ them to the "env_keep" list in sudoers. E.g.
+
+ Defaults env_keep += "EDITOR"
+
+ The old behavior can be restored by negating the "env_reset"
+ option in sudoers. E.g.
+
+ Defaults !env_reset
+
+ There have also been changes to how the "env_keep" and
+ "env_check" options behave.
+
+ Prior to sudo 1.6.9, the TERM and PATH environment variables
+ would always be preserved even if the env_keep option was
+ redefined. That is no longer the case. Consequently, if
+ env_keep is set with "=" and not simply appended to (i.e. using
+ "+="), PATH and TERM must be explicitly included in the list
+ of environment variables to keep. The LOGNAME, SHELL, USER,
+ and USERNAME environment variables are still always set.
+
+ Additionally, the env_check setting previously had no effect
+ when env_reset was set (which is now on by default). Starting
+ with sudo 1.6.9, environment variables listed in env_check are
+ also preserved in the env_reset case, provided that they do not
+ contain a '/' or '%' character. Note that it is not necessary
+ to also list a variable in env_keep--having it in env_check is
+ sufficent.
+
+ The default lists of variables to be preserved and/or checked
+ are displayed when sudo is run by root with the -V flag.
+
+o Upgrading from a version prior to 1.6.8:
+
+ Prior to sudo 1.6.8, if /var/run did not exist, sudo would put
+ the time stamp files in /tmp/.odus. As of sudo 1.6.8, the
+ time stamp files will be placed in /var/adm/sudo or /usr/adm/sudo
+ if there is no /var/run directory. This directory will be
+ created if it does not already exist.
+
+ Previously, a sudoers entry that explicitly prohibited running
+ a command as a certain user did not override a previous entry
+ allowing the same command. This has been fixed in sudo 1.6.8
+ such that the last match is now used (as it is documented).
+ Hopefully no one was depending on the previous (buggy) beghavior.
+
+o Upgrading from a version prior to 1.6:
+
+ As of sudo 1.6, parsing of runas entries and the NOPASSWD tag
+ has changed. Prior to 1.6, a runas specifier applied only to
+ a single command directly following it. Likewise, the NOPASSWD
+ tag only allowed the command directly following it to be run
+ without a password. Starting with sudo 1.6, both the runas
+ specifier and the NOPASSWD tag are "sticky" for an entire
+ command list. So, given the following line in sudo < 1.6
+
+ millert ALL=(daemon) NOPASSWD:/usr/bin/whoami,/bin/ls
+
+ millert would be able to run /usr/bin/whoami as user daemon
+ without a password and /bin/ls as root with a password.
+
+ As of sudo 1.6, the same line now means that millert is able
+ to run run both /usr/bin/whoami and /bin/ls as user daemon
+ without a password. To expand on this, take the following
+ example:
+
+ millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, (root) /bin/ls, \
+ /sbin/dump
+
+ millert can run /usr/bin/whoami as daemon and /bin/ls and
+ /sbin/dump as root. No password need be given for either
+ command. In other words, the "(root)" sets the default runas
+ user to root for the rest of the list. If we wanted to require
+ a password for /bin/ls and /sbin/dump the line could be written
+ thusly:
+
+ millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \
+ (root) PASSWD:/bin/ls, /sbin/dump
+
+ Additionally, sudo now uses a per-user time stamp directory
+ instead of a time stamp file. This allows tty time stamps to
+ simply be files within the user's time stamp dir. For the
+ default, non-tty case, the time stamp on the directory itself
+ is used.
+
+ Also, the temporary file used by visudo is now /etc/sudoers.tmp
+ since some versions of vipw on systems with shadow passwords use
+ /etc/stmp for the temporary shadow file.
+
+o Upgrading from a version prior to 1.5:
+
+ By default, sudo expects the sudoers file to be mode 0440 and
+ to be owned by user and group 0. This differs from version 1.4
+ and below which expected the sudoers file to be mode 0400 and
+ to be owned by root. Doing a `make install' will set the sudoers
+ file to the new mode and group. If sudo encounters a sudoers
+ file with the old permissions it will attempt to update it to
+ the new scheme. You cannot, however, use a sudoers file with
+ the new permissions with an old sudo binary. It is suggested
+ that if have a means of distributing sudo you distribute the
+ new binaries first, then the new sudoers file (or you can leave
+ sudoers as is and sudo will fix the permissions itself as long
+ as sudoers is on a local file system).
diff --git a/sudo-1.7.4p4/aclocal.m4 b/sudo-1.7.4p4/aclocal.m4
new file mode 100644
index 0000000..1276746
--- /dev/null
+++ b/sudo-1.7.4p4/aclocal.m4
@@ -0,0 +1,375 @@
+dnl Local m4 macros for autoconf (used by sudo)
+dnl
+dnl Copyright (c) 1994-1996, 1998-2005, 2007-2009
+dnl Todd C. Miller <Todd.Miller@courtesan.com>
+dnl
+dnl XXX - should cache values in all cases!!!
+dnl
+dnl checks for programs
+
+dnl
+dnl check for sendmail in well-known locations
+dnl
+AC_DEFUN(SUDO_PROG_SENDMAIL, [AC_MSG_CHECKING([for sendmail])
+found=no
+for p in "/usr/sbin/sendmail" "/usr/lib/sendmail" "/usr/etc/sendmail" "/usr/ucblib/sendmail" "/usr/local/lib/sendmail" "/usr/local/bin/sendmail"; do
+ if test -f "$p"; then
+ found=yes
+ AC_MSG_RESULT([$p])
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$p")
+ break
+ fi
+done
+if test X"$found" != X"yes"; then
+ AC_MSG_RESULT([not found])
+fi
+])dnl
+
+dnl
+dnl check for vi in well-known locations
+dnl
+AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING([for vi])
+found=no
+for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
+ if test -f "$editor"; then
+ found=yes
+ AC_MSG_RESULT([$editor])
+ SUDO_DEFINE_UNQUOTED(_PATH_VI, "$editor")
+ break
+ fi
+done
+if test X"$found" != X"yes"; then
+ AC_MSG_RESULT([not found])
+fi
+])dnl
+
+dnl
+dnl check for mv in well-known locations
+dnl
+AC_DEFUN(SUDO_PROG_MV, [AC_MSG_CHECKING([for mv])
+found=no
+for p in "/usr/bin/mv" "/bin/mv" "/usr/ucb/mv" "/usr/sbin/mv"; do
+ if test -f "$p"; then
+ found=yes
+ AC_MSG_RESULT([$p])
+ SUDO_DEFINE_UNQUOTED(_PATH_MV, "$p")
+ break
+ fi
+done
+if test X"$found" != X"yes"; then
+ AC_MSG_RESULT([not found])
+fi
+])dnl
+
+dnl
+dnl check for bourne shell in well-known locations
+dnl
+AC_DEFUN(SUDO_PROG_BSHELL, [AC_MSG_CHECKING([for bourne shell])
+found=no
+for p in "/bin/sh" "/usr/bin/sh" "/sbin/sh" "/usr/sbin/sh" "/bin/ksh" "/usr/bin/ksh" "/bin/bash" "/usr/bin/bash"; do
+ if test -f "$p"; then
+ found=yes
+ AC_MSG_RESULT([$p])
+ SUDO_DEFINE_UNQUOTED(_PATH_BSHELL, "$p")
+ break
+ fi
+done
+if test X"$found" != X"yes"; then
+ AC_MSG_RESULT([not found])
+fi
+])dnl
+
+dnl
+dnl Where the log file goes, use /var/log if it exists, else /{var,usr}/adm
+dnl
+AC_DEFUN(SUDO_LOGFILE, [AC_MSG_CHECKING(for log file location)
+if test -n "$with_logpath"; then
+ AC_MSG_RESULT($with_logpath)
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGFILE, "$with_logpath")
+elif test -d "/var/log"; then
+ AC_MSG_RESULT(/var/log/sudo.log)
+ SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/log/sudo.log")
+elif test -d "/var/adm"; then
+ AC_MSG_RESULT(/var/adm/sudo.log)
+ SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/adm/sudo.log")
+elif test -d "/usr/adm"; then
+ AC_MSG_RESULT(/usr/adm/sudo.log)
+ SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/usr/adm/sudo.log")
+else
+ AC_MSG_RESULT(unknown, you will have to set _PATH_SUDO_LOGFILE by hand)
+fi
+])dnl
+
+dnl
+dnl Where the timestamp files go.
+dnl
+AC_DEFUN(SUDO_TIMEDIR, [AC_MSG_CHECKING(for timestamp file location)
+timedir="$with_timedir"
+if test -z "$timedir"; then
+ for d in /var/db /var/lib /var/adm /usr/adm; do
+ if test -d "$d"; then
+ timedir="$d/sudo"
+ break
+ fi
+ done
+fi
+AC_MSG_RESULT([$timedir])
+SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$timedir")
+])dnl
+
+dnl
+dnl Where the I/O log files go, use /var/log/sudo-io if
+dnl /var/log exists, else /{var,usr}/adm/sudo-io
+dnl
+AC_DEFUN(SUDO_IO_LOGDIR, [
+ AC_MSG_CHECKING(for I/O log dir location)
+ if test "${with_iologdir-yes}" != "yes"; then
+ :
+ elif test -d "/var/log"; then
+ with_iologdir="/var/log/sudo-io"
+ elif test -d "/var/adm"; then
+ with_iologdir="/var/adm/sudo-io"
+ else
+ with_iologdir="/usr/adm/sudo-io"
+ fi
+ if test "${with_iologdir-yes}" != "no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_IO_LOGDIR, "$with_iologdir")
+ fi
+ AC_MSG_RESULT($with_iologdir)
+])dnl
+
+dnl
+dnl SUDO_CHECK_TYPE(TYPE, DEFAULT)
+dnl XXX - should require the check for unistd.h...
+dnl
+AC_DEFUN(SUDO_CHECK_TYPE,
+[AC_REQUIRE([AC_HEADER_STDC])dnl
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(sudo_cv_type_$1,
+[AC_EGREP_CPP($1, [#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif], sudo_cv_type_$1=yes, sudo_cv_type_$1=no)])dnl
+AC_MSG_RESULT($sudo_cv_type_$1)
+if test $sudo_cv_type_$1 = no; then
+ AC_DEFINE($1, $2, [Define if your system lacks the $1 type.])
+fi
+])
+
+dnl
+dnl Check for size_t declation
+dnl
+AC_DEFUN(SUDO_TYPE_SIZE_T,
+[SUDO_CHECK_TYPE(size_t, int)])
+
+dnl
+dnl Check for ssize_t declation
+dnl
+AC_DEFUN(SUDO_TYPE_SSIZE_T,
+[SUDO_CHECK_TYPE(ssize_t, int)])
+
+dnl
+dnl Check for dev_t declation
+dnl
+AC_DEFUN(SUDO_TYPE_DEV_T,
+[SUDO_CHECK_TYPE(dev_t, int)])
+
+dnl
+dnl Check for ino_t declation
+dnl
+AC_DEFUN(SUDO_TYPE_INO_T,
+[SUDO_CHECK_TYPE(ino_t, unsigned int)])
+
+dnl
+dnl check for working fnmatch(3)
+dnl
+AC_DEFUN(SUDO_FUNC_FNMATCH,
+[AC_MSG_CHECKING([for working fnmatch with FNM_CASEFOLD])
+AC_CACHE_VAL(sudo_cv_func_fnmatch,
+[rm -f conftestdata; > conftestdata
+AC_TRY_RUN([#include <fnmatch.h>
+main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); }], [sudo_cv_func_fnmatch=yes], [sudo_cv_func_fnmatch=no],
+ [sudo_cv_func_fnmatch=no])
+rm -f core core.* *.core])
+AC_MSG_RESULT($sudo_cv_func_fnmatch)
+AS_IF([test $sudo_cv_func_fnmatch = yes], [$1], [$2])])
+
+dnl
+dnl check for isblank(3)
+dnl
+AC_DEFUN([SUDO_FUNC_ISBLANK],
+ [AC_CACHE_CHECK([for isblank], [sudo_cv_func_isblank],
+ [AC_TRY_LINK([#include <ctype.h>], [return (isblank('a'));],
+ sudo_cv_func_isblank=yes, sudo_cv_func_isblank=no)])
+] [
+ if test "$sudo_cv_func_isblank" = "yes"; then
+ AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3).])
+ else
+ AC_LIBOBJ(isblank)
+ fi
+])
+
+dnl
+dnl check unsetenv() return value
+dnl
+AC_DEFUN([SUDO_FUNC_UNSETENV_VOID],
+ [AC_CACHE_CHECK([whether unsetenv returns void], [sudo_cv_func_unsetenv_void],
+ [AC_RUN_IFELSE([AC_LANG_PROGRAM(
+ [AC_INCLUDES_DEFAULT
+ int unsetenv();
+ ], [
+ [return unsetenv("FOO") != 0;]
+ ])
+ ],
+ [sudo_cv_func_unsetenv_void=no],
+ [sudo_cv_func_unsetenv_void=yes],
+ [sudo_cv_func_unsetenv_void=no])])
+ if test $sudo_cv_func_unsetenv_void = yes; then
+ AC_DEFINE(UNSETENV_VOID, 1,
+ [Define to 1 if the `unsetenv' function returns void instead of `int'.])
+ fi
+ ])
+
+dnl
+dnl check putenv() argument for const
+dnl
+AC_DEFUN([SUDO_FUNC_PUTENV_CONST],
+[AC_CACHE_CHECK([whether putenv has a const argument],
+sudo_cv_func_putenv_const,
+[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
+int putenv(const char *string) {return 0;}], [])],
+ [sudo_cv_func_putenv_const=yes],
+ [sudo_cv_func_putenv_const=no])
+ ])
+ if test $sudo_cv_func_putenv_const = yes; then
+ AC_DEFINE(PUTENV_CONST, 1, [Define to 1 if the `putenv' has a const argument.])
+ fi
+])
+
+dnl
+dnl check for sa_len field in struct sockaddr
+dnl
+AC_DEFUN(SUDO_SOCK_SA_LEN, [
+ AC_CHECK_MEMBER([struct sockaddr.sa_len],
+ [AC_DEFINE(HAVE_SA_LEN, 1, [Define if your struct sockadr has an sa_len field.])],
+ [],
+ [ #include <sys/types.h>
+ #include <sys/socket.h>]
+ )]
+)
+dnl
+dnl check for max length of uid_t in string representation.
+dnl we can't really trust UID_MAX or MAXUID since they may exist
+dnl only for backwards compatibility.
+dnl
+AC_DEFUN(SUDO_UID_T_LEN,
+[AC_REQUIRE([AC_TYPE_UID_T])
+AC_MSG_CHECKING(max length of uid_t)
+AC_CACHE_VAL(sudo_cv_uid_t_len,
+[rm -f conftestdata
+AC_TRY_RUN(
+[#include <stdio.h>
+#include <pwd.h>
+#include <limits.h>
+#include <sys/types.h>
+#include <sys/param.h>
+main() {
+ FILE *f;
+ char b[1024];
+ uid_t u = (uid_t) -1;
+
+ if ((f = fopen("conftestdata", "w")) == NULL)
+ exit(1);
+
+ (void) sprintf(b, "%lu", (unsigned long) u);
+ (void) fprintf(f, "%d\n", strlen(b));
+ (void) fclose(f);
+ exit(0);
+}], sudo_cv_uid_t_len=`cat conftestdata`, sudo_cv_uid_t_len=10, sudo_cv_uid_t_len=10)
+])
+rm -f conftestdata
+AC_MSG_RESULT($sudo_cv_uid_t_len)
+AC_DEFINE_UNQUOTED(MAX_UID_T_LEN, $sudo_cv_uid_t_len, [Define to the max length of a uid_t in string context (excluding the NUL).])
+])
+
+dnl
+dnl append a libpath to an LDFLAGS style variable
+dnl
+AC_DEFUN(SUDO_APPEND_LIBPATH, [
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) $1="${$1} -L$2 -Wl,+b,$2"
+ ;;
+ *) $1="${$1} -L$2 -Wl,-R$2"
+ ;;
+ esac
+ else
+ $1="${$1} -L$2"
+ fi
+ if test X"$blibpath" != X"" -a "$1" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:$2"
+ fi
+])
+
+dnl
+dnl Determine the mail spool location
+dnl NOTE: must be run *after* check for paths.h
+dnl
+AC_DEFUN(SUDO_MAILDIR, [
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}], [])], [maildir=yes], [])
+fi
+if test $maildir = no; then
+ # Solaris has maillock.h which defines MAILDIR
+ AC_CHECK_HEADERS(maillock.h, [
+ SUDO_DEFINE(_PATH_MAILDIR, MAILDIR)
+ maildir=yes
+ ])
+ if test $maildir = no; then
+ for d in /var/mail /var/spool/mail /usr/spool/mail; do
+ if test -d "$d"; then
+ maildir=yes
+ SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "$d")
+ break
+ fi
+ done
+ if test $maildir = no; then
+ # unable to find mail dir, hope for the best
+ SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "/var/mail")
+ fi
+ fi
+fi
+])
+
+dnl
+dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support
+dnl tracing that we use to define paths for pathnames.h so autoheader doesn't
+dnl put them in config.h.in. An awful hack.
+dnl
+m4_define([SUDO_DEFINE],
+[cat >>confdefs.h <<\EOF
+[@%:@define] $1 m4_if($#, 2, [$2], $#, 3, [$2], 1)
+EOF
+])
+
+m4_define([SUDO_DEFINE_UNQUOTED],
+[cat >>confdefs.h <<EOF
+[@%:@define] $1 m4_if($#, 2, [$2], $#, 3, [$2], 1)
+EOF
+])
+
+dnl
+dnl Pull in libtool macros
+dnl
+m4_include([libtool.m4])
+m4_include([ltoptions.m4])
+m4_include([ltsugar.m4])
+m4_include([ltversion.m4])
+m4_include([lt~obsolete.m4])
diff --git a/sudo-1.7.4p4/aix.c b/sudo-1.7.4p4/aix.c
new file mode 100644
index 0000000..5735ec9
--- /dev/null
+++ b/sudo-1.7.4p4/aix.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright (c) 2008, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/resource.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#include <usersec.h>
+#include <uinfo.h>
+
+#include "compat.h"
+#include "alloc.h"
+#include "error.h"
+
+#ifdef HAVE_GETUSERATTR
+
+#ifndef HAVE_SETRLIMIT64
+# define setrlimit64(a, b) setrlimit(a, b)
+# define rlimit64 rlimit
+# define rlim64_t rlim_t
+# define RLIM64_INFINITY RLIM_INFINITY
+#endif /* HAVE_SETRLIMIT64 */
+
+#ifndef RLIM_SAVED_MAX
+# define RLIM_SAVED_MAX RLIM64_INFINITY
+#endif
+
+struct aix_limit {
+ int resource;
+ char *soft;
+ char *hard;
+ int factor;
+};
+
+static struct aix_limit aix_limits[] = {
+ { RLIMIT_FSIZE, S_UFSIZE, S_UFSIZE_HARD, 512 },
+ { RLIMIT_CPU, S_UCPU, S_UCPU_HARD, 1 },
+ { RLIMIT_DATA, S_UDATA, S_UDATA_HARD, 512 },
+ { RLIMIT_STACK, S_USTACK, S_USTACK_HARD, 512 },
+ { RLIMIT_RSS, S_URSS, S_URSS_HARD, 512 },
+ { RLIMIT_CORE, S_UCORE, S_UCORE_HARD, 512 },
+ { RLIMIT_NOFILE, S_UNOFILE, S_UNOFILE_HARD, 1 }
+};
+
+static int
+aix_getlimit(user, lim, valp)
+ char *user;
+ char *lim;
+ rlim64_t *valp;
+{
+ int val;
+
+ if (getuserattr(user, lim, &val, SEC_INT) != 0 &&
+ getuserattr("default", lim, &val, SEC_INT) != 0) {
+ return(-1);
+ }
+ *valp = val;
+ return(0);
+}
+
+static void
+aix_setlimits(user)
+ char *user;
+{
+ struct rlimit64 rlim;
+ rlim64_t val;
+ int n;
+
+ if (setuserdb(S_READ) != 0)
+ error(1, "unable to open userdb");
+
+ /*
+ * For each resource limit, get the soft/hard values for the user
+ * and set those values via setrlimit64(). Must be run as euid 0.
+ */
+ for (n = 0; n < sizeof(aix_limits) / sizeof(aix_limits[0]); n++) {
+ /*
+ * We have two strategies, depending on whether or not the
+ * hard limit has been defined.
+ */
+ if (aix_getlimit(user, aix_limits[n].hard, &val) == 0) {
+ rlim.rlim_max = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor;
+ if (aix_getlimit(user, aix_limits[n].soft, &val) == 0)
+ rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor;
+ else
+ rlim.rlim_cur = rlim.rlim_max; /* soft not specd, use hard */
+ } else {
+ /* No hard limit set, try soft limit. */
+ if (aix_getlimit(user, aix_limits[n].soft, &val) == 0)
+ rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor;
+
+ /* Set hard limit per AIX /etc/security/limits documentation. */
+ switch (aix_limits[n].resource) {
+ case RLIMIT_CPU:
+ case RLIMIT_FSIZE:
+ rlim.rlim_max = rlim.rlim_cur;
+ break;
+ case RLIMIT_STACK:
+ rlim.rlim_max = RLIM_SAVED_MAX;
+ break;
+ default:
+ rlim.rlim_max = RLIM64_INFINITY;
+ break;
+ }
+ }
+ (void)setrlimit64(aix_limits[n].resource, &rlim);
+ }
+ enduserdb();
+}
+
+#ifdef HAVE_SETAUTHDB
+/*
+ * Look up administrative domain for user (SYSTEM in /etc/security/user) and
+ * set it as the default for the process. This ensures that password and
+ * group lookups are made against the correct source (files, NIS, LDAP, etc).
+ */
+void
+aix_setauthdb(user)
+ char *user;
+{
+ char *registry;
+
+ if (user != NULL) {
+ if (setuserdb(S_READ) != 0)
+ error(1, "unable to open userdb");
+ if (getuserattr(user, S_REGISTRY, ®istry, SEC_CHAR) == 0) {
+ if (setauthdb(registry, NULL) != 0)
+ error(1, "unable to switch to registry \"%s\" for %s",
+ registry, user);
+ }
+ enduserdb();
+ }
+}
+
+/*
+ * Restore the saved administrative domain, if any.
+ */
+void
+aix_restoreauthdb()
+{
+ if (setauthdb(NULL, NULL) != 0)
+ error(1, "unable to restore registry");
+}
+#endif
+
+void
+aix_prep_user(user, tty)
+ char *user;
+ char *tty;
+{
+ char *info;
+ int len;
+
+ /* set usrinfo, like login(1) does */
+ len = easprintf(&info, "NAME=%s%cLOGIN=%s%cLOGNAME=%s%cTTY=%s%c",
+ user, '\0', user, '\0', user, '\0', tty ? tty : "", '\0');
+ (void)usrinfo(SETUINFO, info, len);
+ efree(info);
+
+#ifdef HAVE_SETAUTHDB
+ /* set administrative domain */
+ aix_setauthdb(user);
+#endif
+
+ /* set resource limits */
+ aix_setlimits(user);
+}
+#endif /* HAVE_GETUSERATTR */
diff --git a/sudo-1.7.4p4/aixcrypt.exp b/sudo-1.7.4p4/aixcrypt.exp
new file mode 100644
index 0000000..5ee024e
--- /dev/null
+++ b/sudo-1.7.4p4/aixcrypt.exp
@@ -0,0 +1,4 @@
+#!
+__setkey
+__encrypt
+__crypt
diff --git a/sudo-1.7.4p4/alias.c b/sudo-1.7.4p4/alias.c
new file mode 100644
index 0000000..b1f57e7
--- /dev/null
+++ b/sudo-1.7.4p4/alias.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright (c) 2004-2005, 2007-2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+
+#include "sudo.h"
+#include "parse.h"
+#include "redblack.h"
+#include <gram.h>
+
+/*
+ * Globals
+ */
+struct rbtree *aliases;
+unsigned int alias_seqno;
+
+/*
+ * Comparison function for the red-black tree.
+ * Aliases are sorted by name with the type used as a tie-breaker.
+ */
+int
+alias_compare(v1, v2)
+ const void *v1, *v2;
+{
+ const struct alias *a1 = (const struct alias *)v1;
+ const struct alias *a2 = (const struct alias *)v2;
+ int res;
+
+ if (v1 == NULL)
+ res = -1;
+ else if (v2 == NULL)
+ res = 1;
+ else if ((res = strcmp(a1->name, a2->name)) == 0)
+ res = a1->type - a2->type;
+ return(res);
+}
+
+/*
+ * Search the tree for an alias with the specified name and type.
+ * Returns a pointer to the alias structure or NULL if not found.
+ */
+struct alias *
+alias_find(name, type)
+ char *name;
+ int type;
+{
+ struct alias key;
+ struct rbnode *node;
+ struct alias *a = NULL;
+
+ key.name = name;
+ key.type = type;
+ if ((node = rbfind(aliases, &key)) != NULL) {
+ /*
+ * Compare the global sequence number with the one stored
+ * in the alias. If they match then we've seen this alias
+ * before and found a loop.
+ */
+ a = node->data;
+ if (a->seqno == alias_seqno)
+ return(NULL);
+ a->seqno = alias_seqno;
+ }
+ return(a);
+}
+
+/*
+ * Add an alias to the aliases redblack tree.
+ * Returns NULL on success and an error string on failure.
+ */
+char *
+alias_add(name, type, members)
+ char *name;
+ int type;
+ struct member *members;
+{
+ static char errbuf[512];
+ struct alias *a;
+
+ a = emalloc(sizeof(*a));
+ a->name = name;
+ a->type = type;
+ a->seqno = 0;
+ list2tq(&a->members, members);
+ if (rbinsert(aliases, a)) {
+ snprintf(errbuf, sizeof(errbuf), "Alias `%s' already defined", name);
+ alias_free(a);
+ return(errbuf);
+ }
+ return(NULL);
+}
+
+/*
+ * Apply a function to each alias entry and pass in a cookie.
+ */
+void
+alias_apply(func, cookie)
+ int (*func) __P((void *, void *));
+ void *cookie;
+{
+ rbapply(aliases, func, cookie, inorder);
+}
+
+/*
+ * Returns TRUE if there are no aliases, else FALSE.
+ */
+int
+no_aliases()
+{
+ return(rbisempty(aliases));
+}
+
+/*
+ * Free memory used by an alias struct and its members.
+ */
+void
+alias_free(v)
+ void *v;
+{
+ struct alias *a = (struct alias *)v;
+ struct member *m;
+ struct sudo_command *c;
+ void *next;
+
+ efree(a->name);
+ for (m = a->members.first; m != NULL; m = next) {
+ next = m->next;
+ if (m->type == COMMAND) {
+ c = (struct sudo_command *) m->name;
+ efree(c->cmnd);
+ efree(c->args);
+ }
+ efree(m->name);
+ efree(m);
+ }
+ efree(a);
+}
+
+/*
+ * Find the named alias, remove it from the tree and return it.
+ */
+struct alias *
+alias_remove(name, type)
+ char *name;
+ int type;
+{
+ struct rbnode *node;
+ struct alias key, *a;
+
+ key.name = name;
+ key.type = type;
+ if ((node = rbfind(aliases, &key)) == NULL)
+ return(NULL);
+ a = rbdelete(aliases, node);
+ return(a);
+}
+
+void
+init_aliases()
+{
+ if (aliases != NULL)
+ rbdestroy(aliases, alias_free);
+ aliases = rbcreate(alias_compare);
+}
diff --git a/sudo-1.7.4p4/alloc.c b/sudo-1.7.4p4/alloc.c
new file mode 100644
index 0000000..8e6a7e2
--- /dev/null
+++ b/sudo-1.7.4p4/alloc.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+
+#include "sudo.h"
+
+/*
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x). This just means that
+ * emalloc2() and erealloc3() cannot allocate huge amounts on such a
+ * platform but that is OK since sudo doesn't need to do so anyway.
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+# define SIZE_MAX SIZE_T_MAX
+# else
+# define SIZE_MAX INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
+
+/*
+ * emalloc() calls the system malloc(3) and exits with an error if
+ * malloc(3) fails.
+ */
+void *
+emalloc(size)
+ size_t size;
+{
+ void *ptr;
+
+ if (size == 0)
+ errorx(1, "internal error, tried to emalloc(0)");
+
+ if ((ptr = malloc(size)) == NULL)
+ errorx(1, "unable to allocate memory");
+ return(ptr);
+}
+
+/*
+ * emalloc2() allocates nmemb * size bytes and exits with an error
+ * if overflow would occur or if the system malloc(3) fails.
+ */
+void *
+emalloc2(nmemb, size)
+ size_t nmemb;
+ size_t size;
+{
+ void *ptr;
+
+ if (nmemb == 0 || size == 0)
+ errorx(1, "internal error, tried to emalloc2(0)");
+ if (nmemb > SIZE_MAX / size)
+ errorx(1, "internal error, emalloc2() overflow");
+
+ size *= nmemb;
+ if ((ptr = malloc(size)) == NULL)
+ errorx(1, "unable to allocate memory");
+ return(ptr);
+}
+
+/*
+ * erealloc() calls the system realloc(3) and exits with an error if
+ * realloc(3) fails. You can call erealloc() with a NULL pointer even
+ * if the system realloc(3) does not support this.
+ */
+void *
+erealloc(ptr, size)
+ void *ptr;
+ size_t size;
+{
+
+ if (size == 0)
+ errorx(1, "internal error, tried to erealloc(0)");
+
+ ptr = ptr ? realloc(ptr, size) : malloc(size);
+ if (ptr == NULL)
+ errorx(1, "unable to allocate memory");
+ return(ptr);
+}
+
+/*
+ * erealloc3() realloc(3)s nmemb * size bytes and exits with an error
+ * if overflow would occur or if the system malloc(3)/realloc(3) fails.
+ * You can call erealloc() with a NULL pointer even if the system realloc(3)
+ * does not support this.
+ */
+void *
+erealloc3(ptr, nmemb, size)
+ void *ptr;
+ size_t nmemb;
+ size_t size;
+{
+
+ if (nmemb == 0 || size == 0)
+ errorx(1, "internal error, tried to erealloc3(0)");
+ if (nmemb > SIZE_MAX / size)
+ errorx(1, "internal error, erealloc3() overflow");
+
+ size *= nmemb;
+ ptr = ptr ? realloc(ptr, size) : malloc(size);
+ if (ptr == NULL)
+ errorx(1, "unable to allocate memory");
+ return(ptr);
+}
+
+/*
+ * estrdup() is like strdup(3) except that it exits with an error if
+ * malloc(3) fails. NOTE: unlike strdup(3), estrdup(NULL) is legal.
+ */
+char *
+estrdup(src)
+ const char *src;
+{
+ char *dst = NULL;
+ size_t size;
+
+ if (src != NULL) {
+ size = strlen(src) + 1;
+ dst = (char *) emalloc(size);
+ (void) memcpy(dst, src, size);
+ }
+ return(dst);
+}
+
+/*
+ * easprintf() calls vasprintf() and exits with an error if vasprintf()
+ * returns -1 (out of memory).
+ */
+int
+#ifdef __STDC__
+easprintf(char **ret, const char *fmt, ...)
+#else
+easprintf(ret, fmt, va_alist)
+ char **ret;
+ const char *fmt;
+ va_dcl
+#endif
+{
+ int len;
+ va_list ap;
+#ifdef __STDC__
+ va_start(ap, fmt);
+#else
+ va_start(ap);
+#endif
+ len = vasprintf(ret, fmt, ap);
+ va_end(ap);
+
+ if (len == -1)
+ errorx(1, "unable to allocate memory");
+ return(len);
+}
+
+/*
+ * evasprintf() calls vasprintf() and exits with an error if vasprintf()
+ * returns -1 (out of memory).
+ */
+int
+evasprintf(ret, format, args)
+ char **ret;
+ const char *format;
+ va_list args;
+{
+ int len;
+
+ if ((len = vasprintf(ret, format, args)) == -1)
+ errorx(1, "unable to allocate memory");
+ return(len);
+}
+
+/*
+ * Wrapper for free(3) so we can depend on C89 semantics.
+ */
+void
+efree(ptr)
+ void *ptr;
+{
+ if (ptr != NULL)
+ free(ptr);
+}
diff --git a/sudo-1.7.4p4/alloc.h b/sudo-1.7.4p4/alloc.h
new file mode 100644
index 0000000..d3e1b07
--- /dev/null
+++ b/sudo-1.7.4p4/alloc.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_ALLOC_H
+#define _SUDO_ALLOC_H
+
+#ifdef __STDC__
+# include <stdarg.h>
+int easprintf(char **, const char *, ...) __printflike(2, 3);
+int evasprintf(char **, const char *, va_list) __printflike(2, 0);
+void efree(void *);
+void *emalloc(size_t);
+void *emalloc2(size_t, size_t);
+void *erealloc(void *, size_t);
+void *erealloc3(void *, size_t, size_t);
+char *estrdup(const char *);
+#else
+# include <varargs.h>
+int easprintf();
+int evasprintf();
+void efree();
+void *emalloc();
+void *emalloc2();
+void *erealloc();
+void *erealloc3();
+char *estrdup();
+#endif /* __STDC__ */
+
+#endif /* _SUDO_ALLOC_H */
diff --git a/sudo-1.7.4p4/audit.c b/sudo-1.7.4p4/audit.c
new file mode 100644
index 0000000..9226d30
--- /dev/null
+++ b/sudo-1.7.4p4/audit.c
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef __STDC__
+# include <stdarg.h>
+#else
+# include <varargs.h>
+#endif
+
+#include "compat.h"
+#include "logging.h"
+
+#ifdef HAVE_BSM_AUDIT
+# include "bsm_audit.h"
+#endif
+#ifdef HAVE_LINUX_AUDIT
+# include "linux_audit.h"
+#endif
+
+void
+#ifdef __STDC__
+audit_success(char *exec_args[])
+#else
+audit_success(exec_args)
+ const char *exec_args[];
+#endif
+{
+#ifdef HAVE_BSM_AUDIT
+ bsm_audit_success(exec_args);
+#endif
+#ifdef HAVE_LINUX_AUDIT
+ linux_audit_command(exec_args, 1);
+#endif
+}
+
+void
+#ifdef __STDC__
+audit_failure(char *exec_args[], char const *const fmt, ...)
+#else
+audit_failure(exec_args, fmt, va_alist)
+ const char *exec_args[];
+ char const *const fmt;
+ va_dcl
+#endif
+{
+ va_list ap;
+
+#ifdef __STDC__
+ va_start(ap, fmt);
+#else
+ va_start(ap);
+#endif
+#ifdef HAVE_BSM_AUDIT
+ bsm_audit_failure(exec_args, fmt, ap);
+#endif
+#ifdef HAVE_LINUX_AUDIT
+ linux_audit_command(exec_args, 0);
+#endif
+ va_end(ap);
+}
diff --git a/sudo-1.7.4p4/auth/API b/sudo-1.7.4p4/auth/API
new file mode 100644
index 0000000..fd183fe
--- /dev/null
+++ b/sudo-1.7.4p4/auth/API
@@ -0,0 +1,128 @@
+NOTE: the Sudo auth API is subject to change
+
+Purpose: to provide a simple API for authentication methods that
+ encapsulates things nicely without turning into a maze
+ of #ifdef's
+
+The sudo_auth struct looks like this:
+
+typedef struct sudo_auth {
+ short flags; /* various flags, see below */
+ short status; /* status from verify routine */
+ char *name; /* name of the method in string form */
+ void *data; /* method-specific data pointer */
+
+ int (*init) __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+ int (*setup) __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+ int (*verify) __P((struct passwd *pw, char *p, sudo_auth *auth));
+ int (*cleanup) __P((struct passwd *pw, sudo_auth *auth));
+} sudo_auth;
+
+The variables in the struct are as follows:
+ flags Bitwise binary flags, see below.
+
+ status Contains the return value from the last run of
+ the "verify" function. Starts out as AUTH_FAILURE.
+
+ name The name of the authentication method as a C string.
+
+ data A pointer to method-specific data. This is passed to
+ all the functions of an auth method and is usually
+ initialized in the "init" or "setup" routines.
+
+Possible values of sudo_auth.flags:
+ FLAG_USER Whether or not the auth functions should run with
+ the euid of the invoking user instead of 0.
+
+ FLAG_CONFIGURED If set then the auth method is assumed to have been
+ configured successfully. All auth methods start out
+ with this set. If an "init" or "setup" function
+ fails, this bit is cleared.
+
+ FLAG_ONEANDONLY If set, this indicates that the method is the
+ only one in use. Can be used by auth functions
+ to determine whether to return a fatal or nonfatal
+ error.
+
+The member functions can return the following values:
+ AUTH_SUCCESS Function succeeded. For a ``verify'' function
+ this means the user correctly authenticated.
+
+ AUTH_FAILURE Function failed. If this is an ``init'' or
+ ``setup'' routine, the auth method will be
+ marked as !configured.
+
+ AUTH_FATAL A fatal error occurred. The routine should have
+ written an error message to stderr and optionally
+ sent mail to the administrator. (If log_error()
+ is called to do this, the NO_EXIT flag must be used.)
+ When verify_user() gets AUTH_FATAL from an auth
+ function it does an exit(1).
+
+The functions in the struct are as follows:
+
+ int init(struct passwd *pw, char **prompt, sudo_auth *auth)
+ Function to do any one-time initialization for the auth
+ method. All of the "init" functions are run before anything
+ else. A pointer to the prompt string may be used to add
+ method-specific info to the prompt.
+
+ int setup(struct passwd *pw, char **prompt, sudo_auth *auth)
+ Function to do method-specific setup. All the "setup"
+ routines are run before any of the "verify" routines. A
+ pointer to the prompt string may be used to add method-specific
+ info to the prompt.
+
+ int verify(struct passwd *pw, char *p, sudo_auth *auth)
+ Function to do user verification for this auth method. For
+ standalone auth methods ``p'' is the prompt string. For
+ normal auth methods, ``p'' is the password the user entered.
+ Note that standalone auth methods are responsible for
+ rerading the password themselves.
+
+ int cleanup(struct passwd *pw, sudo_auth *auth)
+ Function to do per-auth method cleanup. This is only run
+ at the end of the authentication process, after the user
+ has completely failed or succeeded to authenticate.
+ The ``auth->status'' variable contains the result of the
+ last authentication attempt which may be interesting.
+
+A note about standalone methods. Some authentication methods can't
+coexist with any others. This may be because they encapsulate other
+methods (pam, sia) or because they have a special way of interacting
+with the user (securid).
+
+Adding a new authentication method:
+
+Each method should live in its own file. Add prototypes for the functions
+in sudo_auth.h.
+
+If this is a standalone method, add it to the standalone #if cascade
+in sudo_auth.h. For instance, for a method, ``fooauth'', add:
+
+#elif defined(HAVE_FOOAUTH)
+# define AUTH_STANDALONE \
+ AUTH_ENTRY(0, "foo", \
+ foo_init, foo_setup, foo_verify, foo_cleanup)
+
+If the method needs to run as the user, not root, replace the first
+parameter to AUTH_ENTRY (0) with FLAG_USER. If you don't have a
+init/setup/cleanup routine, just use a NULL for that field.
+
+For a normal authentication method, add it to the ``auth_switch'' in
+sudo_auth.c. If ``fooauth'' is a normal auth method, its entry
+would look like:
+
+# ifdef HAVE_FOOAUTH
+ AUTH_ENTRY(0, "foo", foo_init, foo_setup, foo_verify, foo_cleanup)
+# endif
+
+Again, if the method doesn't need to run as root, replace the 0 with
+FLAG_USER. Likewise, if you don't have a init/setup/cleanup routine,
+just use a NULL for that field.
+
+NOTE: You should not make a method both ``standalone'' and
+ ``normal''. Just use the --without-passwd configure argument
+ to disable passwd/shadow file checking and then have your
+ auth routines check the FLAG_ONEANDONLY flag to see if
+ they are running standalone and act accordingly.
diff --git a/sudo-1.7.4p4/auth/afs.c b/sudo-1.7.4p4/auth/afs.c
new file mode 100644
index 0000000..2b9d7b9
--- /dev/null
+++ b/sudo-1.7.4p4/auth/afs.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1999, 2001-2005, 2007, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+#include <afs/stds.h>
+#include <afs/kautils.h>
+
+int
+afs_verify(pw, pass, auth)
+ struct passwd *pw;
+ char *pass;
+ sudo_auth *auth;
+{
+ struct ktc_encryptionKey afs_key;
+ struct ktc_token afs_token;
+
+ /* Try to just check the password */
+ ka_StringToKey(pass, NULL, &afs_key);
+ if (ka_GetAdminToken(pw->pw_name, /* name */
+ NULL, /* instance */
+ NULL, /* realm */
+ &afs_key, /* key (contains password) */
+ 0, /* lifetime */
+ &afs_token, /* token */
+ 0) == 0) /* new */
+ return(AUTH_SUCCESS);
+
+ /* Fall back on old method XXX - needed? */
+ setpag();
+ if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION+KA_USERAUTH_DOSETPAG,
+ pw->pw_name, /* name */
+ NULL, /* instance */
+ NULL, /* realm */
+ pass, /* password */
+ 0, /* lifetime */
+ NULL, /* expiration ptr (unused) */
+ 0, /* spare */
+ NULL) == 0) /* reason */
+ return(AUTH_SUCCESS);
+
+ return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/aix_auth.c b/sudo-1.7.4p4/auth/aix_auth.c
new file mode 100644
index 0000000..7a776be
--- /dev/null
+++ b/sudo-1.7.4p4/auth/aix_auth.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <usersec.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+/*
+ * For a description of the AIX authentication API, see
+ * http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm
+ */
+int
+aixauth_verify(pw, prompt, auth)
+ struct passwd *pw;
+ char *prompt;
+ sudo_auth *auth;
+{
+ char *pass;
+ char *message = NULL;
+ int reenter = 1;
+ int rval = AUTH_FAILURE;
+
+ pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
+ if (pass) {
+ /* XXX - should probably print message on failure. */
+ if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
+ rval = AUTH_SUCCESS;
+ free(message);
+ zero_bytes(pass, strlen(pass));
+ }
+ return(rval);
+}
+
+int
+aixauth_cleanup(pw, auth)
+ struct passwd *pw;
+ sudo_auth *auth;
+{
+ /* Unset AUTHSTATE as it may not be correct for the runas user. */
+ unsetenv("AUTHSTATE");
+
+ return(AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/bsdauth.c b/sudo-1.7.4p4/auth/bsdauth.c
new file mode 100644
index 0000000..2539713
--- /dev/null
+++ b/sudo-1.7.4p4/auth/bsdauth.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 2000-2005, 2007-2008, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <pwd.h>
+#include <signal.h>
+
+#include <login_cap.h>
+#include <bsd_auth.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+extern char *login_style; /* from sudo.c */
+
+int
+bsdauth_init(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ static auth_session_t *as;
+ extern login_cap_t *lc; /* from sudo.c */
+
+ if ((as = auth_open()) == NULL) {
+ log_error(USE_ERRNO|NO_EXIT|NO_MAIL,
+ "unable to begin bsd authentication");
+ return(AUTH_FATAL);
+ }
+
+ /* XXX - maybe sanity check the auth style earlier? */
+ login_style = login_getstyle(lc, login_style, "auth-sudo");
+ if (login_style == NULL) {
+ log_error(NO_EXIT|NO_MAIL, "invalid authentication type");
+ auth_close(as);
+ return(AUTH_FATAL);
+ }
+
+ if (auth_setitem(as, AUTHV_STYLE, login_style) < 0 ||
+ auth_setitem(as, AUTHV_NAME, pw->pw_name) < 0 ||
+ auth_setitem(as, AUTHV_CLASS, login_class) < 0) {
+ log_error(NO_EXIT|NO_MAIL, "unable to setup authentication");
+ auth_close(as);
+ return(AUTH_FATAL);
+ }
+
+ auth->data = (void *) as;
+ return(AUTH_SUCCESS);
+}
+
+int
+bsdauth_verify(pw, prompt, auth)
+ struct passwd *pw;
+ char *prompt;
+ sudo_auth *auth;
+{
+ char *pass;
+ char *s;
+ size_t len;
+ int authok = 0;
+ sigaction_t sa, osa;
+ auth_session_t *as = (auth_session_t *) auth->data;
+
+ /* save old signal handler */
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = SIG_DFL;
+ (void) sigaction(SIGCHLD, &sa, &osa);
+
+ /*
+ * If there is a challenge then print that instead of the normal
+ * prompt. If the user just hits return we prompt again with echo
+ * turned on, which is useful for challenge/response things like
+ * S/Key.
+ */
+ if ((s = auth_challenge(as)) == NULL) {
+ pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
+ } else {
+ pass = tgetpass(s, def_passwd_timeout * 60, tgetpass_flags);
+ if (pass && *pass == '\0') {
+ if ((prompt = strrchr(s, '\n')))
+ prompt++;
+ else
+ prompt = s;
+
+ /*
+ * Append '[echo on]' to the last line of the challenge and
+ * reprompt with echo turned on.
+ */
+ len = strlen(prompt) - 1;
+ while (isspace(prompt[len]) || prompt[len] == ':')
+ prompt[len--] = '\0';
+ easprintf(&s, "%s [echo on]: ", prompt);
+ pass = tgetpass(s, def_passwd_timeout * 60,
+ tgetpass_flags | TGP_ECHO);
+ free(s);
+ }
+ }
+
+ if (pass) {
+ authok = auth_userresponse(as, pass, 1);
+ zero_bytes(pass, strlen(pass));
+ }
+
+ /* restore old signal handler */
+ (void) sigaction(SIGCHLD, &osa, NULL);
+
+ if (authok)
+ return(AUTH_SUCCESS);
+
+ if (!pass)
+ return(AUTH_INTR);
+
+ if ((s = auth_getvalue(as, "errormsg")) != NULL)
+ log_error(NO_EXIT|NO_MAIL, "%s", s);
+ return(AUTH_FAILURE);
+}
+
+int
+bsdauth_cleanup(pw, auth)
+ struct passwd *pw;
+ sudo_auth *auth;
+{
+ auth_session_t *as = (auth_session_t *) auth->data;
+
+ auth_close(as);
+
+ return(AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/dce.c b/sudo-1.7.4p4/auth/dce.c
new file mode 100644
index 0000000..76b43b3
--- /dev/null
+++ b/sudo-1.7.4p4/auth/dce.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+/*
+ * The code below basically comes from the examples supplied on
+ * the OSF DCE 1.0.3 manpages for the sec_login routines, with
+ * enough additional polishing to make the routine work with the
+ * rest of sudo.
+ *
+ * This code is known to work on HP 700 and 800 series systems
+ * running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
+ * (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
+ * DCE 1.1).
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include <dce/rpc.h>
+#include <dce/sec_login.h>
+#include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+static int check_dce_status __P((error_status_t, char *));
+
+int
+dce_verify(pw, plain_pw, auth)
+ struct passwd *pw;
+ char *plain_pw;
+ sudo_auth *auth;
+{
+ struct passwd temp_pw;
+ sec_passwd_rec_t password_rec;
+ sec_login_handle_t login_context;
+ boolean32 reset_passwd;
+ sec_login_auth_src_t auth_src;
+ error_status_t status;
+
+ /*
+ * Create the local context of the DCE principal necessary
+ * to perform authenticated network operations. The network
+ * identity set up by this operation cannot be used until it
+ * is validated via sec_login_validate_identity().
+ */
+ if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
+ sec_login_no_flags, &login_context, &status)) {
+
+ if (check_dce_status(status, "sec_login_setup_identity(1):"))
+ return(AUTH_FAILURE);
+
+ password_rec.key.key_type = sec_passwd_plain;
+ password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
+ password_rec.pepper = NULL;
+ password_rec.version_number = sec_passwd_c_version_none;
+
+ /* Validate the login context with the password */
+ if (sec_login_validate_identity(login_context, &password_rec,
+ &reset_passwd, &auth_src, &status)) {
+
+ if (check_dce_status(status, "sec_login_validate_identity(1):"))
+ return(AUTH_FAILURE);
+
+ /*
+ * Certify that the DCE Security Server used to set
+ * up and validate a login context is legitimate. Makes
+ * sure that we didn't get spoofed by another DCE server.
+ */
+ if (!sec_login_certify_identity(login_context, &status)) {
+ (void) fprintf(stderr, "Whoa! Bogus authentication server!\n");
+ (void) check_dce_status(status,"sec_login_certify_identity(1):");
+ return(AUTH_FAILURE);
+ }
+ if (check_dce_status(status, "sec_login_certify_identity(2):"))
+ return(AUTH_FAILURE);
+
+ /*
+ * Sets the network credentials to those specified
+ * by the now validated login context.
+ */
+ sec_login_set_context(login_context, &status);
+ if (check_dce_status(status, "sec_login_set_context:"))
+ return(AUTH_FAILURE);
+
+ /*
+ * Oops, your credentials were no good. Possibly
+ * caused by clock times out of adjustment between
+ * DCE client and DCE security server...
+ */
+ if (auth_src != sec_login_auth_src_network) {
+ (void) fprintf(stderr,
+ "You have no network credentials.\n");
+ return(AUTH_FAILURE);
+ }
+ /* Check if the password has aged and is thus no good */
+ if (reset_passwd) {
+ (void) fprintf(stderr,
+ "Your DCE password needs resetting.\n");
+ return(AUTH_FAILURE);
+ }
+
+ /*
+ * We should be a valid user by this point. Pull the
+ * user's password structure from the DCE security
+ * server just to make sure. If we get it with no
+ * problems, then we really are legitimate...
+ */
+ sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
+ &status);
+ if (check_dce_status(status, "sec_login_get_pwent:"))
+ return(AUTH_FAILURE);
+
+ /*
+ * If we get to here, then the pwent above properly fetched
+ * the password structure from the DCE registry, so the user
+ * must be valid. We don't really care what the user's
+ * registry password is, just that the user could be
+ * validated. In fact, if we tried to compare the local
+ * password to the DCE entry at this point, the operation
+ * would fail if the hidden password feature is turned on,
+ * because the password field would contain an asterisk.
+ * Also go ahead and destroy the user's DCE login context
+ * before we leave here (and don't bother checking the
+ * status), in order to clean up credentials files in
+ * /opt/dcelocal/var/security/creds. By doing this, we are
+ * assuming that the user will not need DCE authentication
+ * later in the program, only local authentication. If this
+ * is not true, then the login_context will have to be
+ * returned to the calling program, and the context purged
+ * somewhere later in the program.
+ */
+ sec_login_purge_context(&login_context, &status);
+ return(AUTH_SUCCESS);
+ } else {
+ if(check_dce_status(status, "sec_login_validate_identity(2):"))
+ return(AUTH_FAILURE);
+ sec_login_purge_context(&login_context, &status);
+ if(check_dce_status(status, "sec_login_purge_context:"))
+ return(AUTH_FAILURE);
+ }
+ }
+ (void) check_dce_status(status, "sec_login_setup_identity(2):");
+ return(AUTH_FAILURE);
+}
+
+/* Returns 0 for DCE "ok" status, 1 otherwise */
+static int
+check_dce_status(input_status, comment)
+ error_status_t input_status;
+ char *comment;
+{
+ int error_stat;
+ unsigned char error_string[dce_c_error_string_len];
+
+ if (input_status == rpc_s_ok)
+ return(0);
+ dce_error_inq_text(input_status, error_string, &error_stat);
+ (void) fprintf(stderr, "%s %s\n", comment, error_string);
+ return(1);
+}
diff --git a/sudo-1.7.4p4/auth/fwtk.c b/sudo-1.7.4p4/auth/fwtk.c
new file mode 100644
index 0000000..fba99e8
--- /dev/null
+++ b/sudo-1.7.4p4/auth/fwtk.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 1999-2005, 2008, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include <auth.h>
+#include <firewall.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+int
+fwtk_init(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ static Cfg *confp; /* Configuration entry struct */
+ char resp[128]; /* Response from the server */
+
+ if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
+ warningx("cannot read fwtk config");
+ return(AUTH_FATAL);
+ }
+
+ if (auth_open(confp)) {
+ warningx("cannot connect to authentication server");
+ return(AUTH_FATAL);
+ }
+
+ /* Get welcome message from auth server */
+ if (auth_recv(resp, sizeof(resp))) {
+ warningx("lost connection to authentication server");
+ return(AUTH_FATAL);
+ }
+ if (strncmp(resp, "Authsrv ready", 13) != 0) {
+ warningx("authentication server error:\n%s", resp);
+ return(AUTH_FATAL);
+ }
+
+ return(AUTH_SUCCESS);
+}
+
+int
+fwtk_verify(pw, prompt, auth)
+ struct passwd *pw;
+ char *prompt;
+ sudo_auth *auth;
+{
+ char *pass; /* Password from the user */
+ char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */
+ char resp[128]; /* Response from the server */
+ int error;
+
+ /* Send username to authentication server. */
+ (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name);
+restart:
+ if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
+ warningx("lost connection to authentication server");
+ return(AUTH_FATAL);
+ }
+
+ /* Get the password/response from the user. */
+ if (strncmp(resp, "challenge ", 10) == 0) {
+ (void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
+ pass = tgetpass(buf, def_passwd_timeout * 60, tgetpass_flags);
+ if (pass && *pass == '\0') {
+ pass = tgetpass("Response [echo on]: ",
+ def_passwd_timeout * 60, tgetpass_flags | TGP_ECHO);
+ }
+ } else if (strncmp(resp, "chalnecho ", 10) == 0) {
+ pass = tgetpass(&resp[10], def_passwd_timeout * 60, tgetpass_flags);
+ } else if (strncmp(resp, "password", 8) == 0) {
+ pass = tgetpass(prompt, def_passwd_timeout * 60,
+ tgetpass_flags);
+ } else if (strncmp(resp, "display ", 8) == 0) {
+ fprintf(stderr, "%s\n", &resp[8]);
+ strlcpy(buf, "response dummy", sizeof(buf));
+ goto restart;
+ } else {
+ warningx("%s", resp);
+ return(AUTH_FATAL);
+ }
+ if (!pass) { /* ^C or error */
+ return(AUTH_INTR);
+ }
+
+ /* Send the user's response to the server */
+ (void) snprintf(buf, sizeof(buf), "response '%s'", pass);
+ if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
+ warningx("lost connection to authentication server");
+ error = AUTH_FATAL;
+ goto done;
+ }
+
+ if (strncmp(resp, "ok", 2) == 0) {
+ error = AUTH_SUCCESS;
+ goto done;
+ }
+
+ /* Main loop prints "Permission Denied" or insult. */
+ if (strcmp(resp, "Permission Denied.") != 0)
+ warningx("%s", resp);
+ error = AUTH_FAILURE;
+done:
+ zero_bytes(pass, strlen(pass));
+ zero_bytes(buf, strlen(buf));
+ return(error);
+}
+
+int
+fwtk_cleanup(pw, auth)
+ struct passwd *pw;
+ sudo_auth *auth;
+{
+
+ auth_close();
+ return(AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/kerb4.c b/sudo-1.7.4p4/auth/kerb4.c
new file mode 100644
index 0000000..f3107a0
--- /dev/null
+++ b/sudo-1.7.4p4/auth/kerb4.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <krb.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+int
+kerb4_init(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ static char realm[REALM_SZ];
+
+ /* Don't try to verify root */
+ if (pw->pw_uid == 0)
+ return(AUTH_FAILURE);
+
+ /* Get the local realm, or retrun failure (no krb.conf) */
+ if (krb_get_lrealm(realm, 1) != KSUCCESS)
+ return(AUTH_FAILURE);
+
+ /* Stash a pointer to the realm (used in kerb4_verify) */
+ auth->data = (void *) realm;
+
+ return(AUTH_SUCCESS);
+}
+
+int
+kerb4_verify(pw, pass, auth)
+ struct passwd *pw;
+ char *pass;
+ sudo_auth *auth;
+{
+ char tkfile[sizeof(_PATH_SUDO_TIMEDIR) + 4 + MAX_UID_T_LEN];
+ char *realm = (char *) auth->data;
+ int error;
+
+ /*
+ * Set the ticket file to be in sudo sudo timedir so we don't
+ * wipe out other (real) kerberos tickets.
+ */
+ (void) snprintf(tkfile, sizeof(tkfile), "%s/tkt%lu",
+ _PATH_SUDO_TIMEDIR, (unsigned long) pw->pw_uid);
+ (void) krb_set_tkt_string(tkfile);
+
+ /* Convert the password to a ticket given. */
+ error = krb_get_pw_in_tkt(pw->pw_name, "", realm, "krbtgt", realm,
+ DEFAULT_TKT_LIFE, pass);
+
+ switch (error) {
+ case INTK_OK:
+ dest_tkt(); /* we are done with the temp ticket */
+ return(AUTH_SUCCESS);
+ break;
+ case INTK_BADPW:
+ case KDC_PR_UNKNOWN:
+ break;
+ default:
+ (void) fprintf(stderr, "Warning: Kerberos error: %s\n",
+ krb_err_txt[error]);
+ }
+
+ return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/kerb5.c b/sudo-1.7.4p4/auth/kerb5.c
new file mode 100644
index 0000000..230898f
--- /dev/null
+++ b/sudo-1.7.4p4/auth/kerb5.c
@@ -0,0 +1,319 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2008, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <krb5.h>
+#ifdef HAVE_HEIMDAL
+#include <com_err.h>
+#endif
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+#ifdef HAVE_HEIMDAL
+# define extract_name(c, p) krb5_principal_get_comp_string(c, p, 1)
+# define krb5_free_data_contents(c, d) krb5_data_free(d)
+#else
+# define extract_name(c, p) (krb5_princ_component(c, p, 1)->data)
+#endif
+
+#ifndef HAVE_KRB5_VERIFY_USER
+static int verify_krb_v5_tgt __P((krb5_context, krb5_creds *, char *));
+#endif
+static struct _sudo_krb5_data {
+ krb5_context sudo_context;
+ krb5_principal princ;
+ krb5_ccache ccache;
+} sudo_krb5_data = { NULL, NULL, NULL };
+typedef struct _sudo_krb5_data *sudo_krb5_datap;
+
+#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
+static krb5_error_code
+krb5_get_init_creds_opt_alloc(context, opts)
+ krb5_context context;
+ krb5_get_init_creds_opt **opts;
+{
+ *opts = emalloc(sizeof(krb5_get_init_creds_opt));
+ krb5_get_init_creds_opt_init(*opts);
+ return 0;
+}
+
+static void
+krb5_get_init_creds_opt_free(opts)
+ krb5_get_init_creds_opt *opts;
+{
+ free(opts);
+}
+#endif
+
+int
+kerb5_init(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ krb5_context sudo_context;
+ krb5_ccache ccache;
+ krb5_principal princ;
+ krb5_error_code error;
+ char cache_name[64];
+ char *pname;
+
+ auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */
+
+#ifdef HAVE_KRB5_INIT_SECURE_CONTEXT
+ error = krb5_init_secure_context(&(sudo_krb5_data.sudo_context));
+#else
+ error = krb5_init_context(&(sudo_krb5_data.sudo_context));
+#endif
+ if (error)
+ return(AUTH_FAILURE);
+ sudo_context = sudo_krb5_data.sudo_context;
+
+ if ((error = krb5_parse_name(sudo_context, pw->pw_name,
+ &(sudo_krb5_data.princ)))) {
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to parse '%s': %s", auth->name, pw->pw_name,
+ error_message(error));
+ return(AUTH_FAILURE);
+ }
+ princ = sudo_krb5_data.princ;
+
+ /*
+ * Really, we need to tell the caller not to prompt for password.
+ * The API does not currently provide this unless the auth is standalone.
+ */
+#if 1
+ if ((error = krb5_unparse_name(sudo_context, princ, &pname))) {
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to unparse princ ('%s'): %s", auth->name,
+ pw->pw_name, error_message(error));
+ return(AUTH_FAILURE);
+ }
+
+ /* Only rewrite prompt if user didn't specify their own. */
+ /*if (!strcmp(prompt, PASSPROMPT)) { */
+ easprintf(promptp, "Password for %s: ", pname);
+ /*}*/
+ free(pname);
+#endif
+
+ (void) snprintf(cache_name, sizeof(cache_name), "MEMORY:sudocc_%ld",
+ (long) getpid());
+ if ((error = krb5_cc_resolve(sudo_context, cache_name,
+ &(sudo_krb5_data.ccache)))) {
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to resolve ccache: %s", auth->name,
+ error_message(error));
+ return(AUTH_FAILURE);
+ }
+ ccache = sudo_krb5_data.ccache;
+
+ return(AUTH_SUCCESS);
+}
+
+#ifdef HAVE_KRB5_VERIFY_USER
+int
+kerb5_verify(pw, pass, auth)
+ struct passwd *pw;
+ char *pass;
+ sudo_auth *auth;
+{
+ krb5_context sudo_context;
+ krb5_principal princ;
+ krb5_ccache ccache;
+ krb5_error_code error;
+
+ sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context;
+ princ = ((sudo_krb5_datap) auth->data)->princ;
+ ccache = ((sudo_krb5_datap) auth->data)->ccache;
+
+ error = krb5_verify_user(sudo_context, princ, ccache, pass, 1, NULL);
+ return (error ? AUTH_FAILURE : AUTH_SUCCESS);
+}
+#else
+int
+kerb5_verify(pw, pass, auth)
+ struct passwd *pw;
+ char *pass;
+ sudo_auth *auth;
+{
+ krb5_context sudo_context;
+ krb5_principal princ;
+ krb5_creds credbuf, *creds = NULL;
+ krb5_ccache ccache;
+ krb5_error_code error;
+ krb5_get_init_creds_opt *opts = NULL;
+
+ sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context;
+ princ = ((sudo_krb5_datap) auth->data)->princ;
+ ccache = ((sudo_krb5_datap) auth->data)->ccache;
+
+ /* Set default flags based on the local config file. */
+ error = krb5_get_init_creds_opt_alloc(sudo_context, &opts);
+ if (error) {
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to allocate options: %s", auth->name,
+ error_message(error));
+ goto done;
+ }
+#ifdef HAVE_HEIMDAL
+ krb5_get_init_creds_opt_set_default_flags(sudo_context, NULL,
+ krb5_principal_get_realm(sudo_context, princ), opts);
+#endif
+
+ /* Note that we always obtain a new TGT to verify the user */
+ if ((error = krb5_get_init_creds_password(sudo_context, &credbuf, princ,
+ pass, krb5_prompter_posix,
+ NULL, 0, NULL, opts))) {
+ /* Don't print error if just a bad password */
+ if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY)
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to get credentials: %s", auth->name,
+ error_message(error));
+ goto done;
+ }
+ creds = &credbuf;
+
+ /* Verify the TGT to prevent spoof attacks. */
+ if ((error = verify_krb_v5_tgt(sudo_context, creds, auth->name)))
+ goto done;
+
+ /* Store cred in cred cache. */
+ if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to initialize ccache: %s", auth->name,
+ error_message(error));
+ } else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) {
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to store cred in ccache: %s", auth->name,
+ error_message(error));
+ }
+
+done:
+ if (opts) {
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS
+ krb5_get_init_creds_opt_free(sudo_context, opts);
+#else
+ krb5_get_init_creds_opt_free(opts);
+#endif
+ }
+ if (creds)
+ krb5_free_cred_contents(sudo_context, creds);
+ return (error ? AUTH_FAILURE : AUTH_SUCCESS);
+}
+#endif
+
+int
+kerb5_cleanup(pw, auth)
+ struct passwd *pw;
+ sudo_auth *auth;
+{
+ krb5_context sudo_context;
+ krb5_principal princ;
+ krb5_ccache ccache;
+
+ sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context;
+ princ = ((sudo_krb5_datap) auth->data)->princ;
+ ccache = ((sudo_krb5_datap) auth->data)->ccache;
+
+ if (sudo_context) {
+ if (ccache)
+ krb5_cc_destroy(sudo_context, ccache);
+ if (princ)
+ krb5_free_principal(sudo_context, princ);
+ krb5_free_context(sudo_context);
+ }
+
+ return(AUTH_SUCCESS);
+}
+
+#ifndef HAVE_KRB5_VERIFY_USER
+/*
+ * Verify the Kerberos ticket-granting ticket just retrieved for the
+ * user. If the Kerberos server doesn't respond, assume the user is
+ * trying to fake us out (since we DID just get a TGT from what is
+ * supposedly our KDC).
+ *
+ * Returns 0 for successful authentication, non-zero for failure.
+ */
+static int
+verify_krb_v5_tgt(sudo_context, cred, auth_name)
+ krb5_context sudo_context;
+ krb5_creds *cred;
+ char *auth_name; /* For error reporting */
+{
+ krb5_error_code error;
+ krb5_principal server;
+ krb5_verify_init_creds_opt vopt;
+
+ /*
+ * Get the server principal for the local host.
+ * (Use defaults of "host" and canonicalized local name.)
+ */
+ if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL,
+ KRB5_NT_SRV_HST, &server))) {
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to get host principal: %s", auth_name,
+ error_message(error));
+ return(-1);
+ }
+
+ /* Initialize verify opts and set secure mode */
+ krb5_verify_init_creds_opt_init(&vopt);
+ krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, 1);
+
+ /* verify the Kerberos ticket-granting ticket we just retrieved */
+ error = krb5_verify_init_creds(sudo_context, cred, server, NULL,
+ NULL, &vopt);
+ krb5_free_principal(sudo_context, server);
+ if (error)
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: Cannot verify TGT! Possible attack!: %s", auth_name,
+ error_message(error));
+ return(error);
+}
+#endif
diff --git a/sudo-1.7.4p4/auth/pam.c b/sudo-1.7.4p4/auth/pam.c
new file mode 100644
index 0000000..ca2ef10
--- /dev/null
+++ b/sudo-1.7.4p4/auth/pam.c
@@ -0,0 +1,350 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <errno.h>
+
+#ifdef HAVE_PAM_PAM_APPL_H
+# include <pam/pam_appl.h>
+#else
+# include <security/pam_appl.h>
+#endif
+
+#ifdef HAVE_DGETTEXT
+# include <libintl.h>
+# if defined(__LINUX_PAM__)
+# define PAM_TEXT_DOMAIN "Linux-PAM"
+# elif defined(__sun__)
+# define PAM_TEXT_DOMAIN "SUNW_OST_SYSOSPAM"
+# endif
+#endif
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+/* Only OpenPAM and Linux PAM use const qualifiers. */
+#if defined(_OPENPAM) || defined(OPENPAM_VERSION) || \
+ defined(__LIBPAM_VERSION) || defined(__LINUX_PAM__)
+# define PAM_CONST const
+#else
+# define PAM_CONST
+#endif
+
+static int sudo_conv __P((int, PAM_CONST struct pam_message **,
+ struct pam_response **, void *));
+static char *def_prompt = "Password:";
+static int gotintr;
+
+#ifndef PAM_DATA_SILENT
+#define PAM_DATA_SILENT 0
+#endif
+
+static pam_handle_t *pamh; /* global due to pam_prep_user() */
+
+int
+pam_init(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ static struct pam_conv pam_conv;
+ static int pam_status;
+
+ /* Initial PAM setup */
+ if (auth != NULL)
+ auth->data = (void *) &pam_status;
+ pam_conv.conv = sudo_conv;
+#ifdef HAVE_PAM_LOGIN
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
+ pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
+ else
+#endif
+ pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+
+ if (pam_status != PAM_SUCCESS) {
+ log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
+ return(AUTH_FATAL);
+ }
+
+ /*
+ * Set PAM_RUSER to the invoking user (the "from" user).
+ * We set PAM_RHOST to avoid a bug in Solaris 7 and below.
+ */
+ (void) pam_set_item(pamh, PAM_RUSER, user_name);
+#ifdef __sun__
+ (void) pam_set_item(pamh, PAM_RHOST, user_host);
+#endif
+
+ /*
+ * Some versions of pam_lastlog have a bug that
+ * will cause a crash if PAM_TTY is not set so if
+ * there is no tty, set PAM_TTY to the empty string.
+ */
+ if (user_ttypath == NULL)
+ (void) pam_set_item(pamh, PAM_TTY, "");
+ else
+ (void) pam_set_item(pamh, PAM_TTY, user_ttypath);
+
+ return(AUTH_SUCCESS);
+}
+
+int
+pam_verify(pw, prompt, auth)
+ struct passwd *pw;
+ char *prompt;
+ sudo_auth *auth;
+{
+ const char *s;
+ int *pam_status = (int *) auth->data;
+
+ def_prompt = prompt; /* for sudo_conv */
+
+ /* PAM_SILENT prevents the authentication service from generating output. */
+ *pam_status = pam_authenticate(pamh, PAM_SILENT);
+ switch (*pam_status) {
+ case PAM_SUCCESS:
+ *pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
+ switch (*pam_status) {
+ case PAM_SUCCESS:
+ return(AUTH_SUCCESS);
+ case PAM_AUTH_ERR:
+ log_error(NO_EXIT|NO_MAIL, "pam_acct_mgmt: %d",
+ *pam_status);
+ return(AUTH_FAILURE);
+ case PAM_NEW_AUTHTOK_REQD:
+ log_error(NO_EXIT|NO_MAIL, "%s, %s",
+ "Account or password is expired",
+ "reset your password and try again");
+ *pam_status = pam_chauthtok(pamh,
+ PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (*pam_status == PAM_SUCCESS)
+ return(AUTH_SUCCESS);
+ if ((s = pam_strerror(pamh, *pam_status)))
+ log_error(NO_EXIT|NO_MAIL, "pam_chauthtok: %s", s);
+ return(AUTH_FAILURE);
+ case PAM_AUTHTOK_EXPIRED:
+ log_error(NO_EXIT|NO_MAIL,
+ "Password expired, contact your system administrator");
+ return(AUTH_FATAL);
+ case PAM_ACCT_EXPIRED:
+ log_error(NO_EXIT|NO_MAIL, "%s %s",
+ "Account expired or PAM config lacks an \"account\"",
+ "section for sudo, contact your system administrator");
+ return(AUTH_FATAL);
+ }
+ /* FALLTHROUGH */
+ case PAM_AUTH_ERR:
+ if (gotintr) {
+ /* error or ^C from tgetpass() */
+ return(AUTH_INTR);
+ }
+ case PAM_MAXTRIES:
+ case PAM_PERM_DENIED:
+ return(AUTH_FAILURE);
+ default:
+ if ((s = pam_strerror(pamh, *pam_status)))
+ log_error(NO_EXIT|NO_MAIL, "pam_authenticate: %s", s);
+ return(AUTH_FATAL);
+ }
+}
+
+int
+pam_cleanup(pw, auth)
+ struct passwd *pw;
+ sudo_auth *auth;
+{
+ int *pam_status = (int *) auth->data;
+
+ /* If successful, we can't close the session until pam_prep_user() */
+ if (auth->status == AUTH_SUCCESS)
+ return(AUTH_SUCCESS);
+
+ *pam_status = pam_end(pamh, *pam_status | PAM_DATA_SILENT);
+ return(*pam_status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
+}
+
+int
+pam_begin_session(pw)
+ struct passwd *pw;
+{
+ int status = PAM_SUCCESS;
+
+ /* If the user did not have to authenticate there is no pam handle yet. */
+ if (pamh == NULL)
+ pam_init(pw, NULL, NULL);
+
+ /*
+ * Update PAM_USER to reference the user we are running the command
+ * as, as opposed to the user we authenticated as.
+ */
+ (void) pam_set_item(pamh, PAM_USER, pw->pw_name);
+
+ /*
+ * Set credentials (may include resource limits, device ownership, etc).
+ * We don't check the return value here because in Linux-PAM 0.75
+ * it returns the last saved return code, not the return code
+ * for the setcred module. Because we haven't called pam_authenticate(),
+ * this is not set and so pam_setcred() returns PAM_PERM_DENIED.
+ * We can't call pam_acct_mgmt() with Linux-PAM for a similar reason.
+ */
+ (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
+
+#ifndef NO_PAM_SESSION
+ status = pam_open_session(pamh, 0);
+ if (status != PAM_SUCCESS) {
+ (void) pam_end(pamh, status | PAM_DATA_SILENT);
+ pamh = NULL;
+ }
+#endif
+ return(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
+}
+
+int
+pam_end_session()
+{
+ int status = PAM_SUCCESS;
+
+ if (pamh != NULL) {
+#ifndef NO_PAM_SESSION
+ (void) pam_close_session(pamh, 0);
+#endif
+ status = pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT);
+ }
+ return(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
+}
+
+/*
+ * ``Conversation function'' for PAM.
+ * XXX - does not handle PAM_BINARY_PROMPT
+ */
+static int
+sudo_conv(num_msg, msg, response, appdata_ptr)
+ int num_msg;
+ PAM_CONST struct pam_message **msg;
+ struct pam_response **response;
+ void *appdata_ptr;
+{
+ struct pam_response *pr;
+ PAM_CONST struct pam_message *pm;
+ const char *prompt;
+ char *pass;
+ int n, flags, std_prompt;
+
+ if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
+ return(PAM_SYSTEM_ERR);
+ zero_bytes(*response, num_msg * sizeof(struct pam_response));
+
+ for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) {
+ flags = tgetpass_flags;
+ switch (pm->msg_style) {
+ case PAM_PROMPT_ECHO_ON:
+ SET(flags, TGP_ECHO);
+ case PAM_PROMPT_ECHO_OFF:
+ prompt = def_prompt;
+
+ /* Error out if the last password read was interrupted. */
+ if (gotintr)
+ goto err;
+
+ /* Is the sudo prompt standard? (If so, we'l just use PAM's) */
+ std_prompt = strncmp(def_prompt, "Password:", 9) == 0 &&
+ (def_prompt[9] == '\0' ||
+ (def_prompt[9] == ' ' && def_prompt[10] == '\0'));
+
+ /* Only override PAM prompt if it matches /^Password: ?/ */
+#if defined(PAM_TEXT_DOMAIN) && defined(HAVE_DGETTEXT)
+ if (!def_passprompt_override && (std_prompt ||
+ (strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password: ")) &&
+ strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:")))))
+ prompt = pm->msg;
+#else
+ if (!def_passprompt_override && (std_prompt ||
+ strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'
+ && (pm->msg[9] != ' ' || pm->msg[10] != '\0'))))
+ prompt = pm->msg;
+#endif
+ /* Read the password unless interrupted. */
+ pass = tgetpass(prompt, def_passwd_timeout * 60, flags);
+ if (pass == NULL) {
+ /* We got ^C instead of a password; abort quickly. */
+ if (errno == EINTR)
+ gotintr = 1;
+#if defined(__darwin__) || defined(__APPLE__)
+ pass = "";
+#else
+ goto err;
+#endif
+ }
+ pr->resp = estrdup(pass);
+ zero_bytes(pass, strlen(pass));
+ break;
+ case PAM_TEXT_INFO:
+ if (pm->msg)
+ (void) puts(pm->msg);
+ break;
+ case PAM_ERROR_MSG:
+ if (pm->msg) {
+ (void) fputs(pm->msg, stderr);
+ (void) fputc('\n', stderr);
+ }
+ break;
+ default:
+ goto err;
+ }
+ }
+
+ return(PAM_SUCCESS);
+
+err:
+ /* Zero and free allocated memory and return an error. */
+ for (pr = *response, n = num_msg; n--; pr++) {
+ if (pr->resp != NULL) {
+ zero_bytes(pr->resp, strlen(pr->resp));
+ free(pr->resp);
+ pr->resp = NULL;
+ }
+ }
+ zero_bytes(*response, num_msg * sizeof(struct pam_response));
+ free(*response);
+ *response = NULL;
+ return(gotintr ? PAM_AUTH_ERR : PAM_CONV_ERR);
+}
diff --git a/sudo-1.7.4p4/auth/passwd.c b/sudo-1.7.4p4/auth/passwd.c
new file mode 100644
index 0000000..4f9efb8
--- /dev/null
+++ b/sudo-1.7.4p4/auth/passwd.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 1999-2005, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+#define DESLEN 13
+#define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',')
+
+int
+passwd_init(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+#ifdef HAVE_SKEYACCESS
+ if (skeyaccess(pw, user_tty, NULL, NULL) == 0)
+ return(AUTH_FAILURE);
+#endif
+ return(AUTH_SUCCESS);
+}
+
+int
+passwd_verify(pw, pass, auth)
+ struct passwd *pw;
+ char *pass;
+ sudo_auth *auth;
+{
+ char sav, *epass;
+ size_t pw_len;
+ int error;
+
+ pw_len = strlen(pw->pw_passwd);
+
+#ifdef HAVE_GETAUTHUID
+ /* Ultrix shadow passwords may use crypt16() */
+ error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd));
+ if (!error)
+ return(AUTH_SUCCESS);
+#endif /* HAVE_GETAUTHUID */
+
+ /*
+ * Truncate to 8 chars if standard DES since not all crypt()'s do this.
+ * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
+ */
+ sav = pass[8];
+ if (pw_len == DESLEN || HAS_AGEINFO(pw->pw_passwd, pw_len))
+ pass[8] = '\0';
+
+ /*
+ * Normal UN*X password check.
+ * HP-UX may add aging info (separated by a ',') at the end so
+ * only compare the first DESLEN characters in that case.
+ */
+ epass = (char *) crypt(pass, pw->pw_passwd);
+ pass[8] = sav;
+ if (HAS_AGEINFO(pw->pw_passwd, pw_len) && strlen(epass) == DESLEN)
+ error = strncmp(pw->pw_passwd, epass, DESLEN);
+ else
+ error = strcmp(pw->pw_passwd, epass);
+
+ return(error ? AUTH_FAILURE : AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/rfc1938.c b/sudo-1.7.4p4/auth/rfc1938.c
new file mode 100644
index 0000000..3bc39c3
--- /dev/null
+++ b/sudo-1.7.4p4/auth/rfc1938.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1994-1996, 1998-2005, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#if defined(HAVE_SKEY)
+# include <skey.h>
+# define RFC1938 skey
+# ifdef __NetBSD__
+# define rfc1938challenge(a,b,c,d) skeychallenge((a),(b),(c),(d))
+# else
+# define rfc1938challenge(a,b,c,d) skeychallenge((a),(b),(c))
+# endif
+# define rfc1938verify(a,b) skeyverify((a),(b))
+#elif defined(HAVE_OPIE)
+# include <opie.h>
+# define RFC1938 opie
+# define rfc1938challenge(a,b,c,d) opiechallenge((a),(b),(c))
+# define rfc1938verify(a,b) opieverify((a),(b))
+#endif
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+int
+rfc1938_setup(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ char challenge[256];
+ static char *orig_prompt = NULL, *new_prompt = NULL;
+ static int op_len, np_size;
+ static struct RFC1938 rfc1938;
+
+ /* Stash a pointer to the rfc1938 struct if we have not initialized */
+ if (!auth->data)
+ auth->data = &rfc1938;
+
+ /* Save the original prompt */
+ if (orig_prompt == NULL) {
+ orig_prompt = *promptp;
+ op_len = strlen(orig_prompt);
+
+ /* Ignore trailing colon (we will add our own) */
+ if (orig_prompt[op_len - 1] == ':')
+ op_len--;
+ else if (op_len >= 2 && orig_prompt[op_len - 1] == ' '
+ && orig_prompt[op_len - 2] == ':')
+ op_len -= 2;
+ }
+
+#ifdef HAVE_SKEY
+ /* Close old stream */
+ if (rfc1938.keyfile)
+ (void) fclose(rfc1938.keyfile);
+#endif
+
+ /*
+ * Look up the user and get the rfc1938 challenge.
+ * If the user is not in the OTP db, only post a fatal error if
+ * we are running alone (since they may just use a normal passwd).
+ */
+ if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) {
+ if (IS_ONEANDONLY(auth)) {
+ warningx("you do not exist in the %s database", auth->name);
+ return(AUTH_FATAL);
+ } else {
+ return(AUTH_FAILURE);
+ }
+ }
+
+ /* Get space for new prompt with embedded challenge */
+ if (np_size < op_len + strlen(challenge) + 7) {
+ np_size = op_len + strlen(challenge) + 7;
+ new_prompt = (char *) erealloc(new_prompt, np_size);
+ }
+
+ if (def_long_otp_prompt)
+ (void) snprintf(new_prompt, np_size, "%s\n%s", challenge, orig_prompt);
+ else
+ (void) snprintf(new_prompt, np_size, "%.*s [ %s ]:", op_len,
+ orig_prompt, challenge);
+
+ *promptp = new_prompt;
+ return(AUTH_SUCCESS);
+}
+
+int
+rfc1938_verify(pw, pass, auth)
+ struct passwd *pw;
+ char *pass;
+ sudo_auth *auth;
+{
+
+ if (rfc1938verify((struct RFC1938 *) auth->data, pass) == 0)
+ return(AUTH_SUCCESS);
+ else
+ return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/secureware.c b/sudo-1.7.4p4/auth/secureware.c
new file mode 100644
index 0000000..e7148d3
--- /dev/null
+++ b/sudo-1.7.4p4/auth/secureware.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 1998-2005, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#ifdef __hpux
+# undef MAXINT
+# include <hpsecurity.h>
+#else
+# include <sys/security.h>
+#endif /* __hpux */
+#include <prot.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+int
+secureware_init(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+#ifdef __alpha
+ extern int crypt_type;
+
+ if (crypt_type == INT_MAX)
+ return(AUTH_FAILURE); /* no shadow */
+#endif
+ return(AUTH_SUCCESS);
+}
+
+int
+secureware_verify(pw, pass, auth)
+ struct passwd *pw;
+ char *pass;
+ sudo_auth *auth;
+{
+#ifdef __alpha
+ extern int crypt_type;
+
+# ifdef HAVE_DISPCRYPT
+ if (strcmp(user_passwd, dispcrypt(pass, user_passwd, crypt_type)) == 0)
+ return(AUTH_SUCCESS);
+# else
+ if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
+ if (strcmp(user_passwd, bigcrypt(pass, user_passwd)) == 0)
+ return(AUTH_SUCCESS);
+ } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
+ if (strcmp(user_passwd, crypt(pass, user_passwd)) == 0)
+ return(AUTH_SUCCESS);
+ }
+# endif /* HAVE_DISPCRYPT */
+#elif defined(HAVE_BIGCRYPT)
+ if (strcmp(user_passwd, bigcrypt(pass, user_passwd)) == 0)
+ return(AUTH_SUCCESS);
+#endif /* __alpha */
+
+ return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/securid.c b/sudo-1.7.4p4/auth/securid.c
new file mode 100644
index 0000000..6aec109
--- /dev/null
+++ b/sudo-1.7.4p4/auth/securid.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include <sdi_athd.h>
+#include <sdconf.h>
+#include <sdacmvls.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+union config_record configure;
+
+int
+securid_init(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ static struct SD_CLIENT sd_dat; /* SecurID data block */
+
+ auth->data = (void *) &sd_dat; /* For method-specific data */
+
+ if (creadcfg() == 0)
+ return(AUTH_SUCCESS);
+ else
+ return(AUTH_FATAL);
+}
+
+int
+securid_setup(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data;
+
+ /* Re-initialize SecurID every time. */
+ if (sd_init(sd) == 0) {
+ /* The programmer's guide says username is 32 bytes */
+ strlcpy(sd->username, pw->pw_name, 32);
+ return(AUTH_SUCCESS);
+ } else {
+ warningx("unable to contact the SecurID server");
+ return(AUTH_FATAL);
+ }
+}
+
+int
+securid_verify(pw, pass, auth)
+ struct passwd *pw;
+ char *pass;
+ sudo_auth *auth;
+{
+ struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data;
+ int rval;
+
+ rval = sd_auth(sd);
+ sd_close();
+ if (rval == ACM_OK)
+ return(AUTH_SUCCESS);
+ else
+ return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/securid5.c b/sudo-1.7.4p4/auth/securid5.c
new file mode 100644
index 0000000..ef9e228
--- /dev/null
+++ b/sudo-1.7.4p4/auth/securid5.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2002 Michael Stroucken <michael@stroucken.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+/* Needed for SecurID v5.0 Authentication on UNIX */
+#define UNIX 1
+#include <acexport.h>
+#include <sdacmvls.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+/*
+ * securid_init - Initialises communications with ACE server
+ * Arguments in:
+ * pw - UNUSED
+ * promptp - UNUSED
+ * auth - sudo authentication structure
+ *
+ * Results out:
+ * auth - auth->data contains pointer to new SecurID handle
+ * return code - Fatal if initialization unsuccessful, otherwise
+ * success.
+ */
+int
+securid_init(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ static SDI_HANDLE sd_dat; /* SecurID handle */
+
+ auth->data = (void *) &sd_dat; /* For method-specific data */
+
+ /* Start communications */
+ if (AceInitialize() != SD_FALSE)
+ return(AUTH_SUCCESS);
+
+ warningx("failed to initialise the ACE API library");
+ return(AUTH_FATAL);
+}
+
+/*
+ * securid_setup - Initialises a SecurID transaction and locks out other
+ * ACE servers
+ *
+ * Arguments in:
+ * pw - struct passwd for username
+ * promptp - UNUSED
+ * auth - sudo authentication structure for SecurID handle
+ *
+ * Results out:
+ * return code - Success if transaction started correctly, fatal
+ * otherwise
+ */
+int
+securid_setup(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
+ int retval;
+
+ /* Re-initialize SecurID every time. */
+ if (SD_Init(sd) != ACM_OK) {
+ warningx("unable to contact the SecurID server");
+ return(AUTH_FATAL);
+ }
+
+ /* Lock new PIN code */
+ retval = SD_Lock(*sd, pw->pw_name);
+
+ switch (retval) {
+ case ACM_OK:
+ warningx("User ID locked for SecurID Authentication");
+ return(AUTH_SUCCESS);
+
+ case ACE_UNDEFINED_USERNAME:
+ warningx("invalid username length for SecurID");
+ return(AUTH_FATAL);
+
+ case ACE_ERR_INVALID_HANDLE:
+ warningx("invalid Authentication Handle for SecurID");
+ return(AUTH_FATAL);
+
+ case ACM_ACCESS_DENIED:
+ warningx("SecurID communication failed");
+ return(AUTH_FATAL);
+
+ default:
+ warningx("unknown SecurID error");
+ return(AUTH_FATAL);
+ }
+}
+
+/*
+ * securid_verify - Authenticates user and handles ACE responses
+ *
+ * Arguments in:
+ * pw - struct passwd for username
+ * pass - UNUSED
+ * auth - sudo authentication structure for SecurID handle
+ *
+ * Results out:
+ * return code - Success on successful authentication, failure on
+ * incorrect authentication, fatal on errors
+ */
+int
+securid_verify(pw, pass, auth)
+ struct passwd *pw;
+ char *pass;
+ sudo_auth *auth;
+{
+ SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
+ int rval;
+
+ pass = (char *) tgetpass("Enter your PASSCODE: ",
+ def_passwd_timeout * 60, tgetpass_flags);
+
+ /* Have ACE verify password */
+ switch (SD_Check(*sd, pass, pw->pw_name)) {
+ case ACM_OK:
+ rval = AUTH_SUCESS;
+ break;
+
+ case ACE_UNDEFINED_PASSCODE:
+ warningx("invalid passcode length for SecurID");
+ rval = AUTH_FATAL;
+ break;
+
+ case ACE_UNDEFINED_USERNAME:
+ warningx("invalid username length for SecurID");
+ rval = AUTH_FATAL;
+ break;
+
+ case ACE_ERR_INVALID_HANDLE:
+ warningx("invalid Authentication Handle for SecurID");
+ rval = AUTH_FATAL;
+ break;
+
+ case ACM_ACCESS_DENIED:
+ rval = AUTH_FAILURE;
+ break;
+
+ case ACM_NEXT_CODE_REQUIRED:
+ /* Sometimes (when current token close to expire?)
+ ACE challenges for the next token displayed
+ (entered without the PIN) */
+ pass = (char *) tgetpass("\
+!!! ATTENTION !!!\n\
+Wait for the token code to change, \n\
+then enter the new token code.\n", \
+ def_passwd_timeout * 60, tgetpass_flags);
+
+ if (SD_Next(*sd, pass) == ACM_OK) {
+ rval = AUTH_SUCCESS;
+ break;
+ }
+
+ rval = AUTH_FAILURE;
+ break;
+
+ case ACM_NEW_PIN_REQUIRED:
+ /*
+ * This user's SecurID has not been activated yet,
+ * or the pin has been reset
+ */
+ /* XXX - Is setting up a new PIN within sudo's scope? */
+ SD_Pin(*sd, "");
+ fprintf(stderr, "Your SecurID access has not yet been set up.\n");
+ fprintf(stderr, "Please set up a PIN before you try to authenticate.\n");
+ rval = AUTH_FATAL;
+ break;
+
+ default:
+ warningx("unknown SecurID error");
+ rval = AUTH_FATAL;
+ break;
+ }
+
+ /* Free resources */
+ SD_Close(*sd);
+
+ /* Return stored state to calling process */
+ return(rval);
+}
diff --git a/sudo-1.7.4p4/auth/sia.c b/sudo-1.7.4p4/auth/sia.c
new file mode 100644
index 0000000..188676a
--- /dev/null
+++ b/sudo-1.7.4p4/auth/sia.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <siad.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+static int sudo_collect __P((int, int, uchar_t *, int, prompt_t *));
+
+static char *def_prompt;
+
+/*
+ * Collection routine (callback) for limiting the timeouts in SIA
+ * prompts and (possibly) setting a custom prompt.
+ */
+static int
+sudo_collect(timeout, rendition, title, nprompts, prompts)
+ int timeout;
+ int rendition;
+ uchar_t *title;
+ int nprompts;
+ prompt_t *prompts;
+{
+ switch (rendition) {
+ case SIAFORM:
+ case SIAONELINER:
+ if (timeout <= 0 || timeout > def_passwd_timeout * 60)
+ timeout = def_passwd_timeout * 60;
+ /*
+ * Substitute custom prompt if a) the sudo prompt is not "Password:"
+ * and b) the SIA prompt is "Password:" (so we know it is safe).
+ * This keeps us from overwriting things like S/Key challenges.
+ */
+ if (strcmp((char *)prompts[0].prompt, "Password:") == 0 &&
+ strcmp(def_prompt, "Password:") != 0)
+ prompts[0].prompt = (unsigned char *)def_prompt;
+ break;
+ default:
+ break;
+ }
+
+ return sia_collect_trm(timeout, rendition, title, nprompts, prompts);
+}
+
+int
+sia_setup(pw, promptp, auth)
+ struct passwd *pw;
+ char **promptp;
+ sudo_auth *auth;
+{
+ SIAENTITY *siah = NULL;
+ extern int Argc;
+ extern char **Argv;
+
+ if (sia_ses_init(&siah, Argc, Argv, NULL, pw->pw_name, ttyname(0), 1, NULL)
+ != SIASUCCESS) {
+
+ log_error(USE_ERRNO|NO_EXIT|NO_MAIL,
+ "unable to initialize SIA session");
+ return(AUTH_FATAL);
+ }
+
+ auth->data = (void *) siah;
+ return(AUTH_SUCCESS);
+}
+
+int
+sia_verify(pw, prompt, auth)
+ struct passwd *pw;
+ char *prompt;
+ sudo_auth *auth;
+{
+ SIAENTITY *siah = (SIAENTITY *) auth->data;
+
+ def_prompt = prompt; /* for sudo_collect */
+
+ /* XXX - need a way to detect user hitting return or EOF at prompt */
+ if (sia_ses_reauthent(sudo_collect, siah) == SIASUCCESS)
+ return(AUTH_SUCCESS);
+ else
+ return(AUTH_FAILURE);
+}
+
+int
+sia_cleanup(pw, auth)
+ struct passwd *pw;
+ sudo_auth *auth;
+{
+ SIAENTITY *siah = (SIAENTITY *) auth->data;
+
+ (void) sia_ses_release(&siah);
+ return(AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/sudo_auth.c b/sudo-1.7.4p4/auth/sudo_auth.c
new file mode 100644
index 0000000..69b0a3a
--- /dev/null
+++ b/sudo-1.7.4p4/auth/sudo_auth.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright (c) 1999-2005, 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <time.h>
+#include <signal.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+#include "insults.h"
+
+sudo_auth auth_switch[] = {
+#ifdef AUTH_STANDALONE
+ AUTH_STANDALONE
+#else
+# ifndef WITHOUT_PASSWD
+ AUTH_ENTRY(0, "passwd", passwd_init, NULL, passwd_verify, NULL)
+# endif
+# if defined(HAVE_GETPRPWNAM) && !defined(WITHOUT_PASSWD)
+ AUTH_ENTRY(0, "secureware", secureware_init, NULL, secureware_verify, NULL)
+# endif
+# ifdef HAVE_AFS
+ AUTH_ENTRY(0, "afs", NULL, NULL, afs_verify, NULL)
+# endif
+# ifdef HAVE_DCE
+ AUTH_ENTRY(0, "dce", NULL, NULL, dce_verify, NULL)
+# endif
+# ifdef HAVE_KERB4
+ AUTH_ENTRY(0, "kerb4", kerb4_init, NULL, kerb4_verify, NULL)
+# endif
+# ifdef HAVE_KERB5
+ AUTH_ENTRY(0, "kerb5", kerb5_init, NULL, kerb5_verify, kerb5_cleanup)
+# endif
+# ifdef HAVE_SKEY
+ AUTH_ENTRY(0, "S/Key", NULL, rfc1938_setup, rfc1938_verify, NULL)
+# endif
+# ifdef HAVE_OPIE
+ AUTH_ENTRY(0, "OPIE", NULL, rfc1938_setup, rfc1938_verify, NULL)
+# endif
+#endif /* AUTH_STANDALONE */
+ AUTH_ENTRY(0, NULL, NULL, NULL, NULL, NULL)
+};
+
+void
+verify_user(pw, prompt)
+ struct passwd *pw;
+ char *prompt;
+{
+ int counter = def_passwd_tries + 1;
+ int success = AUTH_FAILURE;
+ int status;
+ int flags;
+ char *p;
+ sudo_auth *auth;
+ sigaction_t sa, osa;
+#ifdef HAVE_BSM_AUDIT
+ extern char **NewArgv;
+#endif
+
+ /* Enable suspend during password entry. */
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = SIG_DFL;
+ (void) sigaction(SIGTSTP, &sa, &osa);
+
+ /* Make sure we have at least one auth method. */
+ if (auth_switch[0].name == NULL) {
+#ifdef HAVE_BSM_AUDIT
+ audit_failure(NewArgv, "no authentication methods");
+#endif
+ log_error(0, "%s %s %s",
+ "There are no authentication methods compiled into sudo!",
+ "If you want to turn off authentication, use the",
+ "--disable-authentication configure option.");
+ }
+
+ /* Set FLAG_ONEANDONLY if there is only one auth method. */
+ if (auth_switch[1].name == NULL)
+ SET(auth_switch[0].flags, FLAG_ONEANDONLY);
+
+ /* Initialize auth methods and unconfigure the method if necessary. */
+ for (auth = auth_switch; auth->name; auth++) {
+ if (auth->init && IS_CONFIGURED(auth)) {
+ if (NEEDS_USER(auth))
+ set_perms(PERM_USER);
+
+ status = (auth->init)(pw, &prompt, auth);
+ if (status == AUTH_FAILURE)
+ CLR(auth->flags, FLAG_CONFIGURED);
+ else if (status == AUTH_FATAL) { /* XXX log */
+#ifdef HAVE_BSM_AUDIT
+ audit_failure(NewArgv, "authentication failure");
+#endif
+ exit(1); /* assume error msg already printed */
+ }
+
+ if (NEEDS_USER(auth))
+ set_perms(PERM_ROOT);
+ }
+ }
+
+ while (--counter) {
+ /* Do any per-method setup and unconfigure the method if needed */
+ for (auth = auth_switch; auth->name; auth++) {
+ if (auth->setup && IS_CONFIGURED(auth)) {
+ if (NEEDS_USER(auth))
+ set_perms(PERM_USER);
+
+ status = (auth->setup)(pw, &prompt, auth);
+ if (status == AUTH_FAILURE)
+ CLR(auth->flags, FLAG_CONFIGURED);
+ else if (status == AUTH_FATAL) {/* XXX log */
+#ifdef HAVE_BSM_AUDIT
+ audit_failure(NewArgv, "authentication failure");
+#endif
+ exit(1); /* assume error msg already printed */
+ }
+
+ if (NEEDS_USER(auth))
+ set_perms(PERM_ROOT);
+ }
+ }
+
+ /* Get the password unless the auth function will do it for us */
+#ifdef AUTH_STANDALONE
+ p = prompt;
+#else
+ p = (char *) tgetpass(prompt, def_passwd_timeout * 60,
+ tgetpass_flags);
+#endif /* AUTH_STANDALONE */
+
+ /* Call authentication functions. */
+ for (auth = auth_switch; p && auth->name; auth++) {
+ if (!IS_CONFIGURED(auth))
+ continue;
+
+ if (NEEDS_USER(auth))
+ set_perms(PERM_USER);
+
+ success = auth->status = (auth->verify)(pw, (char *)p, auth);
+
+ if (NEEDS_USER(auth))
+ set_perms(PERM_ROOT);
+
+ if (auth->status != AUTH_FAILURE)
+ goto cleanup;
+ }
+#ifndef AUTH_STANDALONE
+ if (p == NULL)
+ break;
+ zero_bytes(p, strlen(p));
+#endif
+ if (!ISSET(tgetpass_flags, TGP_ASKPASS))
+ pass_warn(stderr);
+ }
+
+cleanup:
+ /* Call cleanup routines. */
+ for (auth = auth_switch; auth->name; auth++) {
+ if (auth->cleanup && IS_CONFIGURED(auth)) {
+ if (NEEDS_USER(auth))
+ set_perms(PERM_USER);
+
+ status = (auth->cleanup)(pw, auth);
+ if (status == AUTH_FATAL) { /* XXX log */
+#ifdef HAVE_BSM_AUDIT
+ audit_failure(NewArgv, "authentication failure");
+#endif
+ exit(1); /* assume error msg already printed */
+ }
+
+ if (NEEDS_USER(auth))
+ set_perms(PERM_ROOT);
+ }
+ }
+
+ switch (success) {
+ case AUTH_SUCCESS:
+ (void) sigaction(SIGTSTP, &osa, NULL);
+ return;
+ case AUTH_INTR:
+ case AUTH_FAILURE:
+ if (counter != def_passwd_tries) {
+ if (def_mail_badpass || def_mail_always)
+ flags = 0;
+ else
+ flags = NO_MAIL;
+#ifdef HAVE_BSM_AUDIT
+ audit_failure(NewArgv, "authentication failure");
+#endif
+ log_error(flags, "%d incorrect password attempt%s",
+ def_passwd_tries - counter,
+ (def_passwd_tries - counter == 1) ? "" : "s");
+ }
+ /* FALLTHROUGH */
+ case AUTH_FATAL:
+#ifdef HAVE_BSM_AUDIT
+ audit_failure(NewArgv, "authentication failure");
+#endif
+ exit(1);
+ }
+ /* NOTREACHED */
+}
+
+void
+pass_warn(fp)
+ FILE *fp;
+{
+
+#ifdef INSULT
+ if (def_insults)
+ (void) fprintf(fp, "%s\n", INSULT);
+ else
+#endif
+ (void) fprintf(fp, "%s\n", def_badpass_message);
+}
+
+void
+dump_auth_methods()
+{
+ sudo_auth *auth;
+
+ (void) fputs("Authentication methods:", stdout);
+ for (auth = auth_switch; auth->name; auth++)
+ (void) printf(" '%s'", auth->name);
+ (void) putchar('\n');
+}
diff --git a/sudo-1.7.4p4/auth/sudo_auth.h b/sudo-1.7.4p4/auth/sudo_auth.h
new file mode 100644
index 0000000..a4efe14
--- /dev/null
+++ b/sudo-1.7.4p4/auth/sudo_auth.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef SUDO_AUTH_H
+#define SUDO_AUTH_H
+
+/* Auth function return values. */
+#define AUTH_SUCCESS 0
+#define AUTH_FAILURE 1
+#define AUTH_INTR 2
+#define AUTH_FATAL 3
+
+typedef struct sudo_auth {
+ short flags; /* various flags, see below */
+ short status; /* status from verify routine */
+ char *name; /* name of the method as a string */
+ void *data; /* method-specific data pointer */
+ int (*init) __P((struct passwd *pw, char **prompt, struct sudo_auth *auth));
+ int (*setup) __P((struct passwd *pw, char **prompt, struct sudo_auth *auth));
+ int (*verify) __P((struct passwd *pw, char *p, struct sudo_auth *auth));
+ int (*cleanup) __P((struct passwd *pw, struct sudo_auth *auth));
+} sudo_auth;
+
+/* Values for sudo_auth.flags. */
+/* XXX - these names are too long for my liking */
+#define FLAG_USER 0x01 /* functions must run as the user, not root */
+#define FLAG_CONFIGURED 0x02 /* method configured ok */
+#define FLAG_ONEANDONLY 0x04 /* one and only auth method */
+
+/* Shortcuts for using the flags above. */
+#define NEEDS_USER(x) ((x)->flags & FLAG_USER)
+#define IS_CONFIGURED(x) ((x)->flags & FLAG_CONFIGURED)
+#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)
+
+/* Prototypes for standalone methods */
+int fwtk_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int fwtk_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
+int fwtk_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int pam_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int pam_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
+int pam_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int sia_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int sia_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
+int sia_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int aixauth_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int aixauth_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int bsdauth_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int bsdauth_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
+int bsdauth_cleanup __P((struct passwd *pw, sudo_auth *auth));
+
+/* Prototypes for normal methods */
+int passwd_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int passwd_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int secureware_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int secureware_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int rfc1938_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int rfc1938_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int afs_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int dce_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int kerb4_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int kerb4_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int kerb5_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int kerb5_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int kerb5_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int securid_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int securid_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int securid_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+
+/* Fields: need_root, name, init, setup, verify, cleanup */
+#define AUTH_ENTRY(r, n, i, s, v, c) \
+ { (r|FLAG_CONFIGURED), AUTH_FAILURE, n, NULL, i, s, v, c },
+
+/* Some methods cannots (or should not) interoperate with any others */
+#if defined(HAVE_PAM)
+# define AUTH_STANDALONE \
+ AUTH_ENTRY(0, "pam", \
+ pam_init, NULL, pam_verify, pam_cleanup)
+#elif defined(HAVE_SECURID)
+# define AUTH_STANDALONE \
+ AUTH_ENTRY(0, "SecurId", \
+ securid_init, securid_setup, securid_verify, NULL)
+#elif defined(HAVE_SIA_SES_INIT)
+# define AUTH_STANDALONE \
+ AUTH_ENTRY(0, "sia", \
+ NULL, sia_setup, sia_verify, sia_cleanup)
+#elif defined(HAVE_AIXAUTH)
+# define AUTH_STANDALONE \
+ AUTH_ENTRY(0, "aixauth", \
+ NULL, NULL, aixauth_verify, aixauth_cleanup)
+#elif defined(HAVE_FWTK)
+# define AUTH_STANDALONE \
+ AUTH_ENTRY(0, "fwtk", \
+ fwtk_init, NULL, fwtk_verify, fwtk_cleanup)
+#elif defined(HAVE_BSD_AUTH_H)
+# define AUTH_STANDALONE \
+ AUTH_ENTRY(0, "bsdauth", \
+ bsdauth_init, NULL, bsdauth_verify, bsdauth_cleanup)
+#endif
+
+#endif /* SUDO_AUTH_H */
diff --git a/sudo-1.7.4p4/boottime.c b/sudo-1.7.4p4/boottime.c
new file mode 100644
index 0000000..f75af3e
--- /dev/null
+++ b/sudo-1.7.4p4/boottime.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/time.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <limits.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+
+#ifdef HAVE_SYSCTL
+# include <sys/sysctl.h>
+#endif
+
+#include "compat.h"
+#include "missing.h"
+
+/*
+ * Fill in a struct timeval with the time the system booted.
+ * Returns 1 on success and 0 on failure.
+ */
+
+#if defined(__linux__)
+int
+get_boottime(tv)
+ struct timeval *tv;
+{
+ char *line = NULL;
+ size_t linesize = 0;
+ ssize_t len;
+ FILE * fp;
+
+ /* read btime from /proc/stat */
+ fp = fopen("/proc/stat", "r");
+ if (fp != NULL) {
+ while ((len = getline(&line, &linesize, fp)) != -1) {
+ if (strncmp(line, "btime ", 6) == 0) {
+ tv->tv_sec = atoi(line + 6);
+ tv->tv_usec = 0;
+ return 1;
+ }
+ }
+ fclose(fp);
+ free(line);
+ }
+
+ return 0;
+}
+
+#elif defined(HAVE_SYSCTL) && defined(KERN_BOOTTIME)
+
+int
+get_boottime(tv)
+ struct timeval *tv;
+{
+ size_t size;
+ int mib[2];
+
+ mib[0] = CTL_KERN;
+ mib[1] = KERN_BOOTTIME;
+ size = sizeof(*tv);
+ if (sysctl(mib, 2, tv, &size, NULL, 0) != -1)
+ return 1;
+
+ return 0;
+}
+
+#elif defined(HAVE_GETUTXID)
+
+#include <utmpx.h>
+int
+get_boottime(tv)
+ struct timeval *tv;
+{
+ struct utmpx *ut, key;
+
+ memset(&key, 0, sizeof(key));
+ key.ut_type = BOOT_TIME;
+ if ((ut = getutxid(&key)) != NULL) {
+ tv->tv_sec = ut->ut_tv.tv_sec;
+ tv->tv_usec = ut->ut_tv.tv_usec;
+ endutxent();
+ }
+ return ut != NULL;
+}
+
+#elif defined(HAVE_GETUTID)
+
+#include <utmp.h>
+int
+get_boottime(tv)
+ struct timeval *tv;
+{
+ struct utmp *ut, key;
+
+ memset(&key, 0, sizeof(key));
+ key.ut_type = BOOT_TIME;
+ if ((ut = getutid(&key)) != NULL) {
+ tv->tv_sec = ut->ut_time;
+ tv->tv_usec = 0;
+ endutent();
+ }
+ return ut != NULL;
+}
+
+#else
+
+int
+get_boottime(tv)
+ struct timeval *tv;
+{
+ return 0;
+}
+#endif
diff --git a/sudo-1.7.4p4/bsm_audit.c b/sudo-1.7.4p4/bsm_audit.c
new file mode 100644
index 0000000..b388b86
--- /dev/null
+++ b/sudo-1.7.4p4/bsm_audit.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 2009 Christian S.J. Peron
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include <bsm/audit.h>
+#include <bsm/libbsm.h>
+#include <bsm/audit_uevents.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <pwd.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include "bsm_audit.h"
+
+void log_error(int flags, const char *fmt, ...) __attribute__((__noreturn__));
+
+static int
+audit_sudo_selected(int sf)
+{
+ auditinfo_addr_t ainfo_addr;
+ struct au_mask *mask;
+ auditinfo_t ainfo;
+ int rc, sorf;
+
+ if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) {
+ if (errno == ENOSYS) {
+ if (getaudit(&ainfo) < 0)
+ log_error(0, "getaudit: failed");
+ mask = &ainfo.ai_mask;
+ } else
+ log_error(0, "getaudit: failed");
+ } else
+ mask = &ainfo_addr.ai_mask;
+ sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE;
+ rc = au_preselect(AUE_sudo, mask, sorf, AU_PRS_REREAD);
+ return (rc);
+}
+
+void
+bsm_audit_success(char **exec_args)
+{
+ auditinfo_addr_t ainfo_addr;
+ auditinfo_t ainfo;
+ token_t *tok;
+ au_id_t auid;
+ long au_cond;
+ int aufd;
+ pid_t pid;
+
+ pid = getpid();
+ /*
+ * If we are not auditing, don't cut an audit record; just return.
+ */
+ if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
+ if (errno == ENOSYS)
+ return;
+ log_error(0, "Could not determine audit condition");
+ }
+ if (au_cond == AUC_NOAUDIT)
+ return;
+ /*
+ * Check to see if the preselection masks are interested in seeing
+ * this event.
+ */
+ if (!audit_sudo_selected(0))
+ return;
+ if (getauid(&auid) < 0)
+ log_error(0, "getauid failed");
+ if ((aufd = au_open()) == -1)
+ log_error(0, "au_open: failed");
+ if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
+ tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
+ getuid(), pid, pid, &ainfo_addr.ai_termid);
+ } else if (errno == ENOSYS) {
+ /*
+ * NB: We should probably watch out for ERANGE here.
+ */
+ if (getaudit(&ainfo) < 0)
+ log_error(0, "getaudit: failed");
+ tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
+ getuid(), pid, pid, &ainfo.ai_termid);
+ } else
+ log_error(0, "getaudit: failed");
+ if (tok == NULL)
+ log_error(0, "au_to_subject: failed");
+ au_write(aufd, tok);
+ tok = au_to_exec_args(exec_args);
+ if (tok == NULL)
+ log_error(0, "au_to_exec_args: failed");
+ au_write(aufd, tok);
+ tok = au_to_return32(0, 0);
+ if (tok == NULL)
+ log_error(0, "au_to_return32: failed");
+ au_write(aufd, tok);
+ if (au_close(aufd, 1, AUE_sudo) == -1)
+ log_error(0, "unable to commit audit record");
+}
+
+void
+bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap)
+{
+ auditinfo_addr_t ainfo_addr;
+ auditinfo_t ainfo;
+ char text[256];
+ token_t *tok;
+ long au_cond;
+ au_id_t auid;
+ pid_t pid;
+ int aufd;
+
+ pid = getpid();
+ /*
+ * If we are not auditing, don't cut an audit record; just return.
+ */
+ if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+ if (errno == ENOSYS)
+ return;
+ log_error(0, "Could not determine audit condition");
+ }
+ if (au_cond == AUC_NOAUDIT)
+ return;
+ if (!audit_sudo_selected(1))
+ return;
+ if (getauid(&auid) < 0)
+ log_error(0, "getauid: failed");
+ if ((aufd = au_open()) == -1)
+ log_error(0, "au_open: failed");
+ if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
+ tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
+ getuid(), pid, pid, &ainfo_addr.ai_termid);
+ } else if (errno == ENOSYS) {
+ if (getaudit(&ainfo) < 0)
+ log_error(0, "getaudit: failed");
+ tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
+ getuid(), pid, pid, &ainfo.ai_termid);
+ } else
+ log_error(0, "getaudit: failed");
+ if (tok == NULL)
+ log_error(0, "au_to_subject: failed");
+ au_write(aufd, tok);
+ tok = au_to_exec_args(exec_args);
+ if (tok == NULL)
+ log_error(0, "au_to_exec_args: failed");
+ au_write(aufd, tok);
+ (void) vsnprintf(text, sizeof(text), fmt, ap);
+ tok = au_to_text(text);
+ if (tok == NULL)
+ log_error(0, "au_to_text: failed");
+ au_write(aufd, tok);
+ tok = au_to_return32(EPERM, 1);
+ if (tok == NULL)
+ log_error(0, "au_to_return32: failed");
+ au_write(aufd, tok);
+ if (au_close(aufd, 1, AUE_sudo) == -1)
+ log_error(0, "unable to commit audit record");
+}
diff --git a/sudo-1.7.4p4/bsm_audit.h b/sudo-1.7.4p4/bsm_audit.h
new file mode 100644
index 0000000..37be345
--- /dev/null
+++ b/sudo-1.7.4p4/bsm_audit.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009 Christian S.J. Peron
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_BSM_AUDIT_H
+#define _SUDO_BSM_AUDIT_H
+
+void bsm_audit_success(char **);
+void bsm_audit_failure(char **, char const * const, va_list);
+
+#endif /* _SUDO_BSM_AUDIT_H */
diff --git a/sudo-1.7.4p4/check.c b/sudo-1.7.4p4/check.c
new file mode 100644
index 0000000..d6efa6d
--- /dev/null
+++ b/sudo-1.7.4p4/check.c
@@ -0,0 +1,694 @@
+/*
+ * Copyright (c) 1993-1996,1998-2005, 2007-2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#ifdef __linux__
+# include <sys/vfs.h>
+#endif
+#if defined(__sun) && defined(__SVR4)
+# include <sys/statvfs.h>
+#endif
+#ifndef __TANDEM
+# include <sys/file.h>
+#endif
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudo.h"
+
+/* Status codes for timestamp_status() */
+#define TS_CURRENT 0
+#define TS_OLD 1
+#define TS_MISSING 2
+#define TS_NOFILE 3
+#define TS_ERROR 4
+
+/* Flags for timestamp_status() */
+#define TS_MAKE_DIRS 1
+#define TS_REMOVE 2
+
+/*
+ * Info stored in tty ticket from stat(2) to help with tty matching.
+ */
+static struct tty_info {
+ dev_t dev; /* ID of device tty resides on */
+ dev_t rdev; /* tty device ID */
+ ino_t ino; /* tty inode number */
+ struct timeval ctime; /* tty inode change time */
+} tty_info;
+
+static void build_timestamp __P((char **, char **));
+static int timestamp_status __P((char *, char *, char *, int));
+static char *expand_prompt __P((char *, char *, char *));
+static void lecture __P((int));
+static void update_timestamp __P((char *, char *));
+static int tty_is_devpts __P((const char *));
+
+/*
+ * This function only returns if the user can successfully
+ * verify who he/she is.
+ */
+void
+check_user(validated, mode)
+ int validated;
+ int mode;
+{
+ char *timestampdir = NULL;
+ char *timestampfile = NULL;
+ char *prompt;
+ struct stat sb;
+ int status;
+
+ /* Stash the tty's ctime for tty ticket comparison. */
+ if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
+ tty_info.dev = sb.st_dev;
+ tty_info.ino = sb.st_ino;
+ tty_info.rdev = sb.st_rdev;
+ if (tty_is_devpts(user_ttypath))
+ ctim_get(&sb, &tty_info.ctime);
+ }
+
+ /* Always prompt for a password when -k was specified with the command. */
+ if (ISSET(mode, MODE_INVALIDATE)) {
+ SET(validated, FLAG_CHECK_USER);
+ } else {
+ if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+ return;
+ }
+
+ build_timestamp(×tampdir, ×tampfile);
+ status = timestamp_status(timestampdir, timestampfile, user_name,
+ TS_MAKE_DIRS);
+
+ if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
+ /* Bail out if we are non-interactive and a password is required */
+ if (ISSET(mode, MODE_NONINTERACTIVE))
+ errorx(1, "sorry, a password is required to run %s", getprogname());
+
+ /* If user specified -A, make sure we have an askpass helper. */
+ if (ISSET(tgetpass_flags, TGP_ASKPASS)) {
+ if (user_askpass == NULL)
+ log_error(NO_MAIL,
+ "no askpass program specified, try setting SUDO_ASKPASS");
+ } else if (!ISSET(tgetpass_flags, TGP_STDIN)) {
+ /* If no tty but DISPLAY is set, use askpass if we have it. */
+ if (!user_ttypath && !tty_present()) {
+ if (user_askpass && user_display && *user_display != '\0') {
+ SET(tgetpass_flags, TGP_ASKPASS);
+ } else if (!def_visiblepw) {
+ log_error(NO_MAIL,
+ "no tty present and no askpass program specified");
+ }
+ }
+ }
+
+ if (!ISSET(tgetpass_flags, TGP_ASKPASS))
+ lecture(status);
+
+ /* Expand any escapes in the prompt. */
+ prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
+ user_name, user_shost);
+
+ verify_user(auth_pw, prompt);
+ }
+ /* Only update timestamp if user was validated. */
+ if (ISSET(validated, VALIDATE_OK) && !ISSET(mode, MODE_INVALIDATE) && status != TS_ERROR)
+ update_timestamp(timestampdir, timestampfile);
+ efree(timestampdir);
+ efree(timestampfile);
+}
+
+/*
+ * Standard sudo lecture.
+ */
+static void
+lecture(status)
+ int status;
+{
+ FILE *fp;
+ char buf[BUFSIZ];
+ ssize_t nread;
+
+ if (def_lecture == never ||
+ (def_lecture == once && status != TS_MISSING && status != TS_ERROR))
+ return;
+
+ if (def_lecture_file && (fp = fopen(def_lecture_file, "r")) != NULL) {
+ while ((nread = fread(buf, sizeof(char), sizeof(buf), fp)) != 0)
+ fwrite(buf, nread, 1, stderr);
+ fclose(fp);
+ } else {
+ (void) fputs("\n\
+We trust you have received the usual lecture from the local System\n\
+Administrator. It usually boils down to these three things:\n\
+\n\
+ #1) Respect the privacy of others.\n\
+ #2) Think before you type.\n\
+ #3) With great power comes great responsibility.\n\n",
+ stderr);
+ }
+}
+
+/*
+ * Update the time on the timestamp file/dir or create it if necessary.
+ */
+static void
+update_timestamp(timestampdir, timestampfile)
+ char *timestampdir;
+ char *timestampfile;
+{
+ /* If using tty timestamps but we have no tty there is nothing to do. */
+ if (timestampfile && !user_ttypath)
+ return;
+
+ if (timestamp_uid != 0)
+ set_perms(PERM_TIMESTAMP);
+ if (timestampfile) {
+ /*
+ * Store tty info in timestamp file
+ */
+ int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600);
+ if (fd == -1)
+ log_error(NO_EXIT|USE_ERRNO, "Can't open %s", timestampfile);
+ else {
+ lock_file(fd, SUDO_LOCK);
+ write(fd, &tty_info, sizeof(tty_info));
+ close(fd);
+ }
+ } else {
+ if (touch(-1, timestampdir, NULL) == -1) {
+ if (mkdir(timestampdir, 0700) == -1)
+ log_error(NO_EXIT|USE_ERRNO, "Can't mkdir %s", timestampdir);
+ }
+ }
+ if (timestamp_uid != 0)
+ set_perms(PERM_ROOT);
+}
+
+/*
+ * Expand %h and %u escapes in the prompt and pass back the dynamically
+ * allocated result. Returns the same string if there are no escapes.
+ */
+static char *
+expand_prompt(old_prompt, user, host)
+ char *old_prompt;
+ char *user;
+ char *host;
+{
+ size_t len, n;
+ int subst;
+ char *p, *np, *new_prompt, *endp;
+
+ /* How much space do we need to malloc for the prompt? */
+ subst = 0;
+ for (p = old_prompt, len = strlen(old_prompt); *p; p++) {
+ if (p[0] =='%') {
+ switch (p[1]) {
+ case 'h':
+ p++;
+ len += strlen(user_shost) - 2;
+ subst = 1;
+ break;
+ case 'H':
+ p++;
+ len += strlen(user_host) - 2;
+ subst = 1;
+ break;
+ case 'p':
+ p++;
+ if (def_rootpw)
+ len += 2;
+ else if (def_targetpw || def_runaspw)
+ len += strlen(runas_pw->pw_name) - 2;
+ else
+ len += strlen(user_name) - 2;
+ subst = 1;
+ break;
+ case 'u':
+ p++;
+ len += strlen(user_name) - 2;
+ subst = 1;
+ break;
+ case 'U':
+ p++;
+ len += strlen(runas_pw->pw_name) - 2;
+ subst = 1;
+ break;
+ case '%':
+ p++;
+ len--;
+ subst = 1;
+ break;
+ default:
+ break;
+ }
+ }
+ }
+
+ if (subst) {
+ new_prompt = (char *) emalloc(++len);
+ endp = new_prompt + len;
+ for (p = old_prompt, np = new_prompt; *p; p++) {
+ if (p[0] =='%') {
+ switch (p[1]) {
+ case 'h':
+ p++;
+ n = strlcpy(np, user_shost, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case 'H':
+ p++;
+ n = strlcpy(np, user_host, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case 'p':
+ p++;
+ if (def_rootpw)
+ n = strlcpy(np, "root", np - endp);
+ else if (def_targetpw || def_runaspw)
+ n = strlcpy(np, runas_pw->pw_name, np - endp);
+ else
+ n = strlcpy(np, user_name, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case 'u':
+ p++;
+ n = strlcpy(np, user_name, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case 'U':
+ p++;
+ n = strlcpy(np, runas_pw->pw_name, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case '%':
+ /* convert %% -> % */
+ p++;
+ break;
+ default:
+ /* no conversion */
+ break;
+ }
+ }
+ *np++ = *p;
+ if (np >= endp)
+ goto oflow;
+ }
+ *np = '\0';
+ } else
+ new_prompt = old_prompt;
+
+ return(new_prompt);
+
+oflow:
+ /* We pre-allocate enough space, so this should never happen. */
+ errorx(1, "internal error, expand_prompt() overflow");
+}
+
+/*
+ * Checks if the user is exempt from supplying a password.
+ */
+int
+user_is_exempt()
+{
+ if (!def_exempt_group)
+ return(FALSE);
+ return(user_in_group(sudo_user.pw, def_exempt_group));
+}
+
+/*
+ * Fills in timestampdir as well as timestampfile if using tty tickets.
+ */
+static void
+build_timestamp(timestampdir, timestampfile)
+ char **timestampdir;
+ char **timestampfile;
+{
+ char *dirparent;
+ int len;
+
+ dirparent = def_timestampdir;
+ len = easprintf(timestampdir, "%s/%s", dirparent, user_name);
+ if (len >= PATH_MAX)
+ log_error(0, "timestamp path too long: %s", *timestampdir);
+
+ /*
+ * Timestamp file may be a file in the directory or NUL to use
+ * the directory as the timestamp.
+ */
+ if (def_tty_tickets) {
+ char *p;
+
+ if ((p = strrchr(user_tty, '/')))
+ p++;
+ else
+ p = user_tty;
+ if (def_targetpw)
+ len = easprintf(timestampfile, "%s/%s/%s:%s", dirparent, user_name,
+ p, runas_pw->pw_name);
+ else
+ len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p);
+ if (len >= PATH_MAX)
+ log_error(0, "timestamp path too long: %s", *timestampfile);
+ } else if (def_targetpw) {
+ len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name,
+ runas_pw->pw_name);
+ if (len >= PATH_MAX)
+ log_error(0, "timestamp path too long: %s", *timestampfile);
+ } else
+ *timestampfile = NULL;
+}
+
+/*
+ * Check the timestamp file and directory and return their status.
+ */
+static int
+timestamp_status(timestampdir, timestampfile, user, flags)
+ char *timestampdir;
+ char *timestampfile;
+ char *user;
+ int flags;
+{
+ struct stat sb;
+ struct timeval boottime, mtime;
+ time_t now;
+ char *dirparent = def_timestampdir;
+ int status = TS_ERROR; /* assume the worst */
+
+ if (timestamp_uid != 0)
+ set_perms(PERM_TIMESTAMP);
+
+ /*
+ * Sanity check dirparent and make it if it doesn't already exist.
+ * We start out assuming the worst (that the dir is not sane) and
+ * if it is ok upgrade the status to ``no timestamp file''.
+ * Note that we don't check the parent(s) of dirparent for
+ * sanity since the sudo dir is often just located in /tmp.
+ */
+ if (lstat(dirparent, &sb) == 0) {
+ if (!S_ISDIR(sb.st_mode))
+ log_error(NO_EXIT, "%s exists but is not a directory (0%o)",
+ dirparent, (unsigned int) sb.st_mode);
+ else if (sb.st_uid != timestamp_uid)
+ log_error(NO_EXIT, "%s owned by uid %lu, should be uid %lu",
+ dirparent, (unsigned long) sb.st_uid,
+ (unsigned long) timestamp_uid);
+ else if ((sb.st_mode & 0000022))
+ log_error(NO_EXIT,
+ "%s writable by non-owner (0%o), should be mode 0700",
+ dirparent, (unsigned int) sb.st_mode);
+ else {
+ if ((sb.st_mode & 0000777) != 0700)
+ (void) chmod(dirparent, 0700);
+ status = TS_MISSING;
+ }
+ } else if (errno != ENOENT) {
+ log_error(NO_EXIT|USE_ERRNO, "can't stat %s", dirparent);
+ } else {
+ /* No dirparent, try to make one. */
+ if (ISSET(flags, TS_MAKE_DIRS)) {
+ if (mkdir(dirparent, S_IRWXU))
+ log_error(NO_EXIT|USE_ERRNO, "can't mkdir %s",
+ dirparent);
+ else
+ status = TS_MISSING;
+ }
+ }
+ if (status == TS_ERROR) {
+ if (timestamp_uid != 0)
+ set_perms(PERM_ROOT);
+ return(status);
+ }
+
+ /*
+ * Sanity check the user's ticket dir. We start by downgrading
+ * the status to TS_ERROR. If the ticket dir exists and is sane
+ * this will be upgraded to TS_OLD. If the dir does not exist,
+ * it will be upgraded to TS_MISSING.
+ */
+ status = TS_ERROR; /* downgrade status again */
+ if (lstat(timestampdir, &sb) == 0) {
+ if (!S_ISDIR(sb.st_mode)) {
+ if (S_ISREG(sb.st_mode)) {
+ /* convert from old style */
+ if (unlink(timestampdir) == 0)
+ status = TS_MISSING;
+ } else
+ log_error(NO_EXIT, "%s exists but is not a directory (0%o)",
+ timestampdir, (unsigned int) sb.st_mode);
+ } else if (sb.st_uid != timestamp_uid)
+ log_error(NO_EXIT, "%s owned by uid %lu, should be uid %lu",
+ timestampdir, (unsigned long) sb.st_uid,
+ (unsigned long) timestamp_uid);
+ else if ((sb.st_mode & 0000022))
+ log_error(NO_EXIT,
+ "%s writable by non-owner (0%o), should be mode 0700",
+ timestampdir, (unsigned int) sb.st_mode);
+ else {
+ if ((sb.st_mode & 0000777) != 0700)
+ (void) chmod(timestampdir, 0700);
+ status = TS_OLD; /* do date check later */
+ }
+ } else if (errno != ENOENT) {
+ log_error(NO_EXIT|USE_ERRNO, "can't stat %s", timestampdir);
+ } else
+ status = TS_MISSING;
+
+ /*
+ * If there is no user ticket dir, AND we are in tty ticket mode,
+ * AND the TS_MAKE_DIRS flag is set, create the user ticket dir.
+ */
+ if (status == TS_MISSING && timestampfile && ISSET(flags, TS_MAKE_DIRS)) {
+ if (mkdir(timestampdir, S_IRWXU) == -1) {
+ status = TS_ERROR;
+ log_error(NO_EXIT|USE_ERRNO, "can't mkdir %s", timestampdir);
+ }
+ }
+
+ /*
+ * Sanity check the tty ticket file if it exists.
+ */
+ if (timestampfile && status != TS_ERROR) {
+ if (status != TS_MISSING)
+ status = TS_NOFILE; /* dir there, file missing */
+ if (!user_ttypath)
+ goto done; /* no tty, always prompt */
+ if (lstat(timestampfile, &sb) == 0) {
+ if (!S_ISREG(sb.st_mode)) {
+ status = TS_ERROR;
+ log_error(NO_EXIT, "%s exists but is not a regular file (0%o)",
+ timestampfile, (unsigned int) sb.st_mode);
+ } else {
+ /* If bad uid or file mode, complain and kill the bogus file. */
+ if (sb.st_uid != timestamp_uid) {
+ log_error(NO_EXIT,
+ "%s owned by uid %lu, should be uid %lu",
+ timestampfile, (unsigned long) sb.st_uid,
+ (unsigned long) timestamp_uid);
+ (void) unlink(timestampfile);
+ } else if ((sb.st_mode & 0000022)) {
+ log_error(NO_EXIT,
+ "%s writable by non-owner (0%o), should be mode 0600",
+ timestampfile, (unsigned int) sb.st_mode);
+ (void) unlink(timestampfile);
+ } else {
+ /* If not mode 0600, fix it. */
+ if ((sb.st_mode & 0000777) != 0600)
+ (void) chmod(timestampfile, 0600);
+
+ /*
+ * Check for stored tty info. If the file is zero-sized
+ * it is an old-style timestamp with no tty info in it.
+ * If removing, we don't care about the contents.
+ * The actual mtime check is done later.
+ */
+ if (ISSET(flags, TS_REMOVE)) {
+ status = TS_OLD;
+ } else if (sb.st_size != 0) {
+ struct tty_info info;
+ int fd = open(timestampfile, O_RDONLY, 0644);
+ if (fd != -1) {
+ if (read(fd, &info, sizeof(info)) == sizeof(info) &&
+ memcmp(&info, &tty_info, sizeof(info)) == 0) {
+ status = TS_OLD;
+ }
+ close(fd);
+ }
+ }
+ }
+ }
+ } else if (errno != ENOENT) {
+ log_error(NO_EXIT|USE_ERRNO, "can't stat %s", timestampfile);
+ status = TS_ERROR;
+ }
+ }
+
+ /*
+ * If the file/dir exists and we are not removing it, check its mtime.
+ */
+ if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) {
+ mtim_get(&sb, &mtime);
+ /* Negative timeouts only expire manually (sudo -k). */
+ if (def_timestamp_timeout < 0 && mtime.tv_sec != 0)
+ status = TS_CURRENT;
+ else {
+ now = time(NULL);
+ if (def_timestamp_timeout &&
+ now - mtime.tv_sec < 60 * def_timestamp_timeout) {
+ /*
+ * Check for bogus time on the stampfile. The clock may
+ * have been set back or someone could be trying to spoof us.
+ */
+ if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
+ time_t tv_sec = (time_t)mtime.tv_sec;
+ log_error(NO_EXIT,
+ "timestamp too far in the future: %20.20s",
+ 4 + ctime(&tv_sec));
+ if (timestampfile)
+ (void) unlink(timestampfile);
+ else
+ (void) rmdir(timestampdir);
+ status = TS_MISSING;
+ } else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) {
+ status = TS_OLD;
+ } else {
+ status = TS_CURRENT;
+ }
+ }
+ }
+ }
+
+done:
+ if (timestamp_uid != 0)
+ set_perms(PERM_ROOT);
+ return(status);
+}
+
+/*
+ * Remove the timestamp ticket file/dir.
+ */
+void
+remove_timestamp(remove)
+ int remove;
+{
+ struct timeval tv;
+ char *timestampdir, *timestampfile, *path;
+ int status;
+
+ build_timestamp(×tampdir, ×tampfile);
+ status = timestamp_status(timestampdir, timestampfile, user_name,
+ TS_REMOVE);
+ if (status == TS_OLD || status == TS_CURRENT) {
+ path = timestampfile ? timestampfile : timestampdir;
+ if (remove) {
+ if (timestampfile)
+ status = unlink(timestampfile);
+ else
+ status = rmdir(timestampdir);
+ if (status == -1 && errno != ENOENT) {
+ log_error(NO_EXIT, "can't remove %s (%s), will reset to Epoch",
+ path, strerror(errno));
+ remove = FALSE;
+ }
+ } else {
+ timevalclear(&tv);
+ if (touch(-1, path, &tv) == -1 && errno != ENOENT)
+ error(1, "can't reset %s to Epoch", path);
+ }
+ }
+
+ efree(timestampdir);
+ efree(timestampfile);
+}
+
+/*
+ * Returns TRUE if tty lives on a devpts or /devices filesystem, else FALSE.
+ * Unlike most filesystems, the ctime of devpts nodes is not updated when
+ * the device node is written to, only when the inode's status changes,
+ * typically via the chmod, chown, link, rename, or utimes system calls.
+ * Since the ctime is "stable" in this case, we can stash it the tty ticket
+ * file and use it to determine whether the tty ticket file is stale.
+ */
+static int
+tty_is_devpts(tty)
+ const char *tty;
+{
+ int retval = FALSE;
+#ifdef __linux__
+ struct statfs sfs;
+
+#ifndef DEVPTS_SUPER_MAGIC
+# define DEVPTS_SUPER_MAGIC 0x1cd1
+#endif
+
+ if (statfs(tty, &sfs) == 0) {
+ if (sfs.f_type == DEVPTS_SUPER_MAGIC)
+ retval = TRUE;
+ }
+#elif defined(__sun) && defined(__SVR4)
+ struct statvfs sfs;
+
+ if (statvfs(tty, &sfs) == 0) {
+ if (strcmp(sfs.f_fstr, "devices") == 0)
+ retval = TRUE;
+ }
+#endif /* __linux__ */
+ return retval;
+}
diff --git a/sudo-1.7.4p4/closefrom.c b/sudo-1.7.4p4/closefrom.c
new file mode 100644
index 0000000..fb9958e
--- /dev/null
+++ b/sudo-1.7.4p4/closefrom.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2004-2005, 2007
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <unistd.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#include <fcntl.h>
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+# include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+# include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+# include <ndir.h>
+# endif
+#endif
+
+#include "sudo.h"
+
+#ifndef HAVE_FCNTL_CLOSEM
+# ifndef HAVE_DIRFD
+# define closefrom_fallback closefrom
+# endif
+#endif
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ * This is the expensive (ballback) method.
+ */
+void
+closefrom_fallback(lowfd)
+ int lowfd;
+{
+ long fd, maxfd;
+
+ /*
+ * Fall back on sysconf() or getdtablesize(). We avoid checking
+ * resource limits since it is possible to open a file descriptor
+ * and then drop the rlimit such that it is below the open fd.
+ */
+#ifdef HAVE_SYSCONF
+ maxfd = sysconf(_SC_OPEN_MAX);
+#else
+ maxfd = getdtablesize();
+#endif /* HAVE_SYSCONF */
+ if (maxfd < 0)
+ maxfd = OPEN_MAX;
+
+ for (fd = lowfd; fd < maxfd; fd++)
+ (void) close((int) fd);
+}
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ * We try the fast way first, falling back on the slow method.
+ */
+#ifdef HAVE_FCNTL_CLOSEM
+void
+closefrom(lowfd)
+ int lowfd;
+{
+ if (fcntl(lowfd, F_CLOSEM, 0) == -1)
+ closefrom_fallback(lowfd);
+}
+#else
+# ifdef HAVE_DIRFD
+void
+closefrom(lowfd)
+ int lowfd;
+{
+ struct dirent *dent;
+ DIR *dirp;
+ char *endp;
+ long fd;
+
+ /* Use /proc/self/fd directory if it exists. */
+ if ((dirp = opendir("/proc/self/fd")) != NULL) {
+ while ((dent = readdir(dirp)) != NULL) {
+ fd = strtol(dent->d_name, &endp, 10);
+ if (dent->d_name != endp && *endp == '\0' &&
+ fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
+ (void) close((int) fd);
+ }
+ (void) closedir(dirp);
+ } else
+ closefrom_fallback(lowfd);
+}
+#endif /* HAVE_DIRFD */
+#endif /* HAVE_FCNTL_CLOSEM */
diff --git a/sudo-1.7.4p4/compat.h b/sudo-1.7.4p4/compat.h
new file mode 100644
index 0000000..c01924d
--- /dev/null
+++ b/sudo-1.7.4p4/compat.h
@@ -0,0 +1,312 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2008-2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef _SUDO_COMPAT_H
+#define _SUDO_COMPAT_H
+
+/*
+ * Macros that may be missing on some Operating Systems
+ */
+
+/* Deal with ANSI stuff reasonably. */
+#ifndef __P
+# if defined (__cplusplus) || defined (__STDC__)
+# define __P(args) args
+# else
+# define __P(args) ()
+# endif
+#endif /* __P */
+
+/* Define away __attribute__ for non-gcc or old gcc */
+#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC__ == 2 && __GNUC_MINOR__ < 5
+# define __attribute__(x)
+#endif
+
+/* For silencing gcc warnings about rcsids */
+#ifndef __unused
+# if defined(__GNUC__) && (__GNUC__ > 2 || __GNUC__ == 2 && __GNUC_MINOR__ > 7)
+# define __unused __attribute__((__unused__))
+# else
+# define __unused
+# endif
+#endif
+
+/* For catching format string mismatches */
+#ifndef __printflike
+# if defined(__GNUC__) && (__GNUC__ > 2 || __GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+# define __printflike(f, v) __attribute__((__format__ (__printf__, f, v)))
+# else
+# define __printflike(f, v)
+# endif
+#endif
+
+/*
+ * Some systems lack full limit definitions.
+ */
+#ifndef OPEN_MAX
+# define OPEN_MAX 256
+#endif
+
+#ifndef INT_MAX
+# define INT_MAX 0x7fffffff
+#endif
+
+#ifndef PATH_MAX
+# ifdef MAXPATHLEN
+# define PATH_MAX MAXPATHLEN
+# else
+# ifdef _POSIX_PATH_MAX
+# define PATH_MAX _POSIX_PATH_MAX
+# else
+# define PATH_MAX 1024
+# endif
+# endif
+#endif
+
+#ifndef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN 64
+#endif
+
+/*
+ * Posix versions for those without...
+ */
+#ifndef _S_IFMT
+# define _S_IFMT S_IFMT
+#endif /* _S_IFMT */
+#ifndef _S_IFREG
+# define _S_IFREG S_IFREG
+#endif /* _S_IFREG */
+#ifndef _S_IFDIR
+# define _S_IFDIR S_IFDIR
+#endif /* _S_IFDIR */
+#ifndef _S_IFLNK
+# define _S_IFLNK S_IFLNK
+#endif /* _S_IFLNK */
+#ifndef S_ISREG
+# define S_ISREG(m) (((m) & _S_IFMT) == _S_IFREG)
+#endif /* S_ISREG */
+#ifndef S_ISDIR
+# define S_ISDIR(m) (((m) & _S_IFMT) == _S_IFDIR)
+#endif /* S_ISDIR */
+
+/*
+ * Some OS's may not have this.
+ */
+#ifndef S_IRWXU
+# define S_IRWXU 0000700 /* rwx for owner */
+#endif /* S_IRWXU */
+
+/*
+ * These should be defined in <unistd.h> but not everyone has them.
+ */
+#ifndef STDIN_FILENO
+# define STDIN_FILENO 0
+#endif
+#ifndef STDOUT_FILENO
+# define STDOUT_FILENO 1
+#endif
+#ifndef STDERR_FILENO
+# define STDERR_FILENO 2
+#endif
+
+/*
+ * These should be defined in <unistd.h> but not everyone has them.
+ */
+#ifndef SEEK_SET
+# define SEEK_SET 0
+#endif
+#ifndef SEEK_CUR
+# define SEEK_CUR 1
+#endif
+#ifndef SEEK_END
+# define SEEK_END 2
+#endif
+
+/*
+ * BSD defines these in <sys/param.h> but others may not.
+ */
+#ifndef MIN
+# define MIN(a,b) (((a)<(b))?(a):(b))
+#endif
+#ifndef MAX
+# define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
+/*
+ * Simple isblank() macro and function for systems without it.
+ */
+#ifndef HAVE_ISBLANK
+int isblank __P((int));
+# define isblank(_x) ((_x) == ' ' || (_x) == '\t')
+#endif
+
+/*
+ * Old BSD systems lack strchr(), strrchr(), memset() and memcpy()
+ */
+#if !defined(HAVE_STRCHR) && !defined(strchr)
+# define strchr(_s, _c) index(_s, _c)
+#endif
+#if !defined(HAVE_STRRCHR) && !defined(strrchr)
+# define strrchr(_s, _c) rindex(_s, _c)
+#endif
+#if !defined(HAVE_MEMCPY) && !defined(memcpy)
+# define memcpy(_d, _s, _n) (bcopy(_s, _d, _n))
+#endif
+#if !defined(HAVE_MEMSET) && !defined(memset)
+# define memset(_s, _x, _n) (bzero(_s, _n))
+#endif
+
+/*
+ * NCR's SVr4 has _innetgr(3) instead of innetgr(3) for some reason.
+ */
+#ifdef HAVE__INNETGR
+# define innetgr(n, h, u, d) (_innetgr(n, h, u, d))
+# define HAVE_INNETGR 1
+#endif /* HAVE__INNETGR */
+
+/*
+ * On POSIX systems, O_NOCTTY is the default so some OS's may lack this define.
+ */
+#ifndef O_NOCTTY
+# define O_NOCTTY 0
+#endif /* O_NOCTTY */
+
+/*
+ * Emulate POSIX signals via sigvec(2)
+ */
+#ifndef HAVE_SIGACTION
+# define SA_ONSTACK SV_ONSTACK
+# define SA_RESTART SV_INTERRUPT /* opposite effect */
+# define SA_RESETHAND SV_RESETHAND
+# define sa_handler sv_handler
+# define sa_mask sv_mask
+# define sa_flags sv_flags
+typedef struct sigvec sigaction_t;
+typedef int sigset_t;
+int sigaction __P((int sig, const sigaction_t *act, sigaction_t *oact));
+int sigemptyset __P((sigset_t *));
+int sigfillset __P((sigset_t *));
+int sigaddset __P((sigset_t *, int));
+int sigdelset __P((sigset_t *, int));
+int sigismember __P((sigset_t *, int));
+int sigprocmask __P((int, const sigset_t *, sigset_t *));
+#endif
+
+/*
+ * Extra sugar for POSIX signals to deal with the above emulation
+ * as well as the fact that SunOS has a SA_INTERRUPT flag.
+ */
+#ifdef HAVE_SIGACTION
+# ifndef HAVE_SIGACTION_T
+typedef struct sigaction sigaction_t;
+# endif
+# ifndef SA_INTERRUPT
+# define SA_INTERRUPT 0
+# endif
+# ifndef SA_RESTART
+# define SA_RESTART 0
+# endif
+#endif
+
+/*
+ * If dirfd() does not exists, hopefully dd_fd does.
+ */
+#if !defined(HAVE_DIRFD) && defined(HAVE_DD_FD)
+# define dirfd(_d) ((_d)->dd_fd)
+# define HAVE_DIRFD
+#endif
+
+/*
+ * Define futimes() in terms of futimesat() if needed.
+ */
+#if !defined(HAVE_FUTIMES) && defined(HAVE_FUTIMESAT)
+# define futimes(_f, _tv) futimesat(_f, NULL, _tv)
+# define HAVE_FUTIMES
+#endif
+
+#if !defined(HAVE_KILLPG) && !defined(killpg)
+# define killpg(s) kill(-(s))
+#endif
+
+/*
+ * If we lack getprogname(), emulate with __progname if possible.
+ * Otherwise, add a prototype for use with our own getprogname.c.
+ */
+#ifndef HAVE_GETPROGNAME
+# ifdef HAVE___PROGNAME
+extern const char *__progname;
+# define getprogname() (__progname)
+# else
+const char *getprogname __P((void));
+#endif /* HAVE___PROGNAME */
+#endif /* !HAVE_GETPROGNAME */
+
+#ifndef timevalclear
+# define timevalclear(tv) ((tv)->tv_sec = (tv)->tv_usec = 0)
+#endif
+#ifndef timevalisset
+# define timevalisset(tv) ((tv)->tv_sec || (tv)->tv_usec)
+#endif
+#ifndef timevalcmp
+# define timevalcmp(tv1, tv2, op) \
+ (((tv1)->tv_sec == (tv2)->tv_sec) ? \
+ ((tv1)->tv_usec op (tv2)->tv_usec) : \
+ ((tv1)->tv_sec op (tv2)->tv_sec))
+#endif
+#ifndef timevaladd
+# define timevaladd(tv1, tv2) \
+ do { \
+ (tv1)->tv_sec += (tv2)->tv_sec; \
+ (tv1)->tv_usec += (tv2)->tv_usec; \
+ if ((tv1)->tv_usec >= 1000000) { \
+ (tv1)->tv_sec++; \
+ (tv1)->tv_usec -= 1000000; \
+ } \
+ } while (0)
+#endif
+#ifndef timevalsub
+# define timevalsub(tv1, tv2) \
+ do { \
+ (tv1)->tv_sec -= (tv2)->tv_sec; \
+ (tv1)->tv_usec -= (tv2)->tv_usec; \
+ if ((tv1)->tv_usec < 0) { \
+ (tv1)->tv_sec--; \
+ (tv1)->tv_usec += 1000000; \
+ } \
+ } while (0)
+#endif
+
+/* Not all systems define NSIG in signal.h */
+#if !defined(NSIG)
+# if defined(_NSIG)
+# define NSIG _NSIG
+# elif defined(__NSIG)
+# define NSIG __NSIG
+# else
+# define NSIG 64
+# endif
+#endif
+
+#ifndef WCOREDUMP
+# define WCOREDUMP(x) ((x) & 0x80)
+#endif
+
+#endif /* _SUDO_COMPAT_H */
diff --git a/sudo-1.7.4p4/config.guess b/sudo-1.7.4p4/config.guess
new file mode 100644
index 0000000..d53e309
--- /dev/null
+++ b/sudo-1.7.4p4/config.guess
@@ -0,0 +1,1498 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+# Free Software Foundation, Inc.
+
+timestamp='2009-11-19'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner. Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ELF__
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ *:SolidBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ alpha:OSF1:*:*)
+ case $UNAME_RELEASE in
+ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ exit ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit ;;
+ *:AIX:*:[456])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep -q __LP64__
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:FreeBSD:*:*)
+ case ${UNAME_MACHINE} in
+ pc98)
+ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ amd64)
+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ *)
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ esac
+ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit ;;
+ *:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit ;;
+ *:Interix*:*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ authenticamd | genuineintel | EM64T)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ IA64)
+ echo ia64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ *:GNU:*:*)
+ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
+ arm*:Linux:*:*)
+ eval $set_cc_for_build
+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_EABI__
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ fi
+ exit ;;
+ avr32*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux-gnu
+ exit ;;
+ crisv32:Linux:*:*)
+ echo crisv32-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo frv-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ LIBC=gnu
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ mips:Linux:*:* | mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=${UNAME_MACHINE}el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=${UNAME_MACHINE}
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ or32:Linux:*:*)
+ echo or32-unknown-linux-gnu
+ exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-unknown-linux-gnu ;;
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ vax:Linux:*:*)
+ echo ${UNAME_MACHINE}-dec-linux-gnu
+ exit ;;
+ x86_64:Linux:*:*)
+ echo x86_64-unknown-linux-gnu
+ exit ;;
+ xtensa*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
+ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes@openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit ;;
+ *:*:*:FTX*)
+ # From seanf@swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo hppa1.1-stratus-vos
+ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Darwin:*:*)
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ i386)
+ eval $set_cc_for_build
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ UNAME_PROCESSOR="x86_64"
+ fi
+ fi ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+ i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ c34*)
+ echo c34-convex-bsd
+ exit ;;
+ c38*)
+ echo c38-convex-bsd
+ exit ;;
+ c4*)
+ echo c4-convex-bsd
+ exit ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/sudo-1.7.4p4/config.h.in b/sudo-1.7.4p4/config.h.in
new file mode 100644
index 0000000..af5653b
--- /dev/null
+++ b/sudo-1.7.4p4/config.h.in
@@ -0,0 +1,865 @@
+/* config.h.in. Generated from configure.in by autoheader. */
+
+#ifndef _SUDO_CONFIG_H
+#define _SUDO_CONFIG_H
+
+/* Define to 1 if the `syslog' function returns a non-zero int to denote
+ failure. */
+#undef BROKEN_SYSLOG
+
+/* Define to 1 if you want the insults from the "classic" version sudo. */
+#undef CLASSIC_INSULTS
+
+/* Define to 1 if you want insults culled from the twisted minds of CSOps. */
+#undef CSOPS_INSULTS
+
+/* Define to 1 if you want sudo to display "command not allowed" instead of
+ "command not found" when a command cannot be found. */
+#undef DONT_LEAK_PATH_INFO
+
+/* A colon-separated list of pathnames to be used as the editor for visudo. */
+#undef EDITOR
+
+/* Define to 1 to enable environment function debugging. */
+#undef ENV_DEBUG
+
+/* Define to 1 if you want visudo to honor the EDITOR and VISUAL env
+ variables. */
+#undef ENV_EDITOR
+
+/* If defined, users in this group need not enter a passwd (ie "sudo"). */
+#undef EXEMPTGROUP
+
+/* Define to 1 if you want to require fully qualified hosts in sudoers. */
+#undef FQDN
+
+/* Define to the type of elements in the array set by `getgroups'. Usually
+ this is either `int' or `gid_t'. */
+#undef GETGROUPS_T
+
+/* Define to 1 if you want insults from the "Goon Show". */
+#undef GOONS_INSULTS
+
+/* Define to 1 if you want 2001-like insults. */
+#undef HAL_INSULTS
+
+/* Define to 1 if you use AFS. */
+#undef HAVE_AFS
+
+/* Define to 1 if you use AIX general authentication. */
+#undef HAVE_AIXAUTH
+
+/* Define to 1 if you have the `asprintf' function. */
+#undef HAVE_ASPRINTF
+
+/* Define to 1 if you have the `authenticate' function. */
+#undef HAVE_AUTHENTICATE
+
+/* Define to 1 if you have the `auth_challenge' function. */
+#undef HAVE_AUTH_CHALLENGE
+
+/* Define to 1 if you have the `bigcrypt' function. */
+#undef HAVE_BIGCRYPT
+
+/* Define to 1 if you use BSD authentication. */
+#undef HAVE_BSD_AUTH_H
+
+/* Define to 1 to enable BSM audit support. */
+#undef HAVE_BSM_AUDIT
+
+/* Define to 1 if you have the `closefrom' function. */
+#undef HAVE_CLOSEFROM
+
+/* Define to 1 if you use OSF DCE. */
+#undef HAVE_DCE
+
+/* Define to 1 if your `DIR' contains dd_fd. */
+#undef HAVE_DD_FD
+
+/* Define to 1 if you have the declaration of `sys_siglist', and to 0 if you
+ don't. */
+#undef HAVE_DECL_SYS_SIGLIST
+
+/* Define to 1 if you have the declaration of `_sys_siglist', and to 0 if you
+ don't. */
+#undef HAVE_DECL__SYS_SIGLIST
+
+/* Define to 1 if you have the declaration of `__sys_siglist', and to 0 if you
+ don't. */
+#undef HAVE_DECL___SYS_SIGLIST
+
+/* Define to 1 if you have the `dgettext' function. */
+#undef HAVE_DGETTEXT
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+ */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the `dirfd' function or macro. */
+#undef HAVE_DIRFD
+
+/* Define to 1 if you have the `dispcrypt' function. */
+#undef HAVE_DISPCRYPT
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags. */
+#undef HAVE_EXTENDED_GLOB
+
+/* Define to 1 if your system has the F_CLOSEM fcntl. */
+#undef HAVE_FCNTL_CLOSEM
+
+/* Define to 1 if you have the `fgetln' function. */
+#undef HAVE_FGETLN
+
+/* Define to 1 if you have the `flock' function. */
+#undef HAVE_FLOCK
+
+/* Define to 1 if you have the `fnmatch' function. */
+#undef HAVE_FNMATCH
+
+/* Define to 1 if you have the `freeifaddrs' function. */
+#undef HAVE_FREEIFADDRS
+
+/* Define to 1 if you have the `fstat' function. */
+#undef HAVE_FSTAT
+
+/* Define to 1 if you have the `futime' function. */
+#undef HAVE_FUTIME
+
+/* Define to 1 if you have the `futimes' function. */
+#undef HAVE_FUTIMES
+
+/* Define to 1 if you have the `futimesat' function. */
+#undef HAVE_FUTIMESAT
+
+/* Define to 1 if you use the FWTK authsrv daemon. */
+#undef HAVE_FWTK
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow
+ passwords) */
+#undef HAVE_GETAUTHUID
+
+/* Define to 1 if you have the `getcwd' function. */
+#undef HAVE_GETCWD
+
+/* Define to 1 if you have the `getdomainname' function. */
+#undef HAVE_GETDOMAINNAME
+
+/* Define to 1 if you have the `getgroups' function. */
+#undef HAVE_GETGROUPS
+
+/* Define to 1 if you have the `getifaddrs' function. */
+#undef HAVE_GETIFADDRS
+
+/* Define to 1 if you have the `getline' function. */
+#undef HAVE_GETLINE
+
+/* Define to 1 if you have the `getprogname' function. */
+#undef HAVE_GETPROGNAME
+
+/* Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow
+ passwords) */
+#undef HAVE_GETPRPWNAM
+
+/* Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow
+ passwords) */
+#undef HAVE_GETPWANAM
+
+/* Define to 1 if you have the `getspnam' function (SVR4-style shadow
+ passwords) */
+#undef HAVE_GETSPNAM
+
+/* Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow
+ passwords) */
+#undef HAVE_GETSPWUID
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the `getuserattr' function. */
+#undef HAVE_GETUSERATTR
+
+/* Define to 1 if you have the `getutid' function. */
+#undef HAVE_GETUTID
+
+/* Define to 1 if you have the `getutxid' function. */
+#undef HAVE_GETUTXID
+
+/* Define to 1 if you have the `glob' function. */
+#undef HAVE_GLOB
+
+/* Define to 1 if you have the `grantpt' function. */
+#undef HAVE_GRANTPT
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_KRB5_H
+
+/* Define to 1 if you have the `gss_krb5_ccache_name' function. */
+#undef HAVE_GSS_KRB5_CCACHE_NAME
+
+/* Define to 1 if your Kerberos is Heimdal. */
+#undef HAVE_HEIMDAL
+
+/* Define to 1 if <netinet/in.h> contains struct in6_addr. */
+#undef HAVE_IN6_ADDR
+
+/* Define to 1 if you have the `initgroups' function. */
+#undef HAVE_INITGROUPS
+
+/* Define to 1 if you have the `initprivs' function. */
+#undef HAVE_INITPRIVS
+
+/* Define to 1 if you have the `innetgr' function. */
+#undef HAVE_INNETGR
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define if you have isblank(3). */
+#undef HAVE_ISBLANK
+
+/* Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for
+ shadow enabled) */
+#undef HAVE_ISCOMSEC
+
+/* Define to 1 if you have the `issecure' function. (SunOS 4.x check for
+ shadow enabled) */
+#undef HAVE_ISSECURE
+
+/* Define to 1 if you use Kerberos IV. */
+#undef HAVE_KERB4
+
+/* Define to 1 if you use Kerberos V. */
+#undef HAVE_KERB5
+
+/* Define to 1 if you have the `killpg' function. */
+#undef HAVE_KILLPG
+
+/* Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function. */
+#undef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
+
+/* Define to 1 if your `krb5_get_init_creds_opt_free' function takes two
+ arguments. */
+#undef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS
+
+/* Define to 1 if you have the `krb5_init_secure_context' function. */
+#undef HAVE_KRB5_INIT_SECURE_CONTEXT
+
+/* Define to 1 if you have the `krb5_verify_user' function. */
+#undef HAVE_KRB5_VERIFY_USER
+
+/* Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not) */
+#undef HAVE_LBER_H
+
+/* Define to 1 if you use LDAP for sudoers. */
+#undef HAVE_LDAP
+
+/* Define to 1 if you have the `ldapssl_init' function. */
+#undef HAVE_LDAPSSL_INIT
+
+/* Define to 1 if you have the `ldapssl_set_strength' function. */
+#undef HAVE_LDAPSSL_SET_STRENGTH
+
+/* Define to 1 if you have the `ldap_create' function. */
+#undef HAVE_LDAP_CREATE
+
+/* Define to 1 if you have the `ldap_initialize' function. */
+#undef HAVE_LDAP_INITIALIZE
+
+/* Define to 1 if you have the `ldap_sasl_bind_s' function. */
+#undef HAVE_LDAP_SASL_BIND_S
+
+/* Define to 1 if you have the `ldap_sasl_interactive_bind_s' function. */
+#undef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+
+/* Define to 1 if you have the `ldap_search_ext_s' function. */
+#undef HAVE_LDAP_SEARCH_EXT_S
+
+/* Define to 1 if you have the `ldap_ssl_client_init' function. */
+#undef HAVE_LDAP_SSL_CLIENT_INIT
+
+/* Define to 1 if you have the <ldap_ssl.h> header file. */
+#undef HAVE_LDAP_SSL_H
+
+/* Define to 1 if you have the `ldap_start_tls_s' function. */
+#undef HAVE_LDAP_START_TLS_S
+
+/* Define to 1 if you have the `ldap_start_tls_s_np' function. */
+#undef HAVE_LDAP_START_TLS_S_NP
+
+/* Define to 1 if you have the `ldap_str2dn' function. */
+#undef HAVE_LDAP_STR2DN
+
+/* Define to 1 if you have the `ldap_unbind_ext_s' function. */
+#undef HAVE_LDAP_UNBIND_EXT_S
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+#undef HAVE_LIBDL
+
+/* Define to 1 to enable Linux audit support. */
+#undef HAVE_LINUX_AUDIT
+
+/* Define to 1 if you have the `lockf' function. */
+#undef HAVE_LOCKF
+
+/* Define to 1 if you have the <login_cap.h> header file. */
+#undef HAVE_LOGIN_CAP_H
+
+/* Define to 1 if the system has the type `long long int'. */
+#undef HAVE_LONG_LONG_INT
+
+/* Define to 1 if you have the `lrand48' function. */
+#undef HAVE_LRAND48
+
+/* Define to 1 if you have the <maillock.h> header file. */
+#undef HAVE_MAILLOCK_H
+
+/* Define to 1 if you have the <malloc.h> header file. */
+#undef HAVE_MALLOC_H
+
+/* Define to 1 if you have the `mbr_check_membership' function. */
+#undef HAVE_MBR_CHECK_MEMBERSHIP
+
+/* Define to 1 if you have the `memchr' function. */
+#undef HAVE_MEMCHR
+
+/* Define to 1 if you have the `memcpy' function. */
+#undef HAVE_MEMCPY
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `memrchr' function. */
+#undef HAVE_MEMRCHR
+
+/* Define to 1 if you have the `memset' function. */
+#undef HAVE_MEMSET
+
+/* Define to 1 if you have the `mkstemps' function. */
+#undef HAVE_MKSTEMPS
+
+/* Define to 1 if you have the <mps/ldap_ssl.h> header file. */
+#undef HAVE_MPS_LDAP_SSL_H
+
+/* Define to 1 if you have the `nanosleep' function. */
+#undef HAVE_NANOSLEEP
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the <netgroup.h> header file. */
+#undef HAVE_NETGROUP_H
+
+/* Define to 1 if you have the `openpty' function. */
+#undef HAVE_OPENPTY
+
+/* Define to 1 if you use NRL OPIE. */
+#undef HAVE_OPIE
+
+/* Define to 1 if you use PAM authentication. */
+#undef HAVE_PAM
+
+/* Define to 1 if you use a specific PAM session for sudo -i. */
+#undef HAVE_PAM_LOGIN
+
+/* Define to 1 if you have the <pam/pam_appl.h> header file. */
+#undef HAVE_PAM_PAM_APPL_H
+
+/* Define to 1 if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* Define to 1 if you have the `posix_openpt' function. */
+#undef HAVE_POSIX_OPENPT
+
+/* Define to 1 if you have the <project.h> header file. */
+#undef HAVE_PROJECT_H
+
+/* Define to 1 if you have the <pty.h> header file. */
+#undef HAVE_PTY_H
+
+/* Define to 1 if you have the `random' function. */
+#undef HAVE_RANDOM
+
+/* Define to 1 if you have the `regcomp' function. */
+#undef HAVE_REGCOMP
+
+/* Define to 1 if you have the `revoke' function. */
+#undef HAVE_REVOKE
+
+/* Define to 1 if you have the <sasl.h> header file. */
+#undef HAVE_SASL_H
+
+/* Define to 1 if you have the <sasl/sasl.h> header file. */
+#undef HAVE_SASL_SASL_H
+
+/* Define if your struct sockadr has an sa_len field. */
+#undef HAVE_SA_LEN
+
+/* Define to 1 if you use SecurID for authentication. */
+#undef HAVE_SECURID
+
+/* Define to 1 if you have the <security/pam_appl.h> header file. */
+#undef HAVE_SECURITY_PAM_APPL_H
+
+/* Define to 1 to enable SELinux RBAC support. */
+#undef HAVE_SELINUX
+
+/* Define to 1 if you have the `setauthdb' function. */
+#undef HAVE_SETAUTHDB
+
+/* Define to 1 if you have the `setenv' function. */
+#undef HAVE_SETENV
+
+/* Define to 1 if you have the `seteuid' function. */
+#undef HAVE_SETEUID
+
+/* Define to 1 if you have the `setkeycreatecon' function. */
+#undef HAVE_SETKEYCREATECON
+
+/* Define to 1 if you have the `setlocale' function. */
+#undef HAVE_SETLOCALE
+
+/* Define to 1 if you have the `setresuid' function. */
+#undef HAVE_SETRESUID
+
+/* Define to 1 if you have the `setreuid' function. */
+#undef HAVE_SETREUID
+
+/* Define to 1 if you have the `setrlimit' function. */
+#undef HAVE_SETRLIMIT
+
+/* Define to 1 if you have the `setrlimit64' function. */
+#undef HAVE_SETRLIMIT64
+
+/* Define to 1 if you have the `setsid' function. */
+#undef HAVE_SETSID
+
+/* Define to 1 if you have the `set_auth_parameters' function. */
+#undef HAVE_SET_AUTH_PARAMETERS
+
+/* Define to 1 if you have the `sia_ses_init' function. */
+#undef HAVE_SIA_SES_INIT
+
+/* Define to 1 if you have the `sigaction' function. */
+#undef HAVE_SIGACTION
+
+/* Define to 1 if <signal.h> has the sigaction_t typedef. */
+#undef HAVE_SIGACTION_T
+
+/* Define to 1 if you use S/Key. */
+#undef HAVE_SKEY
+
+/* Define to 1 if your S/Key library has skeyaccess(). */
+#undef HAVE_SKEYACCESS
+
+/* Define to 1 if you have the `snprintf' function. */
+#undef HAVE_SNPRINTF
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strcasecmp' function. */
+#undef HAVE_STRCASECMP
+
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
+
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the `strftime' function. */
+#undef HAVE_STRFTIME
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strlcat' function. */
+#undef HAVE_STRLCAT
+
+/* Define to 1 if you have the `strlcpy' function. */
+#undef HAVE_STRLCPY
+
+/* Define to 1 if you have the `strrchr' function. */
+#undef HAVE_STRRCHR
+
+/* Define to 1 if you have the `strsignal' function. */
+#undef HAVE_STRSIGNAL
+
+/* Define to 1 if the system has the type `struct in6_addr'. */
+#undef HAVE_STRUCT_IN6_ADDR
+
+/* Define to 1 if your struct stat has an st_mtim member */
+#undef HAVE_ST_MTIM
+
+/* Define to 1 if your struct stat has an st_mtimespec member */
+#undef HAVE_ST_MTIMESPEC
+
+/* Define to 1 if your struct stat uses an st__tim union */
+#undef HAVE_ST__TIM
+
+/* Define to 1 if you have the `sysconf' function. */
+#undef HAVE_SYSCONF
+
+/* Define to 1 if you have the `sysctl' function. */
+#undef HAVE_SYSCTL
+
+/* Define to 1 if you have the <sys/bsdtypes.h> header file. */
+#undef HAVE_SYS_BSDTYPES_H
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+ */
+#undef HAVE_SYS_DIR_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+ */
+#undef HAVE_SYS_NDIR_H
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#undef HAVE_SYS_SELECT_H
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+#undef HAVE_SYS_SOCKIO_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/stropts.h> header file. */
+#undef HAVE_SYS_STROPTS_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the `tcsetpgrp' function. */
+#undef HAVE_TCSETPGRP
+
+/* Define to 1 if you have the <termios.h> header file and the `tcgetattr'
+ function. */
+#undef HAVE_TERMIOS_H
+
+/* Define to 1 if you have the <termio.h> header file. */
+#undef HAVE_TERMIO_H
+
+/* Define to 1 if you have struct timespec in sys/time.h */
+#undef HAVE_TIMESPEC
+
+/* Define to 1 if you have the `tzset' function. */
+#undef HAVE_TZSET
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `unsetenv' function. */
+#undef HAVE_UNSETENV
+
+/* Define to 1 if you have the <util.h> header file. */
+#undef HAVE_UTIL_H
+
+/* Define to 1 if you have the `utimes' function. */
+#undef HAVE_UTIMES
+
+/* Define to 1 if you have the <utime.h> header file. */
+#undef HAVE_UTIME_H
+
+/* Define to 1 if you have the `vasprintf' function. */
+#undef HAVE_VASPRINTF
+
+/* Define to 1 if you have the `vhangup' function. */
+#undef HAVE_VHANGUP
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#undef HAVE_VSNPRINTF
+
+/* Define to 1 if you have the `wait3' function. */
+#undef HAVE_WAIT3
+
+/* Define to 1 if you have the `waitpid' function. */
+#undef HAVE_WAITPID
+
+/* Define to 1 if you have the <zlib.h> header file. */
+#undef HAVE_ZLIB_H
+
+/* Define to 1 if you have the `_getpty' function. */
+#undef HAVE__GETPTY
+
+/* Define to 1 if you have the `_innetgr' function. */
+#undef HAVE__INNETGR
+
+/* Define to 1 if your crt0.o defines the __progname symbol for you. */
+#undef HAVE___PROGNAME
+
+/* Define to 1 if you want the hostname to be entered into the log file. */
+#undef HOST_IN_LOG
+
+/* Define to 1 if you want to ignore '.' and empty PATH elements */
+#undef IGNORE_DOT_PATH
+
+/* The message given when a bad password is entered. */
+#undef INCORRECT_PASSWORD
+
+/* The name of libvas.so */
+#undef LIBVAS_SO
+
+/* The syslog facility sudo will use. */
+#undef LOGFAC
+
+/* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH. */
+#undef LOGGING
+
+/* Define to 1 if you want a two line OTP (S/Key or OPIE) prompt. */
+#undef LONG_OTP_PROMPT
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#undef LT_OBJDIR
+
+/* The subject of the mail sent by sudo to the MAILTO user/address. */
+#undef MAILSUBJECT
+
+/* The user or email address that sudo mail is sent to. */
+#undef MAILTO
+
+/* The max number of chars per log file line (for line wrapping). */
+#undef MAXLOGFILELEN
+
+/* Define to the max length of a uid_t in string context (excluding the NUL).
+ */
+#undef MAX_UID_T_LEN
+
+/* Define to 1 if you don't want sudo to prompt for a password by default. */
+#undef NO_AUTHENTICATION
+
+/* Define to 1 if you don't want users to get the lecture the first they user
+ sudo. */
+#undef NO_LECTURE
+
+/* Define to 1 if you don't want to use sudo's PAM session support */
+#undef NO_PAM_SESSION
+
+/* Define to avoid runing the mailer as root. */
+#undef NO_ROOT_MAILER
+
+/* Define to 1 if root should not be allowed to use sudo. */
+#undef NO_ROOT_SUDO
+
+/* Define to 1 if you want a single ticket file instead of per-tty files. */
+#undef NO_TTY_TICKETS
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The default password prompt. */
+#undef PASSPROMPT
+
+/* The passwd prompt timeout (in minutes). */
+#undef PASSWORD_TIMEOUT
+
+/* Define to 1 to replace politically incorrect insults with less offensive
+ ones. */
+#undef PC_INSULTS
+
+/* The syslog priority sudo will use for unsuccessful attempts/errors. */
+#undef PRI_FAILURE
+
+/* The syslog priority sudo will use for successful attempts. */
+#undef PRI_SUCCESS
+
+/* Define to 1 if the `putenv' has a const argument. */
+#undef PUTENV_CONST
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* The user sudo should run commands as by default. */
+#undef RUNAS_DEFAULT
+
+/* Define to 1 to override the user's path with a built-in one. */
+#undef SECURE_PATH
+
+/* Define to 1 to send mail when the user is not allowed to run a command. */
+#undef SEND_MAIL_WHEN_NOT_OK
+
+/* Define to 1 to send mail when the user is not allowed to run sudo on this
+ host. */
+#undef SEND_MAIL_WHEN_NO_HOST
+
+/* Define to 1 to send mail when the user is not in the sudoers file. */
+#undef SEND_MAIL_WHEN_NO_USER
+
+/* Define to 1 if the `setpgrp' function takes no argument. */
+#undef SETPGRP_VOID
+
+/* Define to 1 if you want sudo to start a shell if given no arguments. */
+#undef SHELL_IF_NO_ARGS
+
+/* Define to 1 if you want sudo to set $HOME in shell mode. */
+#undef SHELL_SETS_HOME
+
+/* The size of `long int', as computed by sizeof. */
+#undef SIZEOF_LONG_INT
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if the code in interfaces.c does not compile for you. */
+#undef STUB_LOAD_INTERFACES
+
+/* The umask that the root-run prog should use. */
+#undef SUDO_UMASK
+
+/* The number of minutes before sudo asks for a password again. */
+#undef TIMEOUT
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* The number of tries a user gets to enter their password. */
+#undef TRIES_FOR_PASSWORD
+
+/* Define to 1 if the `unsetenv' function returns void instead of `int'. */
+#undef UNSETENV_VOID
+
+/* Define to 1 if you want to create ~/.sudo_as_admin_successful if the user
+ is in the admin group the first time they run sudo. */
+#undef USE_ADMIN_FLAG
+
+/* Define to 1 if you want to insult the user for entering an incorrect
+ password. */
+#undef USE_INSULTS
+
+/* Define to 1 if you use GNU stow packaging. */
+#undef USE_STOW
+
+/* Define to 1 if using a non-Unix group lookup implementation. */
+#undef USING_NONUNIX_GROUPS
+
+/* Define to avoid using the passwd/shadow file for authentication. */
+#undef WITHOUT_PASSWD
+
+/* Define to `signed' or nothing if compiler does not support a signed type
+ qualifier. */
+#undef __signed
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define if your system lacks the dev_t type. */
+#undef dev_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* Define if your system lacks the ino_t type. */
+#undef ino_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef mode_t
+
+/* Define to `int' if <signal.h> does not define. */
+#undef sig_atomic_t
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+/* Define if your system lacks the ssize_t type. */
+#undef ssize_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
+
+/* Define to empty if the keyword `volatile' does not work. Warning: valid
+ code using `volatile' can become incorrect without. Disable with care. */
+#undef volatile
+
+/*
+ * Macros to convert ctime and mtime into timevals.
+ */
+#define timespec2timeval(_ts, _tv) do { \
+ (_tv)->tv_sec = (_ts)->tv_sec; \
+ (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
+} while (0)
+
+#ifdef HAVE_ST_MTIM
+# ifdef HAVE_ST__TIM
+# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
+# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
+# else
+# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
+# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
+# endif
+#else
+# ifdef HAVE_ST_MTIMESPEC
+# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
+# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
+# else
+# define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
+# define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
+# endif /* HAVE_ST_MTIMESPEC */
+#endif /* HAVE_ST_MTIM */
+
+/*
+ * Emulate a subset of waitpid() if we don't have it.
+ */
+#ifdef HAVE_WAITPID
+# define sudo_waitpid(p, s, o) waitpid(p, s, o)
+#else
+# ifdef HAVE_WAIT3
+# define sudo_waitpid(p, s, o) wait3(s, o, NULL)
+# endif
+#endif
+
+/* GNU stow needs /etc/sudoers to be a symlink. */
+#ifdef USE_STOW
+# define stat_sudoers stat
+#else
+# define stat_sudoers lstat
+#endif
+
+/* Macros to set/clear/test flags. */
+#undef SET
+#define SET(t, f) ((t) |= (f))
+#undef CLR
+#define CLR(t, f) ((t) &= ~(f))
+#undef ISSET
+#define ISSET(t, f) ((t) & (f))
+
+/* New ANSI-style OS defs for HP-UX and ConvexOS. */
+#if defined(hpux) && !defined(__hpux)
+# define __hpux 1
+#endif /* hpux */
+
+#if defined(convex) && !defined(__convex__)
+# define __convex__ 1
+#endif /* convex */
+
+/* BSD compatibility on some SVR4 systems. */
+#ifdef __svr4__
+# define BSD_COMP
+#endif /* __svr4__ */
+
+#endif /* _SUDO_CONFIG_H */
diff --git a/sudo-1.7.4p4/config.sub b/sudo-1.7.4p4/config.sub
new file mode 100755
index 0000000..acb095a
--- /dev/null
+++ b/sudo-1.7.4p4/config.sub
@@ -0,0 +1,1706 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+# Free Software Foundation, Inc.
+
+timestamp='2009-11-07'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>. Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray | -microblaze | -sr2201*)
+ os=
+ basic_machine=$1
+ ;;
+ -bluegene*)
+ os=-cnk
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | fido | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | lm32 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | mcore | mep | metag \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64octeon | mips64octeonel \
+ | mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | moxie \
+ | mt \
+ | msp430 \
+ | nios | nios2 \
+ | ns16k | ns32k \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | pyramid \
+ | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu | strongarm \
+ | tahoe | thumb | tic4x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e \
+ | we32k \
+ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+ | z8k | z80)
+ basic_machine=$basic_machine-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | picochip)
+ # Motorola 68HC11/12.
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* | avr32-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | lm32-* \
+ | m32c-* | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64octeon-* | mips64octeonel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | mt-* \
+ | msp430-* \
+ | nios-* | nios2-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | pyramid-* \
+ | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+ | tahoe-* | thumb-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
+ | tron-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+ | xstormy16-* | xtensa*-* \
+ | ymp-* \
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16)
+ basic_machine=cr16-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ sr2201*)
+ basic_machine=harp1e-hitachi
+ os=-hiuxmpp
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+# I'm not sure what "Sysv32" means. Should this be sysv3.2?
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ microblaze)
+ basic_machine=microblaze-xilinx
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc) basic_machine=powerpc-unknown
+ ;;
+ ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rdos)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ tic54x | c54x*)
+ basic_machine=tic54x-unknown
+ os=-coff
+ ;;
+ tic55x | c55x*)
+ basic_machine=tic55x-unknown
+ os=-coff
+ ;;
+ tic6x | c6x*)
+ basic_machine=tic6x-unknown
+ os=-coff
+ ;;
+ tile*)
+ basic_machine=tile-unknown
+ os=-linux-gnu
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -kopensolaris* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* | -aros* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -openbsd* | -solidbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
+ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ # This also exists in the configure program, but was not the
+ # default.
+ # os=-sunos4
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mep-*)
+ os=-elf
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -cnk*|-aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/sudo-1.7.4p4/configure b/sudo-1.7.4p4/configure
new file mode 100755
index 0000000..e66f189
--- /dev/null
+++ b/sudo-1.7.4p4/configure
@@ -0,0 +1,20738 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.65 for sudo 1.7.4p4.
+#
+# Report bugs to <http://www.sudo.ws/bugs/>.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ as_found=:
+ case $as_dir in #(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+ if test "x$CONFIG_SHELL" != x; then :
+ # We cannot yet assume a decent shell, so we have to provide a
+ # neutralization value for shells without unset; and this also
+ # works around shells that cannot unset nonexistent variables.
+ BASH_ENV=/dev/null
+ ENV=/dev/null
+ (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+ export CONFIG_SHELL
+ exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ else
+ $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: http://www.sudo.ws/bugs/ about your system, including
+$0: any error possibly output before this message. Then
+$0: install a modern shell, or manually run the script
+$0: under such a shell if you do have one."
+ fi
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+# as_fn_error ERROR [LINENO LOG_FD]
+# ---------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with status $?, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$?; test $as_status -eq 0 && as_status=1
+ if test "$3"; then
+ as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3
+ fi
+ $as_echo "$as_me: error: $1" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','`
+ ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<_LT_EOF
+$*
+_LT_EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+ if test "X${echo_test_string+set}" != Xset; then
+ # find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+ { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+ then
+ break
+ fi
+ done
+ fi
+
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+ else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$ECHO" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ ECHO='print -r'
+ elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+ else
+ # Try using printf.
+ ECHO='printf %s\n'
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ ECHO="$CONFIG_SHELL $0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$CONFIG_SHELL $0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+ if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "$0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ ECHO=echo
+ fi
+ fi
+ fi
+ fi
+ fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+ lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='sudo'
+PACKAGE_TARNAME='sudo'
+PACKAGE_VERSION='1.7.4p4'
+PACKAGE_STRING='sudo 1.7.4p4'
+PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
+PACKAGE_URL=''
+
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='LTLIBOBJS
+KRB5CONFIG
+LIBOBJS
+FLEX
+YFLAGS
+YACC
+NROFFPROG
+TRPROG
+UNAMEPROG
+OTOOL64
+OTOOL
+LIPO
+NMEDIT
+DSYMUTIL
+lt_ECHO
+STRIP
+OBJDUMP
+LN_S
+NM
+ac_ct_DUMPBIN
+DUMPBIN
+LD
+FGREP
+EGREP
+GREP
+SED
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+RANLIB
+AR
+CPP
+OBJEXT
+EXEEXT
+ac_ct_CC
+CC
+editor
+secure_path
+netsvc_conf
+nsswitch_conf
+ldap_secret
+ldap_conf
+path_info
+root_sudo
+insults
+tty_tickets
+passwd_tries
+env_editor
+runas_default
+fqdn
+badpass_message
+mailsub
+mailto
+mail_no_perms
+mail_no_host
+mail_no_user
+ignore_dot
+loglen
+badpri
+goodpri
+logfac
+lecture
+long_otp_prompt
+passprompt
+sudo_umask
+password_timeout
+timeout
+timedir
+CONFIGURE_ARGS
+ZLIB
+LOGINCAP_USAGE
+REPLAY
+LDAP
+SELINUX_USAGE
+BSDAUTH_USAGE
+DONT_LEAK_PATH_INFO
+INSTALL_NOEXEC
+noexec_file
+NOEXECDIR
+NOEXECFILE
+mansrcdir
+mansectform
+mansectsu
+devdir
+SEMAN
+LCMAN
+BAMAN
+DEV
+SUDOERS_GID
+SUDOERS_UID
+SUDOERS_MODE
+MAN_POSTINSTALL
+MANTYPE
+AUTH_OBJS
+OSDEFS
+GETGROUPS_LIB
+AFS_LIBS
+NET_LIBS
+SUDO_LIBS
+SUDO_OBJS
+SUDO_LDFLAGS
+COMMON_OBJS
+LDFLAGS
+CPPFLAGS
+PROGS
+CFLAGS
+LIBTOOL
+HAVE_BSM_AUDIT
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+with_otp_only
+with_alertmail
+with_devel
+with_CC
+with_rpath
+with_blibpath
+with_bsm_audit
+with_linux_audit
+with_incpath
+with_libpath
+with_libraries
+with_efence
+with_csops
+with_passwd
+with_skey
+with_opie
+with_long_otp_prompt
+with_SecurID
+with_fwtk
+with_kerb4
+with_kerb5
+with_aixauth
+with_pam
+with_AFS
+with_DCE
+with_logincap
+with_bsdauth
+with_project
+with_lecture
+with_logging
+with_logfac
+with_goodpri
+with_badpri
+with_logpath
+with_loglen
+with_ignore_dot
+with_mail_if_no_user
+with_mail_if_no_host
+with_mail_if_noperms
+with_mailto
+with_mailsubject
+with_passprompt
+with_badpass_message
+with_fqdn
+with_timedir
+with_iologdir
+with_sendmail
+with_sudoers_mode
+with_sudoers_uid
+with_sudoers_gid
+with_umask
+with_runas_default
+with_exempt
+with_editor
+with_env_editor
+with_passwd_tries
+with_timeout
+with_password_timeout
+with_tty_tickets
+with_insults
+with_all_insults
+with_classic_insults
+with_csops_insults
+with_hal_insults
+with_goons_insults
+with_nsswitch
+with_ldap
+with_ldap_conf_file
+with_ldap_secret_file
+with_pc_insults
+with_secure_path
+with_interfaces
+with_stow
+with_askpass
+with_libvas
+with_libvas_rpath
+enable_authentication
+enable_root_mailer
+enable_setreuid
+enable_setresuid
+enable_shadow
+enable_root_sudo
+enable_log_host
+enable_noargs_shell
+enable_shell_sets_home
+enable_path_info
+enable_env_debug
+enable_warnings
+enable_admin_flag
+with_selinux
+enable_gss_krb5_ccache_name
+enable_shared
+enable_static
+with_pic
+enable_fast_install
+with_gnu_ld
+enable_libtool_lock
+with_noexec
+with_netsvc
+enable_sia
+with_pam_login
+enable_pam_session
+enable_zlib
+'
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP
+YACC
+YFLAGS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval $ac_prev=\$ac_option
+ ac_prev=
+ continue
+ fi
+
+ case $ac_option in
+ *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *) ac_optarg=yes ;;
+ esac
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
+ datadir=$ac_optarg ;;
+
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
+
+ -enable-* | --enable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst | --locals)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
+
+ -without-* | --without-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) as_fn_error "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information."
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error "invalid variable name: \`$ac_envvar'" ;;
+ esac
+ eval $ac_envvar=\$ac_optarg
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ as_fn_error "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir
+do
+ eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+ esac
+ as_fn_error "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used." >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ as_fn_error "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ as_fn_error "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r "$srcdir/$ac_unique_file"; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ as_fn_error "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg"
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures sudo 1.7.4p4 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/sudo]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
+_ACEOF
+
+ cat <<\_ACEOF
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+ case $ac_init_help in
+ short | recursive ) echo "Configuration of sudo 1.7.4p4:";;
+ esac
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --disable-authentication
+ Do not require authentication by default
+ --disable-root-mailer Don't run the mailer as root, run as the user
+ --disable-setreuid Don't try to use the setreuid() function
+ --disable-setresuid Don't try to use the setresuid() function
+ --disable-shadow Never use shadow passwords
+ --disable-root-sudo Don't allow root to run sudo
+ --enable-log-host Log the hostname in the log file
+ --enable-noargs-shell If sudo is given no arguments run a shell
+ --enable-shell-sets-home
+ Set $HOME to target user in shell mode
+ --disable-path-info Print 'command not allowed' not 'command not found'
+ --enable-env-debug Whether to enable environment debugging.
+ --enable-warnings Whether to enable compiler warnings
+ --enable-admin-flag Whether to create a Ubuntu-style admin flag file
+ --enable-gss-krb5-ccache-name
+ Use GSS-API to set the Kerberos V cred cache name
+ --enable-shared[=PKGS] build shared libraries [default=yes]
+ --enable-static[=PKGS] build static libraries [default=yes]
+ --enable-fast-install[=PKGS]
+ optimize for fast installation [default=yes]
+ --disable-libtool-lock avoid locking (might break parallel builds)
+ --disable-sia Disable SIA on Digital UNIX
+ --disable-pam-session Disable PAM session support
+ --enable-zlib[=PATH] Whether to enable or disable zlib
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-otp-only deprecated
+ --with-alertmail deprecated
+ --with-devel add development options
+ --with-CC C compiler to use
+ --with-rpath pass -R flag in addition to -L for lib paths
+ --with-blibpath=PATH pass -blibpath flag to ld for additional lib paths
+ --with-bsm-audit enable BSM audit support
+ --with-linux-audit enable Linux audit support
+ --with-incpath additional places to look for include files
+ --with-libpath additional places to look for libraries
+ --with-libraries additional libraries to link with
+ --with-efence link with -lefence for malloc() debugging
+ --with-csops add CSOps standard options
+ --without-passwd don't use passwd/shadow file for authentication
+ --with-skey=DIR enable S/Key support
+ --with-opie=DIR enable OPIE support
+ --with-long-otp-prompt use a two line OTP (skey/opie) prompt
+ --with-SecurID[=DIR] enable SecurID support
+ --with-fwtk[=DIR] enable FWTK AuthSRV support
+ --with-kerb4[=DIR] enable Kerberos IV support
+ --with-kerb5[=DIR] enable Kerberos V support
+ --with-aixauth enable AIX general authentication support
+ --with-pam enable PAM support
+ --with-AFS enable AFS support
+ --with-DCE enable DCE support
+ --with-logincap enable BSD login class support
+ --with-bsdauth enable BSD authentication support
+ --with-project enable Solaris project support
+ --without-lecture don't print lecture for first-time sudoer
+ --with-logging log via syslog, file, or both
+ --with-logfac syslog facility to log with (default is "auth")
+ --with-goodpri syslog priority for commands (def is "notice")
+ --with-badpri syslog priority for failures (def is "alert")
+ --with-logpath path to the sudo log file
+ --with-loglen maximum length of a log file line (default is 80)
+ --with-ignore-dot ignore '.' in the PATH
+ --without-mail-if-no-user
+ do not send mail if user not in sudoers
+ --with-mail-if-no-host send mail if user in sudoers but not for this host
+ --with-mail-if-noperms send mail if user not allowed to run command
+ --with-mailto who should get sudo mail (default is "root")
+ --with-mailsubject subject of sudo mail
+ --with-passprompt default password prompt
+ --with-badpass-message message the user sees when the password is wrong
+ --with-fqdn expect fully qualified hosts in sudoers
+ --with-timedir path to the sudo timestamp dir
+ --with-iologdir=DIR directory to store sudo I/O log files in
+ --with-sendmail set path to sendmail
+ --without-sendmail do not send mail at all
+ --with-sudoers-mode mode of sudoers file (defaults to 0440)
+ --with-sudoers-uid uid that owns sudoers file (defaults to 0)
+ --with-sudoers-gid gid that owns sudoers file (defaults to 0)
+ --with-umask umask with which the prog should run (default is
+ 022)
+ --without-umask Preserves the umask of the user invoking sudo.
+ --with-runas-default User to run commands as (default is "root")
+ --with-exempt=group no passwd needed for users in this group
+ --with-editor=path Default editor for visudo (defaults to vi)
+ --with-env-editor Use the environment variable EDITOR for visudo
+ --with-passwd-tries number of tries to enter password (default is 3)
+ --with-timeout minutes before sudo asks for passwd again (def is 5
+ minutes)
+ --with-password-timeout passwd prompt timeout in minutes (default is 5
+ minutes)
+ --with-tty-tickets use a different ticket file for each tty
+ --with-insults insult the user for entering an incorrect password
+ --with-all-insults include all the sudo insult sets
+ --with-classic-insults include the insults from the "classic" sudo
+ --with-csops-insults include CSOps insults
+ --with-hal-insults include 2001-like insults
+ --with-goons-insults include the insults from the "Goon Show"
+ --with-nsswitch[=PATH] path to nsswitch.conf
+ --with-ldap[=DIR] enable LDAP support
+ --with-ldap-conf-file path to LDAP configuration file
+ --with-ldap-secret-file path to LDAP secret password file
+ --with-pc-insults replace politically incorrect insults with less
+ offensive ones
+ --with-secure-path override the user's path with a built-in one
+ --without-interfaces don't try to read the ip addr of ether interfaces
+ --with-stow properly handle GNU stow packaging
+ --with-askpass=PATH Fully qualified pathname of askpass helper
+ --with-libvas=NAME Name of the libvas shared library
+ (default=libvas.so)
+ --with-libvas-rpath=PATH
+ Path to look for libvas in [default=/opt/quest/lib]
+ --with-selinux enable SELinux support
+ --with-pic try to use only PIC/non-PIC objects [default=use
+ both]
+ --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+ --with-noexec=PATH fully qualified pathname of sudo_noexec.so
+ --with-netsvc[=PATH] path to netsvc.conf
+ --with-pam-login enable specific PAM session for sudo -i
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
+ CPP C preprocessor
+ YACC The `Yet Another C Compiler' implementation to use. Defaults to
+ the first program found out of: `bison -y', `byacc', `yacc'.
+ YFLAGS The list of arguments that will be passed by default to $YACC.
+ This script will default YFLAGS to the empty string to avoid a
+ default value of `-d' given by some make applications.
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <http://www.sudo.ws/bugs/>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for guested configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+sudo configure 1.7.4p4
+generated by GNU Autoconf 2.65
+
+Copyright (C) 2009 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
+else
+ ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
+else
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( cat <<\_ASBOX
+## --------------------------------------- ##
+## Report this to http://www.sudo.ws/bugs/ ##
+## --------------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=no"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_type
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
+else
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+
+# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
+# ----------------------------------------------------
+# Tries to find if the field MEMBER exists in type AGGR, after including
+# INCLUDES, setting cache variable VAR accordingly.
+ac_fn_c_check_member ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
+$as_echo_n "checking for $2.$3... " >&6; }
+if { as_var=$4; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (ac_aggr.$3)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$4=yes"
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (sizeof ac_aggr.$3)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$4=yes"
+else
+ eval "$4=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$4
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_member
+
+# ac_fn_c_check_decl LINENO SYMBOL VAR
+# ------------------------------------
+# Tests whether SYMBOL is declared, setting cache variable VAR accordingly.
+ac_fn_c_check_decl ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $2 is declared" >&5
+$as_echo_n "checking whether $2 is declared... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+#ifndef $2
+ (void) $2;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_decl
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by sudo $as_me 1.7.4p4, which was
+generated by GNU Autoconf 2.65. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ $as_echo "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+ 2)
+ as_fn_append ac_configure_args1 " '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ as_fn_append ac_configure_args " '$ac_arg'"
+ ;;
+ esac
+ done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+ ac_site_file1=$CONFIG_SITE
+elif test "x$prefix" != xNONE; then
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
+else
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file"
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+ac_config_headers="$ac_config_headers config.h pathnames.h"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: Configuring Sudo version $PACKAGE_VERSION" >&5
+$as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Begin initial values for man page substitution
+#
+timedir=/var/adm/sudo
+timeout=5
+password_timeout=5
+sudo_umask=0022
+passprompt="Password:"
+long_otp_prompt=off
+lecture=once
+logfac=auth
+goodpri=notice
+badpri=alert
+loglen=80
+ignore_dot=off
+mail_no_user=on
+mail_no_host=off
+mail_no_perms=off
+mailto=root
+mailsub="*** SECURITY information for %h ***"
+badpass_message="Sorry, try again."
+fqdn=off
+runas_default=root
+env_editor=off
+editor=vi
+passwd_tries=3
+tty_tickets=on
+insults=off
+root_sudo=on
+path_info=on
+ldap_conf=/etc/ldap.conf
+ldap_secret=/etc/ldap.secret
+netsvc_conf=/etc/netsvc.conf
+noexec_file=/usr/local/libexec/sudo_noexec.so
+nsswitch_conf=/etc/nsswitch.conf
+secure_path="not set"
+#
+# End initial values for man page substitution
+#
+INSTALL_NOEXEC=
+devdir='$(srcdir)'
+PROGS="sudo visudo"
+: ${MANTYPE='man'}
+: ${mansrcdir='.'}
+: ${SUDOERS_MODE='0440'}
+: ${SUDOERS_UID='0'}
+: ${SUDOERS_GID='0'}
+DEV="#"
+LDAP="#"
+REPLAY="#"
+BAMAN=0
+LCMAN=0
+SEMAN=0
+ZLIB=
+AUTH_OBJS=
+AUTH_REG=
+AUTH_EXCL=
+AUTH_EXCL_DEF=
+AUTH_DEF=passwd
+
+CHECKSHADOW=true
+shadow_defs=
+shadow_funcs=
+shadow_libs=
+shadow_libs_optional=
+
+CONFIGURE_ARGS="$@"
+
+
+
+# Check whether --with-otp-only was given.
+if test "${with_otp_only+set}" = set; then :
+ withval=$with_otp_only; case $with_otp_only in
+ yes) with_passwd="no"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: --with-otp-only option deprecated, treating as --without-passwd" >&5
+$as_echo "$as_me: --with-otp-only option deprecated, treating as --without-passwd" >&6;}
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-alertmail was given.
+if test "${with_alertmail+set}" = set; then :
+ withval=$with_alertmail; case $with_alertmail in
+ *) with_mailto="$with_alertmail"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: --with-alertmail option deprecated, treating as --mailto" >&5
+$as_echo "$as_me: --with-alertmail option deprecated, treating as --mailto" >&6;}
+ ;;
+esac
+fi
+
+
+
+
+# Check whether --with-devel was given.
+if test "${with_devel+set}" = set; then :
+ withval=$with_devel; case $with_devel in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: Setting up for development: -Wall, flex, yacc" >&5
+$as_echo "$as_me: Setting up for development: -Wall, flex, yacc" >&6;}
+ PROGS="${PROGS} testsudoers"
+ OSDEFS="${OSDEFS} -DSUDO_DEVEL"
+ DEV=""
+ devdir=.
+ ;;
+ no) ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&2;}
+ ;;
+esac
+fi
+
+if test X"$with_devel" != X"yes"; then
+ ac_cv_prog_cc_g=no
+fi
+
+
+# Check whether --with-CC was given.
+if test "${with_CC+set}" = set; then :
+ withval=$with_CC; case $with_CC in
+ yes) as_fn_error "\"must give --with-CC an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"illegal argument: --without-CC.\"" "$LINENO" 5
+ ;;
+ *) CC=$with_CC
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-rpath was given.
+if test "${with_rpath+set}" = set; then :
+ withval=$with_rpath; case $with_rpath in
+ yes|no) ;;
+ *) as_fn_error "\"--with-rpath does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-blibpath was given.
+if test "${with_blibpath+set}" = set; then :
+ withval=$with_blibpath; case $with_blibpath in
+ yes|no) ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: will pass -blibpath:${with_blibpath} to the loader." >&5
+$as_echo "$as_me: will pass -blibpath:${with_blibpath} to the loader." >&6;}
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-bsm-audit was given.
+if test "${with_bsm_audit+set}" = set; then :
+ withval=$with_bsm_audit; case $with_bsm_audit in
+ yes) $as_echo "#define HAVE_BSM_AUDIT 1" >>confdefs.h
+
+ SUDO_LIBS="${SUDO_LIBS} -lbsm"
+ SUDO_OBJS="${SUDO_OBJS} bsm_audit.o"
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-bsm-audit does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "no acceptable C compiler found in \$PATH
+See \`config.log' for more details." "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+ ac_file=''
+fi
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ as_fn_set_status 77
+as_fn_error "C compiler cannot create executables
+See \`config.log' for more details." "$LINENO" 5; }; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." "$LINENO" 5; }
+ fi
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+else
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+# Check whether --with-linux-audit was given.
+if test "${with_linux_audit+set}" = set; then :
+ withval=$with_linux_audit; case $with_linux_audit in
+ yes)
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libaudit.h>
+int
+main ()
+{
+int i = AUDIT_USER_CMD; (void)i;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_LINUX_AUDIT 1" >>confdefs.h
+
+ SUDO_LIBS="${SUDO_LIBS} -laudit"
+ SUDO_OBJS="${SUDO_OBJS} linux_audit.o"
+
+else
+
+ as_fn_error "unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit" "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-linux-audit does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-incpath was given.
+if test "${with_incpath+set}" = set; then :
+ withval=$with_incpath; case $with_incpath in
+ yes) as_fn_error "\"must give --with-incpath an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-incpath not supported.\"" "$LINENO" 5
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_incpath} to CPPFLAGS" >&5
+$as_echo "$as_me: Adding ${with_incpath} to CPPFLAGS" >&6;}
+ for i in ${with_incpath}; do
+ CPPFLAGS="${CPPFLAGS} -I${i}"
+ done
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-libpath was given.
+if test "${with_libpath+set}" = set; then :
+ withval=$with_libpath; case $with_libpath in
+ yes) as_fn_error "\"must give --with-libpath an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-libpath not supported.\"" "$LINENO" 5
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_libpath} to LDFLAGS" >&5
+$as_echo "$as_me: Adding ${with_libpath} to LDFLAGS" >&6;}
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-libraries was given.
+if test "${with_libraries+set}" = set; then :
+ withval=$with_libraries; case $with_libraries in
+ yes) as_fn_error "\"must give --with-libraries an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-libraries not supported.\"" "$LINENO" 5
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_libraries} to LIBS" >&5
+$as_echo "$as_me: Adding ${with_libraries} to LIBS" >&6;}
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-efence was given.
+if test "${with_efence+set}" = set; then :
+ withval=$with_efence; case $with_efence in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: Sudo will link with -lefence (Electric Fence)" >&5
+$as_echo "$as_me: Sudo will link with -lefence (Electric Fence)" >&6;}
+ LIBS="${LIBS} -lefence"
+ if test -f /usr/local/lib/libefence.a; then
+ with_libpath="${with_libpath} /usr/local/lib"
+ fi
+ ;;
+ no) ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&2;}
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-csops was given.
+if test "${with_csops+set}" = set; then :
+ withval=$with_csops; case $with_csops in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding CSOps standard options" >&5
+$as_echo "$as_me: Adding CSOps standard options" >&6;}
+ CHECKSIA=false
+ with_ignore_dot=yes
+ insults=on
+ with_classic_insults=yes
+ with_csops_insults=yes
+ with_env_editor=yes
+ : ${mansectsu='8'}
+ : ${mansectform='5'}
+ ;;
+ no) ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&2;}
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-passwd was given.
+if test "${with_passwd+set}" = set; then :
+ withval=$with_passwd; case $with_passwd in
+ yes|no) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use shadow/passwd file authentication" >&5
+$as_echo_n "checking whether to use shadow/passwd file authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_passwd" >&5
+$as_echo "$with_passwd" >&6; }
+ AUTH_DEF=""
+ test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
+ ;;
+ *) as_fn_error "\"Sorry, --with-passwd does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-skey was given.
+if test "${with_skey+set}" = set; then :
+ withval=$with_skey; case $with_skey in
+ no) with_skey=""
+ ;;
+ *) $as_echo "#define HAVE_SKEY 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try S/Key authentication" >&5
+$as_echo_n "checking whether to try S/Key authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ AUTH_REG="$AUTH_REG S/Key"
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-opie was given.
+if test "${with_opie+set}" = set; then :
+ withval=$with_opie; case $with_opie in
+ no) with_opie=""
+ ;;
+ *) $as_echo "#define HAVE_OPIE 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try NRL OPIE authentication" >&5
+$as_echo_n "checking whether to try NRL OPIE authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ AUTH_REG="$AUTH_REG NRL_OPIE"
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-long-otp-prompt was given.
+if test "${with_long_otp_prompt+set}" = set; then :
+ withval=$with_long_otp_prompt; case $with_long_otp_prompt in
+ yes) $as_echo "#define LONG_OTP_PROMPT 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use a two line prompt for OTP authentication" >&5
+$as_echo_n "checking whether to use a two line prompt for OTP authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ long_otp_prompt=on
+ ;;
+ no) long_otp_prompt=off
+ ;;
+ *) as_fn_error "\"--with-long-otp-prompt does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-SecurID was given.
+if test "${with_SecurID+set}" = set; then :
+ withval=$with_SecurID; case $with_SecurID in
+ no) with_SecurID="";;
+ *) $as_echo "#define HAVE_SECURID 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use SecurID for authentication" >&5
+$as_echo_n "checking whether to use SecurID for authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ AUTH_EXCL="$AUTH_EXCL SecurID"
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-fwtk was given.
+if test "${with_fwtk+set}" = set; then :
+ withval=$with_fwtk; case $with_fwtk in
+ no) with_fwtk="";;
+ *) $as_echo "#define HAVE_FWTK 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use FWTK AuthSRV for authentication" >&5
+$as_echo_n "checking whether to use FWTK AuthSRV for authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ AUTH_EXCL="$AUTH_EXCL FWTK"
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-kerb4 was given.
+if test "${with_kerb4+set}" = set; then :
+ withval=$with_kerb4; case $with_kerb4 in
+ no) with_kerb4="";;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try kerberos IV authentication" >&5
+$as_echo_n "checking whether to try kerberos IV authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ AUTH_REG="$AUTH_REG kerb4"
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-kerb5 was given.
+if test "${with_kerb5+set}" = set; then :
+ withval=$with_kerb5; case $with_kerb5 in
+ no) with_kerb5="";;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try Kerberos V authentication" >&5
+$as_echo_n "checking whether to try Kerberos V authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ AUTH_REG="$AUTH_REG kerb5"
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-aixauth was given.
+if test "${with_aixauth+set}" = set; then :
+ withval=$with_aixauth; case $with_aixauth in
+ yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
+ no) ;;
+ *) as_fn_error "\"--with-aixauth does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-pam was given.
+if test "${with_pam+set}" = set; then :
+ withval=$with_pam; case $with_pam in
+ yes) AUTH_EXCL="$AUTH_EXCL PAM";;
+ no) ;;
+ *) as_fn_error "\"--with-pam does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-AFS was given.
+if test "${with_AFS+set}" = set; then :
+ withval=$with_AFS; case $with_AFS in
+ yes) $as_echo "#define HAVE_AFS 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try AFS (kerberos) authentication" >&5
+$as_echo_n "checking whether to try AFS (kerberos) authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ AUTH_REG="$AUTH_REG AFS"
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-AFS does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-DCE was given.
+if test "${with_DCE+set}" = set; then :
+ withval=$with_DCE; case $with_DCE in
+ yes) $as_echo "#define HAVE_DCE 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try DCE (kerberos) authentication" >&5
+$as_echo_n "checking whether to try DCE (kerberos) authentication... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ AUTH_REG="$AUTH_REG DCE"
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-DCE does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-logincap was given.
+if test "${with_logincap+set}" = set; then :
+ withval=$with_logincap; case $with_logincap in
+ yes|no) ;;
+ *) as_fn_error "\"--with-logincap does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-bsdauth was given.
+if test "${with_bsdauth+set}" = set; then :
+ withval=$with_bsdauth; case $with_bsdauth in
+ yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
+ no) ;;
+ *) as_fn_error "\"--with-bsdauth does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-project was given.
+if test "${with_project+set}" = set; then :
+ withval=$with_project; case $with_project in
+ yes|no) ;;
+ no) ;;
+ *) as_fn_error "\"--with-project does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to lecture users the first time they run sudo" >&5
+$as_echo_n "checking whether to lecture users the first time they run sudo... " >&6; }
+
+# Check whether --with-lecture was given.
+if test "${with_lecture+set}" = set; then :
+ withval=$with_lecture; case $with_lecture in
+ yes|short|always) lecture=once
+ ;;
+ no|none|never) lecture=never
+ ;;
+ *) as_fn_error "\"unknown argument to --with-lecture: $with_lecture\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+if test "$lecture" = "once"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ $as_echo "#define NO_LECTURE 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sudo should log via syslog or to a file by default" >&5
+$as_echo_n "checking whether sudo should log via syslog or to a file by default... " >&6; }
+
+# Check whether --with-logging was given.
+if test "${with_logging+set}" = set; then :
+ withval=$with_logging; case $with_logging in
+ yes) as_fn_error "\"must give --with-logging an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-logging not supported.\"" "$LINENO" 5
+ ;;
+ syslog) $as_echo "#define LOGGING SLOG_SYSLOG" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: syslog" >&5
+$as_echo "syslog" >&6; }
+ ;;
+ file) $as_echo "#define LOGGING SLOG_FILE" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: file" >&5
+$as_echo "file" >&6; }
+ ;;
+ both) $as_echo "#define LOGGING SLOG_BOTH" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: both" >&5
+$as_echo "both" >&6; }
+ ;;
+ *) as_fn_error "\"unknown argument to --with-logging: $with_logging\"" "$LINENO" 5
+ ;;
+esac
+else
+ $as_echo "#define LOGGING SLOG_SYSLOG" >>confdefs.h
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: syslog" >&5
+$as_echo "syslog" >&6; }
+fi
+
+
+
+# Check whether --with-logfac was given.
+if test "${with_logfac+set}" = set; then :
+ withval=$with_logfac; case $with_logfac in
+ yes) as_fn_error "\"must give --with-logfac an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-logfac not supported.\"" "$LINENO" 5
+ ;;
+ authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
+ ;;
+ *) as_fn_error "\"$with_logfac is not a supported syslog facility.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking at which syslog priority to log commands" >&5
+$as_echo_n "checking at which syslog priority to log commands... " >&6; }
+
+# Check whether --with-goodpri was given.
+if test "${with_goodpri+set}" = set; then :
+ withval=$with_goodpri; case $with_goodpri in
+ yes) as_fn_error "\"must give --with-goodpri an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-goodpri not supported.\"" "$LINENO" 5
+ ;;
+ alert|crit|debug|emerg|err|info|notice|warning)
+ goodpri=$with_goodpri
+ ;;
+ *) as_fn_error "\"$with_goodpri is not a supported syslog priority.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define PRI_SUCCESS "$goodpri"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $goodpri" >&5
+$as_echo "$goodpri" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking at which syslog priority to log failures" >&5
+$as_echo_n "checking at which syslog priority to log failures... " >&6; }
+
+# Check whether --with-badpri was given.
+if test "${with_badpri+set}" = set; then :
+ withval=$with_badpri; case $with_badpri in
+ yes) as_fn_error "\"must give --with-badpri an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-badpri not supported.\"" "$LINENO" 5
+ ;;
+ alert|crit|debug|emerg|err|info|notice|warning)
+ badpri=$with_badpri
+ ;;
+ *) as_fn_error "$with_badpri is not a supported syslog priority." "$LINENO" 5
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define PRI_FAILURE "$badpri"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $badpri" >&5
+$as_echo "$badpri" >&6; }
+
+
+# Check whether --with-logpath was given.
+if test "${with_logpath+set}" = set; then :
+ withval=$with_logpath; case $with_logpath in
+ yes) as_fn_error "\"must give --with-logpath an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-logpath not supported.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how long a line in the log file should be" >&5
+$as_echo_n "checking how long a line in the log file should be... " >&6; }
+
+# Check whether --with-loglen was given.
+if test "${with_loglen+set}" = set; then :
+ withval=$with_loglen; case $with_loglen in
+ yes) as_fn_error "\"must give --with-loglen an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-loglen not supported.\"" "$LINENO" 5
+ ;;
+ [0-9]*) loglen=$with_loglen
+ ;;
+ *) as_fn_error "\"you must enter a number, not $with_loglen\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define MAXLOGFILELEN $loglen
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $loglen" >&5
+$as_echo "$loglen" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sudo should ignore '.' or '' in \$PATH" >&5
+$as_echo_n "checking whether sudo should ignore '.' or '' in \$PATH... " >&6; }
+
+# Check whether --with-ignore-dot was given.
+if test "${with_ignore_dot+set}" = set; then :
+ withval=$with_ignore_dot; case $with_ignore_dot in
+ yes) ignore_dot=on
+ ;;
+ no) ignore_dot=off
+ ;;
+ *) as_fn_error "\"--with-ignore-dot does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+if test "$ignore_dot" = "on"; then
+ $as_echo "#define IGNORE_DOT_PATH 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when a user is not in sudoers" >&5
+$as_echo_n "checking whether to send mail when a user is not in sudoers... " >&6; }
+
+# Check whether --with-mail-if-no-user was given.
+if test "${with_mail_if_no_user+set}" = set; then :
+ withval=$with_mail_if_no_user; case $with_mail_if_no_user in
+ yes) mail_no_user=on
+ ;;
+ no) mail_no_user=off
+ ;;
+ *) as_fn_error "\"--with-mail-if-no-user does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+if test "$mail_no_user" = "on"; then
+ $as_echo "#define SEND_MAIL_WHEN_NO_USER 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when user listed but not for this host" >&5
+$as_echo_n "checking whether to send mail when user listed but not for this host... " >&6; }
+
+# Check whether --with-mail-if-no-host was given.
+if test "${with_mail_if_no_host+set}" = set; then :
+ withval=$with_mail_if_no_host; case $with_mail_if_no_host in
+ yes) mail_no_host=on
+ ;;
+ no) mail_no_host=off
+ ;;
+ *) as_fn_error "\"--with-mail-if-no-host does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+if test "$mail_no_host" = "on"; then
+ $as_echo "#define SEND_MAIL_WHEN_NO_HOST 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when a user tries a disallowed command" >&5
+$as_echo_n "checking whether to send mail when a user tries a disallowed command... " >&6; }
+
+# Check whether --with-mail-if-noperms was given.
+if test "${with_mail_if_noperms+set}" = set; then :
+ withval=$with_mail_if_noperms; case $with_mail_if_noperms in
+ yes) mail_noperms=on
+ ;;
+ no) mail_noperms=off
+ ;;
+ *) as_fn_error "\"--with-mail-if-noperms does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+if test "$mail_noperms" = "on"; then
+ $as_echo "#define SEND_MAIL_WHEN_NOT_OK 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking who should get the mail that sudo sends" >&5
+$as_echo_n "checking who should get the mail that sudo sends... " >&6; }
+
+# Check whether --with-mailto was given.
+if test "${with_mailto+set}" = set; then :
+ withval=$with_mailto; case $with_mailto in
+ yes) as_fn_error "\"must give --with-mailto an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-mailto not supported.\"" "$LINENO" 5
+ ;;
+ *) mailto=$with_mailto
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define MAILTO "$mailto"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $mailto" >&5
+$as_echo "$mailto" >&6; }
+
+
+# Check whether --with-mailsubject was given.
+if test "${with_mailsubject+set}" = set; then :
+ withval=$with_mailsubject; case $with_mailsubject in
+ yes) as_fn_error "\"must give --with-mailsubject an argument.\"" "$LINENO" 5
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-mailsubject not supported." >&5
+$as_echo "$as_me: WARNING: Sorry, --without-mailsubject not supported." >&2;}
+ ;;
+ *) mailsub="$with_mailsubject"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking sudo mail subject" >&5
+$as_echo_n "checking sudo mail subject... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using alert mail subject: $mailsub" >&5
+$as_echo "Using alert mail subject: $mailsub" >&6; }
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define MAILSUBJECT "$mailsub"
+_ACEOF
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bad password prompt" >&5
+$as_echo_n "checking for bad password prompt... " >&6; }
+
+# Check whether --with-passprompt was given.
+if test "${with_passprompt+set}" = set; then :
+ withval=$with_passprompt; case $with_passprompt in
+ yes) as_fn_error "\"must give --with-passprompt an argument.\"" "$LINENO" 5
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-passprompt not supported." >&5
+$as_echo "$as_me: WARNING: Sorry, --without-passprompt not supported." >&2;}
+ ;;
+ *) passprompt="$with_passprompt"
+esac
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $passprompt" >&5
+$as_echo "$passprompt" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define PASSPROMPT "$passprompt"
+_ACEOF
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bad password message" >&5
+$as_echo_n "checking for bad password message... " >&6; }
+
+# Check whether --with-badpass-message was given.
+if test "${with_badpass_message+set}" = set; then :
+ withval=$with_badpass_message; case $with_badpass_message in
+ yes) as_fn_error "\"Must give --with-badpass-message an argument.\"" "$LINENO" 5
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-badpass-message not supported." >&5
+$as_echo "$as_me: WARNING: Sorry, --without-badpass-message not supported." >&2;}
+ ;;
+ *) badpass_message="$with_badpass_message"
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define INCORRECT_PASSWORD "$badpass_message"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $badpass_message" >&5
+$as_echo "$badpass_message" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to expect fully qualified hosts in sudoers" >&5
+$as_echo_n "checking whether to expect fully qualified hosts in sudoers... " >&6; }
+
+# Check whether --with-fqdn was given.
+if test "${with_fqdn+set}" = set; then :
+ withval=$with_fqdn; case $with_fqdn in
+ yes) fqdn=on
+ ;;
+ no) fqdn=off
+ ;;
+ *) as_fn_error "\"--with-fqdn does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+if test "$fqdn" = "on"; then
+ $as_echo "#define FQDN 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Check whether --with-timedir was given.
+if test "${with_timedir+set}" = set; then :
+ withval=$with_timedir; case $with_timedir in
+ yes) as_fn_error "\"must give --with-timedir an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-timedir not supported.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-iologdir was given.
+if test "${with_iologdir+set}" = set; then :
+ withval=$with_iologdir; case $with_iologdir in
+ yes) ;;
+ no) ;;
+esac
+fi
+
+
+
+# Check whether --with-sendmail was given.
+if test "${with_sendmail+set}" = set; then :
+ withval=$with_sendmail; case $with_sendmail in
+ yes) with_sendmail=""
+ ;;
+ no) ;;
+ *) cat >>confdefs.h <<EOF
+#define _PATH_SUDO_SENDMAIL "$with_sendmail"
+EOF
+
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-sudoers-mode was given.
+if test "${with_sudoers_mode+set}" = set; then :
+ withval=$with_sudoers_mode; case $with_sudoers_mode in
+ yes) as_fn_error "\"must give --with-sudoers-mode an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-sudoers-mode not supported.\"" "$LINENO" 5
+ ;;
+ [1-9]*) SUDOERS_MODE=0${with_sudoers_mode}
+ ;;
+ 0*) SUDOERS_MODE=$with_sudoers_mode
+ ;;
+ *) as_fn_error "\"you must use an octal mode, not a name.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-sudoers-uid was given.
+if test "${with_sudoers_uid+set}" = set; then :
+ withval=$with_sudoers_uid; case $with_sudoers_uid in
+ yes) as_fn_error "\"must give --with-sudoers-uid an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-sudoers-uid not supported.\"" "$LINENO" 5
+ ;;
+ [0-9]*) SUDOERS_UID=$with_sudoers_uid
+ ;;
+ *) as_fn_error "\"you must use an unsigned numeric uid, not a name.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-sudoers-gid was given.
+if test "${with_sudoers_gid+set}" = set; then :
+ withval=$with_sudoers_gid; case $with_sudoers_gid in
+ yes) as_fn_error "\"must give --with-sudoers-gid an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-sudoers-gid not supported.\"" "$LINENO" 5
+ ;;
+ [0-9]*) SUDOERS_GID=$with_sudoers_gid
+ ;;
+ *) as_fn_error "\"you must use an unsigned numeric gid, not a name.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for umask programs should be run with" >&5
+$as_echo_n "checking for umask programs should be run with... " >&6; }
+
+# Check whether --with-umask was given.
+if test "${with_umask+set}" = set; then :
+ withval=$with_umask; case $with_umask in
+ yes) as_fn_error "\"must give --with-umask an argument.\"" "$LINENO" 5
+ ;;
+ no) sudo_umask=0777
+ ;;
+ [0-9]*) sudo_umask=$with_umask
+ ;;
+ *) as_fn_error "\"you must enter a numeric mask.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define SUDO_UMASK $sudo_umask
+_ACEOF
+
+if test "$sudo_umask" = "0777"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: user" >&5
+$as_echo "user" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_umask" >&5
+$as_echo "$sudo_umask" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for default user to run commands as" >&5
+$as_echo_n "checking for default user to run commands as... " >&6; }
+
+# Check whether --with-runas-default was given.
+if test "${with_runas_default+set}" = set; then :
+ withval=$with_runas_default; case $with_runas_default in
+ yes) as_fn_error "\"must give --with-runas-default an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-runas-default not supported.\"" "$LINENO" 5
+ ;;
+ *) runas_default="$with_runas_default"
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define RUNAS_DEFAULT "$runas_default"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $runas_default" >&5
+$as_echo "$runas_default" >&6; }
+
+
+# Check whether --with-exempt was given.
+if test "${with_exempt+set}" = set; then :
+ withval=$with_exempt; case $with_exempt in
+ yes) as_fn_error "\"must give --with-exempt an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-exempt not supported.\"" "$LINENO" 5
+ ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define EXEMPTGROUP "$with_exempt"
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for group to be exempt from password" >&5
+$as_echo_n "checking for group to be exempt from password... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_exempt" >&5
+$as_echo "$with_exempt" >&6; }
+ ;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for editor that visudo should use" >&5
+$as_echo_n "checking for editor that visudo should use... " >&6; }
+
+# Check whether --with-editor was given.
+if test "${with_editor+set}" = set; then :
+ withval=$with_editor; case $with_editor in
+ yes) as_fn_error "\"must give --with-editor an argument.\"" "$LINENO" 5
+ ;;
+ no) as_fn_error "\"--without-editor not supported.\"" "$LINENO" 5
+ ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define EDITOR "$with_editor"
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_editor" >&5
+$as_echo "$with_editor" >&6; }
+ editor="$with_editor"
+ ;;
+esac
+else
+ $as_echo "#define EDITOR _PATH_VI" >>confdefs.h
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: vi" >&5
+$as_echo "vi" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to obey EDITOR and VISUAL environment variables" >&5
+$as_echo_n "checking whether to obey EDITOR and VISUAL environment variables... " >&6; }
+
+# Check whether --with-env-editor was given.
+if test "${with_env_editor+set}" = set; then :
+ withval=$with_env_editor; case $with_env_editor in
+ yes) env_editor=on
+ ;;
+ no) env_editor=off
+ ;;
+ *) as_fn_error "\"--with-env-editor does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+if test "$env_editor" = "on"; then
+ $as_echo "#define ENV_EDITOR 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking number of tries a user gets to enter their password" >&5
+$as_echo_n "checking number of tries a user gets to enter their password... " >&6; }
+
+# Check whether --with-passwd-tries was given.
+if test "${with_passwd_tries+set}" = set; then :
+ withval=$with_passwd_tries; case $with_passwd_tries in
+ yes) ;;
+ no) as_fn_error "\"--without-editor not supported.\"" "$LINENO" 5
+ ;;
+ [1-9]*) passwd_tries=$with_passwd_tries
+ ;;
+ *) as_fn_error "\"you must enter the numer of tries, > 0\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define TRIES_FOR_PASSWORD $passwd_tries
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $passwd_tries" >&5
+$as_echo "$passwd_tries" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking time in minutes after which sudo will ask for a password again" >&5
+$as_echo_n "checking time in minutes after which sudo will ask for a password again... " >&6; }
+
+# Check whether --with-timeout was given.
+if test "${with_timeout+set}" = set; then :
+ withval=$with_timeout; case $with_timeout in
+ yes) ;;
+ no) timeout=0
+ ;;
+ [0-9]*) timeout=$with_timeout
+ ;;
+ *) as_fn_error "\"you must enter the numer of minutes.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define TIMEOUT $timeout
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $timeout" >&5
+$as_echo "$timeout" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking time in minutes after the password prompt will time out" >&5
+$as_echo_n "checking time in minutes after the password prompt will time out... " >&6; }
+
+# Check whether --with-password-timeout was given.
+if test "${with_password_timeout+set}" = set; then :
+ withval=$with_password_timeout; case $with_password_timeout in
+ yes) ;;
+ no) password_timeout=0
+ ;;
+ [0-9]*) password_timeout=$with_password_timeout
+ ;;
+ *) as_fn_error "\"you must enter the numer of minutes.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define PASSWORD_TIMEOUT $password_timeout
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $password_timeout" >&5
+$as_echo "$password_timeout" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use per-tty ticket files" >&5
+$as_echo_n "checking whether to use per-tty ticket files... " >&6; }
+
+# Check whether --with-tty-tickets was given.
+if test "${with_tty_tickets+set}" = set; then :
+ withval=$with_tty_tickets; case $with_tty_tickets in
+ yes) tty_tickets=on
+ ;;
+ no) tty_tickets=off
+ ;;
+ *) as_fn_error "\"--with-tty-tickets does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+if test "$tty_tickets" = "off"; then
+ $as_echo "#define NO_TTY_TICKETS 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include insults" >&5
+$as_echo_n "checking whether to include insults... " >&6; }
+
+# Check whether --with-insults was given.
+if test "${with_insults+set}" = set; then :
+ withval=$with_insults; case $with_insults in
+ yes) insults=on
+ with_classic_insults=yes
+ with_csops_insults=yes
+ ;;
+ disabled) insults=off
+ with_classic_insults=yes
+ with_csops_insults=yes
+ ;;
+ no) insults=off
+ ;;
+ *) as_fn_error "\"--with-insults does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+if test "$insults" = "on"; then
+ $as_echo "#define USE_INSULTS 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Check whether --with-all-insults was given.
+if test "${with_all_insults+set}" = set; then :
+ withval=$with_all_insults; case $with_all_insults in
+ yes) with_classic_insults=yes
+ with_csops_insults=yes
+ with_hal_insults=yes
+ with_goons_insults=yes
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-all-insults does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-classic-insults was given.
+if test "${with_classic_insults+set}" = set; then :
+ withval=$with_classic_insults; case $with_classic_insults in
+ yes) $as_echo "#define CLASSIC_INSULTS 1" >>confdefs.h
+
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-classic-insults does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-csops-insults was given.
+if test "${with_csops_insults+set}" = set; then :
+ withval=$with_csops_insults; case $with_csops_insults in
+ yes) $as_echo "#define CSOPS_INSULTS 1" >>confdefs.h
+
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-csops-insults does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-hal-insults was given.
+if test "${with_hal_insults+set}" = set; then :
+ withval=$with_hal_insults; case $with_hal_insults in
+ yes) $as_echo "#define HAL_INSULTS 1" >>confdefs.h
+
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-hal-insults does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-goons-insults was given.
+if test "${with_goons_insults+set}" = set; then :
+ withval=$with_goons_insults; case $with_goons_insults in
+ yes) $as_echo "#define GOONS_INSULTS 1" >>confdefs.h
+
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-goons-insults does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-nsswitch was given.
+if test "${with_nsswitch+set}" = set; then :
+ withval=$with_nsswitch; case $with_nsswitch in
+ no) ;;
+ yes) with_nsswitch="/etc/nsswitch.conf"
+ ;;
+ *) ;;
+esac
+fi
+
+
+
+# Check whether --with-ldap was given.
+if test "${with_ldap+set}" = set; then :
+ withval=$with_ldap; case $with_ldap in
+ no) ;;
+ *) $as_echo "#define HAVE_LDAP 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use sudoers from LDAP" >&5
+$as_echo_n "checking whether to use sudoers from LDAP... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ ;;
+esac
+fi
+
+
+
+# Check whether --with-ldap-conf-file was given.
+if test "${with_ldap_conf_file+set}" = set; then :
+ withval=$with_ldap_conf_file;
+fi
+
+test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
+cat >>confdefs.h <<EOF
+#define _PATH_LDAP_CONF "$ldap_conf"
+EOF
+
+
+
+# Check whether --with-ldap-secret-file was given.
+if test "${with_ldap_secret_file+set}" = set; then :
+ withval=$with_ldap_secret_file;
+fi
+
+test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
+cat >>confdefs.h <<EOF
+#define _PATH_LDAP_SECRET "$ldap_secret"
+EOF
+
+
+
+# Check whether --with-pc-insults was given.
+if test "${with_pc_insults+set}" = set; then :
+ withval=$with_pc_insults; case $with_pc_insults in
+ yes) $as_echo "#define PC_INSULTS 1" >>confdefs.h
+
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-pc-insults does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+if test "$insults" = "on"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking which insult sets to include" >&5
+$as_echo_n "checking which insult sets to include... " >&6; }
+ i=""
+ test "$with_goons_insults" = "yes" && i="goons ${i}"
+ test "$with_hal_insults" = "yes" && i="hal ${i}"
+ test "$with_csops_insults" = "yes" && i="csops ${i}"
+ test "$with_classic_insults" = "yes" && i="classic ${i}"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $i" >&5
+$as_echo "$i" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to override the user's path" >&5
+$as_echo_n "checking whether to override the user's path... " >&6; }
+
+# Check whether --with-secure-path was given.
+if test "${with_secure_path+set}" = set; then :
+ withval=$with_secure_path; case $with_secure_path in
+ yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
+ cat >>confdefs.h <<_ACEOF
+#define SECURE_PATH "$with_secure_path"
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_secure_path" >&5
+$as_echo "$with_secure_path" >&6; }
+ secure_path="set to $with_secure_path"
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ *) cat >>confdefs.h <<_ACEOF
+#define SECURE_PATH "$with_secure_path"
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_secure_path" >&5
+$as_echo "$with_secure_path" >&6; }
+ secure_path="set to F<$with_secure_path>"
+ ;;
+esac
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to get ip addresses from the network interfaces" >&5
+$as_echo_n "checking whether to get ip addresses from the network interfaces... " >&6; }
+
+# Check whether --with-interfaces was given.
+if test "${with_interfaces+set}" = set; then :
+ withval=$with_interfaces; case $with_interfaces in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ ;;
+ no) $as_echo "#define STUB_LOAD_INTERFACES 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ *) as_fn_error "\"--with-interfaces does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stow should be used" >&5
+$as_echo_n "checking whether stow should be used... " >&6; }
+
+# Check whether --with-stow was given.
+if test "${with_stow+set}" = set; then :
+ withval=$with_stow; case $with_stow in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define USE_STOW 1" >>confdefs.h
+
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ *) as_fn_error "\"--with-stow does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use an askpass helper" >&5
+$as_echo_n "checking whether to use an askpass helper... " >&6; }
+
+# Check whether --with-askpass was given.
+if test "${with_askpass+set}" = set; then :
+ withval=$with_askpass; case $with_askpass in
+ yes) as_fn_error "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5
+ ;;
+ no) ;;
+ *) cat >>confdefs.h <<EOF
+#define _PATH_SUDO_ASKPASS "$with_askpass"
+EOF
+
+ ;;
+esac
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+# Check whether --with-libvas was given.
+if test "${with_libvas+set}" = set; then :
+ withval=$with_libvas; case $with_libvas in
+ yes) with_libvas=libvas.so
+ ;;
+ no) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define LIBVAS_SO "$with_libvas"
+_ACEOF
+
+ ;;
+esac
+if test X"$with_libvas" != X"no"; then
+
+cat >>confdefs.h <<_ACEOF
+#define LIBVAS_SO "$with_libvas"
+_ACEOF
+
+ $as_echo "#define USING_NONUNIX_GROUPS 1" >>confdefs.h
+
+ COMMON_OBJS="$COMMON_OBJS vasgroups.o"
+
+# Check whether --with-libvas-rpath was given.
+if test "${with_libvas_rpath+set}" = set; then :
+ withval=$with_libvas_rpath; LIBVAS_RPATH=$withval
+else
+ LIBVAS_RPATH=/opt/quest/lib
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ldl" >&5
+$as_echo_n "checking for main in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_main+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_main=yes
+else
+ ac_cv_lib_dl_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_main" >&5
+$as_echo "$ac_cv_lib_dl_main" >&6; }
+if test "x$ac_cv_lib_dl_main" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+ LIBS="-ldl $LIBS"
+
+fi
+
+fi
+
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to do user authentication by default" >&5
+$as_echo_n "checking whether to do user authentication by default... " >&6; }
+# Check whether --enable-authentication was given.
+if test "${enable_authentication+set}" = set; then :
+ enableval=$enable_authentication; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ $as_echo "#define NO_AUTHENTICATION 1" >>confdefs.h
+
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;}
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable running the mailer as root" >&5
+$as_echo_n "checking whether to disable running the mailer as root... " >&6; }
+# Check whether --enable-root-mailer was given.
+if test "${enable_root_mailer+set}" = set; then :
+ enableval=$enable_root_mailer; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define NO_ROOT_MAILER 1" >>confdefs.h
+
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;}
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Check whether --enable-setreuid was given.
+if test "${enable_setreuid+set}" = set; then :
+ enableval=$enable_setreuid; case "$enableval" in
+ no) SKIP_SETREUID=yes
+ ;;
+ *) ;;
+ esac
+
+fi
+
+
+# Check whether --enable-setresuid was given.
+if test "${enable_setresuid+set}" = set; then :
+ enableval=$enable_setresuid; case "$enableval" in
+ no) SKIP_SETRESUID=yes
+ ;;
+ *) ;;
+ esac
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable shadow password support" >&5
+$as_echo_n "checking whether to disable shadow password support... " >&6; }
+# Check whether --enable-shadow was given.
+if test "${enable_shadow+set}" = set; then :
+ enableval=$enable_shadow; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CHECKSHADOW="false"
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;}
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether root should be allowed to use sudo" >&5
+$as_echo_n "checking whether root should be allowed to use sudo... " >&6; }
+# Check whether --enable-root-sudo was given.
+if test "${enable_root_sudo+set}" = set; then :
+ enableval=$enable_root_sudo; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ ;;
+ no) $as_echo "#define NO_ROOT_SUDO 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ root_sudo=off
+ ;;
+ *) as_fn_error "\"--enable-root-sudo does not take an argument.\"" "$LINENO" 5
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to log the hostname in the log file" >&5
+$as_echo_n "checking whether to log the hostname in the log file... " >&6; }
+# Check whether --enable-log-host was given.
+if test "${enable_log_host+set}" = set; then :
+ enableval=$enable_log_host; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define HOST_IN_LOG 1" >>confdefs.h
+
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;}
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to invoke a shell if sudo is given no arguments" >&5
+$as_echo_n "checking whether to invoke a shell if sudo is given no arguments... " >&6; }
+# Check whether --enable-noargs-shell was given.
+if test "${enable_noargs_shell+set}" = set; then :
+ enableval=$enable_noargs_shell; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define SHELL_IF_NO_ARGS 1" >>confdefs.h
+
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;}
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to set \$HOME to target user in shell mode" >&5
+$as_echo_n "checking whether to set \$HOME to target user in shell mode... " >&6; }
+# Check whether --enable-shell-sets-home was given.
+if test "${enable_shell_sets_home+set}" = set; then :
+ enableval=$enable_shell_sets_home; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define SHELL_SETS_HOME 1" >>confdefs.h
+
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;}
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable 'command not found' messages" >&5
+$as_echo_n "checking whether to disable 'command not found' messages... " >&6; }
+# Check whether --enable-path_info was given.
+if test "${enable_path_info+set}" = set; then :
+ enableval=$enable_path_info; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define DONT_LEAK_PATH_INFO 1" >>confdefs.h
+
+ path_info=off
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;}
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable environment debugging" >&5
+$as_echo_n "checking whether to enable environment debugging... " >&6; }
+# Check whether --enable-env_debug was given.
+if test "${enable_env_debug+set}" = set; then :
+ enableval=$enable_env_debug; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define ENV_DEBUG 1" >>confdefs.h
+
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;}
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Check whether --enable-warnings was given.
+if test "${enable_warnings+set}" = set; then :
+ enableval=$enable_warnings; case "$enableval" in
+ yes) if test X"$with_devel" != X"yes" -a -n "$GCC"; then
+ CFLAGS="${CFLAGS} -Wall"
+ fi
+ ;;
+ no) ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-warnings: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-warnings: $enableval" >&2;}
+ ;;
+ esac
+
+fi
+
+
+# Check whether --enable-admin-flag was given.
+if test "${enable_admin_flag+set}" = set; then :
+ enableval=$enable_admin_flag; case "$enableval" in
+ yes) $as_echo "#define USE_ADMIN_FLAG 1" >>confdefs.h
+
+ ;;
+ no) ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-admin-flag: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-admin-flag: $enableval" >&2;}
+ ;;
+ esac
+
+fi
+
+
+
+# Check whether --with-selinux was given.
+if test "${with_selinux+set}" = set; then :
+ withval=$with_selinux; case $with_selinux in
+ yes) SELINUX_USAGE="[-r role] [-t type] "
+ $as_echo "#define HAVE_SELINUX 1" >>confdefs.h
+
+ SUDO_LIBS="${SUDO_LIBS} -lselinux"
+ SUDO_OBJS="${SUDO_OBJS} selinux.o"
+ PROGS="${PROGS} sesh"
+ SEMAN=1
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setkeycreatecon in -lselinux" >&5
+$as_echo_n "checking for setkeycreatecon in -lselinux... " >&6; }
+if test "${ac_cv_lib_selinux_setkeycreatecon+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lselinux $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setkeycreatecon ();
+int
+main ()
+{
+return setkeycreatecon ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_selinux_setkeycreatecon=yes
+else
+ ac_cv_lib_selinux_setkeycreatecon=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setkeycreatecon" >&5
+$as_echo "$ac_cv_lib_selinux_setkeycreatecon" >&6; }
+if test "x$ac_cv_lib_selinux_setkeycreatecon" = x""yes; then :
+ $as_echo "#define HAVE_SETKEYCREATECON 1" >>confdefs.h
+
+fi
+
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-selinux does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
+# Check whether --enable-gss_krb5_ccache_name was given.
+if test "${enable_gss_krb5_ccache_name+set}" = set; then :
+ enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval
+else
+ check_gss_krb5_ccache_name=no
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing strerror" >&5
+$as_echo_n "checking for library containing strerror... " >&6; }
+if test "${ac_cv_search_strerror+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strerror ();
+int
+main ()
+{
+return strerror ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' cposix; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_strerror=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if test "${ac_cv_search_strerror+set}" = set; then :
+ break
+fi
+done
+if test "${ac_cv_search_strerror+set}" = set; then :
+
+else
+ ac_cv_search_strerror=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_strerror" >&5
+$as_echo "$ac_cv_search_strerror" >&6; }
+ac_res=$ac_cv_search_strerror
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if test "${ac_cv_prog_CPP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_AR="ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+else
+ AR="$ac_cv_prog_AR"
+fi
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+ for ac_t in install-sh install.sh shtool; do
+ if test -f "$ac_dir/$ac_t"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/$ac_t -c"
+ break 2
+ fi
+ done
+done
+if test -z "$ac_aux_dir"; then
+ as_fn_error "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+
+case `pwd` in
+ *\ * | *\ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+esac
+
+
+
+macro_version='2.2.6b'
+macro_revision='1.3017'
+
+
+
+
+
+
+
+
+
+
+
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if test "${ac_cv_path_SED+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+ for ac_i in 1 2 3 4 5 6 7; do
+ ac_script="$ac_script$as_nl$ac_script"
+ done
+ echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+ { ac_script=; unset ac_script;}
+ if test -z "$SED"; then
+ ac_path_SED_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue
+# Check for GNU ac_path_SED and select it if it is found.
+ # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+ ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo '' >> "conftest.nl"
+ "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_SED_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_SED="$ac_path_SED"
+ ac_path_SED_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_SED_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_SED"; then
+ as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5
+ fi
+else
+ ac_cv_path_SED=$SED
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+ rm -f conftest.sed
+
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if test "${ac_cv_path_GREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if test "${ac_cv_path_EGREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+$as_echo_n "checking for fgrep... " >&6; }
+if test "${ac_cv_path_FGREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+ then ac_cv_path_FGREP="$GREP -F"
+ else
+ if test -z "$FGREP"; then
+ ac_path_FGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in fgrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue
+# Check for GNU ac_path_FGREP and select it if it is found.
+ # Check for GNU $ac_path_FGREP
+case `"$ac_path_FGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'FGREP' >> "conftest.nl"
+ "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_FGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_FGREP="$ac_path_FGREP"
+ ac_path_FGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_FGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_FGREP"; then
+ as_fn_error "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_FGREP=$FGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+$as_echo "$ac_cv_path_FGREP" >&6; }
+ FGREP="$ac_cv_path_FGREP"
+
+
+test -z "$GREP" && GREP=grep
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test "${lt_cv_path_NM+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_nm_to_check="${ac_tool_prefix}nm"
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/$lt_tmp_nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ done
+ : ${lt_cv_path_NM=no}
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+$as_echo "$lt_cv_path_NM" >&6; }
+if test "$lt_cv_path_NM" != "no"; then
+ NM="$lt_cv_path_NM"
+else
+ # Didn't find any BSD compatible name lister, look for dumpbin.
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DUMPBIN+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$DUMPBIN"; then
+ ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DUMPBIN=$ac_cv_prog_DUMPBIN
+if test -n "$DUMPBIN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+$as_echo "$DUMPBIN" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$DUMPBIN" && break
+ done
+fi
+if test -z "$DUMPBIN"; then
+ ac_ct_DUMPBIN=$DUMPBIN
+ for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_DUMPBIN"; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
+if test -n "$ac_ct_DUMPBIN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+$as_echo "$ac_ct_DUMPBIN" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_DUMPBIN" && break
+done
+
+ if test "x$ac_ct_DUMPBIN" = x; then
+ DUMPBIN=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DUMPBIN=$ac_ct_DUMPBIN
+ fi
+fi
+
+
+ if test "$DUMPBIN" != ":"; then
+ NM="$DUMPBIN"
+ fi
+fi
+test -z "$NM" && NM=nm
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+$as_echo_n "checking the name lister ($NM) interface... " >&6; }
+if test "${lt_cv_nm_interface+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_nm_interface="BSD nm"
+ echo "int some_variable = 0;" > conftest.$ac_ext
+ (eval echo "\"\$as_me:6765: $ac_compile\"" >&5)
+ (eval "$ac_compile" 2>conftest.err)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:6768: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:6771: output\"" >&5)
+ cat conftest.out >&5
+ if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+ lt_cv_nm_interface="MS dumpbin"
+ fi
+ rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+$as_echo "$lt_cv_nm_interface" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
+fi
+
+# find the maximum length of command line arguments
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+$as_echo_n "checking the maximum length of command line arguments... " >&6; }
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw* | cegcc*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+ if test -n "$lt_cv_sys_max_cmd_len"; then
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ else
+ # Make teststring a little bigger before we do anything with it.
+ # a 1K string should be a reasonable start.
+ for i in 1 2 3 4 5 6 7 8 ; do
+ teststring=$teststring$teststring
+ done
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+ = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ # Only check the string length outside the loop.
+ lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on
+ # massive amounts of additional arguments before passing them to the
+ # linker. It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ fi
+ ;;
+ esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
+$as_echo "none" >&6; }
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+
+
+
+
+
+: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5
+$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; }
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+ test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+ = c,a/b,, \
+ && eval 'test $(( 1 + 1 )) -eq 2 \
+ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+ && xsi_shell=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5
+$as_echo "$xsi_shell" >&6; }
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5
+$as_echo_n "checking whether the shell understands \"+=\"... " >&6; }
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \
+ >/dev/null 2>&1 \
+ && lt_shell_append=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5
+$as_echo "$lt_shell_append" >&6; }
+
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ lt_unset=unset
+else
+ lt_unset=false
+fi
+
+
+
+
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ lt_SP2NL='tr \040 \012'
+ lt_NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ lt_SP2NL='tr \100 \n'
+ lt_NL2SP='tr \r\n \100\100'
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+$as_echo_n "checking for $LD option to reload object files... " >&6; }
+if test "${lt_cv_ld_reload_flag+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ld_reload_flag='-r'
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+$as_echo "$lt_cv_ld_reload_flag" >&6; }
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OBJDUMP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OBJDUMP"; then
+ ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+$as_echo "$OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+ ac_ct_OBJDUMP=$OBJDUMP
+ # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OBJDUMP"; then
+ ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OBJDUMP="objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+$as_echo "$ac_ct_OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OBJDUMP" = x; then
+ OBJDUMP="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OBJDUMP=$ac_ct_OBJDUMP
+ fi
+else
+ OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+$as_echo_n "checking how to recognize dependent libraries... " >&6; }
+if test "${lt_cv_deplibs_check_method+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[4-9]*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[45]*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump',
+ # unless we find 'file', for example because we are cross-compiling.
+ if ( file / ) >/dev/null 2>&1; then
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ else
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ fi
+ ;;
+
+cegcc)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | dragonfly*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix[3-9]*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+*nto* | *qnx*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+rdos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+tpf*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+$as_echo "$lt_cv_deplibs_check_method" >&6; }
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_AR="ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+else
+ AR="$ac_cv_prog_AR"
+fi
+
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+test -z "$STRIP" && STRIP=:
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+test -z "$RANLIB" && RANLIB=:
+
+
+
+
+
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[BCDT]'
+ ;;
+cygwin* | mingw* | pw32* | cegcc*)
+ symcode='[ABCDGISTW]'
+ ;;
+hpux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDEGRST]'
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[BCDEGRST]'
+ ;;
+osf*)
+ symcode='[BCDEGQRST]'
+ ;;
+solaris*)
+ symcode='[BDRT]'
+ ;;
+sco3.2v5*)
+ symcode='[DT]'
+ ;;
+sysv4.2uw2*)
+ symcode='[DT]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[ABDT]'
+ ;;
+sysv4)
+ symcode='[DFNSTU]'
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Fake it for dumpbin and say T for any non-static function
+ # and D for any global variable.
+ # Also find C++ and __fastcall symbols from MSVC++,
+ # which start with @ or ?.
+ lt_cv_sys_global_symbol_pipe="$AWK '"\
+" {last_section=section; section=\$ 3};"\
+" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" \$ 0!~/External *\|/{next};"\
+" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+" {if(hide[section]) next};"\
+" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+" s[1]~/^[@?]/{print s[1], s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+" ' prfx=^$ac_symprfx"
+ else
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+ fi
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5
+ (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+ if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+ cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ void *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[] =
+{
+ { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ cat <<\_LT_EOF >> conftest.$ac_ext
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&5
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&5
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+ fi
+ else
+ echo "$progname: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ fi
+ rm -rf conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+$as_echo "failed" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --enable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then :
+ enableval=$enable_libtool_lock;
+fi
+
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '#line 7976 "configure"' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_i386_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_x86_64_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*|s390*-*tpf*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
+if test "${lt_cv_cc_needs_belf+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_cv_cc_needs_belf=yes
+else
+ lt_cv_cc_needs_belf=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+$as_echo "$lt_cv_cc_needs_belf" >&6; }
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+sparc*-*solaris*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ *)
+ if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+ LD="${LD-ld} -64"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+ case $host_os in
+ rhapsody* | darwin*)
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DSYMUTIL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$DSYMUTIL"; then
+ ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DSYMUTIL=$ac_cv_prog_DSYMUTIL
+if test -n "$DSYMUTIL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+$as_echo "$DSYMUTIL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DSYMUTIL"; then
+ ac_ct_DSYMUTIL=$DSYMUTIL
+ # Extract the first word of "dsymutil", so it can be a program name with args.
+set dummy dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_DSYMUTIL"; then
+ ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
+if test -n "$ac_ct_DSYMUTIL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+$as_echo "$ac_ct_DSYMUTIL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_DSYMUTIL" = x; then
+ DSYMUTIL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DSYMUTIL=$ac_ct_DSYMUTIL
+ fi
+else
+ DSYMUTIL="$ac_cv_prog_DSYMUTIL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
+set dummy ${ac_tool_prefix}nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_NMEDIT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$NMEDIT"; then
+ ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+NMEDIT=$ac_cv_prog_NMEDIT
+if test -n "$NMEDIT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+$as_echo "$NMEDIT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_NMEDIT"; then
+ ac_ct_NMEDIT=$NMEDIT
+ # Extract the first word of "nmedit", so it can be a program name with args.
+set dummy nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_NMEDIT"; then
+ ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_NMEDIT="nmedit"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
+if test -n "$ac_ct_NMEDIT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+$as_echo "$ac_ct_NMEDIT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_NMEDIT" = x; then
+ NMEDIT=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ NMEDIT=$ac_ct_NMEDIT
+ fi
+else
+ NMEDIT="$ac_cv_prog_NMEDIT"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
+set dummy ${ac_tool_prefix}lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_LIPO+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$LIPO"; then
+ ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+LIPO=$ac_cv_prog_LIPO
+if test -n "$LIPO"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+$as_echo "$LIPO" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_LIPO"; then
+ ac_ct_LIPO=$LIPO
+ # Extract the first word of "lipo", so it can be a program name with args.
+set dummy lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_LIPO"; then
+ ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_LIPO="lipo"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
+if test -n "$ac_ct_LIPO"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+$as_echo "$ac_ct_LIPO" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_LIPO" = x; then
+ LIPO=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ LIPO=$ac_ct_LIPO
+ fi
+else
+ LIPO="$ac_cv_prog_LIPO"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OTOOL"; then
+ ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL=$ac_cv_prog_OTOOL
+if test -n "$OTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+$as_echo "$OTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL"; then
+ ac_ct_OTOOL=$OTOOL
+ # Extract the first word of "otool", so it can be a program name with args.
+set dummy otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OTOOL"; then
+ ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OTOOL="otool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
+if test -n "$ac_ct_OTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+$as_echo "$ac_ct_OTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL" = x; then
+ OTOOL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL=$ac_ct_OTOOL
+ fi
+else
+ OTOOL="$ac_cv_prog_OTOOL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL64+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OTOOL64"; then
+ ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL64=$ac_cv_prog_OTOOL64
+if test -n "$OTOOL64"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+$as_echo "$OTOOL64" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL64"; then
+ ac_ct_OTOOL64=$OTOOL64
+ # Extract the first word of "otool64", so it can be a program name with args.
+set dummy otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OTOOL64"; then
+ ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OTOOL64="otool64"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
+if test -n "$ac_ct_OTOOL64"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+$as_echo "$ac_ct_OTOOL64" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL64" = x; then
+ OTOOL64=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL64=$ac_ct_OTOOL64
+ fi
+else
+ OTOOL64="$ac_cv_prog_OTOOL64"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+$as_echo_n "checking for -single_module linker flag... " >&6; }
+if test "${lt_cv_apple_cc_single_mod+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_apple_cc_single_mod=no
+ if test -z "${LT_MULTI_MODULE}"; then
+ # By default we will add the -single_module flag. You can override
+ # by either setting the environment variable LT_MULTI_MODULE
+ # non-empty at configure time, or by adding -multi_module to the
+ # link flags.
+ rm -rf libconftest.dylib*
+ echo "int foo(void){return 1;}" > conftest.c
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&5
+ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+ _lt_result=$?
+ if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ lt_cv_apple_cc_single_mod=yes
+ else
+ cat conftest.err >&5
+ fi
+ rm -rf libconftest.dylib*
+ rm -f conftest.*
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
+if test "${lt_cv_ld_exported_symbols_list+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ld_exported_symbols_list=no
+ save_LDFLAGS=$LDFLAGS
+ echo "_main" > conftest.sym
+ LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_cv_ld_exported_symbols_list=yes
+else
+ lt_cv_ld_exported_symbols_list=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+ darwin1.*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ darwin*) # darwin 5.x on
+ # if running on 10.5 or later, the deployment target defaults
+ # to the OS version, if on x86, and 10.4, the deployment
+ # target defaults to 10.4. Don't you love it?
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+ 10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ 10.[012]*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ 10.*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ esac
+ ;;
+ esac
+ if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+ _lt_dar_single_mod='$single_module'
+ fi
+ if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+ _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+ else
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ if test "$DSYMUTIL" != ":"; then
+ _lt_dsymutil='~$DSYMUTIL $lib || :'
+ else
+ _lt_dsymutil=
+ fi
+ ;;
+ esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_header in dlfcn.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_dlfcn_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DLFCN_H 1
+_ACEOF
+
+fi
+
+done
+
+
+
+# Set options
+
+
+
+ enable_dlopen=no
+
+
+ enable_win32_dll=no
+
+
+ # Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then :
+ enableval=$enable_shared; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_shared=yes
+fi
+
+
+
+
+
+
+
+
+
+ # Check whether --enable-static was given.
+if test "${enable_static+set}" = set; then :
+ enableval=$enable_static; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_static=yes
+fi
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-pic was given.
+if test "${with_pic+set}" = set; then :
+ withval=$with_pic; pic_mode="$withval"
+else
+ pic_mode=default
+fi
+
+
+test -z "$pic_mode" && pic_mode=default
+
+
+
+
+
+
+
+ # Check whether --enable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then :
+ enableval=$enable_fast_install; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_fast_install=yes
+fi
+
+
+
+
+
+
+
+
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+test -z "$LN_S" && LN_S="ln -s"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+$as_echo_n "checking for objdir... " >&6; }
+if test "${lt_cv_objdir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+$as_echo "$lt_cv_objdir" >&6; }
+objdir=$lt_cv_objdir
+
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define LT_OBJDIR "$lt_cv_objdir/"
+_ACEOF
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/${ac_tool_prefix}file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+$as_echo_n "checking for file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ else
+ MAGIC_CMD=:
+ fi
+fi
+
+ fi
+ ;;
+esac
+
+# Use C for the default configuration in the libtool script
+
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+ lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:9369: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:9373: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+ lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+
+
+
+
+
+ lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_static='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ ;;
+
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ ;;
+
+ interix[3-9]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared=no
+ enable_shared=no
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic=-Kconform_pic
+ fi
+ ;;
+
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ else
+ lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ linux* | k*bsd*-gnu)
+ case $cc_basename in
+ # old Intel for x86_64 which still supported -KPIC.
+ ecc*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='--shared'
+ lt_prog_compiler_static='--static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+ xl*)
+ # IBM XL C 8.0/Fortran 10.1 on PPC
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-qpic'
+ lt_prog_compiler_static='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C 5.9
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl='-Wl,'
+ ;;
+ *Sun\ F*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl=''
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ rdos*)
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl='-Qoption ld '
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic='-Kconform_pic'
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_can_build_shared=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic='-pic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared=no
+ ;;
+ esac
+ fi
+
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic=
+ ;;
+ *)
+ lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5
+$as_echo "$lt_prog_compiler_pic" >&6; }
+
+
+
+
+
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test "${lt_cv_prog_compiler_pic_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_pic_works=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:9708: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:9712: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_pic_works=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_pic_works" = xyes; then
+ case $lt_prog_compiler_pic in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+ esac
+else
+ lt_prog_compiler_pic=
+ lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test "${lt_cv_prog_compiler_static_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_static_works=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ else
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_static_works" = xyes; then
+ :
+else
+ lt_prog_compiler_static=
+fi
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:9813: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:9817: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:9868: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:9872: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+ runpath_var=
+ allow_undefined_flag=
+ always_export_symbols=no
+ archive_cmds=
+ archive_expsym_cmds=
+ compiler_needs_object=no
+ enable_shared_with_static_runtimes=no
+ export_dynamic_flag_spec=
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ hardcode_automatic=no
+ hardcode_direct=no
+ hardcode_direct_absolute=no
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld=
+ hardcode_libdir_separator=
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=unsupported
+ inherit_rpath=no
+ link_all_deplibs=unknown
+ module_cmds=
+ module_expsym_cmds=
+ old_archive_from_new_cmds=
+ old_archive_from_expsyms_cmds=
+ thread_safe_flag_spec=
+ whole_archive_flag_spec=
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ # Exclude shared library initialization/finalization symbols.
+ extract_expsyms_cmds=
+
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ ld_shlibs=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ export_dynamic_flag_spec='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix[3-9]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ allow_undefined_flag=unsupported
+ always_export_symbols=no
+ enable_shared_with_static_runtimes=yes
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ interix[3-9]*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ gnu* | linux* | tpf* | k*bsd*-gnu)
+ tmp_diet=no
+ if test "$host_os" = linux-dietlibc; then
+ case $cc_basename in
+ diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
+ esac
+ fi
+ if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+ && test "$tmp_diet" = no
+ then
+ tmp_addflag=
+ tmp_sharedflag='-shared'
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ lf95*) # Lahey Fortran 8.1
+ whole_archive_flag_spec=
+ tmp_sharedflag='--shared' ;;
+ xl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ tmp_sharedflag='-qmkshrobj'
+ tmp_addflag= ;;
+ esac
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*) # Sun C 5.9
+ whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ compiler_needs_object=yes
+ tmp_sharedflag='-G' ;;
+ *Sun\ F*) # Sun Fortran 8.3
+ tmp_sharedflag='-G' ;;
+ esac
+ archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+
+ case $cc_basename in
+ xlf*)
+ # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+ whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld='-rpath $libdir'
+ archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ esac
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds=''
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ file_list_spec='${wl}-f,'
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ export_dynamic_flag_spec='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag='-berok'
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag="-z nodefs"
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag=' ${wl}-bernotok'
+ allow_undefined_flag=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec='$convenience'
+ archive_cmds_need_lc=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_from_new_cmds='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
+ darwin* | rhapsody*)
+
+
+ archive_cmds_need_lc=no
+ hardcode_direct=no
+ hardcode_automatic=yes
+ hardcode_shlibpath_var=unsupported
+ whole_archive_flag_spec=''
+ link_all_deplibs=yes
+ allow_undefined_flag="$_lt_dar_allow_undefined"
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=echo
+ archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+ module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+ archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+ module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+
+ else
+ ld_shlibs=no
+ fi
+
+ ;;
+
+ dgux*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | dragonfly*)
+ archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ export_dynamic_flag_spec='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec_ld='+b $libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='${wl}-E'
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ ;;
+ *)
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ # Try to use the -exported_symbol ld option, if it does not
+ # work, assume that -exports_file does not work either and
+ # implicitly export all symbols.
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int foo(void) {}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ inherit_rpath=yes
+ link_all_deplibs=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ newsos6)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_shlibpath_var=no
+ ;;
+
+ *nto* | *qnx*)
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ hardcode_direct_absolute=yes
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_separator=:
+ ;;
+
+ solaris*)
+ no_undefined_flag=' -z defs'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ else
+ case `$CC -V 2>&1` in
+ *"Compilers 5.0"*)
+ wlarc=''
+ archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ ;;
+ *)
+ wlarc='${wl}'
+ archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ ;;
+ esac
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_shlibpath_var=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'. GCC discards it without `$wl',
+ # but is careful enough not to reorder.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ if test "$GCC" = yes; then
+ whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ else
+ whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
+ fi
+ ;;
+ esac
+ link_all_deplibs=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds='$CC -r -o $output$reload_objs'
+ hardcode_direct=no
+ ;;
+ motorola)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ no_undefined_flag='${wl}-z,text'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag='${wl}-z,text'
+ allow_undefined_flag='${wl}-z,nodefs'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='${wl}-R,$libdir'
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ export_dynamic_flag_spec='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+
+ if test x$host_vendor = xsni; then
+ case $host in
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ ;;
+ esac
+ fi
+ fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+$as_echo "$ld_shlibs" >&6; }
+test "$ld_shlibs" = no && can_build_shared=no
+
+with_gnu_ld=$with_gnu_ld
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl
+ pic_flag=$lt_prog_compiler_pic
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag
+ allow_undefined_flag=
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+ (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ then
+ archive_cmds_need_lc=no
+ else
+ archive_cmds_need_lc=yes
+ fi
+ allow_undefined_flag=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5
+$as_echo "$archive_cmds_need_lc" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+if test "$GCC" = yes; then
+ case $host_os in
+ darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+ *) lt_awk_arg="/^libraries:/" ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # Ok, now we have the path, separated by spaces, we can step through it
+ # and add multilib dir if necessary.
+ lt_tmp_lt_search_path_spec=
+ lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ for lt_sys_path in $lt_search_path_spec; do
+ if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+ else
+ test -d "$lt_sys_path" && \
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+ fi
+ done
+ lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+ lt_foo="";
+ lt_count=0;
+ for (lt_i = NF; lt_i > 0; lt_i--) {
+ if ($lt_i != "" && $lt_i != ".") {
+ if ($lt_i == "..") {
+ lt_count++;
+ } else {
+ if (lt_count == 0) {
+ lt_foo="/" $lt_i lt_foo;
+ } else {
+ lt_count--;
+ }
+ }
+ }
+ }
+ if (lt_foo != "") { lt_freq[lt_foo]++; }
+ if (lt_freq[lt_foo] == 1) { print lt_foo; }
+}'`
+ sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix[4-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix[3-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # Some binutils ld are patched to set DT_RUNPATH
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
+ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+ shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+ sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+ sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" ||
+ test -n "$runpath_var" ||
+ test "X$hardcode_automatic" = "Xyes" ; then
+
+ # We can hardcode non-existent directories.
+ if test "$hardcode_direct" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no &&
+ test "$hardcode_minus_L" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+$as_echo "$hardcode_action" >&6; }
+
+if test "$hardcode_action" = relink ||
+ test "$inherit_rpath" = yes; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+
+
+
+
+ if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32* | cegcc*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ *)
+ ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = x""yes; then :
+ lt_cv_dlopen="shl_load"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+$as_echo_n "checking for shl_load in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load ();
+int
+main ()
+{
+return shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dld_shl_load=yes
+else
+ ac_cv_lib_dld_shl_load=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = x""yes; then :
+ lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
+else
+ ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+$as_echo_n "checking for dlopen in -lsvld... " >&6; }
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_svld_dlopen=yes
+else
+ ac_cv_lib_svld_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+$as_echo_n "checking for dld_link in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dld_link ();
+int
+main ()
+{
+return dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dld_dld_link=yes
+else
+ ac_cv_lib_dld_dld_link=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = x""yes; then :
+ lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+$as_echo_n "checking whether a program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line 12235 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+$as_echo "$lt_cv_dlopen_self" >&6; }
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self_static+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line 12331 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+$as_echo "$lt_cv_dlopen_self_static" >&6; }
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+striplib=
+old_striplib=
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ old_striplib="$STRIP -S"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ ;;
+ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+ # Report which library types will actually be built
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+$as_echo_n "checking if libtool supports shared libraries... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+$as_echo "$can_build_shared" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+$as_echo_n "checking whether to build shared libraries... " >&6; }
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+$as_echo "$enable_shared" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+$as_echo_n "checking whether to build static libraries... " >&6; }
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+$as_echo "$enable_static" >&6; }
+
+
+
+
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ac_config_commands="$ac_config_commands libtool"
+
+
+
+
+# Only expand once:
+
+
+
+if test "$enable_shared" = "no"; then
+ with_noexec=no
+else
+ eval _shrext="$shrext_cmds"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking path to sudo_noexec.so" >&5
+$as_echo_n "checking path to sudo_noexec.so... " >&6; }
+
+# Check whether --with-noexec was given.
+if test "${with_noexec+set}" = set; then :
+ withval=$with_noexec; case $with_noexec in
+ yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
+ ;;
+ no) ;;
+ *) ;;
+esac
+else
+ with_noexec="$libexecdir/sudo_noexec$_shrext"
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_noexec" >&5
+$as_echo "$with_noexec" >&6; }
+NOEXECFILE="sudo_noexec$_shrext"
+NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[^/]*:\1:'`"
+
+if test X"$with_devel" = X"yes" -a -n "$GCC"; then
+ CFLAGS="${CFLAGS} -Wall"
+fi
+
+# Extract the first word of "uname", so it can be a program name with args.
+set dummy uname; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_UNAMEPROG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$UNAMEPROG"; then
+ ac_cv_prog_UNAMEPROG="$UNAMEPROG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_UNAMEPROG="uname"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+UNAMEPROG=$ac_cv_prog_UNAMEPROG
+if test -n "$UNAMEPROG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $UNAMEPROG" >&5
+$as_echo "$UNAMEPROG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "tr", so it can be a program name with args.
+set dummy tr; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_TRPROG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$TRPROG"; then
+ ac_cv_prog_TRPROG="$TRPROG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_TRPROG="tr"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+TRPROG=$ac_cv_prog_TRPROG
+if test -n "$TRPROG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TRPROG" >&5
+$as_echo "$TRPROG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+for ac_prog in nroff mandoc
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_NROFFPROG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$NROFFPROG"; then
+ ac_cv_prog_NROFFPROG="$NROFFPROG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_NROFFPROG="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+NROFFPROG=$ac_cv_prog_NROFFPROG
+if test -n "$NROFFPROG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFFPROG" >&5
+$as_echo "$NROFFPROG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$NROFFPROG" && break
+done
+
+if test -z "$NROFFPROG"; then
+ MANTYPE="cat"
+ mansrcdir='$(srcdir)'
+fi
+
+if test -n "$sudo_cv_prev_host"; then
+ if test "$sudo_cv_prev_host" != "$host"; then
+ as_fn_error "config.cache was created on a different host; remove it and re-run configure." "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking previous host type" >&5
+$as_echo_n "checking previous host type... " >&6; }
+ if test "${sudo_cv_prev_host+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ sudo_cv_prev_host="$host"
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_prev_host" >&5
+$as_echo "$sudo_cv_prev_host" >&6; }
+ fi
+else
+ # this will produce no output since there is no cached value
+ if test "${sudo_cv_prev_host+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ sudo_cv_prev_host="$host"
+fi
+
+fi
+
+if test -n "$host_os"; then
+ OS=`echo $host_os | sed 's/[0-9].*//'`
+ OSREV=`echo $host_os | sed 's/^[^0-9\.]*\([0-9\.]*\).*$/\1/'`
+ OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
+else
+ OS="unknown"
+ OSREV=0
+ OSMAJOR=0
+fi
+
+case "$host" in
+ *-*-sunos4*)
+ # getcwd(3) opens a pipe to getpwd(1)!?!
+ BROKEN_GETCWD=1
+
+ # system headers lack prototypes but gcc helps...
+ if test -n "$GCC"; then
+ OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
+ fi
+
+ shadow_funcs="getpwanam issecure"
+ ;;
+ *-*-solaris2*)
+ # To get the crypt(3) prototype (so we pass -Wall)
+ OSDEFS="${OSDEFS} -D__EXTENSIONS__"
+ # AFS support needs -lucb
+ if test "$with_AFS" = "yes"; then
+ AFS_LIBS="-lc -lucb"
+ fi
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ ;;
+ *-*-aix*)
+ # To get all prototypes (so we pass -Wall)
+ OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
+ if test X"$with_blibpath" != X"no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if linker accepts -Wl,-blibpath" >&5
+$as_echo_n "checking if linker accepts -Wl,-blibpath... " >&6; }
+ O_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
+ blibpath="$with_blibpath"
+ elif test -n "$GCC"; then
+ blibpath="/usr/lib:/lib:/usr/local/lib"
+ else
+ blibpath="/usr/lib:/lib"
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+ LDFLAGS="$O_LDFLAGS"
+
+ # Use authenticate(3) as the default authentication method
+ if test X"$with_aixauth" = X""; then
+ for ac_func in authenticate
+do :
+ ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate"
+if test "x$ac_cv_func_authenticate" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_AUTHENTICATE 1
+_ACEOF
+ AUTH_EXCL_DEF="AIX_AUTH"
+fi
+done
+
+ fi
+
+ # AIX analog of nsswitch.conf, enabled by default
+
+# Check whether --with-netsvc was given.
+if test "${with_netsvc+set}" = set; then :
+ withval=$with_netsvc; case $with_netsvc in
+ no) ;;
+ yes) with_netsvc="/etc/netsvc.conf"
+ ;;
+ *) ;;
+ esac
+fi
+
+ if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
+ with_netsvc="/etc/netsvc.conf"
+ fi
+
+ # AIX-specific functions
+ for ac_func in getuserattr setauthdb
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ COMMON_OBJS="$COMMON_OBJS aix.o"
+ ;;
+ *-*-hiuxmpp*)
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-*-hpux*)
+ # AFS support needs -lBSD
+ if test "$with_AFS" = "yes"; then
+ AFS_LIBS="-lc -lBSD"
+ fi
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+
+ if test -z "$GCC"; then
+ # HP-UX bundled compiler can't generate shared objects
+ if -z "$pic_flag"; then
+ with_noexec=no
+ fi
+
+ # Use the +DAportable flag on hppa if it is supported
+ case "$host_cpu" in
+ hppa*)
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS +DAportable"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands +DAportable" >&5
+$as_echo_n "checking whether $CC understands +DAportable... " >&6; }
+if test "${sudo_cv_var_daportable+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ sudo_cv_var_daportable=yes
+else
+ sudo_cv_var_daportable=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_daportable" >&5
+$as_echo "$sudo_cv_var_daportable" >&6; }
+ if test X"$sudo_cv_var_daportable" != X"yes"; then
+ CFLAGS="$_CFLAGS"
+ fi
+ ;;
+ esac
+ fi
+
+ case "$host" in
+ *-*-hpux1-8.*)
+ $as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h
+
+
+ # Not sure if setuid binaries are safe in < 9.x
+ if test -n "$GCC"; then
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
+ fi
+ ;;
+ *-*-hpux9.*)
+ $as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h
+
+
+ shadow_funcs="getspwuid"
+
+ # DCE support (requires ANSI C compiler)
+ if test "$with_DCE" = "yes"; then
+ # order of libs in 9.X is important. -lc_r must be last
+ SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
+ LIBS="${LIBS} -ldce -lM -lc_r"
+ CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
+ fi
+ ;;
+ *-*-hpux10.*)
+ shadow_funcs="getprpwnam iscomsec"
+ shadow_libs="-lsec"
+ ;;
+ *)
+ shadow_funcs="getspnam iscomsec"
+ shadow_libs="-lsec"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ ;;
+ esac
+ ;;
+ *-dec-osf*)
+ # ignore envariables wrt dynamic lib path
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
+
+ : ${CHECKSIA='true'}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable sia support on Digital UNIX" >&5
+$as_echo_n "checking whether to disable sia support on Digital UNIX... " >&6; }
+ # Check whether --enable-sia was given.
+if test "${enable_sia+set}" = set; then :
+ enableval=$enable_sia; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CHECKSIA=true
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CHECKSIA=false
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&2;}
+ ;;
+ esac
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ shadow_funcs="getprpwnam dispcrypt"
+ # OSF/1 4.x and higher need -ldb too
+ if test $OSMAJOR -lt 4; then
+ shadow_libs="-lsecurity -laud -lm"
+ else
+ shadow_libs="-lsecurity -ldb -laud -lm"
+ fi
+
+ # use SIA by default, if we have it
+ test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
+
+ #
+ # Some versions of Digital Unix ship with a broken
+ # copy of prot.h, which we need for shadow passwords.
+ # XXX - make should remove this as part of distclean
+ #
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken prot.h" >&5
+$as_echo_n "checking for broken prot.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/security.h>
+#include <prot.h>
+
+int
+main ()
+{
+exit(0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, fixing locally" >&5
+$as_echo "yes, fixing locally" >&6; }
+ sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ : ${mansectsu='8'}
+ : ${mansectform='4'}
+ ;;
+ *-*-irix*)
+ OSDEFS="${OSDEFS} -D_BSD_TYPES"
+ if test -z "$NROFFPROG"; then
+ MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
+ if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
+ if test -d /usr/share/catman/local; then
+ mandir="/usr/share/catman/local"
+ else
+ mandir="/usr/catman/local"
+ fi
+ fi
+ else
+ if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
+ if test -d "/usr/share/man/local"; then
+ mandir="/usr/share/man/local"
+ else
+ mandir="/usr/man/local"
+ fi
+ fi
+ fi
+ # IRIX <= 4 needs -lsun
+ if test "$OSMAJOR" -le 4; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpwnam in -lsun" >&5
+$as_echo_n "checking for getpwnam in -lsun... " >&6; }
+if test "${ac_cv_lib_sun_getpwnam+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsun $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getpwnam ();
+int
+main ()
+{
+return getpwnam ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_sun_getpwnam=yes
+else
+ ac_cv_lib_sun_getpwnam=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sun_getpwnam" >&5
+$as_echo "$ac_cv_lib_sun_getpwnam" >&6; }
+if test "x$ac_cv_lib_sun_getpwnam" = x""yes; then :
+ LIBS="${LIBS} -lsun"
+fi
+
+ fi
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-*-linux*|*-*-k*bsd*-gnu)
+ OSDEFS="${OSDEFS} -D_GNU_SOURCE"
+ # Some Linux versions need to link with -lshadow
+ shadow_funcs="getspnam"
+ shadow_libs_optional="-lshadow"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ ;;
+ *-convex-bsd*)
+ OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
+ if test -z "$GCC"; then
+ CFLAGS="${CFLAGS} -D__STDC__"
+ fi
+
+ shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
+ shadow_funcs="getprpwnam"
+ shadow_libs="-lprot"
+ ;;
+ *-*-ultrix*)
+ OS="ultrix"
+ shadow_funcs="getauthuid"
+ shadow_libs="-lauth"
+ ;;
+ *-*-riscos*)
+ LIBS="${LIBS} -lsun -lbsd"
+ CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
+ OSDEFS="${OSDEFS} -D_MIPS"
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-*-isc*)
+ OSDEFS="${OSDEFS} -D_ISC"
+ LIB_CRYPT=1
+ SUDO_LIBS="${SUDO_LIBS} -lcrypt"
+ LIBS="${LIBS} -lcrypt"
+
+ shadow_funcs="getspnam"
+ shadow_libs="-lsec"
+
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-*-sco*|*-sco-*)
+ shadow_funcs="getprpwnam"
+ shadow_libs="-lprot -lx"
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ m88k-motorola-sysv*)
+ # motorolla's cc (a variant of gcc) does -O but not -O2
+ CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-sequent-sysv*)
+ shadow_funcs="getspnam"
+ shadow_libs="-lsec"
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ ;;
+ *-ncr-sysv4*|*-ncr-sysvr4*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lc89" >&5
+$as_echo_n "checking for strcasecmp in -lc89... " >&6; }
+if test "${ac_cv_lib_c89_strcasecmp+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lc89 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strcasecmp ();
+int
+main ()
+{
+return strcasecmp ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_c89_strcasecmp=yes
+else
+ ac_cv_lib_c89_strcasecmp=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_strcasecmp" >&5
+$as_echo "$ac_cv_lib_c89_strcasecmp" >&6; }
+if test "x$ac_cv_lib_c89_strcasecmp" = x""yes; then :
+ $as_echo "#define HAVE_STRCASECMP 1" >>confdefs.h
+ LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes
+fi
+
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ ;;
+ *-ccur-sysv4*|*-ccur-sysvr4*)
+ LIBS="${LIBS} -lgen"
+ SUDO_LIBS="${SUDO_LIBS} -lgen"
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ ;;
+ *-*-bsdi*)
+ SKIP_SETREUID=yes
+ # Use shlicc for BSD/OS [23].x unless asked to do otherwise
+ if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
+ case "$OSMAJOR" in
+ 2|3) { $as_echo "$as_me:${as_lineno-$LINENO}: using shlicc as CC" >&5
+$as_echo "$as_me: using shlicc as CC" >&6;}
+ ac_cv_prog_CC=shlicc
+ CC="$ac_cv_prog_CC"
+ ;;
+ esac
+ fi
+ # Check for newer BSD auth API (just check for >= 3.0?)
+ if test -z "$with_bsdauth"; then
+ for ac_func in auth_challenge
+do :
+ ac_fn_c_check_func "$LINENO" "auth_challenge" "ac_cv_func_auth_challenge"
+if test "x$ac_cv_func_auth_challenge" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_AUTH_CHALLENGE 1
+_ACEOF
+ AUTH_EXCL_DEF="BSD_AUTH"
+fi
+done
+
+ fi
+ ;;
+ *-*-freebsd*)
+ # FreeBSD has a real setreuid(2) starting with 2.1 and
+ # backported to 2.0.5. We just take 2.1 and above...
+ case "$OSREV" in
+ 0.*|1.*|2.0*)
+ SKIP_SETREUID=yes
+ ;;
+ esac
+ if test "$with_skey" = "yes"; then
+ SUDO_LIBS="${SUDO_LIBS} -lmd"
+ fi
+ CHECKSHADOW="false"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ : ${with_logincap='maybe'}
+ ;;
+ *-*-*openbsd*)
+ # OpenBSD has a real setreuid(2) starting with 3.3 but
+ # we will use setreuid(2) instead.
+ SKIP_SETREUID=yes
+ CHECKSHADOW="false"
+ # OpenBSD >= 3.0 supports BSD auth
+ if test -z "$with_bsdauth"; then
+ case "$OSREV" in
+ 0-2.*)
+ ;;
+ *)
+ AUTH_EXCL_DEF="BSD_AUTH"
+ ;;
+ esac
+ fi
+ : ${with_logincap='maybe'}
+ ;;
+ *-*-*netbsd*)
+ # NetBSD has a real setreuid(2) starting with 1.3.2
+ case "$OSREV" in
+ 0.9*|1.012*|1.3|1.3.1)
+ SKIP_SETREUID=yes
+ ;;
+ esac
+ CHECKSHADOW="false"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ : ${with_logincap='maybe'}
+ ;;
+ *-*-dragonfly*)
+ if test "$with_skey" = "yes"; then
+ SUDO_LIBS="${SUDO_LIBS} -lmd"
+ fi
+ CHECKSHADOW="false"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ : ${with_logincap='yes'}
+ ;;
+ *-*-*bsd*)
+ CHECKSHADOW="false"
+ ;;
+ *-*-darwin*)
+ # Darwin has a real setreuid(2) starting with 9.0
+ if test $OSMAJOR -lt 9; then
+ SKIP_SETREUID=yes
+ fi
+ CHECKSHADOW="false"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ : ${with_logincap='yes'}
+ ;;
+ *-*-nextstep*)
+ # lockf() on is broken on the NeXT -- use flock instead
+ ac_cv_func_lockf=no
+ ac_cv_func_flock=yes
+ ;;
+ *-*-*sysv4*)
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ ;;
+ *-*-sysv*)
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-gnu*)
+ OSDEFS="${OSDEFS} -D_GNU_SOURCE"
+ ;;
+esac
+
+AUTH_REG=${AUTH_REG# }
+AUTH_EXCL=${AUTH_EXCL# }
+if test -n "$AUTH_EXCL"; then
+ set -- $AUTH_EXCL
+ if test $# != 1; then
+ as_fn_error "More than one mutually exclusive authentication method specified: $AUTH_EXCL" "$LINENO" 5
+ fi
+ if test -n "$AUTH_REG"; then
+ as_fn_error "Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods" "$LINENO" 5
+ fi
+fi
+if test X"${with_skey}${with_opie}" = X"yesyes"; then
+ as_fn_error "\"cannot use both S/Key and OPIE\"" "$LINENO" 5
+fi
+
+: ${mansectsu='8'}
+: ${mansectform='5'}
+
+if test -n "$with_libpath"; then
+ for i in ${with_libpath}; do
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) LDFLAGS="${LDFLAGS} -L$i -Wl,+b,$i"
+ ;;
+ *) LDFLAGS="${LDFLAGS} -L$i -Wl,-R$i"
+ ;;
+ esac
+ else
+ LDFLAGS="${LDFLAGS} -L$i"
+ fi
+ if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:$i"
+ fi
+
+ done
+fi
+if test -n "$with_libraries"; then
+ for i in ${with_libraries}; do
+ case $i in
+ -l*) ;;
+ *.a) ;;
+ *.o) ;;
+ *) i="-l${i}";;
+ esac
+ LIBS="${LIBS} ${i}"
+ done
+fi
+
+if test $ac_cv_c_compiler_gnu = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5
+$as_echo_n "checking whether $CC needs -traditional... " >&6; }
+if test "${ac_cv_prog_gcc_traditional+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_pattern="Autoconf.*'x'"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sgtty.h>
+Autoconf TIOCGETP
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "$ac_pattern" >/dev/null 2>&1; then :
+ ac_cv_prog_gcc_traditional=yes
+else
+ ac_cv_prog_gcc_traditional=no
+fi
+rm -f conftest*
+
+
+ if test $ac_cv_prog_gcc_traditional = no; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <termio.h>
+Autoconf TCGETA
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "$ac_pattern" >/dev/null 2>&1; then :
+ ac_cv_prog_gcc_traditional=yes
+fi
+rm -f conftest*
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5
+$as_echo "$ac_cv_prog_gcc_traditional" >&6; }
+ if test $ac_cv_prog_gcc_traditional = yes; then
+ CC="$CC -traditional"
+ fi
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
+if test "${ac_cv_c_const+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+/* FIXME: Include the comments suggested by Paul. */
+#ifndef __cplusplus
+ /* Ultrix mips cc rejects this. */
+ typedef int charset[2];
+ const charset cs;
+ /* SunOS 4.1.1 cc rejects this. */
+ char const *const *pcpcc;
+ char **ppc;
+ /* NEC SVR4.0.2 mips cc rejects this. */
+ struct point {int x, y;};
+ static struct point const zero = {0,0};
+ /* AIX XL C 1.02.0.0 rejects this.
+ It does not let you subtract one const X* pointer from another in
+ an arm of an if-expression whose if-part is not a constant
+ expression */
+ const char *g = "string";
+ pcpcc = &g + (g ? g-g : 0);
+ /* HPUX 7.0 cc rejects these. */
+ ++pcpcc;
+ ppc = (char**) pcpcc;
+ pcpcc = (char const *const *) ppc;
+ { /* SCO 3.2v4 cc rejects this. */
+ char *t;
+ char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+ *t++ = 0;
+ if (s) return 0;
+ }
+ { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
+ int x[] = {25, 17};
+ const int *foo = &x[0];
+ ++foo;
+ }
+ { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+ typedef const int *iptr;
+ iptr p = 0;
+ ++p;
+ }
+ { /* AIX XL C 1.02.0.0 rejects this saying
+ "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+ struct s { int j; const int *ap[3]; };
+ struct s *b; b->j = 5;
+ }
+ { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+ const int foo = 10;
+ if (!foo) return 0;
+ }
+ return !cs[0] && !zero.x;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_const=yes
+else
+ ac_cv_c_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+$as_echo "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+$as_echo "#define const /**/" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working volatile" >&5
+$as_echo_n "checking for working volatile... " >&6; }
+if test "${ac_cv_c_volatile+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+volatile int x;
+int * volatile y = (int *) 0;
+return !x && !y;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_volatile=yes
+else
+ ac_cv_c_volatile=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5
+$as_echo "$ac_cv_c_volatile" >&6; }
+if test $ac_cv_c_volatile = no; then
+
+$as_echo "#define volatile /**/" >>confdefs.h
+
+fi
+
+for ac_prog in 'bison -y' byacc
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_YACC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$YACC"; then
+ ac_cv_prog_YACC="$YACC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_YACC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+YACC=$ac_cv_prog_YACC
+if test -n "$YACC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
+$as_echo "$YACC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$YACC" && break
+done
+test -n "$YACC" || YACC="yacc"
+
+# Extract the first word of "flex", so it can be a program name with args.
+set dummy flex; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_FLEX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $FLEX in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_FLEX="$FLEX" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_FLEX="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_FLEX" && ac_cv_path_FLEX="flex"
+ ;;
+esac
+fi
+FLEX=$ac_cv_path_FLEX
+if test -n "$FLEX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FLEX" >&5
+$as_echo "$FLEX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for mv" >&5
+$as_echo_n "checking for mv... " >&6; }
+found=no
+for p in "/usr/bin/mv" "/bin/mv" "/usr/ucb/mv" "/usr/sbin/mv"; do
+ if test -f "$p"; then
+ found=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5
+$as_echo "$p" >&6; }
+ cat >>confdefs.h <<EOF
+#define _PATH_MV "$p"
+EOF
+
+ break
+ fi
+done
+if test X"$found" != X"yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bourne shell" >&5
+$as_echo_n "checking for bourne shell... " >&6; }
+found=no
+for p in "/bin/sh" "/usr/bin/sh" "/sbin/sh" "/usr/sbin/sh" "/bin/ksh" "/usr/bin/ksh" "/bin/bash" "/usr/bin/bash"; do
+ if test -f "$p"; then
+ found=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5
+$as_echo "$p" >&6; }
+ cat >>confdefs.h <<EOF
+#define _PATH_BSHELL "$p"
+EOF
+
+ break
+ fi
+done
+if test X"$found" != X"yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+fi
+
+if test -z "$with_sendmail"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sendmail" >&5
+$as_echo_n "checking for sendmail... " >&6; }
+found=no
+for p in "/usr/sbin/sendmail" "/usr/lib/sendmail" "/usr/etc/sendmail" "/usr/ucblib/sendmail" "/usr/local/lib/sendmail" "/usr/local/bin/sendmail"; do
+ if test -f "$p"; then
+ found=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5
+$as_echo "$p" >&6; }
+ cat >>confdefs.h <<EOF
+#define _PATH_SUDO_SENDMAIL "$p"
+EOF
+
+ break
+ fi
+done
+if test X"$found" != X"yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+fi
+
+fi
+if test -z "$with_editor"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for vi" >&5
+$as_echo_n "checking for vi... " >&6; }
+found=no
+for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
+ if test -f "$editor"; then
+ found=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $editor" >&5
+$as_echo "$editor" >&6; }
+ cat >>confdefs.h <<EOF
+#define _PATH_VI "$editor"
+EOF
+
+ break
+ fi
+done
+if test X"$found" != X"yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which syslog facility sudo should log with" >&5
+$as_echo_n "checking which syslog facility sudo should log with... " >&6; }
+if test X"$with_logfac" = X""; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <syslog.h>
+int
+main ()
+{
+int i = LOG_AUTHPRIV; (void)i;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ logfac=authpriv
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define LOGFAC "$logfac"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $logfac" >&5
+$as_echo "$logfac" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+ac_header_dirent=no
+for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
+ as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5
+$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <$ac_hdr>
+
+int
+main ()
+{
+if ((DIR *) 0)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$as_ac_Header=yes"
+else
+ eval "$as_ac_Header=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$as_ac_Header
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1
+_ACEOF
+
+ac_header_dirent=$ac_hdr; break
+fi
+
+done
+# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
+if test $ac_header_dirent = dirent.h; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+$as_echo_n "checking for library containing opendir... " >&6; }
+if test "${ac_cv_search_opendir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char opendir ();
+int
+main ()
+{
+return opendir ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' dir; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if test "${ac_cv_search_opendir+set}" = set; then :
+ break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then :
+
+else
+ ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+$as_echo "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+$as_echo_n "checking for library containing opendir... " >&6; }
+if test "${ac_cv_search_opendir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char opendir ();
+int
+main ()
+{
+return opendir ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' x; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if test "${ac_cv_search_opendir+set}" = set; then :
+ break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then :
+
+else
+ ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+$as_echo "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
+$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
+if test "${ac_cv_header_time+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_time=yes
+else
+ ac_cv_header_time=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
+$as_echo "$ac_cv_header_time" >&6; }
+if test $ac_cv_header_time = yes; then
+
+$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
+
+fi
+
+for ac_header in malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking POSIX termios" >&5
+$as_echo_n "checking POSIX termios... " >&6; }
+if test "${ac_cv_sys_posix_termios+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <unistd.h>
+#include <termios.h>
+
+int
+main ()
+{
+/* SunOS 4.0.3 has termios.h but not the library calls. */
+ tcgetattr(0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_sys_posix_termios=yes
+else
+ ac_cv_sys_posix_termios=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_posix_termios" >&5
+$as_echo "$ac_cv_sys_posix_termios" >&6; }
+
+if test "$ac_cv_sys_posix_termios" = "yes"; then
+ $as_echo "#define HAVE_TERMIOS_H 1" >>confdefs.h
+
+else
+ for ac_header in termio.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "termio.h" "ac_cv_header_termio_h" "$ac_includes_default"
+if test "x$ac_cv_header_termio_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_TERMIO_H 1
+_ACEOF
+
+fi
+
+done
+
+fi
+
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ maildir=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+if test $maildir = no; then
+ # Solaris has maillock.h which defines MAILDIR
+ for ac_header in maillock.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default"
+if test "x$ac_cv_header_maillock_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_MAILLOCK_H 1
+_ACEOF
+
+ cat >>confdefs.h <<\EOF
+#define _PATH_MAILDIR MAILDIR
+EOF
+
+ maildir=yes
+
+fi
+
+done
+
+ if test $maildir = no; then
+ for d in /var/mail /var/spool/mail /usr/spool/mail; do
+ if test -d "$d"; then
+ maildir=yes
+ cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "$d"
+EOF
+
+ break
+ fi
+ done
+ if test $maildir = no; then
+ # unable to find mail dir, hope for the best
+ cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "/var/mail"
+EOF
+
+ fi
+ fi
+fi
+
+if test ${with_logincap-'no'} != "no"; then
+ for ac_header in login_cap.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" "$ac_includes_default"
+if test "x$ac_cv_header_login_cap_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LOGIN_CAP_H 1
+_ACEOF
+ LOGINCAP_USAGE='[-c class|-] '; LCMAN=1
+ case "$OS" in
+ freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
+ ;;
+ esac
+
+fi
+
+done
+
+fi
+if test ${with_project-'no'} != "no"; then
+ ac_fn_c_check_header_mongrel "$LINENO" "project.h" "ac_cv_header_project_h" "$ac_includes_default"
+if test "x$ac_cv_header_project_h" = x""yes; then :
+ $as_echo "#define HAVE_PROJECT_H 1" >>confdefs.h
+
+ SUDO_LIBS="${SUDO_LIBS} -lproject"
+else
+ -
+fi
+
+
+fi
+ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default"
+if test "x$ac_cv_type_mode_t" = x""yes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define mode_t int
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5
+$as_echo_n "checking for uid_t in sys/types.h... " >&6; }
+if test "${ac_cv_type_uid_t+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "uid_t" >/dev/null 2>&1; then :
+ ac_cv_type_uid_t=yes
+else
+ ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5
+$as_echo "$ac_cv_type_uid_t" >&6; }
+if test $ac_cv_type_uid_t = no; then
+
+$as_echo "#define uid_t int" >>confdefs.h
+
+
+$as_echo "#define gid_t int" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "__signed char" "ac_cv_type___signed_char" "$ac_includes_default"
+if test "x$ac_cv_type___signed_char" = x""yes; then :
+
+else
+ ac_fn_c_check_type "$LINENO" "signed char" "ac_cv_type_signed_char" "$ac_includes_default"
+if test "x$ac_cv_type_signed_char" = x""yes; then :
+ $as_echo "#define __signed signed" >>confdefs.h
+
+else
+ $as_echo "#define __signed /**/" >>confdefs.h
+
+fi
+
+fi
+
+ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include <sys/types.h>
+#include <signal.h>
+"
+if test "x$ac_cv_type_sig_atomic_t" = x""yes; then :
+
+else
+ $as_echo "#define sig_atomic_t int" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "sigaction_t" "ac_cv_type_sigaction_t" "#include <sys/types.h>
+#include <signal.h>
+"
+if test "x$ac_cv_type_sigaction_t" = x""yes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SIGACTION_T 1
+_ACEOF
+
+$as_echo "#define HAVE_SIGACTION_T 1" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "#include <sys/types.h>
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+#endif
+#include <time.h>
+"
+if test "x$ac_cv_type_struct_timespec" = x""yes; then :
+ $as_echo "#define HAVE_TIMESPEC 1" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "struct in6_addr" "ac_cv_type_struct_in6_addr" "#include <sys/types.h>
+#include <netinet/in.h>
+"
+if test "x$ac_cv_type_struct_in6_addr" = x""yes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_IN6_ADDR 1
+_ACEOF
+
+$as_echo "#define HAVE_IN6_ADDR 1" >>confdefs.h
+
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
+$as_echo_n "checking for long long int... " >&6; }
+if test "${ac_cv_type_long_long_int+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ /* For now, do not test the preprocessor; as of 2007 there are too many
+ implementations with broken preprocessors. Perhaps this can
+ be revisited in 2012. In the meantime, code should not expect
+ #if to work with literals wider than 32 bits. */
+ /* Test literals. */
+ long long int ll = 9223372036854775807ll;
+ long long int nll = -9223372036854775807LL;
+ unsigned long long int ull = 18446744073709551615ULL;
+ /* Test constant expressions. */
+ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ ? 1 : -1)];
+ typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+ ? 1 : -1)];
+ int i = 63;
+int
+main ()
+{
+/* Test availability of runtime routines for shift and division. */
+ long long int llmax = 9223372036854775807ll;
+ unsigned long long int ullmax = 18446744073709551615ull;
+ return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+ | (llmax / ll) | (llmax % ll)
+ | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+ | (ullmax / ull) | (ullmax % ull));
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ if test "$cross_compiling" = yes; then :
+ ac_cv_type_long_long_int=yes
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+ #ifndef LLONG_MAX
+ # define HALF \
+ (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+ # define LLONG_MAX (HALF - 1 + HALF)
+ #endif
+int
+main ()
+{
+long long int n = 1;
+ int i;
+ for (i = 0; ; i++)
+ {
+ long long int m = n << i;
+ if (m >> i != n)
+ return 1;
+ if (LLONG_MAX / 2 < m)
+ break;
+ }
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_type_long_long_int=yes
+else
+ ac_cv_type_long_long_int=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+else
+ ac_cv_type_long_long_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5
+$as_echo "$ac_cv_type_long_long_int" >&6; }
+ if test $ac_cv_type_long_long_int = yes; then
+
+$as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h
+
+ fi
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5
+$as_echo_n "checking size of long int... " >&6; }
+if test "${ac_cv_sizeof_long_int+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_long_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ as_fn_set_status 77
+as_fn_error "cannot compute sizeof (long int)
+See \`config.log' for more details." "$LINENO" 5; }; }
+ else
+ ac_cv_sizeof_long_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5
+$as_echo "$ac_cv_sizeof_long_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
+_ACEOF
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5
+$as_echo_n "checking for size_t... " >&6; }
+if test "${sudo_cv_type_size_t+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "size_t" >/dev/null 2>&1; then :
+ sudo_cv_type_size_t=yes
+else
+ sudo_cv_type_size_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_type_size_t" >&5
+$as_echo "$sudo_cv_type_size_t" >&6; }
+if test $sudo_cv_type_size_t = no; then
+
+$as_echo "#define size_t int" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5
+$as_echo_n "checking for ssize_t... " >&6; }
+if test "${sudo_cv_type_ssize_t+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ssize_t" >/dev/null 2>&1; then :
+ sudo_cv_type_ssize_t=yes
+else
+ sudo_cv_type_ssize_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_type_ssize_t" >&5
+$as_echo "$sudo_cv_type_ssize_t" >&6; }
+if test $sudo_cv_type_ssize_t = no; then
+
+$as_echo "#define ssize_t int" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dev_t" >&5
+$as_echo_n "checking for dev_t... " >&6; }
+if test "${sudo_cv_type_dev_t+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "dev_t" >/dev/null 2>&1; then :
+ sudo_cv_type_dev_t=yes
+else
+ sudo_cv_type_dev_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_type_dev_t" >&5
+$as_echo "$sudo_cv_type_dev_t" >&6; }
+if test $sudo_cv_type_dev_t = no; then
+
+$as_echo "#define dev_t int" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ino_t" >&5
+$as_echo_n "checking for ino_t... " >&6; }
+if test "${sudo_cv_type_ino_t+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ino_t" >/dev/null 2>&1; then :
+ sudo_cv_type_ino_t=yes
+else
+ sudo_cv_type_ino_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_type_ino_t" >&5
+$as_echo "$sudo_cv_type_ino_t" >&6; }
+if test $sudo_cv_type_ino_t = no; then
+
+$as_echo "#define ino_t unsigned int" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking max length of uid_t" >&5
+$as_echo_n "checking max length of uid_t... " >&6; }
+if test "${sudo_cv_uid_t_len+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ rm -f conftestdata
+if test "$cross_compiling" = yes; then :
+ sudo_cv_uid_t_len=10
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+#include <pwd.h>
+#include <limits.h>
+#include <sys/types.h>
+#include <sys/param.h>
+main() {
+ FILE *f;
+ char b[1024];
+ uid_t u = (uid_t) -1;
+
+ if ((f = fopen("conftestdata", "w")) == NULL)
+ exit(1);
+
+ (void) sprintf(b, "%lu", (unsigned long) u);
+ (void) fprintf(f, "%d\n", strlen(b));
+ (void) fclose(f);
+ exit(0);
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ sudo_cv_uid_t_len=`cat conftestdata`
+else
+ sudo_cv_uid_t_len=10
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+fi
+
+rm -f conftestdata
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_uid_t_len" >&5
+$as_echo "$sudo_cv_uid_t_len" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define MAX_UID_T_LEN $sudo_cv_uid_t_len
+_ACEOF
+
+
+
+ ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" " #include <sys/types.h>
+ #include <sys/socket.h>
+
+"
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then :
+
+$as_echo "#define HAVE_SA_LEN 1" >>confdefs.h
+
+fi
+
+
+case "$DEFS" in
+ *"RETSIGTYPE"*) ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
+$as_echo_n "checking return type of signal handlers... " >&6; }
+if test "${ac_cv_type_signal+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <signal.h>
+
+int
+main ()
+{
+return *(signal (0, 0)) (0) == 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_type_signal=int
+else
+ ac_cv_type_signal=void
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5
+$as_echo "$ac_cv_type_signal" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define RETSIGTYPE $ac_cv_type_signal
+_ACEOF
+
+;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5
+$as_echo_n "checking type of array argument to getgroups... " >&6; }
+if test "${ac_cv_type_getgroups+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ ac_cv_type_getgroups=cross
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Thanks to Mike Rendell for this test. */
+$ac_includes_default
+#define NGID 256
+#undef MAX
+#define MAX(x, y) ((x) > (y) ? (x) : (y))
+
+int
+main ()
+{
+ gid_t gidset[NGID];
+ int i, n;
+ union { gid_t gval; long int lval; } val;
+
+ val.lval = -1;
+ for (i = 0; i < NGID; i++)
+ gidset[i] = val.gval;
+ n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1,
+ gidset);
+ /* Exit non-zero if getgroups seems to require an array of ints. This
+ happens when gid_t is short int but getgroups modifies an array
+ of ints. */
+ return n > 0 && gidset[n] != val.gval;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_type_getgroups=gid_t
+else
+ ac_cv_type_getgroups=int
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+if test $ac_cv_type_getgroups = cross; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <unistd.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then :
+ ac_cv_type_getgroups=gid_t
+else
+ ac_cv_type_getgroups=int
+fi
+rm -f conftest*
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5
+$as_echo "$ac_cv_type_getgroups" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define GETGROUPS_T $ac_cv_type_getgroups
+_ACEOF
+
+
+ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
+if test "x$ac_cv_type_size_t" = x""yes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned int
+_ACEOF
+
+fi
+
+ac_fn_c_check_func "$LINENO" "getgroups" "ac_cv_func_getgroups"
+if test "x$ac_cv_func_getgroups" = x""yes; then :
+
+fi
+
+
+# If we don't yet have getgroups, see if it's in -lbsd.
+# This is reported to be necessary on an ITOS 3000WS running SEIUX 3.1.
+ac_save_LIBS=$LIBS
+if test $ac_cv_func_getgroups = no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getgroups in -lbsd" >&5
+$as_echo_n "checking for getgroups in -lbsd... " >&6; }
+if test "${ac_cv_lib_bsd_getgroups+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbsd $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getgroups ();
+int
+main ()
+{
+return getgroups ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_bsd_getgroups=yes
+else
+ ac_cv_lib_bsd_getgroups=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_getgroups" >&5
+$as_echo "$ac_cv_lib_bsd_getgroups" >&6; }
+if test "x$ac_cv_lib_bsd_getgroups" = x""yes; then :
+ GETGROUPS_LIB=-lbsd
+fi
+
+fi
+
+# Run the program to test the functionality of the system-supplied
+# getgroups function only if there is such a function.
+if test $ac_cv_func_getgroups = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getgroups" >&5
+$as_echo_n "checking for working getgroups... " >&6; }
+if test "${ac_cv_func_getgroups_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ ac_cv_func_getgroups_works=no
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+/* On Ultrix 4.3, getgroups (0, 0) always fails. */
+ return getgroups (0, 0) == -1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_func_getgroups_works=yes
+else
+ ac_cv_func_getgroups_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getgroups_works" >&5
+$as_echo "$ac_cv_func_getgroups_works" >&6; }
+else
+ ac_cv_func_getgroups_works=no
+fi
+if test $ac_cv_func_getgroups_works = yes; then
+
+$as_echo "#define HAVE_GETGROUPS 1" >>confdefs.h
+
+fi
+LIBS=$ac_save_LIBS
+
+for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \
+ strftime setrlimit initgroups getgroups fstat gettimeofday \
+ regcomp setlocale getaddrinfo setenv vhangup \
+ mbr_check_membership setrlimit64
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in getline
+do :
+ ac_fn_c_check_func "$LINENO" "getline" "ac_cv_func_getline"
+if test "x$ac_cv_func_getline" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETLINE 1
+_ACEOF
+
+else
+
+ case " $LIBOBJS " in
+ *" getline.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getline.$ac_objext"
+ ;;
+esac
+
+ for ac_func in fgetln
+do :
+ ac_fn_c_check_func "$LINENO" "fgetln" "ac_cv_func_fgetln"
+if test "x$ac_cv_func_fgetln" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_FGETLN 1
+_ACEOF
+
+fi
+done
+
+
+fi
+done
+
+for ac_func in setsid
+do :
+ ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid"
+if test "x$ac_cv_func_setsid" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SETSID 1
+_ACEOF
+
+else
+
+ case " $LIBOBJS " in
+ *" setsid.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS setsid.$ac_objext"
+ ;;
+esac
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether setpgrp takes no argument" >&5
+$as_echo_n "checking whether setpgrp takes no argument... " >&6; }
+if test "${ac_cv_func_setpgrp_void+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ as_fn_error "cannot check setpgrp when cross compiling" "$LINENO" 5
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+/* If this system has a BSD-style setpgrp which takes arguments,
+ setpgrp(1, 1) will fail with ESRCH and return -1, in that case
+ exit successfully. */
+ return setpgrp (1,1) != -1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_func_setpgrp_void=no
+else
+ ac_cv_func_setpgrp_void=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_setpgrp_void" >&5
+$as_echo "$ac_cv_func_setpgrp_void" >&6; }
+if test $ac_cv_func_setpgrp_void = yes; then
+
+$as_echo "#define SETPGRP_VOID 1" >>confdefs.h
+
+fi
+
+
+fi
+done
+
+
+for ac_func in sysctl getutid getutxid
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+
+for ac_func in openpty
+do :
+ ac_fn_c_check_func "$LINENO" "openpty" "ac_cv_func_openpty"
+if test "x$ac_cv_func_openpty" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_OPENPTY 1
+_ACEOF
+ for ac_header in util.h pty.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+
+done
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openpty in -lutil" >&5
+$as_echo_n "checking for openpty in -lutil... " >&6; }
+if test "${ac_cv_lib_util_openpty+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lutil $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char openpty ();
+int
+main ()
+{
+return openpty ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_util_openpty=yes
+else
+ ac_cv_lib_util_openpty=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_util_openpty" >&5
+$as_echo "$ac_cv_lib_util_openpty" >&6; }
+if test "x$ac_cv_lib_util_openpty" = x""yes; then :
+
+ for ac_header in util.h pty.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+
+done
+
+ SUDO_LIBS="${SUDO_LIBS} -lutil"
+ $as_echo "#define HAVE_OPENPTY 1" >>confdefs.h
+
+
+else
+
+ for ac_func in _getpty
+do :
+ ac_fn_c_check_func "$LINENO" "_getpty" "ac_cv_func__getpty"
+if test "x$ac_cv_func__getpty" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE__GETPTY 1
+_ACEOF
+
+else
+
+ for ac_func in grantpt
+do :
+ ac_fn_c_check_func "$LINENO" "grantpt" "ac_cv_func_grantpt"
+if test "x$ac_cv_func_grantpt" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GRANTPT 1
+_ACEOF
+
+ for ac_func in posix_openpt
+do :
+ ac_fn_c_check_func "$LINENO" "posix_openpt" "ac_cv_func_posix_openpt"
+if test "x$ac_cv_func_posix_openpt" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_POSIX_OPENPT 1
+_ACEOF
+
+fi
+done
+
+
+else
+
+ for ac_func in revoke
+do :
+ ac_fn_c_check_func "$LINENO" "revoke" "ac_cv_func_revoke"
+if test "x$ac_cv_func_revoke" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_REVOKE 1
+_ACEOF
+
+fi
+done
+
+
+fi
+done
+
+
+fi
+done
+
+
+fi
+
+
+fi
+done
+
+for ac_func in unsetenv
+do :
+ ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv"
+if test "x$ac_cv_func_unsetenv" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_UNSETENV 1
+_ACEOF
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether unsetenv returns void" >&5
+$as_echo_n "checking whether unsetenv returns void... " >&6; }
+if test "${sudo_cv_func_unsetenv_void+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ sudo_cv_func_unsetenv_void=no
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+ int unsetenv();
+
+int
+main ()
+{
+
+ return unsetenv("FOO") != 0;
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ sudo_cv_func_unsetenv_void=no
+else
+ sudo_cv_func_unsetenv_void=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_unsetenv_void" >&5
+$as_echo "$sudo_cv_func_unsetenv_void" >&6; }
+ if test $sudo_cv_func_unsetenv_void = yes; then
+
+$as_echo "#define UNSETENV_VOID 1" >>confdefs.h
+
+ fi
+
+fi
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether putenv has a const argument" >&5
+$as_echo_n "checking whether putenv has a const argument... " >&6; }
+if test "${sudo_cv_func_putenv_const+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int putenv(const char *string) {return 0;}
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ sudo_cv_func_putenv_const=yes
+else
+ sudo_cv_func_putenv_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_putenv_const" >&5
+$as_echo "$sudo_cv_func_putenv_const" >&6; }
+ if test $sudo_cv_func_putenv_const = yes; then
+
+$as_echo "#define PUTENV_CONST 1" >>confdefs.h
+
+ fi
+
+if test -z "$SKIP_SETRESUID"; then
+ for ac_func in setresuid
+do :
+ ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid"
+if test "x$ac_cv_func_setresuid" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SETRESUID 1
+_ACEOF
+ SKIP_SETREUID=yes
+fi
+done
+
+fi
+if test -z "$SKIP_SETREUID"; then
+ for ac_func in setreuid
+do :
+ ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid"
+if test "x$ac_cv_func_setreuid" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SETREUID 1
+_ACEOF
+ SKIP_SETEUID=yes
+fi
+done
+
+fi
+if test -z "$SKIP_SETEUID"; then
+ for ac_func in seteuid
+do :
+ ac_fn_c_check_func "$LINENO" "seteuid" "ac_cv_func_seteuid"
+if test "x$ac_cv_func_seteuid" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SETEUID 1
+_ACEOF
+
+fi
+done
+
+fi
+if test X"$with_interfaces" != X"no"; then
+ for ac_func in getifaddrs
+do :
+ ac_fn_c_check_func "$LINENO" "getifaddrs" "ac_cv_func_getifaddrs"
+if test "x$ac_cv_func_getifaddrs" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETIFADDRS 1
+_ACEOF
+ for ac_func in freeifaddrs
+do :
+ ac_fn_c_check_func "$LINENO" "freeifaddrs" "ac_cv_func_freeifaddrs"
+if test "x$ac_cv_func_freeifaddrs" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_FREEIFADDRS 1
+_ACEOF
+
+fi
+done
+
+fi
+done
+
+fi
+if test -z "$BROKEN_GETCWD"; then
+ for ac_func in getcwd
+do :
+ ac_fn_c_check_func "$LINENO" "getcwd" "ac_cv_func_getcwd"
+if test "x$ac_cv_func_getcwd" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETCWD 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" $ac_func.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+
+fi
+for ac_func in glob
+do :
+ ac_fn_c_check_func "$LINENO" "glob" "ac_cv_func_glob"
+if test "x$ac_cv_func_glob" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GLOB 1
+_ACEOF
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_BRACE and GLOB_TILDE in glob.h" >&5
+$as_echo_n "checking for GLOB_BRACE and GLOB_TILDE in glob.h... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <glob.h>
+int
+main ()
+{
+int i = GLOB_BRACE | GLOB_TILDE; (void)i;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ $as_echo "#define HAVE_EXTENDED_GLOB 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ case " $LIBOBJS " in
+ *" glob.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS glob.$ac_objext"
+ ;;
+esac
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+ case " $LIBOBJS " in
+ *" glob.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS glob.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+for ac_func in lockf flock
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+for ac_func in waitpid wait3
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+for ac_func in innetgr _innetgr
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ for ac_func in getdomainname
+do :
+ ac_fn_c_check_func "$LINENO" "getdomainname" "ac_cv_func_getdomainname"
+if test "x$ac_cv_func_getdomainname" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETDOMAINNAME 1
+_ACEOF
+
+fi
+done
+ break
+fi
+done
+
+for ac_func in utimes
+do :
+ ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes"
+if test "x$ac_cv_func_utimes" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_UTIMES 1
+_ACEOF
+ for ac_func in futimes futimesat
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+else
+ for ac_func in futime
+do :
+ ac_fn_c_check_func "$LINENO" "futime" "ac_cv_func_futime"
+if test "x$ac_cv_func_futime" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_FUTIME 1
+_ACEOF
+
+fi
+done
+ case " $LIBOBJS " in
+ *" utimes.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS utimes.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+for ac_func in killpg
+do :
+ ac_fn_c_check_func "$LINENO" "killpg" "ac_cv_func_killpg"
+if test "x$ac_cv_func_killpg" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_KILLPG 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" killpg.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS killpg.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fnmatch with FNM_CASEFOLD" >&5
+$as_echo_n "checking for working fnmatch with FNM_CASEFOLD... " >&6; }
+if test "${sudo_cv_func_fnmatch+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ rm -f conftestdata; > conftestdata
+if test "$cross_compiling" = yes; then :
+ sudo_cv_func_fnmatch=no
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <fnmatch.h>
+main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ sudo_cv_func_fnmatch=yes
+else
+ sudo_cv_func_fnmatch=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+rm -f core core.* *.core
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_fnmatch" >&5
+$as_echo "$sudo_cv_func_fnmatch" >&6; }
+if test $sudo_cv_func_fnmatch = yes; then :
+ $as_echo "#define HAVE_FNMATCH 1" >>confdefs.h
+
+else
+ case " $LIBOBJS " in
+ *" fnmatch.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS fnmatch.$ac_objext"
+ ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for isblank" >&5
+$as_echo_n "checking for isblank... " >&6; }
+if test "${sudo_cv_func_isblank+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+int
+main ()
+{
+return (isblank('a'));
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ sudo_cv_func_isblank=yes
+else
+ sudo_cv_func_isblank=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_isblank" >&5
+$as_echo "$sudo_cv_func_isblank" >&6; }
+
+ if test "$sudo_cv_func_isblank" = "yes"; then
+
+$as_echo "#define HAVE_ISBLANK 1" >>confdefs.h
+
+ else
+ case " $LIBOBJS " in
+ *" isblank.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS isblank.$ac_objext"
+ ;;
+esac
+
+ fi
+
+for ac_func in memrchr strerror strcasecmp sigaction strlcpy strlcat
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" $ac_func.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+
+for ac_func in nanosleep
+do :
+ ac_fn_c_check_func "$LINENO" "nanosleep" "ac_cv_func_nanosleep"
+if test "x$ac_cv_func_nanosleep" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_NANOSLEEP 1
+_ACEOF
+
+else
+
+ # On Solaris, nanosleep is in librt
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nanosleep in -lrt" >&5
+$as_echo_n "checking for nanosleep in -lrt... " >&6; }
+if test "${ac_cv_lib_rt_nanosleep+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lrt $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char nanosleep ();
+int
+main ()
+{
+return nanosleep ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_rt_nanosleep=yes
+else
+ ac_cv_lib_rt_nanosleep=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_nanosleep" >&5
+$as_echo "$ac_cv_lib_rt_nanosleep" >&6; }
+if test "x$ac_cv_lib_rt_nanosleep" = x""yes; then :
+ LIBS="${LIBS} -lrt"
+else
+ case " $LIBOBJS " in
+ *" nanosleep.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS nanosleep.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+fi
+done
+
+for ac_func in closefrom
+do :
+ ac_fn_c_check_func "$LINENO" "closefrom" "ac_cv_func_closefrom"
+if test "x$ac_cv_func_closefrom" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_CLOSEFROM 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" closefrom.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS closefrom.$ac_objext"
+ ;;
+esac
+
+ ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include <limits.h>
+ #include <fcntl.h>
+"
+if test "x$ac_cv_have_decl_F_CLOSEM" = x""yes; then :
+ $as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h
+
+fi
+
+
+fi
+done
+
+for ac_func in mkstemps
+do :
+ ac_fn_c_check_func "$LINENO" "mkstemps" "ac_cv_func_mkstemps"
+if test "x$ac_cv_func_mkstemps" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_MKSTEMPS 1
+_ACEOF
+
+else
+ SUDO_OBJS="${SUDO_OBJS} mkstemps.o"
+ for ac_func in random lrand48
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+
+fi
+done
+
+for ac_func in snprintf vsnprintf asprintf vasprintf
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+else
+ NEED_SNPRINTF=1
+fi
+done
+
+if test X"$ac_cv_type_struct_timespec" != X"no"; then
+ ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim" "ac_cv_member_struct_stat_st_mtim" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_mtim" = x""yes; then :
+ $as_echo "#define HAVE_ST_MTIM 1" >>confdefs.h
+
+ ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim.st__tim" "ac_cv_member_struct_stat_st_mtim_st__tim" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_mtim_st__tim" = x""yes; then :
+ $as_echo "#define HAVE_ST__TIM 1" >>confdefs.h
+
+fi
+
+else
+ ac_fn_c_check_member "$LINENO" "struct stat" "st_mtimespec" "ac_cv_member_struct_stat_st_mtimespec" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_mtimespec" = x""yes; then :
+ $as_echo "#define HAVE_ST_MTIMESPEC 1" >>confdefs.h
+
+fi
+
+fi
+
+fi
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <$ac_header_dirent>
+int
+main ()
+{
+DIR *d; (void)dirfd(d);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ $as_echo "#define HAVE_DIRFD 1" >>confdefs.h
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <$ac_header_dirent>
+int
+main ()
+{
+DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ $as_echo "#define HAVE_DD_FD 1" >>confdefs.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -n "$NEED_SNPRINTF"; then
+ case " $LIBOBJS " in
+ *" snprintf.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS snprintf.$ac_objext"
+ ;;
+esac
+
+fi
+ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket"
+if test "x$ac_cv_func_socket" = x""yes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5
+$as_echo_n "checking for socket in -lsocket... " >&6; }
+if test "${ac_cv_lib_socket_socket+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_socket_socket=yes
+else
+ ac_cv_lib_socket_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5
+$as_echo "$ac_cv_lib_socket_socket" >&6; }
+if test "x$ac_cv_lib_socket_socket" = x""yes; then :
+ NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -linet" >&5
+$as_echo_n "checking for socket in -linet... " >&6; }
+if test "${ac_cv_lib_inet_socket+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-linet $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_inet_socket=yes
+else
+ ac_cv_lib_inet_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_inet_socket" >&5
+$as_echo "$ac_cv_lib_inet_socket" >&6; }
+if test "x$ac_cv_lib_inet_socket" = x""yes; then :
+ NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to find socket() trying -lsocket -lnsl" >&5
+$as_echo "$as_me: WARNING: unable to find socket() trying -lsocket -lnsl" >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5
+$as_echo_n "checking for socket in -lsocket... " >&6; }
+if test "${ac_cv_lib_socket_socket_lnsl+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket -lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_socket_socket_lnsl=yes
+else
+ ac_cv_lib_socket_socket_lnsl=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket_lnsl" >&5
+$as_echo "$ac_cv_lib_socket_socket_lnsl" >&6; }
+if test "x$ac_cv_lib_socket_socket_lnsl" = x""yes; then :
+ NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"
+fi
+
+fi
+
+fi
+
+fi
+
+ac_fn_c_check_func "$LINENO" "inet_addr" "ac_cv_func_inet_addr"
+if test "x$ac_cv_func_inet_addr" = x""yes; then :
+
+else
+ ac_fn_c_check_func "$LINENO" "__inet_addr" "ac_cv_func___inet_addr"
+if test "x$ac_cv_func___inet_addr" = x""yes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -lnsl" >&5
+$as_echo_n "checking for inet_addr in -lnsl... " >&6; }
+if test "${ac_cv_lib_nsl_inet_addr+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inet_addr ();
+int
+main ()
+{
+return inet_addr ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_nsl_inet_addr=yes
+else
+ ac_cv_lib_nsl_inet_addr=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_inet_addr" >&5
+$as_echo "$ac_cv_lib_nsl_inet_addr" >&6; }
+if test "x$ac_cv_lib_nsl_inet_addr" = x""yes; then :
+ NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -linet" >&5
+$as_echo_n "checking for inet_addr in -linet... " >&6; }
+if test "${ac_cv_lib_inet_inet_addr+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-linet $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inet_addr ();
+int
+main ()
+{
+return inet_addr ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_inet_inet_addr=yes
+else
+ ac_cv_lib_inet_inet_addr=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_inet_inet_addr" >&5
+$as_echo "$ac_cv_lib_inet_inet_addr" >&6; }
+if test "x$ac_cv_lib_inet_inet_addr" = x""yes; then :
+ NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to find inet_addr() trying -lsocket -lnsl" >&5
+$as_echo "$as_me: WARNING: unable to find inet_addr() trying -lsocket -lnsl" >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -lsocket" >&5
+$as_echo_n "checking for inet_addr in -lsocket... " >&6; }
+if test "${ac_cv_lib_socket_inet_addr_lnsl+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket -lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inet_addr ();
+int
+main ()
+{
+return inet_addr ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_socket_inet_addr_lnsl=yes
+else
+ ac_cv_lib_socket_inet_addr_lnsl=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_inet_addr_lnsl" >&5
+$as_echo "$ac_cv_lib_socket_inet_addr_lnsl" >&6; }
+if test "x$ac_cv_lib_socket_inet_addr_lnsl" = x""yes; then :
+ NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"
+fi
+
+fi
+
+fi
+
+fi
+
+fi
+
+ac_fn_c_check_func "$LINENO" "syslog" "ac_cv_func_syslog"
+if test "x$ac_cv_func_syslog" = x""yes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslog in -lsocket" >&5
+$as_echo_n "checking for syslog in -lsocket... " >&6; }
+if test "${ac_cv_lib_socket_syslog+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char syslog ();
+int
+main ()
+{
+return syslog ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_socket_syslog=yes
+else
+ ac_cv_lib_socket_syslog=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_syslog" >&5
+$as_echo "$ac_cv_lib_socket_syslog" >&6; }
+if test "x$ac_cv_lib_socket_syslog" = x""yes; then :
+ NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslog in -lnsl" >&5
+$as_echo_n "checking for syslog in -lnsl... " >&6; }
+if test "${ac_cv_lib_nsl_syslog+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char syslog ();
+int
+main ()
+{
+return syslog ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_nsl_syslog=yes
+else
+ ac_cv_lib_nsl_syslog=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_syslog" >&5
+$as_echo "$ac_cv_lib_nsl_syslog" >&6; }
+if test "x$ac_cv_lib_nsl_syslog" = x""yes; then :
+ NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslog in -linet" >&5
+$as_echo_n "checking for syslog in -linet... " >&6; }
+if test "${ac_cv_lib_inet_syslog+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-linet $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char syslog ();
+int
+main ()
+{
+return syslog ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_inet_syslog=yes
+else
+ ac_cv_lib_inet_syslog=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_inet_syslog" >&5
+$as_echo "$ac_cv_lib_inet_syslog" >&6; }
+if test "x$ac_cv_lib_inet_syslog" = x""yes; then :
+ NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"
+fi
+
+fi
+
+fi
+
+fi
+
+for ac_func in getprogname
+do :
+ ac_fn_c_check_func "$LINENO" "getprogname" "ac_cv_func_getprogname"
+if test "x$ac_cv_func_getprogname" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETPROGNAME 1
+_ACEOF
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __progname" >&5
+$as_echo_n "checking for __progname... " >&6; }
+ if test "${sudo_cv___progname+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+extern char *__progname; (void)puts(__progname);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ sudo_cv___progname=yes
+else
+ sudo_cv___progname=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+ if test "$sudo_cv___progname" = "yes"; then
+ $as_echo "#define HAVE___PROGNAME 1" >>confdefs.h
+
+ else
+ case " $LIBOBJS " in
+ *" getprogname.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getprogname.$ac_objext"
+ ;;
+esac
+
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___progname" >&5
+$as_echo "$sudo_cv___progname" >&6; }
+
+fi
+done
+
+
+for ac_func in strsignal
+do :
+ ac_fn_c_check_func "$LINENO" "strsignal" "ac_cv_func_strsignal"
+if test "x$ac_cv_func_strsignal" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STRSIGNAL 1
+_ACEOF
+
+else
+
+ case " $LIBOBJS " in
+ *" strsignal.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strsignal.$ac_objext"
+ ;;
+esac
+
+ HAVE_SIGLIST="false"
+ ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "
+$ac_includes_default
+#include <signal.h>
+
+"
+if test "x$ac_cv_have_decl_sys_siglist" = x""yes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SYS_SIGLIST $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :
+
+ HAVE_SIGLIST="true"
+ break
+
+fi
+ac_fn_c_check_decl "$LINENO" "_sys_siglist" "ac_cv_have_decl__sys_siglist" "
+$ac_includes_default
+#include <signal.h>
+
+"
+if test "x$ac_cv_have_decl__sys_siglist" = x""yes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL__SYS_SIGLIST $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :
+
+ HAVE_SIGLIST="true"
+ break
+
+fi
+ac_fn_c_check_decl "$LINENO" "__sys_siglist" "ac_cv_have_decl___sys_siglist" "
+$ac_includes_default
+#include <signal.h>
+
+"
+if test "x$ac_cv_have_decl___sys_siglist" = x""yes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL___SYS_SIGLIST $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :
+
+ HAVE_SIGLIST="true"
+ break
+
+fi
+
+ if test "$HAVE_SIGLIST" != "true"; then
+ case " $LIBOBJS " in
+ *" siglist.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS siglist.$ac_objext"
+ ;;
+esac
+
+ fi
+
+fi
+done
+
+
+if test ${with_netsvc-"no"} != "no"; then
+ cat >>confdefs.h <<EOF
+#define _PATH_NETSVC_CONF "${with_netsvc-/etc/netsvc.conf}"
+EOF
+
+ netsvc_conf=${with_netsvc-/etc/netsvc.conf}
+elif test ${with_nsswitch-"yes"} != "no"; then
+ cat >>confdefs.h <<EOF
+#define _PATH_NSSWITCH_CONF "${with_nsswitch-/etc/nsswitch.conf}"
+EOF
+
+ nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
+fi
+
+
+if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
+ for auth in $AUTH_EXCL_DEF; do
+ case $auth in
+ AIX_AUTH) with_aixauth=maybe;;
+ BSD_AUTH) with_bsdauth=maybe;;
+ PAM) with_pam=maybe;;
+ SIA) CHECKSIA=true;;
+ esac
+ done
+fi
+
+if test ${with_pam-"no"} != "no"; then
+ case "$LIBS" in
+ *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam"
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ldl" >&5
+$as_echo_n "checking for main in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_main+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_main=yes
+else
+ ac_cv_lib_dl_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_main" >&5
+$as_echo "$ac_cv_lib_dl_main" >&6; }
+if test "x$ac_cv_lib_dl_main" = x""yes; then :
+ SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"
+else
+ SUDO_LIBS="${SUDO_LIBS} -lpam"
+fi
+
+ ac_cv_lib_dl=ac_cv_lib_dl_main
+ ;;
+ esac
+
+ for ac_header in security/pam_appl.h pam/pam_appl.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ with_pam=yes; break
+fi
+
+done
+
+ if test "$with_pam" = "yes"; then
+ $as_echo "#define HAVE_PAM 1" >>confdefs.h
+
+ AUTH_OBJS="$AUTH_OBJS pam.o";
+ AUTH_EXCL=PAM
+
+
+# Check whether --with-pam-login was given.
+if test "${with_pam_login+set}" = set; then :
+ withval=$with_pam_login; case $with_pam_login in
+ yes) $as_echo "#define HAVE_PAM_LOGIN 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use PAM login" >&5
+$as_echo_n "checking whether to use PAM login... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ ;;
+ no) ;;
+ *) as_fn_error "\"--with-pam-login does not take an argument.\"" "$LINENO" 5
+ ;;
+ esac
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use PAM session support" >&5
+$as_echo_n "checking whether to use PAM session support... " >&6; }
+ # Check whether --enable-pam_session was given.
+if test "${enable_pam_session+set}" = set; then :
+ enableval=$enable_pam_session; case "$enableval" in
+ yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ ;;
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define NO_PAM_SESSION /**/" >>confdefs.h
+
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&2;}
+ ;;
+ esac
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+
+ case $host in
+ *-*-linux*|*-*-solaris*)
+ # dgettext() may be defined to dgettext_libintl in the
+ # header file, so first check that it links w/ additional
+ # libs, then try with -lintl
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libintl.h>
+int
+main ()
+{
+(void)dgettext((char *)0, (char *)0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ $as_echo "#define HAVE_DGETTEXT 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dgettext in -lintl" >&5
+$as_echo_n "checking for dgettext in -lintl... " >&6; }
+if test "${ac_cv_lib_intl_dgettext+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lintl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dgettext ();
+int
+main ()
+{
+return dgettext ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_intl_dgettext=yes
+else
+ ac_cv_lib_intl_dgettext=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_dgettext" >&5
+$as_echo "$ac_cv_lib_intl_dgettext" >&6; }
+if test "x$ac_cv_lib_intl_dgettext" = x""yes; then :
+ LIBS="${LIBS} -lintl"
+ $as_echo "#define HAVE_DGETTEXT 1" >>confdefs.h
+
+fi
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ ;;
+ esac
+ fi
+fi
+
+if test ${with_aixauth-'no'} != "no"; then
+ if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: using AIX general authentication" >&5
+$as_echo "$as_me: using AIX general authentication" >&6;}
+ $as_echo "#define HAVE_AIXAUTH 1" >>confdefs.h
+
+ AUTH_OBJS="$AUTH_OBJS aix_auth.o";
+ SUDO_LIBS="${SUDO_LIBS} -ls"
+ AUTH_EXCL=AIX_AUTH
+ fi
+fi
+
+if test ${with_bsdauth-'no'} != "no"; then
+ ac_fn_c_check_header_mongrel "$LINENO" "bsd_auth.h" "ac_cv_header_bsd_auth_h" "$ac_includes_default"
+if test "x$ac_cv_header_bsd_auth_h" = x""yes; then :
+ $as_echo "#define HAVE_BSD_AUTH_H 1" >>confdefs.h
+
+ AUTH_OBJS="$AUTH_OBJS bsdauth.o"
+ BSDAUTH_USAGE='[-a auth_type] '
+ AUTH_EXCL=BSD_AUTH; BAMAN=1
+else
+ as_fn_error "BSD authentication was specified but bsd_auth.h could not be found" "$LINENO" 5
+fi
+
+
+fi
+
+if test ${CHECKSIA-'false'} = "true"; then
+ for ac_func in sia_ses_init
+do :
+ ac_fn_c_check_func "$LINENO" "sia_ses_init" "ac_cv_func_sia_ses_init"
+if test "x$ac_cv_func_sia_ses_init" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SIA_SES_INIT 1
+_ACEOF
+ found=true
+else
+ found=false
+fi
+done
+
+ if test "$found" = "true"; then
+ AUTH_EXCL=SIA
+ AUTH_OBJS="$AUTH_OBJS sia.o"
+ fi
+fi
+
+if test ${with_fwtk-'no'} != "no"; then
+ if test "$with_fwtk" != "yes"; then
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,+b,${with_fwtk}"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,-R${with_fwtk}"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_fwtk}"
+ fi
+
+ CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
+ with_fwtk=yes
+ fi
+ SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
+ AUTH_OBJS="$AUTH_OBJS fwtk.o"
+fi
+
+if test ${with_SecurID-'no'} != "no"; then
+ if test "$with_SecurID" != "yes"; then
+ :
+ elif test -d /usr/ace/examples; then
+ with_SecurID=/usr/ace/examples
+ else
+ with_SecurID=/usr/ace
+ fi
+ CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
+ _LDFLAGS="${LDFLAGS}"
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}"
+ ;;
+ *) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}"
+ ;;
+ esac
+ else
+ LDFLAGS="${LDFLAGS} -L${with_SecurID}"
+ fi
+ if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_SecurID}"
+ fi
+
+ #
+ # Determine whether to use the new or old SecurID API
+ #
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SD_Init in -laceclnt" >&5
+$as_echo_n "checking for SD_Init in -laceclnt... " >&6; }
+if test "${ac_cv_lib_aceclnt_SD_Init_______lpthread_______+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-laceclnt
+ -lpthread
+
+ $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char SD_Init ();
+int
+main ()
+{
+return SD_Init ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_aceclnt_SD_Init_______lpthread_______=yes
+else
+ ac_cv_lib_aceclnt_SD_Init_______lpthread_______=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&5
+$as_echo "$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&6; }
+if test "x$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" = x""yes; then :
+
+ AUTH_OBJS="$AUTH_OBJS securid5.o";
+ SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
+
+
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID}"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_SecurID}"
+ fi
+
+
+else
+
+ AUTH_OBJS="$AUTH_OBJS securid.o";
+ SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
+
+fi
+
+ LDFLAGS="${_LDFLAGS}"
+fi
+
+
+if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
+ for auth in $AUTH_DEF; do
+ case $auth in
+ passwd) : ${with_passwd='maybe'};;
+ esac
+ done
+fi
+
+if test ${with_kerb4-'no'} != "no"; then
+ $as_echo "#define HAVE_KERB4 1" >>confdefs.h
+
+ O_LDFLAGS="$LDFLAGS"
+ if test "$with_kerb4" = "yes"; then
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
+ CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <krb.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ found=yes; break
+fi
+rm -f conftest.err conftest.$ac_ext
+ done
+ test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
+ else
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib"
+ ;;
+ *) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib"
+ ;;
+ esac
+ else
+ LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_kerb4}/lib"
+ fi
+
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_kerb4}/lib"
+ fi
+
+ CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
+ ac_fn_c_check_header_mongrel "$LINENO" "krb.h" "ac_cv_header_krb_h" "$ac_includes_default"
+if test "x$ac_cv_header_krb_h" = x""yes; then :
+ found=yes
+else
+ found=no
+fi
+
+
+ fi
+ if test X"$found" = X"no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;}
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5
+$as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; }
+if test "${ac_cv_lib_des_des_cbc_encrypt+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldes $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char des_cbc_encrypt ();
+int
+main ()
+{
+return des_cbc_encrypt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_des_des_cbc_encrypt=yes
+else
+ ac_cv_lib_des_des_cbc_encrypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5
+$as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; }
+if test "x$ac_cv_lib_des_des_cbc_encrypt" = x""yes; then :
+ K4LIBS="-ldes"
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes425" >&5
+$as_echo_n "checking for des_cbc_encrypt in -ldes425... " >&6; }
+if test "${ac_cv_lib_des425_des_cbc_encrypt+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldes425 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char des_cbc_encrypt ();
+int
+main ()
+{
+return des_cbc_encrypt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_des425_des_cbc_encrypt=yes
+else
+ ac_cv_lib_des425_des_cbc_encrypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des425_des_cbc_encrypt" >&5
+$as_echo "$ac_cv_lib_des425_des_cbc_encrypt" >&6; }
+if test "x$ac_cv_lib_des425_des_cbc_encrypt" = x""yes; then :
+ K4LIBS="-ldes425"
+else
+ K4LIBS=""
+fi
+
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using KTH Kerberos IV" >&5
+$as_echo_n "checking whether we are using KTH Kerberos IV... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <krb.h>
+int
+main ()
+{
+const char *tmp = krb4_version;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ K4LIBS="${K4LIBS} -lcom_err"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lroken" >&5
+$as_echo_n "checking for main in -lroken... " >&6; }
+if test "${ac_cv_lib_roken_main+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lroken $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_roken_main=yes
+else
+ ac_cv_lib_roken_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_main" >&5
+$as_echo "$ac_cv_lib_roken_main" >&6; }
+if test "x$ac_cv_lib_roken_main" = x""yes; then :
+ K4LIBS="${K4LIBS} -lroken"
+fi
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ as_ac_Lib=`$as_echo "ac_cv_lib_krb_main$K4LIBS" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb" >&5
+$as_echo_n "checking for main in -lkrb... " >&6; }
+if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb $K4LIBS $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$as_ac_Lib=yes"
+else
+ eval "$as_ac_Lib=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+eval ac_res=\$$as_ac_Lib
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+eval as_val=\$$as_ac_Lib
+ if test "x$as_val" = x""yes; then :
+ K4LIBS="-lkrb $K4LIBS"
+else
+
+ as_ac_Lib=`$as_echo "ac_cv_lib_krb4_main$K4LIBS" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb4" >&5
+$as_echo_n "checking for main in -lkrb4... " >&6; }
+if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb4 $K4LIBS $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$as_ac_Lib=yes"
+else
+ eval "$as_ac_Lib=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+eval ac_res=\$$as_ac_Lib
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+eval as_val=\$$as_ac_Lib
+ if test "x$as_val" = x""yes; then :
+ K4LIBS="-lkrb4 $K4LIBS"
+else
+ K4LIBS="-lkrb $K4LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS" >&5
+$as_echo "$as_me: WARNING: Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS" >&2;}
+
+fi
+
+
+fi
+
+ LDFLAGS="$O_LDFLAGS"
+ SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
+ AUTH_OBJS="$AUTH_OBJS kerb4.o"
+fi
+
+if test ${with_kerb5-'no'} != "no"; then
+ # Extract the first word of "krb5-config", so it can be a program name with args.
+set dummy krb5-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_KRB5CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$KRB5CONFIG"; then
+ ac_cv_prog_KRB5CONFIG="$KRB5CONFIG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_KRB5CONFIG="yes"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_prog_KRB5CONFIG" && ac_cv_prog_KRB5CONFIG=""""
+fi
+fi
+KRB5CONFIG=$ac_cv_prog_KRB5CONFIG
+if test -n "$KRB5CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONFIG" >&5
+$as_echo "$KRB5CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test -n "$KRB5CONFIG"; then
+ $as_echo "#define HAVE_KERB5 1" >>confdefs.h
+
+ AUTH_OBJS="$AUTH_OBJS kerb5.o"
+ CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
+ SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
+$as_echo_n "checking whether we are using Heimdal... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <krb5.h>
+int
+main ()
+{
+const char *tmp = heimdal_version;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define HAVE_HEIMDAL 1" >>confdefs.h
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+fi
+if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
+ $as_echo "#define HAVE_KERB5 1" >>confdefs.h
+
+ if test "$with_kerb5" = "yes"; then
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
+ CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <krb5.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ found=yes; break
+fi
+rm -f conftest.err conftest.$ac_ext
+ done
+ if test X"$found" = X"no"; then
+ CPPFLAGS="$O_CPPFLAGS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;}
+ fi
+ else
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,+b,${with_kerb5}/lib"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,-R${with_kerb5}/lib"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_kerb5}/lib"
+ fi
+
+ CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
+$as_echo_n "checking whether we are using Heimdal... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <krb5.h>
+int
+main ()
+{
+const char *tmp = heimdal_version;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define HAVE_HEIMDAL 1" >>confdefs.h
+
+ # XXX - need to check whether -lcrypo is needed!
+ SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lroken" >&5
+$as_echo_n "checking for main in -lroken... " >&6; }
+if test "${ac_cv_lib_roken_main+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lroken $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_roken_main=yes
+else
+ ac_cv_lib_roken_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_main" >&5
+$as_echo "$ac_cv_lib_roken_main" >&6; }
+if test "x$ac_cv_lib_roken_main" = x""yes; then :
+ SUDO_LIBS="${SUDO_LIBS} -lroken"
+fi
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb5support" >&5
+$as_echo_n "checking for main in -lkrb5support... " >&6; }
+if test "${ac_cv_lib_krb5support_main+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5support $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_krb5support_main=yes
+else
+ ac_cv_lib_krb5support_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_main" >&5
+$as_echo "$ac_cv_lib_krb5support_main" >&6; }
+if test "x$ac_cv_lib_krb5support_main" = x""yes; then :
+ SUDO_LIBS="${SUDO_LIBS} -lkrb5support"
+fi
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ AUTH_OBJS="$AUTH_OBJS kerb5.o"
+ _LIBS="$LIBS"
+ LIBS="${LIBS} ${SUDO_LIBS}"
+ for ac_func in krb5_verify_user krb5_init_secure_context
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ for ac_func in krb5_get_init_creds_opt_alloc
+do :
+ ac_fn_c_check_func "$LINENO" "krb5_get_init_creds_opt_alloc" "ac_cv_func_krb5_get_init_creds_opt_alloc"
+if test "x$ac_cv_func_krb5_get_init_creds_opt_alloc" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether krb5_get_init_creds_opt_free takes a context" >&5
+$as_echo_n "checking whether krb5_get_init_creds_opt_free takes a context... " >&6; }
+if test "${sudo_cv_krb5_get_init_creds_opt_free_two_args+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <krb5.h>
+int
+main ()
+{
+krb5_get_init_creds_opt_free(NULL, NULL);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ sudo_cv_krb5_get_init_creds_opt_free_two_args=yes
+else
+ sudo_cv_krb5_get_init_creds_opt_free_two_args=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_krb5_get_init_creds_opt_free_two_args" >&5
+$as_echo "$sudo_cv_krb5_get_init_creds_opt_free_two_args" >&6; }
+
+fi
+done
+
+ if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
+ $as_echo "#define HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS 1" >>confdefs.h
+
+ fi
+ LIBS="$_LIBS"
+fi
+
+if test ${with_AFS-'no'} = "yes"; then
+
+ # looks like the "standard" place for AFS libs is /usr/afsws/lib
+ AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
+ for i in $AFSLIBDIRS; do
+ if test -d ${i}; then
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,+b,$i"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,-R$i"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:$i"
+ fi
+
+ FOUND_AFSLIBDIR=true
+ fi
+ done
+ if test -z "$FOUND_AFSLIBDIR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options." >&5
+$as_echo "$as_me: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options." >&2;}
+ fi
+
+ # Order is important here. Note that we build AFS_LIBS from right to left
+ # since AFS_LIBS may be initialized with BSD compat libs that must go last
+ AFS_LIBS="-laudit ${AFS_LIBS}"
+ for i in $AFSLIBDIRS; do
+ if test -f ${i}/util.a; then
+ AFS_LIBS="${i}/util.a ${AFS_LIBS}"
+ FOUND_UTIL_A=true
+ break;
+ fi
+ done
+ if test -z "$FOUND_UTIL_A"; then
+ AFS_LIBS="-lutil ${AFS_LIBS}"
+ fi
+ AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
+
+ # AFS includes may live in /usr/include on some machines...
+ for i in /usr/afsws/include; do
+ if test -d ${i}; then
+ CPPFLAGS="${CPPFLAGS} -I${i}"
+ FOUND_AFSINCDIR=true
+ fi
+ done
+
+ if test -z "$FOUND_AFSLIBDIR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&5
+$as_echo "$as_me: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&2;}
+ fi
+
+ AUTH_OBJS="$AUTH_OBJS afs.o"
+fi
+
+if test ${with_DCE-'no'} = "yes"; then
+ DCE_OBJS="${DCE_OBJS} dce_pwent.o"
+ SUDO_LIBS="${SUDO_LIBS} -ldce"
+ AUTH_OBJS="$AUTH_OBJS dce.o"
+fi
+
+if test ${with_skey-'no'} = "yes"; then
+ O_LDFLAGS="$LDFLAGS"
+ if test "$with_skey" != "yes"; then
+ CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib"
+ ;;
+ *) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib"
+ ;;
+ esac
+ else
+ LDFLAGS="${LDFLAGS} -L${with_skey}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_skey}/lib"
+ fi
+
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_skey}/lib"
+ fi
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <skey.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ found=yes
+else
+ found=no
+fi
+rm -f conftest.err conftest.$ac_ext
+ else
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "/usr/local" "/usr/contrib"; do
+ test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <skey.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ found=yes; break
+fi
+rm -f conftest.err conftest.$ac_ext
+ done
+ if test "$found" = "no" -o -z "$dir"; then
+ CPPFLAGS="$O_CPPFLAGS"
+ else
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
+ ;;
+ *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
+ ;;
+ esac
+ else
+ LDFLAGS="${LDFLAGS} -L${dir}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${dir}/lib"
+ fi
+
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${dir}/lib"
+ fi
+
+ fi
+ fi
+ if test "$found" = "no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&2;}
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lskey" >&5
+$as_echo_n "checking for main in -lskey... " >&6; }
+if test "${ac_cv_lib_skey_main+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lskey $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_skey_main=yes
+else
+ ac_cv_lib_skey_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_main" >&5
+$as_echo "$ac_cv_lib_skey_main" >&6; }
+if test "x$ac_cv_lib_skey_main" = x""yes; then :
+ found=yes
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS" >&2;}
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for skeyaccess in -lskey" >&5
+$as_echo_n "checking for skeyaccess in -lskey... " >&6; }
+if test "${ac_cv_lib_skey_skeyaccess+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lskey $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char skeyaccess ();
+int
+main ()
+{
+return skeyaccess ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_skey_skeyaccess=yes
+else
+ ac_cv_lib_skey_skeyaccess=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_skeyaccess" >&5
+$as_echo "$ac_cv_lib_skey_skeyaccess" >&6; }
+if test "x$ac_cv_lib_skey_skeyaccess" = x""yes; then :
+ $as_echo "#define HAVE_SKEYACCESS 1" >>confdefs.h
+
+fi
+
+ LDFLAGS="$O_LDFLAGS"
+ SUDO_LIBS="${SUDO_LIBS} -lskey"
+ AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+fi
+
+if test ${with_opie-'no'} = "yes"; then
+ O_LDFLAGS="$LDFLAGS"
+ if test "$with_opie" != "yes"; then
+ CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib"
+ ;;
+ *) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib"
+ ;;
+ esac
+ else
+ LDFLAGS="${LDFLAGS} -L${with_opie}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_opie}/lib"
+ fi
+
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_opie}/lib"
+ fi
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <opie.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ found=yes
+else
+ found=no
+fi
+rm -f conftest.err conftest.$ac_ext
+ else
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "/usr/local" "/usr/contrib"; do
+ test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <opie.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ found=yes; break
+fi
+rm -f conftest.err conftest.$ac_ext
+ done
+ if test "$found" = "no" -o -z "$dir"; then
+ CPPFLAGS="$O_CPPFLAGS"
+ else
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
+ ;;
+ *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
+ ;;
+ esac
+ else
+ LDFLAGS="${LDFLAGS} -L${dir}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${dir}/lib"
+ fi
+
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${dir}/lib"
+ fi
+
+ fi
+ fi
+ if test "$found" = "no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&2;}
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lopie" >&5
+$as_echo_n "checking for main in -lopie... " >&6; }
+if test "${ac_cv_lib_opie_main+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lopie $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+int
+main ()
+{
+return main ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_opie_main=yes
+else
+ ac_cv_lib_opie_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_opie_main" >&5
+$as_echo "$ac_cv_lib_opie_main" >&6; }
+if test "x$ac_cv_lib_opie_main" = x""yes; then :
+ found=yes
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS" >&2;}
+fi
+
+ LDFLAGS="$O_LDFLAGS"
+ SUDO_LIBS="${SUDO_LIBS} -lopie"
+ AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+fi
+
+if test ${with_passwd-'no'} != "no"; then
+ if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
+$as_echo_n "checking for library containing crypt... " >&6; }
+if test "${ac_cv_search_crypt+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char crypt ();
+int
+main ()
+{
+return crypt ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' crypt crypt_d ufc; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_crypt=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if test "${ac_cv_search_crypt+set}" = set; then :
+ break
+fi
+done
+if test "${ac_cv_search_crypt+set}" = set; then :
+
+else
+ ac_cv_search_crypt=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypt" >&5
+$as_echo "$ac_cv_search_crypt" >&6; }
+ac_res=$ac_cv_search_crypt
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"
+fi
+
+ fi
+
+ if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
+ _LIBS="$LIBS"
+ LIBS="$LIBS $shadow_libs"
+ found=no
+ for ac_func in $shadow_funcs
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ found=yes
+fi
+done
+
+ if test "$found" = "yes"; then
+ SUDO_LIBS="$SUDO_LIBS $shadow_libs"
+ elif test -n "$shadow_libs_optional"; then
+ LIBS="$LIBS $shadow_libs_optional"
+ for ac_func in $shadow_funcs
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ found=yes
+fi
+done
+
+ if test "$found" = "yes"; then
+ SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
+ fi
+ fi
+ if test "$found" = "yes"; then
+ case "$shadow_funcs" in
+ *getprpwnam*) SECUREWARE=1;;
+ esac
+ test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
+ else
+ LIBS="$_LIBS"
+ fi
+ CHECKSHADOW=false
+ fi
+ if test "$CHECKSHADOW" = "true"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getspnam" >&5
+$as_echo_n "checking for library containing getspnam... " >&6; }
+if test "${ac_cv_search_getspnam+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getspnam ();
+int
+main ()
+{
+return getspnam ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' gen; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_getspnam=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if test "${ac_cv_search_getspnam+set}" = set; then :
+ break
+fi
+done
+if test "${ac_cv_search_getspnam+set}" = set; then :
+
+else
+ ac_cv_search_getspnam=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getspnam" >&5
+$as_echo "$ac_cv_search_getspnam" >&6; }
+ac_res=$ac_cv_search_getspnam
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ $as_echo "#define HAVE_GETSPNAM 1" >>confdefs.h
+ CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"
+fi
+
+ fi
+ if test "$CHECKSHADOW" = "true"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getprpwnam" >&5
+$as_echo_n "checking for library containing getprpwnam... " >&6; }
+if test "${ac_cv_search_getprpwnam+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getprpwnam ();
+int
+main ()
+{
+return getprpwnam ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' sec security prot; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_getprpwnam=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if test "${ac_cv_search_getprpwnam+set}" = set; then :
+ break
+fi
+done
+if test "${ac_cv_search_getprpwnam+set}" = set; then :
+
+else
+ ac_cv_search_getprpwnam=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getprpwnam" >&5
+$as_echo "$ac_cv_search_getprpwnam" >&6; }
+ac_res=$ac_cv_search_getprpwnam
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ $as_echo "#define HAVE_GETPRPWNAM 1" >>confdefs.h
+ CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"
+fi
+
+ fi
+ if test -n "$SECUREWARE"; then
+ for ac_func in bigcrypt set_auth_parameters initprivs
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ AUTH_OBJS="$AUTH_OBJS secureware.o"
+ fi
+fi
+
+if test ${with_ldap-'no'} != "no"; then
+ _LDFLAGS="$LDFLAGS"
+ if test "$with_ldap" != "yes"; then
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib"
+ ;;
+ *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib"
+ ;;
+ esac
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_ldap}/lib"
+ fi
+
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib"
+ ;;
+ *) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib"
+ ;;
+ esac
+ else
+ LDFLAGS="${LDFLAGS} -L${with_ldap}/lib"
+ fi
+ if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:${with_ldap}/lib"
+ fi
+
+ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
+ with_ldap=yes
+ fi
+ SUDO_OBJS="${SUDO_OBJS} ldap.o"
+ LDAP=""
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LDAP libraries" >&5
+$as_echo_n "checking for LDAP libraries... " >&6; }
+ LDAP_LIBS=""
+ _LIBS="$LIBS"
+ found=no
+ for l in -lldap -llber '-lssl -lcrypto'; do
+ LIBS="${LIBS} $l"
+ LDAP_LIBS="${LDAP_LIBS} $l"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <lber.h>
+ #include <ldap.h>
+int
+main ()
+{
+(void)ldap_init(0, 0)
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ found=yes; break
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ if test "$found" = "no"; then
+ LIBS="${_LIBS} -lldap"
+ LDAP_LIBS="-lldap"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found, using -lldap" >&5
+$as_echo "not found, using -lldap" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDAP_LIBS" >&5
+$as_echo "$LDAP_LIBS" >&6; }
+ fi
+ OLIBS="$LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ber_set_option" >&5
+$as_echo_n "checking for library containing ber_set_option... " >&6; }
+if test "${ac_cv_search_ber_set_option+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ber_set_option ();
+int
+main ()
+{
+return ber_set_option ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' lber; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_ber_set_option=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if test "${ac_cv_search_ber_set_option+set}" = set; then :
+ break
+fi
+done
+if test "${ac_cv_search_ber_set_option+set}" = set; then :
+
+else
+ ac_cv_search_ber_set_option=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ber_set_option" >&5
+$as_echo "$ac_cv_search_ber_set_option" >&6; }
+ac_res=$ac_cv_search_ber_set_option
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ found=yes
+else
+ found=no
+fi
+
+ if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
+ LDAP_LIBS="$LDAP_LIBS -llber"
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lber.h is needed" >&5
+$as_echo_n "checking whether lber.h is needed... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <ldap.h>
+int
+main ()
+{
+(void)ldap_init(0, 0)
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define HAVE_LBER_H 1" >>confdefs.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ for ac_header in sasl/sasl.h sasl.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ for ac_func in ldap_sasl_interactive_bind_s
+do :
+ ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind_s" "ac_cv_func_ldap_sasl_interactive_bind_s"
+if test "x$ac_cv_func_ldap_sasl_interactive_bind_s" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LDAP_SASL_INTERACTIVE_BIND_S 1
+_ACEOF
+
+fi
+done
+
+else
+ break
+fi
+
+done
+
+ for ac_header in ldap_ssl.h mps/ldap_ssl.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <ldap.h>
+"
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+
+done
+
+ for ac_func in ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+ if test X"$check_gss_krb5_ccache_name" = X"yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi" >&5
+$as_echo_n "checking for gss_krb5_ccache_name in -lgssapi... " >&6; }
+if test "${ac_cv_lib_gssapi_gss_krb5_ccache_name+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_krb5_ccache_name ();
+int
+main ()
+{
+return gss_krb5_ccache_name ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gssapi_gss_krb5_ccache_name=yes
+else
+ ac_cv_lib_gssapi_gss_krb5_ccache_name=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_krb5_ccache_name" >&5
+$as_echo "$ac_cv_lib_gssapi_gss_krb5_ccache_name" >&6; }
+if test "x$ac_cv_lib_gssapi_gss_krb5_ccache_name" = x""yes; then :
+ $as_echo "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h
+
+ LDAP_LIBS="${LDAP_LIBS} -lgssapi"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi_krb5" >&5
+$as_echo_n "checking for gss_krb5_ccache_name in -lgssapi_krb5... " >&6; }
+if test "${ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi_krb5 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_krb5_ccache_name ();
+int
+main ()
+{
+return gss_krb5_ccache_name ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name=yes
+else
+ ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&5
+$as_echo "$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&6; }
+if test "x$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" = x""yes; then :
+ $as_echo "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h
+
+ LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"
+fi
+
+
+fi
+
+
+ # gssapi headers may be separate or part of Kerberos V
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
+ test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <gssapi/gssapi.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ found="gssapi/gssapi.h"; break
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <gssapi.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ found="gssapi.h"; break
+fi
+rm -f conftest.err conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_ext
+ done
+ if test X"$found" != X"no"; then
+ for ac_header in $found
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ if test X"$found" = X"gssapi/gssapi.h"; then
+ for ac_header in gssapi/gssapi_krb5.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi/gssapi_krb5.h" "ac_cv_header_gssapi_gssapi_krb5_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_gssapi_krb5_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_GSSAPI_KRB5_H 1
+_ACEOF
+
+fi
+
+done
+
+ fi
+ else
+ CPPFLAGS="$O_CPPFLAGS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&2;}
+ fi
+ fi
+
+ SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
+ LIBS="$_LIBS"
+ LDFLAGS="$_LDFLAGS"
+fi
+
+if test X"$LIBVAS_RPATH" != X""; then
+ if test -n "$blibpath"; then
+ blibpath_add="${blibpath_add}:$LIBVAS_RPATH"
+ else
+ case "$host" in
+ *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH"
+ ;;
+ *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH"
+ ;;
+ esac
+ fi
+fi
+
+if test -n "$blibpath"; then
+ if test -n "$blibpath_add"; then
+ SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
+ elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
+ SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
+ fi
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for log file location" >&5
+$as_echo_n "checking for log file location... " >&6; }
+if test -n "$with_logpath"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_logpath" >&5
+$as_echo "$with_logpath" >&6; }
+ cat >>confdefs.h <<EOF
+#define _PATH_SUDO_LOGFILE "$with_logpath"
+EOF
+
+elif test -d "/var/log"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: /var/log/sudo.log" >&5
+$as_echo "/var/log/sudo.log" >&6; }
+ cat >>confdefs.h <<\EOF
+#define _PATH_SUDO_LOGFILE "/var/log/sudo.log"
+EOF
+
+elif test -d "/var/adm"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: /var/adm/sudo.log" >&5
+$as_echo "/var/adm/sudo.log" >&6; }
+ cat >>confdefs.h <<\EOF
+#define _PATH_SUDO_LOGFILE "/var/adm/sudo.log"
+EOF
+
+elif test -d "/usr/adm"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/adm/sudo.log" >&5
+$as_echo "/usr/adm/sudo.log" >&6; }
+ cat >>confdefs.h <<\EOF
+#define _PATH_SUDO_LOGFILE "/usr/adm/sudo.log"
+EOF
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5
+$as_echo "unknown" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for timestamp file location" >&5
+$as_echo_n "checking for timestamp file location... " >&6; }
+timedir="$with_timedir"
+if test -z "$timedir"; then
+ for d in /var/db /var/lib /var/adm /usr/adm; do
+ if test -d "$d"; then
+ timedir="$d/sudo"
+ break
+ fi
+ done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $timedir" >&5
+$as_echo "$timedir" >&6; }
+cat >>confdefs.h <<EOF
+#define _PATH_SUDO_TIMEDIR "$timedir"
+EOF
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for I/O log dir location" >&5
+$as_echo_n "checking for I/O log dir location... " >&6; }
+ if test "${with_iologdir-yes}" != "yes"; then
+ :
+ elif test -d "/var/log"; then
+ with_iologdir="/var/log/sudo-io"
+ elif test -d "/var/adm"; then
+ with_iologdir="/var/adm/sudo-io"
+ else
+ with_iologdir="/usr/adm/sudo-io"
+ fi
+ if test "${with_iologdir-yes}" != "no"; then
+ cat >>confdefs.h <<EOF
+#define _PATH_SUDO_IO_LOGDIR "$with_iologdir"
+EOF
+
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_iologdir" >&5
+$as_echo "$with_iologdir" >&6; }
+
+
+if test "${with_iologdir-yes}" != "no"; then
+ # Require POSIX job control for I/O log support
+ for ac_func in tcsetpgrp
+do :
+ ac_fn_c_check_func "$LINENO" "tcsetpgrp" "ac_cv_func_tcsetpgrp"
+if test "x$ac_cv_func_tcsetpgrp" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_TCSETPGRP 1
+_ACEOF
+
+ SUDO_OBJS="${SUDO_OBJS} exec_pty.o get_pty.o iolog.o"
+ PROGS="$PROGS sudoreplay"
+ REPLAY=""
+
+ # Check whether --enable-zlib was given.
+if test "${enable_zlib+set}" = set; then :
+ enableval=$enable_zlib; case "$enable_zlib" in
+ yes) $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h
+
+ ZLIB="-lz"
+ ;;
+ no) ;;
+ *) $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h
+
+ CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
+
+ if test X"$with_rpath" = X"yes"; then
+ case "$host" in
+ *-*-hpux*) ZLIB="${ZLIB} -L$enable_zlib/lib -Wl,+b,$enable_zlib/lib"
+ ;;
+ *) ZLIB="${ZLIB} -L$enable_zlib/lib -Wl,-R$enable_zlib/lib"
+ ;;
+ esac
+ else
+ ZLIB="${ZLIB} -L$enable_zlib/lib"
+ fi
+ if test X"$blibpath" != X"" -a "ZLIB" = "SUDO_LDFLAGS"; then
+ blibpath_add="${blibpath_add}:$enable_zlib/lib"
+ fi
+
+ ZLIB="${ZLIB} -lz"
+ ;;
+ esac
+
+fi
+
+ if test X"$enable_zlib" = X""; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gzdopen in -lz" >&5
+$as_echo_n "checking for gzdopen in -lz... " >&6; }
+if test "${ac_cv_lib_z_gzdopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lz $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gzdopen ();
+int
+main ()
+{
+return gzdopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_z_gzdopen=yes
+else
+ ac_cv_lib_z_gzdopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_gzdopen" >&5
+$as_echo "$ac_cv_lib_z_gzdopen" >&6; }
+if test "x$ac_cv_lib_z_gzdopen" = x""yes; then :
+
+ for ac_header in zlib.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_zlib_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_ZLIB_H 1
+_ACEOF
+ ZLIB="-lz"
+fi
+
+done
+
+
+fi
+
+ fi
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Disabling I/O log support due to lack of tcsetpgrp function" >&5
+$as_echo "$as_me: WARNING: Disabling I/O log support due to lack of tcsetpgrp function" >&2;}
+ with_iologdir=no
+
+fi
+done
+
+fi
+
+case "$with_passwd" in
+yes|maybe)
+ AUTH_OBJS="$AUTH_OBJS passwd.o"
+ ;;
+*)
+ $as_echo "#define WITHOUT_PASSWD 1" >>confdefs.h
+
+ if test -z "$AUTH_OBJS"; then
+ as_fn_error "no authentication methods defined." "$LINENO" 5
+ fi
+ ;;
+esac
+AUTH_OBJS=${AUTH_OBJS# }
+_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: using the following authentication methods: $_AUTH" >&5
+$as_echo "$as_me: using the following authentication methods: $_AUTH" >&6;}
+
+if test -n "$LIBS"; then
+ L="$LIBS"
+ LIBS=
+ for l in ${L}; do
+ dupe=0
+ for sl in ${SUDO_LIBS} ${NET_LIBS}; do
+ test $l = $sl && dupe=1
+ done
+ test $dupe = 0 && LIBS="${LIBS} $l"
+ done
+fi
+
+test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
+
+if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
+ oexec_prefix="$exec_prefix"
+ if test "$exec_prefix" = '$(prefix)'; then
+ if test "$prefix" = "NONE"; then
+ exec_prefix="$ac_default_prefix"
+ else
+ exec_prefix="$prefix"
+ fi
+ fi
+ if test X"$with_noexec" != X"no"; then
+ PROGS="${PROGS} libsudo_noexec.la"
+ INSTALL_NOEXEC="install-noexec"
+
+ eval noexec_file="$with_noexec"
+ cat >>confdefs.h <<EOF
+#define _PATH_SUDO_NOEXEC "$noexec_file"
+EOF
+
+ fi
+ if test X"$with_selinux" != X"no"; then
+ eval sesh_file="$libexecdir/sesh"
+ cat >>confdefs.h <<EOF
+#define _PATH_SUDO_SESH "$sesh_file"
+EOF
+
+ fi
+ exec_prefix="$oexec_prefix"
+fi
+
+if test X"$prefix" = X"NONE"; then
+ test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
+else
+ test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
+fi
+test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
+test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
+test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
+test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
+test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
+test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
+test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
+
+ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+
+ (set) 2>&1 |
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;; #(
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+) |
+ sed '
+ /^ac_cv_env_/b end
+ t clear
+ :clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ t end
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ test "x$cache_file" != "x/dev/null" &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ cat confcache >$cache_file
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error ERROR [LINENO LOG_FD]
+# ---------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with status $?, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$?; test $as_status -eq 0 && as_status=1
+ if test "$3"; then
+ as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3
+ fi
+ $as_echo "$as_me: error: $1" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by sudo $as_me 1.7.4p4, which was
+generated by GNU Autoconf 2.65. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number and configuration settings, then exit
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <http://www.sudo.ws/bugs/>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+sudo config.status 1.7.4p4
+configured by $0, generated by GNU Autoconf 2.65,
+ with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2009 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ *)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ as_fn_error "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+ --help | --hel | -h )
+ $as_echo "$ac_cs_usage"; exit ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) as_fn_error "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+ *) as_fn_append ac_config_targets " $1"
+ ac_need_defaults=false ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+ set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
+ export CONFIG_SHELL
+ exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+ $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`'
+macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`'
+enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`'
+pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`'
+enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`'
+host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`'
+host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`'
+host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`'
+build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`'
+build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`'
+build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`'
+SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`'
+Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`'
+GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`'
+EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`'
+FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`'
+LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`'
+NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`'
+LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`'
+max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`'
+ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`'
+exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`'
+lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`'
+lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`'
+lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`'
+reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`'
+reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+OBJDUMP='`$ECHO "X$OBJDUMP" | $Xsed -e "$delay_single_quote_subst"`'
+deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`'
+file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`'
+AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`'
+AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`'
+RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`'
+old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`'
+CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`'
+GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`'
+SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`'
+ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`'
+MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`'
+need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`'
+DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`'
+NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`'
+LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`'
+libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`'
+shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`'
+export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`'
+allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`'
+inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`'
+link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`'
+fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`'
+always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`'
+export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`'
+variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`'
+need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`'
+version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`'
+runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`'
+libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`'
+soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`'
+old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`'
+striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`'
+
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in SED \
+GREP \
+EGREP \
+FGREP \
+LD \
+NM \
+LN_S \
+lt_SP2NL \
+lt_NL2SP \
+reload_flag \
+OBJDUMP \
+deplibs_check_method \
+file_magic_cmd \
+AR \
+AR_FLAGS \
+STRIP \
+RANLIB \
+CC \
+CFLAGS \
+compiler \
+lt_cv_sys_global_symbol_pipe \
+lt_cv_sys_global_symbol_to_cdecl \
+lt_cv_sys_global_symbol_to_c_name_address \
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
+SHELL \
+ECHO \
+lt_prog_compiler_no_builtin_flag \
+lt_prog_compiler_wl \
+lt_prog_compiler_pic \
+lt_prog_compiler_static \
+lt_cv_prog_compiler_c_o \
+need_locks \
+DSYMUTIL \
+NMEDIT \
+LIPO \
+OTOOL \
+OTOOL64 \
+shrext_cmds \
+export_dynamic_flag_spec \
+whole_archive_flag_spec \
+compiler_needs_object \
+with_gnu_ld \
+allow_undefined_flag \
+no_undefined_flag \
+hardcode_libdir_flag_spec \
+hardcode_libdir_flag_spec_ld \
+hardcode_libdir_separator \
+fix_srcfile_path \
+exclude_expsyms \
+include_expsyms \
+file_list_spec \
+variables_saved_for_relink \
+libname_spec \
+library_names_spec \
+soname_spec \
+finish_eval \
+old_striplib \
+striplib; do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Double-quote double-evaled strings.
+for var in reload_cmds \
+old_postinstall_cmds \
+old_postuninstall_cmds \
+old_archive_cmds \
+extract_expsyms_cmds \
+old_archive_from_new_cmds \
+old_archive_from_expsyms_cmds \
+archive_cmds \
+archive_expsym_cmds \
+module_cmds \
+module_expsym_cmds \
+export_symbols_cmds \
+prelink_cmds \
+postinstall_cmds \
+postuninstall_cmds \
+finish_cmds \
+sys_lib_search_path_spec \
+sys_lib_dlsearch_path_spec; do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\$0 --fallback-echo"') lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\`
+ ;;
+esac
+
+ac_aux_dir='$ac_aux_dir'
+xsi_shell='$xsi_shell'
+lt_shell_append='$lt_shell_append'
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+
+ PACKAGE='$PACKAGE'
+ VERSION='$VERSION'
+ TIMESTAMP='$TIMESTAMP'
+ RM='$RM'
+ ofile='$ofile'
+
+
+
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+ case $ac_config_target in
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+ "pathnames.h") CONFIG_HEADERS="$CONFIG_HEADERS pathnames.h" ;;
+ "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "sudo.man") CONFIG_FILES="$CONFIG_FILES sudo.man" ;;
+ "visudo.man") CONFIG_FILES="$CONFIG_FILES visudo.man" ;;
+ "sudoers.man") CONFIG_FILES="$CONFIG_FILES sudoers.man" ;;
+ "sudoers.ldap.man") CONFIG_FILES="$CONFIG_FILES sudoers.ldap.man" ;;
+ "sudoreplay.man") CONFIG_FILES="$CONFIG_FILES sudoreplay.man" ;;
+ "sudo_usage.h") CONFIG_FILES="$CONFIG_FILES sudo_usage.h" ;;
+ "sudoers") CONFIG_FILES="$CONFIG_FILES sudoers" ;;
+
+ *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+ esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+ tmp=
+ trap 'exit_status=$?
+ { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+ trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -n "$tmp" && test -d "$tmp"
+} ||
+{
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\r'
+else
+ ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ . ./conf$$subs.sh ||
+ as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5
+
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
+ break
+ elif $ac_last_try; then
+ as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = "�"
+
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+ || as_fn_error "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[ ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[ ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_t"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = "�"
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+ esac
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+ fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$tmp/stdin" \
+ || as_fn_error "could not create $ac_file" "$LINENO" 5 ;;
+ esac
+ ;;
+ esac
+
+ ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir="$ac_dir"; as_fn_mkdir_p
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+ || as_fn_error "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined." >&2;}
+
+ rm -f "$tmp/stdin"
+ case $ac_file in
+ -) cat "$tmp/out" && rm -f "$tmp/out";;
+ *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error "could not create $ac_file" "$LINENO" 5
+ ;;
+ :H)
+ #
+ # CONFIG_HEADER
+ #
+ if test x"$ac_file" != x-; then
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+ } >"$tmp/config.h" \
+ || as_fn_error "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f "$ac_file"
+ mv "$tmp/config.h" "$ac_file" \
+ || as_fn_error "could not create $ac_file" "$LINENO" 5
+ fi
+ else
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error "could not create -" "$LINENO" 5
+ fi
+ ;;
+
+ :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+ esac
+
+
+ case $ac_file$ac_mode in
+ "libtool":C)
+
+ # See if we are running on zsh, and set the options which allow our
+ # commands through without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+
+ cfgfile="${ofile}T"
+ trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+ $RM "$cfgfile"
+
+ cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+
+# The names of the tagged configurations supported by this script.
+available_tags=""
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Which release of libtool.m4 was used?
+macro_version=$macro_version
+macro_revision=$macro_revision
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# What type of objects to build.
+pic_mode=$pic_mode
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="\$SED -e 1s/^X//"
+
+# A grep program that handles long lines.
+GREP=$lt_GREP
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# A literal string matcher.
+FGREP=$lt_FGREP
+
+# A BSD- or MS-compatible name lister.
+NM=$lt_NM
+
+# Whether we need soft or hard links.
+LN_S=$lt_LN_S
+
+# What is the maximum length of a command?
+max_cmd_len=$max_cmd_len
+
+# Object file suffix (normally "o").
+objext=$ac_objext
+
+# Executable file suffix (normally "").
+exeext=$exeext
+
+# whether the shell understands "unset".
+lt_unset=$lt_unset
+
+# turn spaces into newlines.
+SP2NL=$lt_lt_SP2NL
+
+# turn newlines into spaces.
+NL2SP=$lt_lt_NL2SP
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# An object symbol dumper.
+OBJDUMP=$lt_OBJDUMP
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == "file_magic".
+file_magic_cmd=$lt_file_magic_cmd
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A symbol stripping program.
+STRIP=$lt_STRIP
+
+# Commands used to install an old-style archive.
+RANLIB=$lt_RANLIB
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# A C compiler.
+LTCC=$lt_CC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_CFLAGS
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration.
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair.
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# Transform the output of nm in a C name address pair when lib prefix is needed.
+global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# An echo program that does not interpret backslashes.
+ECHO=$lt_ECHO
+
+# Used to examine libraries when file_magic_cmd begins with "file".
+MAGIC_CMD=$MAGIC_CMD
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
+DSYMUTIL=$lt_DSYMUTIL
+
+# Tool to change global to local symbols on Mac OS X.
+NMEDIT=$lt_NMEDIT
+
+# Tool to manipulate fat objects and archives on Mac OS X.
+LIPO=$lt_LIPO
+
+# ldd/readelf like tool for Mach-O binaries on Mac OS X.
+OTOOL=$lt_OTOOL
+
+# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
+OTOOL64=$lt_OTOOL64
+
+# Old archive suffix (normally "a").
+libext=$libext
+
+# Shared library suffix (normally ".so").
+shrext_cmds=$lt_shrext_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at link time.
+variables_saved_for_relink=$lt_variables_saved_for_relink
+
+# Do we need the "lib" prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Library versioning type.
+version_type=$version_type
+
+# Shared library runtime path variable.
+runpath_var=$runpath_var
+
+# Shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Command to use after installation of a shared archive.
+postinstall_cmds=$lt_postinstall_cmds
+
+# Command to use after uninstallation of a shared archive.
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# As "finish_cmds", except a single script fragment to be evaled but
+# not shown.
+finish_eval=$lt_finish_eval
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Compile-time system search path for libraries.
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries.
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds
+
+# A language specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into a binary
+# during linking. This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path=$lt_fix_srcfile_path
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+ case $host_os in
+ aix3*)
+ cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+_LT_EOF
+ ;;
+ esac
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ case $xsi_shell in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+ func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+ # positional parameters, so assign one to ordinary parameter first.
+ func_stripname_result=${3}
+ func_stripname_result=${func_stripname_result#"${1}"}
+ func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=${1%%=*}
+ func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ case ${1} in
+ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+ *) func_lo2o_result=${1} ;;
+ esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=$(( $* ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=${#1}
+}
+
+_LT_EOF
+ ;;
+ *) # Bourne compatible functions.
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+ case ${2} in
+ .*) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+ *) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+ esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[^=]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+ func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=`expr "$@"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$1+=\$2"
+}
+_LT_EOF
+ ;;
+ *)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$1=\$$1\$2"
+}
+
+_LT_EOF
+ ;;
+ esac
+
+
+ sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" ||
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+
+ ;;
+
+ esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+ as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || as_fn_exit $?
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+if test "$with_pam" = "yes"; then
+ case $host in
+ *-*-linux*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&5
+$as_echo "$as_me: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&6;}
+ ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/sudo-1.7.4p4/configure.in b/sudo-1.7.4p4/configure.in
new file mode 100644
index 0000000..4186b88
--- /dev/null
+++ b/sudo-1.7.4p4/configure.in
@@ -0,0 +1,2978 @@
+dnl
+dnl Process this file with GNU autoconf to produce a configure script.
+dnl
+dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+dnl
+AC_INIT([sudo], [1.7.4p4], [http://www.sudo.ws/bugs/], [sudo])
+AC_CONFIG_HEADER(config.h pathnames.h)
+dnl
+dnl This won't work before AC_INIT
+dnl
+AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
+dnl
+dnl Variables that get substituted in the Makefile and man pages
+dnl
+AC_SUBST([HAVE_BSM_AUDIT])
+AC_SUBST([SHELL])
+AC_SUBST([LIBTOOL])
+AC_SUBST([CFLAGS])
+AC_SUBST([PROGS])
+AC_SUBST([CPPFLAGS])
+AC_SUBST([LDFLAGS])
+AC_SUBST([COMMON_OBJS])
+AC_SUBST([SUDO_LDFLAGS])
+AC_SUBST([SUDO_OBJS])
+AC_SUBST([LIBS])
+AC_SUBST([SUDO_LIBS])
+AC_SUBST([NET_LIBS])
+AC_SUBST([AFS_LIBS])
+AC_SUBST([GETGROUPS_LIB])
+AC_SUBST([OSDEFS])
+AC_SUBST([AUTH_OBJS])
+AC_SUBST([MANTYPE])
+AC_SUBST([MAN_POSTINSTALL])
+AC_SUBST([SUDOERS_MODE])
+AC_SUBST([SUDOERS_UID])
+AC_SUBST([SUDOERS_GID])
+AC_SUBST([DEV])
+AC_SUBST([BAMAN])
+AC_SUBST([LCMAN])
+AC_SUBST([SEMAN])
+AC_SUBST([devdir])
+AC_SUBST([mansectsu])
+AC_SUBST([mansectform])
+AC_SUBST([mansrcdir])
+AC_SUBST([NOEXECFILE])
+AC_SUBST([NOEXECDIR])
+AC_SUBST([noexec_file])
+AC_SUBST([INSTALL_NOEXEC])
+AC_SUBST([DONT_LEAK_PATH_INFO])
+AC_SUBST([BSDAUTH_USAGE])
+AC_SUBST([SELINUX_USAGE])
+AC_SUBST([LDAP])
+AC_SUBST([REPLAY])
+AC_SUBST([LOGINCAP_USAGE])
+AC_SUBST([ZLIB])
+AC_SUBST([CONFIGURE_ARGS])
+dnl
+dnl Variables that get substituted in docs (not overridden by environment)
+dnl
+AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR
+AC_SUBST([timeout])
+AC_SUBST([password_timeout])
+AC_SUBST([sudo_umask])
+AC_SUBST([passprompt])
+AC_SUBST([long_otp_prompt])
+AC_SUBST([lecture])
+AC_SUBST([logfac])
+AC_SUBST([goodpri])
+AC_SUBST([badpri])
+AC_SUBST([loglen])
+AC_SUBST([ignore_dot])
+AC_SUBST([mail_no_user])
+AC_SUBST([mail_no_host])
+AC_SUBST([mail_no_perms])
+AC_SUBST([mailto])
+AC_SUBST([mailsub])
+AC_SUBST([badpass_message])
+AC_SUBST([fqdn])
+AC_SUBST([runas_default])
+AC_SUBST([env_editor])
+AC_SUBST([passwd_tries])
+AC_SUBST([tty_tickets])
+AC_SUBST([insults])
+AC_SUBST([root_sudo])
+AC_SUBST([path_info])
+AC_SUBST([ldap_conf])
+AC_SUBST([ldap_secret])
+AC_SUBST([nsswitch_conf])
+AC_SUBST([netsvc_conf])
+AC_SUBST([secure_path])
+AC_SUBST([editor])
+#
+# Begin initial values for man page substitution
+#
+timedir=/var/adm/sudo
+timeout=5
+password_timeout=5
+sudo_umask=0022
+passprompt="Password:"
+long_otp_prompt=off
+lecture=once
+logfac=auth
+goodpri=notice
+badpri=alert
+loglen=80
+ignore_dot=off
+mail_no_user=on
+mail_no_host=off
+mail_no_perms=off
+mailto=root
+mailsub="*** SECURITY information for %h ***"
+badpass_message="Sorry, try again."
+fqdn=off
+runas_default=root
+env_editor=off
+editor=vi
+passwd_tries=3
+tty_tickets=on
+insults=off
+root_sudo=on
+path_info=on
+ldap_conf=/etc/ldap.conf
+ldap_secret=/etc/ldap.secret
+netsvc_conf=/etc/netsvc.conf
+noexec_file=/usr/local/libexec/sudo_noexec.so
+nsswitch_conf=/etc/nsswitch.conf
+secure_path="not set"
+#
+# End initial values for man page substitution
+#
+dnl
+dnl Initial values for Makefile variables listed above
+dnl May be overridden by environment variables..
+dnl
+INSTALL_NOEXEC=
+devdir='$(srcdir)'
+PROGS="sudo visudo"
+: ${MANTYPE='man'}
+: ${mansrcdir='.'}
+: ${SUDOERS_MODE='0440'}
+: ${SUDOERS_UID='0'}
+: ${SUDOERS_GID='0'}
+DEV="#"
+LDAP="#"
+REPLAY="#"
+BAMAN=0
+LCMAN=0
+SEMAN=0
+ZLIB=
+AUTH_OBJS=
+AUTH_REG=
+AUTH_EXCL=
+AUTH_EXCL_DEF=
+AUTH_DEF=passwd
+
+dnl
+dnl Other vaiables
+dnl
+CHECKSHADOW=true
+shadow_defs=
+shadow_funcs=
+shadow_libs=
+shadow_libs_optional=
+
+CONFIGURE_ARGS="$@"
+
+dnl
+dnl Deprecated --with options (these all warn or generate an error)
+dnl
+
+AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
+[case $with_otp_only in
+ yes) with_passwd="no"
+ AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
+ ;;
+esac])
+
+AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
+[case $with_alertmail in
+ *) with_mailto="$with_alertmail"
+ AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
+ ;;
+esac])
+
+dnl
+dnl Options for --with
+dnl
+
+AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
+[case $with_devel in
+ yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
+ PROGS="${PROGS} testsudoers"
+ OSDEFS="${OSDEFS} -DSUDO_DEVEL"
+ DEV=""
+ devdir=.
+ ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
+ ;;
+esac])
+if test X"$with_devel" != X"yes"; then
+ ac_cv_prog_cc_g=no
+fi
+
+AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
+[case $with_CC in
+ yes) AC_MSG_ERROR(["must give --with-CC an argument."])
+ ;;
+ no) AC_MSG_ERROR(["illegal argument: --without-CC."])
+ ;;
+ *) CC=$with_CC
+ ;;
+esac])
+
+AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
+[case $with_rpath in
+ yes|no) ;;
+ *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
+[case $with_blibpath in
+ yes|no) ;;
+ *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
+ ;;
+esac])
+
+dnl
+dnl Handle BSM auditing support.
+dnl
+AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
+[case $with_bsm_audit in
+ yes) AC_DEFINE(HAVE_BSM_AUDIT)
+ SUDO_LIBS="${SUDO_LIBS} -lbsm"
+ SUDO_OBJS="${SUDO_OBJS} bsm_audit.o"
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
+ ;;
+esac])
+
+dnl
+dnl Handle Linux auditing support.
+dnl
+AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
+[case $with_linux_audit in
+ yes)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
+ AC_DEFINE(HAVE_LINUX_AUDIT)
+ SUDO_LIBS="${SUDO_LIBS} -laudit"
+ SUDO_OBJS="${SUDO_OBJS} linux_audit.o"
+ ], [
+ AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
+ ])
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
+[case $with_incpath in
+ yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-incpath not supported."])
+ ;;
+ *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
+ for i in ${with_incpath}; do
+ CPPFLAGS="${CPPFLAGS} -I${i}"
+ done
+ ;;
+esac])
+
+AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
+[case $with_libpath in
+ yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-libpath not supported."])
+ ;;
+ *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
+ ;;
+esac])
+
+AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
+[case $with_libraries in
+ yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-libraries not supported."])
+ ;;
+ *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
+ ;;
+esac])
+
+AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
+[case $with_efence in
+ yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
+ LIBS="${LIBS} -lefence"
+ if test -f /usr/local/lib/libefence.a; then
+ with_libpath="${with_libpath} /usr/local/lib"
+ fi
+ ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
+ ;;
+esac])
+
+AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
+[case $with_csops in
+ yes) AC_MSG_NOTICE([Adding CSOps standard options])
+ CHECKSIA=false
+ with_ignore_dot=yes
+ insults=on
+ with_classic_insults=yes
+ with_csops_insults=yes
+ with_env_editor=yes
+ : ${mansectsu='8'}
+ : ${mansectform='5'}
+ ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
+ ;;
+esac])
+
+AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
+[case $with_passwd in
+ yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
+ AC_MSG_RESULT($with_passwd)
+ AUTH_DEF=""
+ test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
+ ;;
+ *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
+[case $with_skey in
+ no) with_skey=""
+ ;;
+ *) AC_DEFINE(HAVE_SKEY)
+ AC_MSG_CHECKING(whether to try S/Key authentication)
+ AC_MSG_RESULT(yes)
+ AUTH_REG="$AUTH_REG S/Key"
+ ;;
+esac])
+
+AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
+[case $with_opie in
+ no) with_opie=""
+ ;;
+ *) AC_DEFINE(HAVE_OPIE)
+ AC_MSG_CHECKING(whether to try NRL OPIE authentication)
+ AC_MSG_RESULT(yes)
+ AUTH_REG="$AUTH_REG NRL_OPIE"
+ ;;
+esac])
+
+AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
+[case $with_long_otp_prompt in
+ yes) AC_DEFINE(LONG_OTP_PROMPT)
+ AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
+ AC_MSG_RESULT(yes)
+ long_otp_prompt=on
+ ;;
+ no) long_otp_prompt=off
+ ;;
+ *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
+[case $with_SecurID in
+ no) with_SecurID="";;
+ *) AC_DEFINE(HAVE_SECURID)
+ AC_MSG_CHECKING(whether to use SecurID for authentication)
+ AC_MSG_RESULT(yes)
+ AUTH_EXCL="$AUTH_EXCL SecurID"
+ ;;
+esac])
+
+AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
+[case $with_fwtk in
+ no) with_fwtk="";;
+ *) AC_DEFINE(HAVE_FWTK)
+ AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
+ AC_MSG_RESULT(yes)
+ AUTH_EXCL="$AUTH_EXCL FWTK"
+ ;;
+esac])
+
+AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])],
+[case $with_kerb4 in
+ no) with_kerb4="";;
+ *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
+ AC_MSG_RESULT(yes)
+ AUTH_REG="$AUTH_REG kerb4"
+ ;;
+esac])
+
+AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
+[case $with_kerb5 in
+ no) with_kerb5="";;
+ *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
+ AC_MSG_RESULT(yes)
+ AUTH_REG="$AUTH_REG kerb5"
+ ;;
+esac])
+
+AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
+[case $with_aixauth in
+ yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
+[case $with_pam in
+ yes) AUTH_EXCL="$AUTH_EXCL PAM";;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-pam does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
+[case $with_AFS in
+ yes) AC_DEFINE(HAVE_AFS)
+ AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
+ AC_MSG_RESULT(yes)
+ AUTH_REG="$AUTH_REG AFS"
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
+[case $with_DCE in
+ yes) AC_DEFINE(HAVE_DCE)
+ AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
+ AC_MSG_RESULT(yes)
+ AUTH_REG="$AUTH_REG DCE"
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
+[case $with_logincap in
+ yes|no) ;;
+ *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
+[case $with_bsdauth in
+ yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
+[case $with_project in
+ yes|no) ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-project does not take an argument."])
+ ;;
+esac])
+
+AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
+AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
+[case $with_lecture in
+ yes|short|always) lecture=once
+ ;;
+ no|none|never) lecture=never
+ ;;
+ *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
+ ;;
+esac])
+if test "$lecture" = "once"; then
+ AC_MSG_RESULT(yes)
+else
+ AC_DEFINE(NO_LECTURE)
+ AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
+AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
+[case $with_logging in
+ yes) AC_MSG_ERROR(["must give --with-logging an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-logging not supported."])
+ ;;
+ syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
+ AC_MSG_RESULT(syslog)
+ ;;
+ file) AC_DEFINE(LOGGING, SLOG_FILE)
+ AC_MSG_RESULT(file)
+ ;;
+ both) AC_DEFINE(LOGGING, SLOG_BOTH)
+ AC_MSG_RESULT(both)
+ ;;
+ *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
+ ;;
+esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
+
+AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
+[case $with_logfac in
+ yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-logfac not supported."])
+ ;;
+ authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
+ ;;
+ *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
+ ;;
+esac])
+
+AC_MSG_CHECKING(at which syslog priority to log commands)
+AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
+[case $with_goodpri in
+ yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-goodpri not supported."])
+ ;;
+ alert|crit|debug|emerg|err|info|notice|warning)
+ goodpri=$with_goodpri
+ ;;
+ *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
+AC_MSG_RESULT($goodpri)
+
+AC_MSG_CHECKING(at which syslog priority to log failures)
+AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
+[case $with_badpri in
+ yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-badpri not supported."])
+ ;;
+ alert|crit|debug|emerg|err|info|notice|warning)
+ badpri=$with_badpri
+ ;;
+ *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
+AC_MSG_RESULT($badpri)
+
+AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
+[case $with_logpath in
+ yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-logpath not supported."])
+ ;;
+esac])
+
+AC_MSG_CHECKING(how long a line in the log file should be)
+AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
+[case $with_loglen in
+ yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-loglen not supported."])
+ ;;
+ [[0-9]]*) loglen=$with_loglen
+ ;;
+ *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
+AC_MSG_RESULT($loglen)
+
+AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
+AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
+[case $with_ignore_dot in
+ yes) ignore_dot=on
+ ;;
+ no) ignore_dot=off
+ ;;
+ *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
+ ;;
+esac])
+if test "$ignore_dot" = "on"; then
+ AC_DEFINE(IGNORE_DOT_PATH)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
+AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
+[case $with_mail_if_no_user in
+ yes) mail_no_user=on
+ ;;
+ no) mail_no_user=off
+ ;;
+ *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
+ ;;
+esac])
+if test "$mail_no_user" = "on"; then
+ AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
+AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
+[case $with_mail_if_no_host in
+ yes) mail_no_host=on
+ ;;
+ no) mail_no_host=off
+ ;;
+ *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
+ ;;
+esac])
+if test "$mail_no_host" = "on"; then
+ AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
+AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
+[case $with_mail_if_noperms in
+ yes) mail_noperms=on
+ ;;
+ no) mail_noperms=off
+ ;;
+ *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
+ ;;
+esac])
+if test "$mail_noperms" = "on"; then
+ AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(who should get the mail that sudo sends)
+AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
+[case $with_mailto in
+ yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-mailto not supported."])
+ ;;
+ *) mailto=$with_mailto
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
+AC_MSG_RESULT([$mailto])
+
+AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
+[case $with_mailsubject in
+ yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
+ ;;
+ no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
+ ;;
+ *) mailsub="$with_mailsubject"
+ AC_MSG_CHECKING(sudo mail subject)
+ AC_MSG_RESULT([Using alert mail subject: $mailsub])
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
+
+AC_MSG_CHECKING(for bad password prompt)
+AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
+[case $with_passprompt in
+ yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
+ ;;
+ no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
+ ;;
+ *) passprompt="$with_passprompt"
+esac])
+AC_MSG_RESULT($passprompt)
+AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
+
+AC_MSG_CHECKING(for bad password message)
+AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
+[case $with_badpass_message in
+ yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
+ ;;
+ no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
+ ;;
+ *) badpass_message="$with_badpass_message"
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
+AC_MSG_RESULT([$badpass_message])
+
+AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
+AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
+[case $with_fqdn in
+ yes) fqdn=on
+ ;;
+ no) fqdn=off
+ ;;
+ *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
+ ;;
+esac])
+if test "$fqdn" = "on"; then
+ AC_DEFINE(FQDN)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
+[case $with_timedir in
+ yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-timedir not supported."])
+ ;;
+esac])
+
+AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
+[case $with_iologdir in
+ yes) ;;
+ no) ;;
+esac])
+
+AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
+AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
+[case $with_sendmail in
+ yes) with_sendmail=""
+ ;;
+ no) ;;
+ *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
+ ;;
+esac])
+
+AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
+[case $with_sudoers_mode in
+ yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
+ ;;
+ [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
+ ;;
+ 0*) SUDOERS_MODE=$with_sudoers_mode
+ ;;
+ *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
+ ;;
+esac])
+
+AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
+[case $with_sudoers_uid in
+ yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
+ ;;
+ [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
+ ;;
+ *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
+ ;;
+esac])
+
+AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
+[case $with_sudoers_gid in
+ yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
+ ;;
+ [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
+ ;;
+ *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
+ ;;
+esac])
+
+AC_MSG_CHECKING(for umask programs should be run with)
+AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
+AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
+[case $with_umask in
+ yes) AC_MSG_ERROR(["must give --with-umask an argument."])
+ ;;
+ no) sudo_umask=0777
+ ;;
+ [[0-9]]*) sudo_umask=$with_umask
+ ;;
+ *) AC_MSG_ERROR(["you must enter a numeric mask."])
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
+if test "$sudo_umask" = "0777"; then
+ AC_MSG_RESULT(user)
+else
+ AC_MSG_RESULT($sudo_umask)
+fi
+
+AC_MSG_CHECKING(for default user to run commands as)
+AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
+[case $with_runas_default in
+ yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-runas-default not supported."])
+ ;;
+ *) runas_default="$with_runas_default"
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
+AC_MSG_RESULT([$runas_default])
+
+AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
+[case $with_exempt in
+ yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-exempt not supported."])
+ ;;
+ *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
+ AC_MSG_CHECKING(for group to be exempt from password)
+ AC_MSG_RESULT([$with_exempt])
+ ;;
+esac])
+
+AC_MSG_CHECKING(for editor that visudo should use)
+AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
+[case $with_editor in
+ yes) AC_MSG_ERROR(["must give --with-editor an argument."])
+ ;;
+ no) AC_MSG_ERROR(["--without-editor not supported."])
+ ;;
+ *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
+ AC_MSG_RESULT([$with_editor])
+ editor="$with_editor"
+ ;;
+esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
+
+AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
+AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
+[case $with_env_editor in
+ yes) env_editor=on
+ ;;
+ no) env_editor=off
+ ;;
+ *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
+ ;;
+esac])
+if test "$env_editor" = "on"; then
+ AC_DEFINE(ENV_EDITOR)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(number of tries a user gets to enter their password)
+AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
+[case $with_passwd_tries in
+ yes) ;;
+ no) AC_MSG_ERROR(["--without-editor not supported."])
+ ;;
+ [[1-9]]*) passwd_tries=$with_passwd_tries
+ ;;
+ *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
+AC_MSG_RESULT($passwd_tries)
+
+AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
+AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
+[case $with_timeout in
+ yes) ;;
+ no) timeout=0
+ ;;
+ [[0-9]]*) timeout=$with_timeout
+ ;;
+ *) AC_MSG_ERROR(["you must enter the numer of minutes."])
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
+AC_MSG_RESULT($timeout)
+
+AC_MSG_CHECKING(time in minutes after the password prompt will time out)
+AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
+[case $with_password_timeout in
+ yes) ;;
+ no) password_timeout=0
+ ;;
+ [[0-9]]*) password_timeout=$with_password_timeout
+ ;;
+ *) AC_MSG_ERROR(["you must enter the numer of minutes."])
+ ;;
+esac])
+AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
+AC_MSG_RESULT($password_timeout)
+
+AC_MSG_CHECKING(whether to use per-tty ticket files)
+AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
+[case $with_tty_tickets in
+ yes) tty_tickets=on
+ ;;
+ no) tty_tickets=off
+ ;;
+ *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
+ ;;
+esac])
+if test "$tty_tickets" = "off"; then
+ AC_DEFINE(NO_TTY_TICKETS)
+ AC_MSG_RESULT(no)
+else
+ AC_MSG_RESULT(yes)
+fi
+
+AC_MSG_CHECKING(whether to include insults)
+AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
+[case $with_insults in
+ yes) insults=on
+ with_classic_insults=yes
+ with_csops_insults=yes
+ ;;
+ disabled) insults=off
+ with_classic_insults=yes
+ with_csops_insults=yes
+ ;;
+ no) insults=off
+ ;;
+ *) AC_MSG_ERROR(["--with-insults does not take an argument."])
+ ;;
+esac])
+if test "$insults" = "on"; then
+ AC_DEFINE(USE_INSULTS)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
+[case $with_all_insults in
+ yes) with_classic_insults=yes
+ with_csops_insults=yes
+ with_hal_insults=yes
+ with_goons_insults=yes
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
+[case $with_classic_insults in
+ yes) AC_DEFINE(CLASSIC_INSULTS)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
+[case $with_csops_insults in
+ yes) AC_DEFINE(CSOPS_INSULTS)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
+[case $with_hal_insults in
+ yes) AC_DEFINE(HAL_INSULTS)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
+[case $with_goons_insults in
+ yes) AC_DEFINE(GOONS_INSULTS)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
+[case $with_nsswitch in
+ no) ;;
+ yes) with_nsswitch="/etc/nsswitch.conf"
+ ;;
+ *) ;;
+esac])
+
+AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
+[case $with_ldap in
+ no) ;;
+ *) AC_DEFINE(HAVE_LDAP)
+ AC_MSG_CHECKING(whether to use sudoers from LDAP)
+ AC_MSG_RESULT(yes)
+ ;;
+esac])
+
+AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
+test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
+
+AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
+test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
+
+AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
+[case $with_pc_insults in
+ yes) AC_DEFINE(PC_INSULTS)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
+ ;;
+esac])
+
+dnl include all insult sets on one line
+if test "$insults" = "on"; then
+ AC_MSG_CHECKING(which insult sets to include)
+ i=""
+ test "$with_goons_insults" = "yes" && i="goons ${i}"
+ test "$with_hal_insults" = "yes" && i="hal ${i}"
+ test "$with_csops_insults" = "yes" && i="csops ${i}"
+ test "$with_classic_insults" = "yes" && i="classic ${i}"
+ AC_MSG_RESULT([$i])
+fi
+
+AC_MSG_CHECKING(whether to override the user's path)
+AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
+[case $with_secure_path in
+ yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
+ AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
+ AC_MSG_RESULT([$with_secure_path])
+ secure_path="set to $with_secure_path"
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
+ *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
+ AC_MSG_RESULT([$with_secure_path])
+ secure_path="set to F<$with_secure_path>"
+ ;;
+esac], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
+AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
+[case $with_interfaces in
+ yes) AC_MSG_RESULT(yes)
+ ;;
+ no) AC_DEFINE(STUB_LOAD_INTERFACES)
+ AC_MSG_RESULT(no)
+ ;;
+ *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
+ ;;
+esac], AC_MSG_RESULT(yes))
+
+AC_MSG_CHECKING(whether stow should be used)
+AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
+[case $with_stow in
+ yes) AC_MSG_RESULT(yes)
+ AC_DEFINE(USE_STOW)
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
+ *) AC_MSG_ERROR(["--with-stow does not take an argument."])
+ ;;
+esac], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to use an askpass helper)
+AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
+[case $with_askpass in
+ yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
+ ;;
+ no) ;;
+ *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
+ ;;
+esac], AC_MSG_RESULT(no))
+
+dnl
+dnl If enabled, set LIBVAS_SO, LIBVAS_RPATH and USING_NONUNIX_GROUPS
+dnl
+AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas shared library (default=libvas.so)])],
+[case $with_libvas in
+ yes) with_libvas=libvas.so
+ ;;
+ no) ;;
+ *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so])
+ ;;
+esac
+if test X"$with_libvas" != X"no"; then
+ AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so])
+ AC_DEFINE(USING_NONUNIX_GROUPS)
+ COMMON_OBJS="$COMMON_OBJS vasgroups.o"
+ AC_ARG_WITH([libvas-rpath],
+ [AS_HELP_STRING([--with-libvas-rpath=PATH],
+ [Path to look for libvas in [default=/opt/quest/lib]])],
+ [LIBVAS_RPATH=$withval],
+ [LIBVAS_RPATH=/opt/quest/lib])
+ dnl
+ dnl Some platforms require libdl for dlopen()
+ dnl
+ AC_CHECK_LIB([dl], [main])
+fi
+])
+
+dnl
+dnl Options for --enable
+dnl
+
+AC_MSG_CHECKING(whether to do user authentication by default)
+AC_ARG_ENABLE(authentication,
+[AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+ ;;
+ no) AC_MSG_RESULT(no)
+ AC_DEFINE(NO_AUTHENTICATION)
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
+ ;;
+ esac
+], AC_MSG_RESULT(yes))
+
+AC_MSG_CHECKING(whether to disable running the mailer as root)
+AC_ARG_ENABLE(root-mailer,
+[AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(no)
+ ;;
+ no) AC_MSG_RESULT(yes)
+ AC_DEFINE(NO_ROOT_MAILER)
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
+AC_ARG_ENABLE(setreuid,
+[AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
+[ case "$enableval" in
+ no) SKIP_SETREUID=yes
+ ;;
+ *) ;;
+ esac
+])
+
+AC_ARG_ENABLE(setresuid,
+[AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
+[ case "$enableval" in
+ no) SKIP_SETRESUID=yes
+ ;;
+ *) ;;
+ esac
+])
+
+AC_MSG_CHECKING(whether to disable shadow password support)
+AC_ARG_ENABLE(shadow,
+[AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(no)
+ ;;
+ no) AC_MSG_RESULT(yes)
+ CHECKSHADOW="false"
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether root should be allowed to use sudo)
+AC_ARG_ENABLE(root-sudo,
+[AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+ ;;
+ no) AC_DEFINE(NO_ROOT_SUDO)
+ AC_MSG_RESULT(no)
+ root_sudo=off
+ ;;
+ *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
+ ;;
+ esac
+], AC_MSG_RESULT(yes))
+
+AC_MSG_CHECKING(whether to log the hostname in the log file)
+AC_ARG_ENABLE(log-host,
+[AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+ AC_DEFINE(HOST_IN_LOG)
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
+AC_ARG_ENABLE(noargs-shell,
+[AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+ AC_DEFINE(SHELL_IF_NO_ARGS)
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
+AC_ARG_ENABLE(shell-sets-home,
+[AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+ AC_DEFINE(SHELL_SETS_HOME)
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to disable 'command not found' messages)
+AC_ARG_ENABLE(path_info,
+[AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(no)
+ ;;
+ no) AC_MSG_RESULT(yes)
+ AC_DEFINE(DONT_LEAK_PATH_INFO)
+ path_info=off
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to enable environment debugging)
+AC_ARG_ENABLE(env_debug,
+[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+ AC_DEFINE(ENV_DEBUG)
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
+AC_ARG_ENABLE(warnings,
+[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
+[ case "$enableval" in
+ yes) if test X"$with_devel" != X"yes" -a -n "$GCC"; then
+ CFLAGS="${CFLAGS} -Wall"
+ fi
+ ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
+ ;;
+ esac
+])
+
+AC_ARG_ENABLE(admin-flag,
+[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
+[ case "$enableval" in
+ yes) AC_DEFINE(USE_ADMIN_FLAG)
+ ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
+ ;;
+ esac
+])
+
+AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
+[case $with_selinux in
+ yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
+ AC_DEFINE(HAVE_SELINUX)
+ SUDO_LIBS="${SUDO_LIBS} -lselinux"
+ SUDO_OBJS="${SUDO_OBJS} selinux.o"
+ PROGS="${PROGS} sesh"
+ SEMAN=1
+ AC_CHECK_LIB([selinux], [setkeycreatecon],
+ [AC_DEFINE(HAVE_SETKEYCREATECON)])
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
+ ;;
+esac])
+
+dnl
+dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
+dnl
+AC_ARG_ENABLE(gss_krb5_ccache_name,
+[AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
+[check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
+
+dnl
+dnl C compiler checks
+dnl
+AC_SEARCH_LIBS([strerror], [cposix])
+AC_PROG_CPP
+AC_CHECK_TOOL(AR, ar, false)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+
+dnl
+dnl Libtool setup, we require libtool 2.2.6b or higher
+dnl
+AC_CANONICAL_HOST
+AC_CONFIG_MACRO_DIR([m4])
+LT_PREREQ([2.2.6b])
+LT_INIT
+
+dnl
+dnl Defer with_noexec until after libtool magic runs
+dnl
+if test "$enable_shared" = "no"; then
+ with_noexec=no
+else
+ eval _shrext="$shrext_cmds"
+fi
+AC_MSG_CHECKING(path to sudo_noexec.so)
+AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
+[case $with_noexec in
+ yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
+ ;;
+ no) ;;
+ *) ;;
+esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
+AC_MSG_RESULT($with_noexec)
+NOEXECFILE="sudo_noexec$_shrext"
+NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
+
+dnl
+dnl It is now safe to modify CFLAGS and CPPFLAGS
+dnl
+if test X"$with_devel" = X"yes" -a -n "$GCC"; then
+ CFLAGS="${CFLAGS} -Wall"
+fi
+
+dnl
+dnl Find programs we use
+dnl
+AC_CHECK_PROG(UNAMEPROG, [uname], [uname])
+AC_CHECK_PROG(TRPROG, [tr], [tr])
+AC_CHECK_PROGS(NROFFPROG, [nroff mandoc])
+if test -z "$NROFFPROG"; then
+ MANTYPE="cat"
+ mansrcdir='$(srcdir)'
+fi
+
+dnl
+dnl What kind of beastie are we being run on?
+dnl Barf if config.cache was generated on another host.
+dnl
+if test -n "$sudo_cv_prev_host"; then
+ if test "$sudo_cv_prev_host" != "$host"; then
+ AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
+ else
+ AC_MSG_CHECKING(previous host type)
+ AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
+ AC_MSG_RESULT([$sudo_cv_prev_host])
+ fi
+else
+ # this will produce no output since there is no cached value
+ AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
+fi
+
+dnl
+dnl We want to be able to differentiate between different rev's
+dnl
+if test -n "$host_os"; then
+ OS=`echo $host_os | sed 's/[[0-9]].*//'`
+ OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
+ OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
+else
+ OS="unknown"
+ OSREV=0
+ OSMAJOR=0
+fi
+
+case "$host" in
+ *-*-sunos4*)
+ # getcwd(3) opens a pipe to getpwd(1)!?!
+ BROKEN_GETCWD=1
+
+ # system headers lack prototypes but gcc helps...
+ if test -n "$GCC"; then
+ OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
+ fi
+
+ shadow_funcs="getpwanam issecure"
+ ;;
+ *-*-solaris2*)
+ # To get the crypt(3) prototype (so we pass -Wall)
+ OSDEFS="${OSDEFS} -D__EXTENSIONS__"
+ # AFS support needs -lucb
+ if test "$with_AFS" = "yes"; then
+ AFS_LIBS="-lc -lucb"
+ fi
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ ;;
+ *-*-aix*)
+ # To get all prototypes (so we pass -Wall)
+ OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
+ if test X"$with_blibpath" != X"no"; then
+ AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
+ O_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
+ if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
+ blibpath="$with_blibpath"
+ elif test -n "$GCC"; then
+ blibpath="/usr/lib:/lib:/usr/local/lib"
+ else
+ blibpath="/usr/lib:/lib"
+ fi
+ AC_MSG_RESULT(yes)
+ ], [AC_MSG_RESULT(no)])
+ fi
+ LDFLAGS="$O_LDFLAGS"
+
+ # Use authenticate(3) as the default authentication method
+ if test X"$with_aixauth" = X""; then
+ AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
+ fi
+
+ # AIX analog of nsswitch.conf, enabled by default
+ AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
+ [case $with_netsvc in
+ no) ;;
+ yes) with_netsvc="/etc/netsvc.conf"
+ ;;
+ *) ;;
+ esac])
+ if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
+ with_netsvc="/etc/netsvc.conf"
+ fi
+
+ # AIX-specific functions
+ AC_CHECK_FUNCS(getuserattr setauthdb)
+ COMMON_OBJS="$COMMON_OBJS aix.o"
+ ;;
+ *-*-hiuxmpp*)
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-*-hpux*)
+ # AFS support needs -lBSD
+ if test "$with_AFS" = "yes"; then
+ AFS_LIBS="-lc -lBSD"
+ fi
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+
+ if test -z "$GCC"; then
+ # HP-UX bundled compiler can't generate shared objects
+ if -z "$pic_flag"; then
+ with_noexec=no
+ fi
+
+ # Use the +DAportable flag on hppa if it is supported
+ case "$host_cpu" in
+ hppa*)
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS +DAportable"
+ AC_CACHE_CHECK([whether $CC understands +DAportable],
+ [sudo_cv_var_daportable],
+ [AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[]], [[]])],
+ [sudo_cv_var_daportable=yes],
+ [sudo_cv_var_daportable=no]
+ )
+ ]
+ )
+ if test X"$sudo_cv_var_daportable" != X"yes"; then
+ CFLAGS="$_CFLAGS"
+ fi
+ ;;
+ esac
+ fi
+
+ case "$host" in
+ *-*-hpux[1-8].*)
+ AC_DEFINE(BROKEN_SYSLOG)
+
+ # Not sure if setuid binaries are safe in < 9.x
+ if test -n "$GCC"; then
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
+ else
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
+ fi
+ ;;
+ *-*-hpux9.*)
+ AC_DEFINE(BROKEN_SYSLOG)
+
+ shadow_funcs="getspwuid"
+
+ # DCE support (requires ANSI C compiler)
+ if test "$with_DCE" = "yes"; then
+ # order of libs in 9.X is important. -lc_r must be last
+ SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
+ LIBS="${LIBS} -ldce -lM -lc_r"
+ CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
+ fi
+ ;;
+ *-*-hpux10.*)
+ shadow_funcs="getprpwnam iscomsec"
+ shadow_libs="-lsec"
+ ;;
+ *)
+ shadow_funcs="getspnam iscomsec"
+ shadow_libs="-lsec"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ ;;
+ esac
+ ;;
+ *-dec-osf*)
+ # ignore envariables wrt dynamic lib path
+ SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
+
+ : ${CHECKSIA='true'}
+ AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
+ AC_ARG_ENABLE(sia,
+ [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
+ [ case "$enableval" in
+ yes) AC_MSG_RESULT(no)
+ CHECKSIA=true
+ ;;
+ no) AC_MSG_RESULT(yes)
+ CHECKSIA=false
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
+ ;;
+ esac
+ ], AC_MSG_RESULT(no))
+
+ shadow_funcs="getprpwnam dispcrypt"
+ # OSF/1 4.x and higher need -ldb too
+ if test $OSMAJOR -lt 4; then
+ shadow_libs="-lsecurity -laud -lm"
+ else
+ shadow_libs="-lsecurity -ldb -laud -lm"
+ fi
+
+ # use SIA by default, if we have it
+ test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
+
+ #
+ # Some versions of Digital Unix ship with a broken
+ # copy of prot.h, which we need for shadow passwords.
+ # XXX - make should remove this as part of distclean
+ #
+ AC_MSG_CHECKING([for broken prot.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/security.h>
+#include <prot.h>
+ ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
+ sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
+ ])
+ : ${mansectsu='8'}
+ : ${mansectform='4'}
+ ;;
+ *-*-irix*)
+ OSDEFS="${OSDEFS} -D_BSD_TYPES"
+ if test -z "$NROFFPROG"; then
+ MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
+ if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
+ if test -d /usr/share/catman/local; then
+ mandir="/usr/share/catman/local"
+ else
+ mandir="/usr/catman/local"
+ fi
+ fi
+ else
+ if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
+ if test -d "/usr/share/man/local"; then
+ mandir="/usr/share/man/local"
+ else
+ mandir="/usr/man/local"
+ fi
+ fi
+ fi
+ # IRIX <= 4 needs -lsun
+ if test "$OSMAJOR" -le 4; then
+ AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
+ fi
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-*-linux*|*-*-k*bsd*-gnu)
+ OSDEFS="${OSDEFS} -D_GNU_SOURCE"
+ # Some Linux versions need to link with -lshadow
+ shadow_funcs="getspnam"
+ shadow_libs_optional="-lshadow"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ ;;
+ *-convex-bsd*)
+ OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
+ if test -z "$GCC"; then
+ CFLAGS="${CFLAGS} -D__STDC__"
+ fi
+
+ shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
+ shadow_funcs="getprpwnam"
+ shadow_libs="-lprot"
+ ;;
+ *-*-ultrix*)
+ OS="ultrix"
+ shadow_funcs="getauthuid"
+ shadow_libs="-lauth"
+ ;;
+ *-*-riscos*)
+ LIBS="${LIBS} -lsun -lbsd"
+ CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
+ OSDEFS="${OSDEFS} -D_MIPS"
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-*-isc*)
+ OSDEFS="${OSDEFS} -D_ISC"
+ LIB_CRYPT=1
+ SUDO_LIBS="${SUDO_LIBS} -lcrypt"
+ LIBS="${LIBS} -lcrypt"
+
+ shadow_funcs="getspnam"
+ shadow_libs="-lsec"
+
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-*-sco*|*-sco-*)
+ shadow_funcs="getprpwnam"
+ shadow_libs="-lprot -lx"
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ m88k-motorola-sysv*)
+ # motorolla's cc (a variant of gcc) does -O but not -O2
+ CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-sequent-sysv*)
+ shadow_funcs="getspnam"
+ shadow_libs="-lsec"
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ ;;
+ *-ncr-sysv4*|*-ncr-sysvr4*)
+ AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ ;;
+ *-ccur-sysv4*|*-ccur-sysvr4*)
+ LIBS="${LIBS} -lgen"
+ SUDO_LIBS="${SUDO_LIBS} -lgen"
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ ;;
+ *-*-bsdi*)
+ SKIP_SETREUID=yes
+ # Use shlicc for BSD/OS [23].x unless asked to do otherwise
+ if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
+ case "$OSMAJOR" in
+ 2|3) AC_MSG_NOTICE([using shlicc as CC])
+ ac_cv_prog_CC=shlicc
+ CC="$ac_cv_prog_CC"
+ ;;
+ esac
+ fi
+ # Check for newer BSD auth API (just check for >= 3.0?)
+ if test -z "$with_bsdauth"; then
+ AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
+ fi
+ ;;
+ *-*-freebsd*)
+ # FreeBSD has a real setreuid(2) starting with 2.1 and
+ # backported to 2.0.5. We just take 2.1 and above...
+ case "$OSREV" in
+ 0.*|1.*|2.0*)
+ SKIP_SETREUID=yes
+ ;;
+ esac
+ if test "$with_skey" = "yes"; then
+ SUDO_LIBS="${SUDO_LIBS} -lmd"
+ fi
+ CHECKSHADOW="false"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ : ${with_logincap='maybe'}
+ ;;
+ *-*-*openbsd*)
+ # OpenBSD has a real setreuid(2) starting with 3.3 but
+ # we will use setreuid(2) instead.
+ SKIP_SETREUID=yes
+ CHECKSHADOW="false"
+ # OpenBSD >= 3.0 supports BSD auth
+ if test -z "$with_bsdauth"; then
+ case "$OSREV" in
+ [0-2].*)
+ ;;
+ *)
+ AUTH_EXCL_DEF="BSD_AUTH"
+ ;;
+ esac
+ fi
+ : ${with_logincap='maybe'}
+ ;;
+ *-*-*netbsd*)
+ # NetBSD has a real setreuid(2) starting with 1.3.2
+ case "$OSREV" in
+ 0.9*|1.[012]*|1.3|1.3.1)
+ SKIP_SETREUID=yes
+ ;;
+ esac
+ CHECKSHADOW="false"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ : ${with_logincap='maybe'}
+ ;;
+ *-*-dragonfly*)
+ if test "$with_skey" = "yes"; then
+ SUDO_LIBS="${SUDO_LIBS} -lmd"
+ fi
+ CHECKSHADOW="false"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ : ${with_logincap='yes'}
+ ;;
+ *-*-*bsd*)
+ CHECKSHADOW="false"
+ ;;
+ *-*-darwin*)
+ # Darwin has a real setreuid(2) starting with 9.0
+ if test $OSMAJOR -lt 9; then
+ SKIP_SETREUID=yes
+ fi
+ CHECKSHADOW="false"
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ : ${with_logincap='yes'}
+ ;;
+ *-*-nextstep*)
+ # lockf() on is broken on the NeXT -- use flock instead
+ ac_cv_func_lockf=no
+ ac_cv_func_flock=yes
+ ;;
+ *-*-*sysv4*)
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ : ${with_rpath='yes'}
+ ;;
+ *-*-sysv*)
+ : ${mansectsu='1m'}
+ : ${mansectform='4'}
+ ;;
+ *-gnu*)
+ OSDEFS="${OSDEFS} -D_GNU_SOURCE"
+ ;;
+esac
+
+dnl
+dnl Check for mixing mutually exclusive and regular auth methods
+dnl
+AUTH_REG=${AUTH_REG# }
+AUTH_EXCL=${AUTH_EXCL# }
+if test -n "$AUTH_EXCL"; then
+ set -- $AUTH_EXCL
+ if test $# != 1; then
+ AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
+ fi
+ if test -n "$AUTH_REG"; then
+ AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
+ fi
+fi
+dnl
+dnl Only one of S/Key and OPIE may be specified
+dnl
+if test X"${with_skey}${with_opie}" = X"yesyes"; then
+ AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
+fi
+
+dnl
+dnl Use BSD-style man sections by default
+dnl
+: ${mansectsu='8'}
+: ${mansectform='5'}
+
+dnl
+dnl Add in any libpaths or libraries specified via configure
+dnl
+if test -n "$with_libpath"; then
+ for i in ${with_libpath}; do
+ SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
+ done
+fi
+if test -n "$with_libraries"; then
+ for i in ${with_libraries}; do
+ case $i in
+ -l*) ;;
+ *.a) ;;
+ *.o) ;;
+ *) i="-l${i}";;
+ esac
+ LIBS="${LIBS} ${i}"
+ done
+fi
+
+dnl
+dnl C compiler checks (to be done after os checks)
+dnl
+AC_PROG_GCC_TRADITIONAL
+AC_C_CONST
+AC_C_VOLATILE
+dnl
+dnl Program checks
+dnl
+AC_PROG_YACC
+AC_PATH_PROG([FLEX], [flex], [flex])
+SUDO_PROG_MV
+SUDO_PROG_BSHELL
+if test -z "$with_sendmail"; then
+ SUDO_PROG_SENDMAIL
+fi
+if test -z "$with_editor"; then
+ SUDO_PROG_VI
+fi
+dnl
+dnl Check for authpriv support in syslog
+dnl
+AC_MSG_CHECKING(which syslog facility sudo should log with)
+if test X"$with_logfac" = X""; then
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
+fi
+AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
+AC_MSG_RESULT($logfac)
+dnl
+dnl Header file checks
+dnl
+AC_HEADER_STDC
+AC_HEADER_DIRENT
+AC_HEADER_TIME
+AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h)
+AC_SYS_POSIX_TERMIOS
+if test "$ac_cv_sys_posix_termios" = "yes"; then
+ AC_DEFINE(HAVE_TERMIOS_H)
+else
+ AC_CHECK_HEADERS(termio.h)
+fi
+SUDO_MAILDIR
+if test ${with_logincap-'no'} != "no"; then
+ AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
+ case "$OS" in
+ freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
+ ;;
+ esac
+ ])
+fi
+if test ${with_project-'no'} != "no"; then
+ AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
+ [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
+fi
+dnl
+dnl typedef checks
+dnl
+AC_TYPE_MODE_T
+AC_TYPE_UID_T
+AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
+AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
+#include <signal.h>])
+AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
+#include <signal.h>])
+AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+#endif
+#include <time.h>])
+AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
+#include <netinet/in.h>])
+AC_TYPE_LONG_LONG_INT
+AC_CHECK_SIZEOF([long int])
+SUDO_TYPE_SIZE_T
+SUDO_TYPE_SSIZE_T
+SUDO_TYPE_DEV_T
+SUDO_TYPE_INO_T
+SUDO_UID_T_LEN
+SUDO_SOCK_SA_LEN
+dnl
+dnl only set RETSIGTYPE if it is not set already
+dnl
+case "$DEFS" in
+ *"RETSIGTYPE"*) ;;
+ *) AC_TYPE_SIGNAL;;
+esac
+dnl
+dnl Function checks
+dnl
+AC_FUNC_GETGROUPS
+AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
+ strftime setrlimit initgroups getgroups fstat gettimeofday \
+ regcomp setlocale getaddrinfo setenv vhangup \
+ mbr_check_membership setrlimit64)
+AC_CHECK_FUNCS(getline, [], [
+ AC_LIBOBJ(getline)
+ AC_CHECK_FUNCS(fgetln)
+])
+AC_CHECK_FUNCS(setsid, [], [
+ AC_LIBOBJ(setsid)
+ AC_FUNC_SETPGRP
+])
+
+AC_CHECK_FUNCS(sysctl getutid getutxid, [break])
+
+AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [
+ AC_CHECK_LIB(util, openpty, [
+ AC_CHECK_HEADERS(util.h pty.h, [break])
+ SUDO_LIBS="${SUDO_LIBS} -lutil"
+ AC_DEFINE(HAVE_OPENPTY)
+ ], [
+ AC_CHECK_FUNCS(_getpty, [], [
+ AC_CHECK_FUNCS(grantpt, [
+ AC_CHECK_FUNCS(posix_openpt)
+ ], [
+ AC_CHECK_FUNCS(revoke)
+ ])
+ ])
+ ])
+])
+AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID)
+SUDO_FUNC_PUTENV_CONST
+if test -z "$SKIP_SETRESUID"; then
+ AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
+fi
+if test -z "$SKIP_SETREUID"; then
+ AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
+fi
+if test -z "$SKIP_SETEUID"; then
+ AC_CHECK_FUNCS(seteuid)
+fi
+if test X"$with_interfaces" != X"no"; then
+ AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
+fi
+if test -z "$BROKEN_GETCWD"; then
+ AC_REPLACE_FUNCS(getcwd)
+fi
+AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
+ AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
+ AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
+AC_CHECK_FUNCS(lockf flock, [break])
+AC_CHECK_FUNCS(waitpid wait3, [break])
+AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
+AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
+AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
+SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
+SUDO_FUNC_ISBLANK
+AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
+AC_CHECK_FUNCS(nanosleep, [], [
+ # On Solaris, nanosleep is in librt
+ AC_CHECK_LIB(rt, nanosleep, [LIBS="${LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
+])
+AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
+ AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
+ [ #include <limits.h>
+ #include <fcntl.h> ])
+])
+AC_CHECK_FUNCS(mkstemps, [], [SUDO_OBJS="${SUDO_OBJS} mkstemps.o"
+ AC_CHECK_FUNCS(random lrand48, [break])
+])
+AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
+if test X"$ac_cv_type_struct_timespec" != X"no"; then
+ AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
+ [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
+ [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
+fi
+dnl
+dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
+dnl
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
+dnl
+dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
+dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
+dnl
+if test -n "$NEED_SNPRINTF"; then
+ AC_LIBOBJ(snprintf)
+fi
+dnl
+dnl If socket(2) not in libc, check -lsocket and -linet
+dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
+dnl In this case we look for main(), not socket() to avoid using a cached value
+dnl
+AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
+AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
+dnl
+dnl If inet_addr(3) not in libc, check -lnsl and -linet
+dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
+dnl
+AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
+AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
+dnl
+dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
+dnl
+AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
+dnl
+dnl Check for getprogname() or __progname
+dnl
+AC_CHECK_FUNCS(getprogname, , [
+ AC_MSG_CHECKING([for __progname])
+ AC_CACHE_VAL(sudo_cv___progname, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
+ if test "$sudo_cv___progname" = "yes"; then
+ AC_DEFINE(HAVE___PROGNAME)
+ else
+ AC_LIBOBJ(getprogname)
+ fi
+ AC_MSG_RESULT($sudo_cv___progname)
+])
+
+dnl
+dnl Check for strsignal() or sys_siglist
+dnl
+AC_CHECK_FUNCS(strsignal, [], [
+ AC_LIBOBJ(strsignal)
+ HAVE_SIGLIST="false"
+ AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
+ HAVE_SIGLIST="true"
+ break
+ ], [ ], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+ ])
+ if test "$HAVE_SIGLIST" != "true"; then
+ AC_LIBOBJ(siglist)
+ fi
+])
+
+dnl
+dnl nsswitch.conf and its equivalents
+dnl
+if test ${with_netsvc-"no"} != "no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
+ netsvc_conf=${with_netsvc-/etc/netsvc.conf}
+elif test ${with_nsswitch-"yes"} != "no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
+ nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
+fi
+
+dnl
+dnl Mutually exclusive auth checks come first, followed by
+dnl non-exclusive ones. Note: passwd must be last of all!
+dnl
+
+dnl
+dnl Convert default authentication methods to with_* if
+dnl no explicit authentication scheme was specified.
+dnl
+if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
+ for auth in $AUTH_EXCL_DEF; do
+ case $auth in
+ AIX_AUTH) with_aixauth=maybe;;
+ BSD_AUTH) with_bsdauth=maybe;;
+ PAM) with_pam=maybe;;
+ SIA) CHECKSIA=true;;
+ esac
+ done
+fi
+
+dnl
+dnl PAM support. Systems that use PAM by default set with_pam=default
+dnl and we do the actual tests here.
+dnl
+if test ${with_pam-"no"} != "no"; then
+ dnl
+ dnl Some platforms need libdl for dlopen
+ dnl
+ case "$LIBS" in
+ *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam"
+ ;;
+ *) AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
+ ac_cv_lib_dl=ac_cv_lib_dl_main
+ ;;
+ esac
+
+ dnl
+ dnl Some PAM implementations (MacOS X for example) put the PAM headers
+ dnl in /usr/include/pam instead of /usr/include/security...
+ dnl
+ AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
+ if test "$with_pam" = "yes"; then
+ AC_DEFINE(HAVE_PAM)
+ AUTH_OBJS="$AUTH_OBJS pam.o";
+ AUTH_EXCL=PAM
+
+ AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
+ [case $with_pam_login in
+ yes) AC_DEFINE([HAVE_PAM_LOGIN])
+ AC_MSG_CHECKING(whether to use PAM login)
+ AC_MSG_RESULT(yes)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
+ ;;
+ esac])
+
+ AC_MSG_CHECKING(whether to use PAM session support)
+ AC_ARG_ENABLE(pam_session,
+ [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
+ [ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+ ;;
+ no) AC_MSG_RESULT(no)
+ AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled])
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
+ ;;
+ esac], AC_MSG_RESULT(yes))
+
+ case $host in
+ *-*-linux*|*-*-solaris*)
+ # dgettext() may be defined to dgettext_libintl in the
+ # header file, so first check that it links w/ additional
+ # libs, then try with -lintl
+ AC_LINK_IFELSE([AC_LANG_PROGRAM(
+ [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])],
+ [AC_DEFINE(HAVE_DGETTEXT)],
+ [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
+ [AC_DEFINE(HAVE_DGETTEXT)])])
+ ;;
+ esac
+ fi
+fi
+
+dnl
+dnl AIX general authentication
+dnl If set to "maybe" only enable if no other exclusive method in use.
+dnl
+if test ${with_aixauth-'no'} != "no"; then
+ if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
+ AC_MSG_NOTICE([using AIX general authentication])
+ AC_DEFINE(HAVE_AIXAUTH)
+ AUTH_OBJS="$AUTH_OBJS aix_auth.o";
+ SUDO_LIBS="${SUDO_LIBS} -ls"
+ AUTH_EXCL=AIX_AUTH
+ fi
+fi
+
+dnl
+dnl BSD authentication
+dnl If set to "maybe" only enable if no other exclusive method in use.
+dnl
+if test ${with_bsdauth-'no'} != "no"; then
+ AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
+ [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
+ [BSDAUTH_USAGE='[[-a auth_type]] ']
+ [AUTH_EXCL=BSD_AUTH; BAMAN=1],
+ [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
+fi
+
+dnl
+dnl SIA authentication for Tru64 Unix
+dnl
+if test ${CHECKSIA-'false'} = "true"; then
+ AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
+ if test "$found" = "true"; then
+ AUTH_EXCL=SIA
+ AUTH_OBJS="$AUTH_OBJS sia.o"
+ fi
+fi
+
+dnl
+dnl extra FWTK libs + includes
+dnl
+if test ${with_fwtk-'no'} != "no"; then
+ if test "$with_fwtk" != "yes"; then
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
+ CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
+ with_fwtk=yes
+ fi
+ SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
+ AUTH_OBJS="$AUTH_OBJS fwtk.o"
+fi
+
+dnl
+dnl extra SecurID lib + includes
+dnl
+if test ${with_SecurID-'no'} != "no"; then
+ if test "$with_SecurID" != "yes"; then
+ :
+ elif test -d /usr/ace/examples; then
+ with_SecurID=/usr/ace/examples
+ else
+ with_SecurID=/usr/ace
+ fi
+ CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
+ _LDFLAGS="${LDFLAGS}"
+ SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
+ #
+ # Determine whether to use the new or old SecurID API
+ #
+ AC_CHECK_LIB(aceclnt, SD_Init,
+ [
+ AUTH_OBJS="$AUTH_OBJS securid5.o";
+ SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
+ ]
+ [
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
+ ], [
+ AUTH_OBJS="$AUTH_OBJS securid.o";
+ SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
+ ],
+ [
+ -lpthread
+ ]
+ )
+ LDFLAGS="${_LDFLAGS}"
+fi
+
+dnl
+dnl Non-mutually exclusive auth checks come next.
+dnl Note: passwd must be last of all!
+dnl
+
+dnl
+dnl Convert default authentication methods to with_* if
+dnl no explicit authentication scheme was specified.
+dnl
+if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
+ for auth in $AUTH_DEF; do
+ case $auth in
+ passwd) : ${with_passwd='maybe'};;
+ esac
+ done
+fi
+
+dnl
+dnl Kerberos IV
+dnl
+if test ${with_kerb4-'no'} != "no"; then
+ AC_DEFINE(HAVE_KERB4)
+ dnl
+ dnl Use the specified directory, if any, else search for correct inc dir
+ dnl
+ O_LDFLAGS="$LDFLAGS"
+ if test "$with_kerb4" = "yes"; then
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
+ CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+ AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
+ done
+ test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
+ else
+ SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
+ CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
+ AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
+ fi
+ if test X"$found" = X"no"; then
+ AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
+ fi
+
+ dnl
+ dnl Check for -ldes vs. -ldes425
+ dnl
+ AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
+ AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
+ ])
+ dnl
+ dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
+ dnl
+ AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
+ AC_MSG_RESULT(yes)
+ K4LIBS="${K4LIBS} -lcom_err"
+ AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
+ ], [
+ AC_MSG_RESULT(no)
+ ]
+ )
+ dnl
+ dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
+ dnl
+ AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
+ AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
+ [K4LIBS="-lkrb $K4LIBS"]
+ [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
+ , [$K4LIBS])
+ ], [$K4LIBS])
+ LDFLAGS="$O_LDFLAGS"
+ SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
+ AUTH_OBJS="$AUTH_OBJS kerb4.o"
+fi
+
+dnl
+dnl Kerberos V
+dnl There is an easy way and a hard way...
+dnl
+if test ${with_kerb5-'no'} != "no"; then
+ AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
+ if test -n "$KRB5CONFIG"; then
+ AC_DEFINE(HAVE_KERB5)
+ AUTH_OBJS="$AUTH_OBJS kerb5.o"
+ CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
+ SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
+ dnl
+ dnl Try to determine whether we have Heimdal or MIT Kerberos
+ dnl
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_HEIMDAL)
+ ], [
+ AC_MSG_RESULT(no)
+ ]
+ )
+ fi
+fi
+if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
+ AC_DEFINE(HAVE_KERB5)
+ dnl
+ dnl Use the specified directory, if any, else search for correct inc dir
+ dnl
+ if test "$with_kerb5" = "yes"; then
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
+ CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+ AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
+ done
+ if test X"$found" = X"no"; then
+ CPPFLAGS="$O_CPPFLAGS"
+ AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
+ fi
+ else
+ dnl XXX - try to include krb5.h here too
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
+ CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
+ fi
+
+ dnl
+ dnl Try to determine whether we have Heimdal or MIT Kerberos
+ dnl
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_HEIMDAL)
+ # XXX - need to check whether -lcrypo is needed!
+ SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
+ AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
+ ], [
+ AC_MSG_RESULT(no)
+ SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
+ AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support"])
+ ])
+ AUTH_OBJS="$AUTH_OBJS kerb5.o"
+ _LIBS="$LIBS"
+ LIBS="${LIBS} ${SUDO_LIBS}"
+ AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
+ AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
+ AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
+ sudo_cv_krb5_get_init_creds_opt_free_two_args, [
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <krb5.h>]],
+ [[krb5_get_init_creds_opt_free(NULL, NULL);]]
+ )],
+ [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
+ [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
+ )
+ ]
+ )
+ ])
+ if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
+ AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
+ fi
+ LIBS="$_LIBS"
+fi
+
+dnl
+dnl extra AFS libs and includes
+dnl
+if test ${with_AFS-'no'} = "yes"; then
+
+ # looks like the "standard" place for AFS libs is /usr/afsws/lib
+ AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
+ for i in $AFSLIBDIRS; do
+ if test -d ${i}; then
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
+ FOUND_AFSLIBDIR=true
+ fi
+ done
+ if test -z "$FOUND_AFSLIBDIR"; then
+ AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
+ fi
+
+ # Order is important here. Note that we build AFS_LIBS from right to left
+ # since AFS_LIBS may be initialized with BSD compat libs that must go last
+ AFS_LIBS="-laudit ${AFS_LIBS}"
+ for i in $AFSLIBDIRS; do
+ if test -f ${i}/util.a; then
+ AFS_LIBS="${i}/util.a ${AFS_LIBS}"
+ FOUND_UTIL_A=true
+ break;
+ fi
+ done
+ if test -z "$FOUND_UTIL_A"; then
+ AFS_LIBS="-lutil ${AFS_LIBS}"
+ fi
+ AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
+
+ # AFS includes may live in /usr/include on some machines...
+ for i in /usr/afsws/include; do
+ if test -d ${i}; then
+ CPPFLAGS="${CPPFLAGS} -I${i}"
+ FOUND_AFSINCDIR=true
+ fi
+ done
+
+ if test -z "$FOUND_AFSLIBDIR"; then
+ AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
+ fi
+
+ AUTH_OBJS="$AUTH_OBJS afs.o"
+fi
+
+dnl
+dnl extra DCE obj + lib
+dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
+dnl
+if test ${with_DCE-'no'} = "yes"; then
+ DCE_OBJS="${DCE_OBJS} dce_pwent.o"
+ SUDO_LIBS="${SUDO_LIBS} -ldce"
+ AUTH_OBJS="$AUTH_OBJS dce.o"
+fi
+
+dnl
+dnl extra S/Key lib and includes
+dnl
+if test ${with_skey-'no'} = "yes"; then
+ O_LDFLAGS="$LDFLAGS"
+ if test "$with_skey" != "yes"; then
+ CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
+ SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
+ AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
+ else
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "/usr/local" "/usr/contrib"; do
+ test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+ AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
+ done
+ if test "$found" = "no" -o -z "$dir"; then
+ CPPFLAGS="$O_CPPFLAGS"
+ else
+ SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
+ fi
+ fi
+ if test "$found" = "no"; then
+ AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
+ fi
+ AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
+ AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
+ LDFLAGS="$O_LDFLAGS"
+ SUDO_LIBS="${SUDO_LIBS} -lskey"
+ AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+fi
+
+dnl
+dnl extra OPIE lib and includes
+dnl
+if test ${with_opie-'no'} = "yes"; then
+ O_LDFLAGS="$LDFLAGS"
+ if test "$with_opie" != "yes"; then
+ CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
+ SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
+ AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
+ else
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "/usr/local" "/usr/contrib"; do
+ test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+ AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
+ done
+ if test "$found" = "no" -o -z "$dir"; then
+ CPPFLAGS="$O_CPPFLAGS"
+ else
+ SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
+ fi
+ fi
+ if test "$found" = "no"; then
+ AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
+ fi
+ AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
+ LDFLAGS="$O_LDFLAGS"
+ SUDO_LIBS="${SUDO_LIBS} -lopie"
+ AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+fi
+
+dnl
+dnl Check for shadow password routines if we have not already done so.
+dnl If there is a specific list of functions to check we do that first.
+dnl Otherwise, we check for SVR4-style and then SecureWare-style.
+dnl
+if test ${with_passwd-'no'} != "no"; then
+ dnl
+ dnl if crypt(3) not in libc, look elsewhere
+ dnl
+ if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
+ AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+ fi
+
+ if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
+ _LIBS="$LIBS"
+ LIBS="$LIBS $shadow_libs"
+ found=no
+ AC_CHECK_FUNCS($shadow_funcs, [found=yes])
+ if test "$found" = "yes"; then
+ SUDO_LIBS="$SUDO_LIBS $shadow_libs"
+ elif test -n "$shadow_libs_optional"; then
+ LIBS="$LIBS $shadow_libs_optional"
+ AC_CHECK_FUNCS($shadow_funcs, [found=yes])
+ if test "$found" = "yes"; then
+ SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
+ fi
+ fi
+ if test "$found" = "yes"; then
+ case "$shadow_funcs" in
+ *getprpwnam*) SECUREWARE=1;;
+ esac
+ test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
+ else
+ LIBS="$_LIBS"
+ fi
+ CHECKSHADOW=false
+ fi
+ if test "$CHECKSHADOW" = "true"; then
+ AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+ fi
+ if test "$CHECKSHADOW" = "true"; then
+ AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+ fi
+ if test -n "$SECUREWARE"; then
+ AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
+ AUTH_OBJS="$AUTH_OBJS secureware.o"
+ fi
+fi
+
+dnl
+dnl extra lib and .o file for LDAP support
+dnl
+if test ${with_ldap-'no'} != "no"; then
+ _LDFLAGS="$LDFLAGS"
+ if test "$with_ldap" != "yes"; then
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
+ SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
+ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
+ with_ldap=yes
+ fi
+ SUDO_OBJS="${SUDO_OBJS} ldap.o"
+ LDAP=""
+
+ AC_MSG_CHECKING([for LDAP libraries])
+ LDAP_LIBS=""
+ _LIBS="$LIBS"
+ found=no
+ for l in -lldap -llber '-lssl -lcrypto'; do
+ LIBS="${LIBS} $l"
+ LDAP_LIBS="${LDAP_LIBS} $l"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+ #include <lber.h>
+ #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
+ done
+ dnl if nothing linked just try with -lldap
+ if test "$found" = "no"; then
+ LIBS="${_LIBS} -lldap"
+ LDAP_LIBS="-lldap"
+ AC_MSG_RESULT([not found, using -lldap])
+ else
+ AC_MSG_RESULT([$LDAP_LIBS])
+ fi
+ dnl check if we need to link with -llber for ber_set_option
+ OLIBS="$LIBS"
+ AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
+ if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
+ LDAP_LIBS="$LDAP_LIBS -llber"
+ fi
+ dnl check if ldap.h includes lber.h for us
+ AC_MSG_CHECKING([whether lber.h is needed])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+ #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE(HAVE_LBER_H)])
+
+ AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
+ AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
+ AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
+
+ if test X"$check_gss_krb5_ccache_name" = X"yes"; then
+ AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
+ AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
+ [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
+ AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
+ AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
+ [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
+ )
+
+ # gssapi headers may be separate or part of Kerberos V
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
+ test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+ AC_PREPROC_IFELSE([#include <gssapi/gssapi.h>], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include <gssapi.h>], [found="gssapi.h"; break])])
+ done
+ if test X"$found" != X"no"; then
+ AC_CHECK_HEADERS([$found])
+ if test X"$found" = X"gssapi/gssapi.h"; then
+ AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
+ fi
+ else
+ CPPFLAGS="$O_CPPFLAGS"
+ AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
+ fi
+ fi
+
+ SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
+ LIBS="$_LIBS"
+ LDFLAGS="$_LDFLAGS"
+fi
+
+dnl
+dnl Add LIBVAS_RPATH to LDFLAGS
+dnl GNU ld accepts -R/path/ as an alias for -rpath /path/
+dnl
+if test X"$LIBVAS_RPATH" != X""; then
+ if test -n "$blibpath"; then
+ blibpath_add="${blibpath_add}:$LIBVAS_RPATH"
+ else
+ case "$host" in
+ *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH"
+ ;;
+ *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH"
+ ;;
+ esac
+ fi
+fi
+
+dnl
+dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
+dnl added -L dirpaths to SUDO_LDFLAGS.
+dnl
+if test -n "$blibpath"; then
+ if test -n "$blibpath_add"; then
+ SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
+ elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
+ SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
+ fi
+fi
+
+dnl
+dnl Check for log file, timestamp and iolog locations
+dnl
+SUDO_LOGFILE
+SUDO_TIMEDIR
+SUDO_IO_LOGDIR
+
+dnl
+dnl If I/O logging is enabled, build sudoreplay and exec_pty get_pty.o iolog.o
+dnl
+if test "${with_iologdir-yes}" != "no"; then
+ # Require POSIX job control for I/O log support
+ AC_CHECK_FUNCS(tcsetpgrp, [
+ SUDO_OBJS="${SUDO_OBJS} exec_pty.o get_pty.o iolog.o"
+ PROGS="$PROGS sudoreplay"
+ REPLAY=""
+
+ AC_ARG_ENABLE(zlib,
+ [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
+ [ case "$enable_zlib" in
+ yes) AC_DEFINE(HAVE_ZLIB_H)
+ ZLIB="-lz"
+ ;;
+ no) ;;
+ *) AC_DEFINE(HAVE_ZLIB_H)
+ CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
+ SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
+ ZLIB="${ZLIB} -lz"
+ ;;
+ esac
+ ])
+ if test X"$enable_zlib" = X""; then
+ AC_CHECK_LIB(z, gzdopen, [
+ AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"])
+ ])
+ fi
+ ], [
+ AC_MSG_WARN([Disabling I/O log support due to lack of tcsetpgrp function])
+ with_iologdir=no
+ ])
+fi
+
+dnl
+dnl Use passwd (and secureware) auth modules?
+dnl
+case "$with_passwd" in
+yes|maybe)
+ AUTH_OBJS="$AUTH_OBJS passwd.o"
+ ;;
+*)
+ AC_DEFINE(WITHOUT_PASSWD)
+ if test -z "$AUTH_OBJS"; then
+ AC_MSG_ERROR([no authentication methods defined.])
+ fi
+ ;;
+esac
+AUTH_OBJS=${AUTH_OBJS# }
+_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
+AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
+
+dnl
+dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
+dnl
+if test -n "$LIBS"; then
+ L="$LIBS"
+ LIBS=
+ for l in ${L}; do
+ dupe=0
+ for sl in ${SUDO_LIBS} ${NET_LIBS}; do
+ test $l = $sl && dupe=1
+ done
+ test $dupe = 0 && LIBS="${LIBS} $l"
+ done
+fi
+
+dnl
+dnl Set exec_prefix
+dnl
+test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
+
+dnl
+dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
+dnl XXX - this is gross!
+dnl
+if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
+ oexec_prefix="$exec_prefix"
+ if test "$exec_prefix" = '$(prefix)'; then
+ if test "$prefix" = "NONE"; then
+ exec_prefix="$ac_default_prefix"
+ else
+ exec_prefix="$prefix"
+ fi
+ fi
+ if test X"$with_noexec" != X"no"; then
+ PROGS="${PROGS} libsudo_noexec.la"
+ INSTALL_NOEXEC="install-noexec"
+
+ eval noexec_file="$with_noexec"
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
+ fi
+ if test X"$with_selinux" != X"no"; then
+ eval sesh_file="$libexecdir/sesh"
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
+ fi
+ exec_prefix="$oexec_prefix"
+fi
+
+dnl
+dnl Override default configure dirs for the Makefile
+dnl
+if test X"$prefix" = X"NONE"; then
+ test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
+else
+ test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
+fi
+test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
+test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
+test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
+test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
+test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
+test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
+test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
+
+dnl
+dnl Substitute into the Makefile and man pages
+dnl
+AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers])
+AC_OUTPUT
+
+dnl
+dnl Spew any text the user needs to know about
+dnl
+if test "$with_pam" = "yes"; then
+ case $host in
+ *-*-linux*)
+ AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
+ ;;
+ esac
+fi
+
+dnl
+dnl Autoheader templates
+dnl
+AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
+AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
+AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
+AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
+AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
+AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
+AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
+AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
+AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
+AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
+AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
+AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
+AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
+AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
+AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
+AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
+AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
+AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
+AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
+AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
+AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
+AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
+AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
+AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
+AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
+AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
+AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
+AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
+AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
+AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
+AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
+AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
+AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
+AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
+AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
+AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
+AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
+AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
+AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
+AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
+AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
+AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
+AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
+AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
+AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
+AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
+AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
+AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
+AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
+AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
+AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
+AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
+AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
+AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
+AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
+AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
+AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
+AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
+AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
+AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
+AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
+AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
+AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
+AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
+AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
+AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
+AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
+AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
+AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
+AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
+AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
+AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
+AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
+AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
+AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
+AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
+AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
+AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
+AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
+AH_TEMPLATE(USING_NONUNIX_GROUPS, [Define to 1 if using a non-Unix group lookup implementation.])
+
+dnl
+dnl Bits to copy verbatim into config.h.in
+dnl
+AH_TOP([#ifndef _SUDO_CONFIG_H
+#define _SUDO_CONFIG_H])
+
+AH_BOTTOM([/*
+ * Macros to convert ctime and mtime into timevals.
+ */
+#define timespec2timeval(_ts, _tv) do { \
+ (_tv)->tv_sec = (_ts)->tv_sec; \
+ (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
+} while (0)
+
+#ifdef HAVE_ST_MTIM
+# ifdef HAVE_ST__TIM
+# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
+# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
+# else
+# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
+# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
+# endif
+#else
+# ifdef HAVE_ST_MTIMESPEC
+# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
+# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
+# else
+# define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
+# define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
+# endif /* HAVE_ST_MTIMESPEC */
+#endif /* HAVE_ST_MTIM */
+
+/*
+ * Emulate a subset of waitpid() if we don't have it.
+ */
+#ifdef HAVE_WAITPID
+# define sudo_waitpid(p, s, o) waitpid(p, s, o)
+#else
+# ifdef HAVE_WAIT3
+# define sudo_waitpid(p, s, o) wait3(s, o, NULL)
+# endif
+#endif
+
+/* GNU stow needs /etc/sudoers to be a symlink. */
+#ifdef USE_STOW
+# define stat_sudoers stat
+#else
+# define stat_sudoers lstat
+#endif
+
+/* Macros to set/clear/test flags. */
+#undef SET
+#define SET(t, f) ((t) |= (f))
+#undef CLR
+#define CLR(t, f) ((t) &= ~(f))
+#undef ISSET
+#define ISSET(t, f) ((t) & (f))
+
+/* New ANSI-style OS defs for HP-UX and ConvexOS. */
+#if defined(hpux) && !defined(__hpux)
+# define __hpux 1
+#endif /* hpux */
+
+#if defined(convex) && !defined(__convex__)
+# define __convex__ 1
+#endif /* convex */
+
+/* BSD compatibility on some SVR4 systems. */
+#ifdef __svr4__
+# define BSD_COMP
+#endif /* __svr4__ */
+
+#endif /* _SUDO_CONFIG_H */])
diff --git a/sudo-1.7.4p4/def_data.c b/sudo-1.7.4p4/def_data.c
new file mode 100644
index 0000000..fbdc0c7
--- /dev/null
+++ b/sudo-1.7.4p4/def_data.c
@@ -0,0 +1,336 @@
+static struct def_values def_data_lecture[] = {
+ { "never", never },
+ { "once", once },
+ { "always", always },
+ { NULL, 0 },
+};
+
+static struct def_values def_data_listpw[] = {
+ { "never", never },
+ { "any", any },
+ { "all", all },
+ { "always", always },
+ { NULL, 0 },
+};
+
+static struct def_values def_data_verifypw[] = {
+ { "never", never },
+ { "all", all },
+ { "any", any },
+ { "always", always },
+ { NULL, 0 },
+};
+
+struct sudo_defs_types sudo_defs_table[] = {
+ {
+ "syslog", T_LOGFAC|T_BOOL,
+ "Syslog facility if syslog is being used for logging: %s",
+ NULL,
+ }, {
+ "syslog_goodpri", T_LOGPRI,
+ "Syslog priority to use when user authenticates successfully: %s",
+ NULL,
+ }, {
+ "syslog_badpri", T_LOGPRI,
+ "Syslog priority to use when user authenticates unsuccessfully: %s",
+ NULL,
+ }, {
+ "long_otp_prompt", T_FLAG,
+ "Put OTP prompt on its own line",
+ NULL,
+ }, {
+ "ignore_dot", T_FLAG,
+ "Ignore '.' in $PATH",
+ NULL,
+ }, {
+ "mail_always", T_FLAG,
+ "Always send mail when sudo is run",
+ NULL,
+ }, {
+ "mail_badpass", T_FLAG,
+ "Send mail if user authentication fails",
+ NULL,
+ }, {
+ "mail_no_user", T_FLAG,
+ "Send mail if the user is not in sudoers",
+ NULL,
+ }, {
+ "mail_no_host", T_FLAG,
+ "Send mail if the user is not in sudoers for this host",
+ NULL,
+ }, {
+ "mail_no_perms", T_FLAG,
+ "Send mail if the user is not allowed to run a command",
+ NULL,
+ }, {
+ "tty_tickets", T_FLAG,
+ "Use a separate timestamp for each user/tty combo",
+ NULL,
+ }, {
+ "lecture", T_TUPLE|T_BOOL,
+ "Lecture user the first time they run sudo",
+ def_data_lecture,
+ }, {
+ "lecture_file", T_STR|T_PATH|T_BOOL,
+ "File containing the sudo lecture: %s",
+ NULL,
+ }, {
+ "authenticate", T_FLAG,
+ "Require users to authenticate by default",
+ NULL,
+ }, {
+ "root_sudo", T_FLAG,
+ "Root may run sudo",
+ NULL,
+ }, {
+ "log_host", T_FLAG,
+ "Log the hostname in the (non-syslog) log file",
+ NULL,
+ }, {
+ "log_year", T_FLAG,
+ "Log the year in the (non-syslog) log file",
+ NULL,
+ }, {
+ "shell_noargs", T_FLAG,
+ "If sudo is invoked with no arguments, start a shell",
+ NULL,
+ }, {
+ "set_home", T_FLAG,
+ "Set $HOME to the target user when starting a shell with -s",
+ NULL,
+ }, {
+ "always_set_home", T_FLAG,
+ "Always set $HOME to the target user's home directory",
+ NULL,
+ }, {
+ "path_info", T_FLAG,
+ "Allow some information gathering to give useful error messages",
+ NULL,
+ }, {
+ "fqdn", T_FLAG,
+ "Require fully-qualified hostnames in the sudoers file",
+ NULL,
+ }, {
+ "insults", T_FLAG,
+ "Insult the user when they enter an incorrect password",
+ NULL,
+ }, {
+ "requiretty", T_FLAG,
+ "Only allow the user to run sudo if they have a tty",
+ NULL,
+ }, {
+ "env_editor", T_FLAG,
+ "Visudo will honor the EDITOR environment variable",
+ NULL,
+ }, {
+ "rootpw", T_FLAG,
+ "Prompt for root's password, not the users's",
+ NULL,
+ }, {
+ "runaspw", T_FLAG,
+ "Prompt for the runas_default user's password, not the users's",
+ NULL,
+ }, {
+ "targetpw", T_FLAG,
+ "Prompt for the target user's password, not the users's",
+ NULL,
+ }, {
+ "use_loginclass", T_FLAG,
+ "Apply defaults in the target user's login class if there is one",
+ NULL,
+ }, {
+ "set_logname", T_FLAG,
+ "Set the LOGNAME and USER environment variables",
+ NULL,
+ }, {
+ "stay_setuid", T_FLAG,
+ "Only set the effective uid to the target user, not the real uid",
+ NULL,
+ }, {
+ "preserve_groups", T_FLAG,
+ "Don't initialize the group vector to that of the target user",
+ NULL,
+ }, {
+ "loglinelen", T_UINT|T_BOOL,
+ "Length at which to wrap log file lines (0 for no wrap): %d",
+ NULL,
+ }, {
+ "timestamp_timeout", T_FLOAT|T_BOOL,
+ "Authentication timestamp timeout: %.1f minutes",
+ NULL,
+ }, {
+ "passwd_timeout", T_FLOAT|T_BOOL,
+ "Password prompt timeout: %.1f minutes",
+ NULL,
+ }, {
+ "passwd_tries", T_UINT,
+ "Number of tries to enter a password: %d",
+ NULL,
+ }, {
+ "umask", T_MODE|T_BOOL,
+ "Umask to use or 0777 to use user's: 0%o",
+ NULL,
+ }, {
+ "logfile", T_STR|T_BOOL|T_PATH,
+ "Path to log file: %s",
+ NULL,
+ }, {
+ "mailerpath", T_STR|T_BOOL|T_PATH,
+ "Path to mail program: %s",
+ NULL,
+ }, {
+ "mailerflags", T_STR|T_BOOL,
+ "Flags for mail program: %s",
+ NULL,
+ }, {
+ "mailto", T_STR|T_BOOL,
+ "Address to send mail to: %s",
+ NULL,
+ }, {
+ "mailfrom", T_STR|T_BOOL,
+ "Address to send mail from: %s",
+ NULL,
+ }, {
+ "mailsub", T_STR,
+ "Subject line for mail messages: %s",
+ NULL,
+ }, {
+ "badpass_message", T_STR,
+ "Incorrect password message: %s",
+ NULL,
+ }, {
+ "timestampdir", T_STR|T_PATH,
+ "Path to authentication timestamp dir: %s",
+ NULL,
+ }, {
+ "timestampowner", T_STR,
+ "Owner of the authentication timestamp dir: %s",
+ NULL,
+ }, {
+ "exempt_group", T_STR|T_BOOL,
+ "Users in this group are exempt from password and PATH requirements: %s",
+ NULL,
+ }, {
+ "passprompt", T_STR,
+ "Default password prompt: %s",
+ NULL,
+ }, {
+ "passprompt_override", T_FLAG,
+ "If set, passprompt will override system prompt in all cases.",
+ NULL,
+ }, {
+ "runas_default", T_STR,
+ "Default user to run commands as: %s",
+ NULL,
+ }, {
+ "secure_path", T_STR|T_BOOL,
+ "Value to override user's $PATH with: %s",
+ NULL,
+ }, {
+ "editor", T_STR|T_PATH,
+ "Path to the editor for use by visudo: %s",
+ NULL,
+ }, {
+ "listpw", T_TUPLE|T_BOOL,
+ "When to require a password for 'list' pseudocommand: %s",
+ def_data_listpw,
+ }, {
+ "verifypw", T_TUPLE|T_BOOL,
+ "When to require a password for 'verify' pseudocommand: %s",
+ def_data_verifypw,
+ }, {
+ "noexec", T_FLAG,
+ "Preload the dummy exec functions contained in 'noexec_file'",
+ NULL,
+ }, {
+ "noexec_file", T_STR|T_PATH,
+ "File containing dummy exec functions: %s",
+ NULL,
+ }, {
+ "ignore_local_sudoers", T_FLAG,
+ "If LDAP directory is up, do we ignore local sudoers file",
+ NULL,
+ }, {
+ "closefrom", T_INT,
+ "File descriptors >= %d will be closed before executing a command",
+ NULL,
+ }, {
+ "closefrom_override", T_FLAG,
+ "If set, users may override the value of `closefrom' with the -C option",
+ NULL,
+ }, {
+ "setenv", T_FLAG,
+ "Allow users to set arbitrary environment variables",
+ NULL,
+ }, {
+ "env_reset", T_FLAG,
+ "Reset the environment to a default set of variables",
+ NULL,
+ }, {
+ "env_check", T_LIST|T_BOOL,
+ "Environment variables to check for sanity:",
+ NULL,
+ }, {
+ "env_delete", T_LIST|T_BOOL,
+ "Environment variables to remove:",
+ NULL,
+ }, {
+ "env_keep", T_LIST|T_BOOL,
+ "Environment variables to preserve:",
+ NULL,
+ }, {
+ "role", T_STR,
+ "SELinux role to use in the new security context: %s",
+ NULL,
+ }, {
+ "type", T_STR,
+ "SELinux type to use in the new security context: %s",
+ NULL,
+ }, {
+ "askpass", T_STR|T_PATH|T_BOOL,
+ "Path to the askpass helper program: %s",
+ NULL,
+ }, {
+ "env_file", T_STR|T_PATH|T_BOOL,
+ "Path to the sudo-specific environment file: %s",
+ NULL,
+ }, {
+ "sudoers_locale", T_STR,
+ "Locale to use while parsing sudoers: %s",
+ NULL,
+ }, {
+ "visiblepw", T_FLAG,
+ "Allow sudo to prompt for a password even if it would be visisble",
+ NULL,
+ }, {
+ "pwfeedback", T_FLAG,
+ "Provide visual feedback at the password prompt when there is user input",
+ NULL,
+ }, {
+ "fast_glob", T_FLAG,
+ "Use faster globbing that is less accurate but does not access the filesystem",
+ NULL,
+ }, {
+ "umask_override", T_FLAG,
+ "The umask specified in sudoers will override the user's, even if it is more permissive",
+ NULL,
+ }, {
+ "log_input", T_FLAG,
+ "Log user's input for the command being run",
+ NULL,
+ }, {
+ "log_output", T_FLAG,
+ "Log the output of the command being run",
+ NULL,
+ }, {
+ "compress_io", T_FLAG,
+ "Compress I/O logs using zlib",
+ NULL,
+ }, {
+ "use_pty", T_FLAG,
+ "Always run commands in a pseudo-tty",
+ NULL,
+ }, {
+ NULL, 0, NULL
+ }
+};
diff --git a/sudo-1.7.4p4/def_data.h b/sudo-1.7.4p4/def_data.h
new file mode 100644
index 0000000..e868d32
--- /dev/null
+++ b/sudo-1.7.4p4/def_data.h
@@ -0,0 +1,162 @@
+#define def_syslog (sudo_defs_table[0].sd_un.ival)
+#define I_SYSLOG 0
+#define def_syslog_goodpri (sudo_defs_table[1].sd_un.ival)
+#define I_SYSLOG_GOODPRI 1
+#define def_syslog_badpri (sudo_defs_table[2].sd_un.ival)
+#define I_SYSLOG_BADPRI 2
+#define def_long_otp_prompt (sudo_defs_table[3].sd_un.flag)
+#define I_LONG_OTP_PROMPT 3
+#define def_ignore_dot (sudo_defs_table[4].sd_un.flag)
+#define I_IGNORE_DOT 4
+#define def_mail_always (sudo_defs_table[5].sd_un.flag)
+#define I_MAIL_ALWAYS 5
+#define def_mail_badpass (sudo_defs_table[6].sd_un.flag)
+#define I_MAIL_BADPASS 6
+#define def_mail_no_user (sudo_defs_table[7].sd_un.flag)
+#define I_MAIL_NO_USER 7
+#define def_mail_no_host (sudo_defs_table[8].sd_un.flag)
+#define I_MAIL_NO_HOST 8
+#define def_mail_no_perms (sudo_defs_table[9].sd_un.flag)
+#define I_MAIL_NO_PERMS 9
+#define def_tty_tickets (sudo_defs_table[10].sd_un.flag)
+#define I_TTY_TICKETS 10
+#define def_lecture (sudo_defs_table[11].sd_un.tuple)
+#define I_LECTURE 11
+#define def_lecture_file (sudo_defs_table[12].sd_un.str)
+#define I_LECTURE_FILE 12
+#define def_authenticate (sudo_defs_table[13].sd_un.flag)
+#define I_AUTHENTICATE 13
+#define def_root_sudo (sudo_defs_table[14].sd_un.flag)
+#define I_ROOT_SUDO 14
+#define def_log_host (sudo_defs_table[15].sd_un.flag)
+#define I_LOG_HOST 15
+#define def_log_year (sudo_defs_table[16].sd_un.flag)
+#define I_LOG_YEAR 16
+#define def_shell_noargs (sudo_defs_table[17].sd_un.flag)
+#define I_SHELL_NOARGS 17
+#define def_set_home (sudo_defs_table[18].sd_un.flag)
+#define I_SET_HOME 18
+#define def_always_set_home (sudo_defs_table[19].sd_un.flag)
+#define I_ALWAYS_SET_HOME 19
+#define def_path_info (sudo_defs_table[20].sd_un.flag)
+#define I_PATH_INFO 20
+#define def_fqdn (sudo_defs_table[21].sd_un.flag)
+#define I_FQDN 21
+#define def_insults (sudo_defs_table[22].sd_un.flag)
+#define I_INSULTS 22
+#define def_requiretty (sudo_defs_table[23].sd_un.flag)
+#define I_REQUIRETTY 23
+#define def_env_editor (sudo_defs_table[24].sd_un.flag)
+#define I_ENV_EDITOR 24
+#define def_rootpw (sudo_defs_table[25].sd_un.flag)
+#define I_ROOTPW 25
+#define def_runaspw (sudo_defs_table[26].sd_un.flag)
+#define I_RUNASPW 26
+#define def_targetpw (sudo_defs_table[27].sd_un.flag)
+#define I_TARGETPW 27
+#define def_use_loginclass (sudo_defs_table[28].sd_un.flag)
+#define I_USE_LOGINCLASS 28
+#define def_set_logname (sudo_defs_table[29].sd_un.flag)
+#define I_SET_LOGNAME 29
+#define def_stay_setuid (sudo_defs_table[30].sd_un.flag)
+#define I_STAY_SETUID 30
+#define def_preserve_groups (sudo_defs_table[31].sd_un.flag)
+#define I_PRESERVE_GROUPS 31
+#define def_loglinelen (sudo_defs_table[32].sd_un.ival)
+#define I_LOGLINELEN 32
+#define def_timestamp_timeout (sudo_defs_table[33].sd_un.fval)
+#define I_TIMESTAMP_TIMEOUT 33
+#define def_passwd_timeout (sudo_defs_table[34].sd_un.fval)
+#define I_PASSWD_TIMEOUT 34
+#define def_passwd_tries (sudo_defs_table[35].sd_un.ival)
+#define I_PASSWD_TRIES 35
+#define def_umask (sudo_defs_table[36].sd_un.mode)
+#define I_UMASK 36
+#define def_logfile (sudo_defs_table[37].sd_un.str)
+#define I_LOGFILE 37
+#define def_mailerpath (sudo_defs_table[38].sd_un.str)
+#define I_MAILERPATH 38
+#define def_mailerflags (sudo_defs_table[39].sd_un.str)
+#define I_MAILERFLAGS 39
+#define def_mailto (sudo_defs_table[40].sd_un.str)
+#define I_MAILTO 40
+#define def_mailfrom (sudo_defs_table[41].sd_un.str)
+#define I_MAILFROM 41
+#define def_mailsub (sudo_defs_table[42].sd_un.str)
+#define I_MAILSUB 42
+#define def_badpass_message (sudo_defs_table[43].sd_un.str)
+#define I_BADPASS_MESSAGE 43
+#define def_timestampdir (sudo_defs_table[44].sd_un.str)
+#define I_TIMESTAMPDIR 44
+#define def_timestampowner (sudo_defs_table[45].sd_un.str)
+#define I_TIMESTAMPOWNER 45
+#define def_exempt_group (sudo_defs_table[46].sd_un.str)
+#define I_EXEMPT_GROUP 46
+#define def_passprompt (sudo_defs_table[47].sd_un.str)
+#define I_PASSPROMPT 47
+#define def_passprompt_override (sudo_defs_table[48].sd_un.flag)
+#define I_PASSPROMPT_OVERRIDE 48
+#define def_runas_default (sudo_defs_table[49].sd_un.str)
+#define I_RUNAS_DEFAULT 49
+#define def_secure_path (sudo_defs_table[50].sd_un.str)
+#define I_SECURE_PATH 50
+#define def_editor (sudo_defs_table[51].sd_un.str)
+#define I_EDITOR 51
+#define def_listpw (sudo_defs_table[52].sd_un.tuple)
+#define I_LISTPW 52
+#define def_verifypw (sudo_defs_table[53].sd_un.tuple)
+#define I_VERIFYPW 53
+#define def_noexec (sudo_defs_table[54].sd_un.flag)
+#define I_NOEXEC 54
+#define def_noexec_file (sudo_defs_table[55].sd_un.str)
+#define I_NOEXEC_FILE 55
+#define def_ignore_local_sudoers (sudo_defs_table[56].sd_un.flag)
+#define I_IGNORE_LOCAL_SUDOERS 56
+#define def_closefrom (sudo_defs_table[57].sd_un.ival)
+#define I_CLOSEFROM 57
+#define def_closefrom_override (sudo_defs_table[58].sd_un.flag)
+#define I_CLOSEFROM_OVERRIDE 58
+#define def_setenv (sudo_defs_table[59].sd_un.flag)
+#define I_SETENV 59
+#define def_env_reset (sudo_defs_table[60].sd_un.flag)
+#define I_ENV_RESET 60
+#define def_env_check (sudo_defs_table[61].sd_un.list)
+#define I_ENV_CHECK 61
+#define def_env_delete (sudo_defs_table[62].sd_un.list)
+#define I_ENV_DELETE 62
+#define def_env_keep (sudo_defs_table[63].sd_un.list)
+#define I_ENV_KEEP 63
+#define def_role (sudo_defs_table[64].sd_un.str)
+#define I_ROLE 64
+#define def_type (sudo_defs_table[65].sd_un.str)
+#define I_TYPE 65
+#define def_askpass (sudo_defs_table[66].sd_un.str)
+#define I_ASKPASS 66
+#define def_env_file (sudo_defs_table[67].sd_un.str)
+#define I_ENV_FILE 67
+#define def_sudoers_locale (sudo_defs_table[68].sd_un.str)
+#define I_SUDOERS_LOCALE 68
+#define def_visiblepw (sudo_defs_table[69].sd_un.flag)
+#define I_VISIBLEPW 69
+#define def_pwfeedback (sudo_defs_table[70].sd_un.flag)
+#define I_PWFEEDBACK 70
+#define def_fast_glob (sudo_defs_table[71].sd_un.flag)
+#define I_FAST_GLOB 71
+#define def_umask_override (sudo_defs_table[72].sd_un.flag)
+#define I_UMASK_OVERRIDE 72
+#define def_log_input (sudo_defs_table[73].sd_un.flag)
+#define I_LOG_INPUT 73
+#define def_log_output (sudo_defs_table[74].sd_un.flag)
+#define I_LOG_OUTPUT 74
+#define def_compress_io (sudo_defs_table[75].sd_un.flag)
+#define I_COMPRESS_IO 75
+#define def_use_pty (sudo_defs_table[76].sd_un.flag)
+#define I_USE_PTY 76
+
+enum def_tupple {
+ never,
+ once,
+ always,
+ any,
+ all
+};
diff --git a/sudo-1.7.4p4/def_data.in b/sudo-1.7.4p4/def_data.in
new file mode 100644
index 0000000..d903cfa
--- /dev/null
+++ b/sudo-1.7.4p4/def_data.in
@@ -0,0 +1,246 @@
+#
+# Format:
+#
+# var_name
+# TYPE
+# description (or NULL)
+# array of struct def_values if TYPE == T_TUPLE
+#
+# NOTE: for tuples that can be used in a boolean context the first
+# value corresponds to boolean FALSE and the second to TRUE.
+#
+
+syslog
+ T_LOGFAC|T_BOOL
+ "Syslog facility if syslog is being used for logging: %s"
+syslog_goodpri
+ T_LOGPRI
+ "Syslog priority to use when user authenticates successfully: %s"
+syslog_badpri
+ T_LOGPRI
+ "Syslog priority to use when user authenticates unsuccessfully: %s"
+long_otp_prompt
+ T_FLAG
+ "Put OTP prompt on its own line"
+ignore_dot
+ T_FLAG
+ "Ignore '.' in $PATH"
+mail_always
+ T_FLAG
+ "Always send mail when sudo is run"
+mail_badpass
+ T_FLAG
+ "Send mail if user authentication fails"
+mail_no_user
+ T_FLAG
+ "Send mail if the user is not in sudoers"
+mail_no_host
+ T_FLAG
+ "Send mail if the user is not in sudoers for this host"
+mail_no_perms
+ T_FLAG
+ "Send mail if the user is not allowed to run a command"
+tty_tickets
+ T_FLAG
+ "Use a separate timestamp for each user/tty combo"
+lecture
+ T_TUPLE|T_BOOL
+ "Lecture user the first time they run sudo"
+ never once always
+lecture_file
+ T_STR|T_PATH|T_BOOL
+ "File containing the sudo lecture: %s"
+authenticate
+ T_FLAG
+ "Require users to authenticate by default"
+root_sudo
+ T_FLAG
+ "Root may run sudo"
+log_host
+ T_FLAG
+ "Log the hostname in the (non-syslog) log file"
+log_year
+ T_FLAG
+ "Log the year in the (non-syslog) log file"
+shell_noargs
+ T_FLAG
+ "If sudo is invoked with no arguments, start a shell"
+set_home
+ T_FLAG
+ "Set $HOME to the target user when starting a shell with -s"
+always_set_home
+ T_FLAG
+ "Always set $HOME to the target user's home directory"
+path_info
+ T_FLAG
+ "Allow some information gathering to give useful error messages"
+fqdn
+ T_FLAG
+ "Require fully-qualified hostnames in the sudoers file"
+insults
+ T_FLAG
+ "Insult the user when they enter an incorrect password"
+requiretty
+ T_FLAG
+ "Only allow the user to run sudo if they have a tty"
+env_editor
+ T_FLAG
+ "Visudo will honor the EDITOR environment variable"
+rootpw
+ T_FLAG
+ "Prompt for root's password, not the users's"
+runaspw
+ T_FLAG
+ "Prompt for the runas_default user's password, not the users's"
+targetpw
+ T_FLAG
+ "Prompt for the target user's password, not the users's"
+use_loginclass
+ T_FLAG
+ "Apply defaults in the target user's login class if there is one"
+set_logname
+ T_FLAG
+ "Set the LOGNAME and USER environment variables"
+stay_setuid
+ T_FLAG
+ "Only set the effective uid to the target user, not the real uid"
+preserve_groups
+ T_FLAG
+ "Don't initialize the group vector to that of the target user"
+loglinelen
+ T_UINT|T_BOOL
+ "Length at which to wrap log file lines (0 for no wrap): %d"
+timestamp_timeout
+ T_FLOAT|T_BOOL
+ "Authentication timestamp timeout: %.1f minutes"
+passwd_timeout
+ T_FLOAT|T_BOOL
+ "Password prompt timeout: %.1f minutes"
+passwd_tries
+ T_UINT
+ "Number of tries to enter a password: %d"
+umask
+ T_MODE|T_BOOL
+ "Umask to use or 0777 to use user's: 0%o"
+logfile
+ T_STR|T_BOOL|T_PATH
+ "Path to log file: %s"
+mailerpath
+ T_STR|T_BOOL|T_PATH
+ "Path to mail program: %s"
+mailerflags
+ T_STR|T_BOOL
+ "Flags for mail program: %s"
+mailto
+ T_STR|T_BOOL
+ "Address to send mail to: %s"
+mailfrom
+ T_STR|T_BOOL
+ "Address to send mail from: %s"
+mailsub
+ T_STR
+ "Subject line for mail messages: %s"
+badpass_message
+ T_STR
+ "Incorrect password message: %s"
+timestampdir
+ T_STR|T_PATH
+ "Path to authentication timestamp dir: %s"
+timestampowner
+ T_STR
+ "Owner of the authentication timestamp dir: %s"
+exempt_group
+ T_STR|T_BOOL
+ "Users in this group are exempt from password and PATH requirements: %s"
+passprompt
+ T_STR
+ "Default password prompt: %s"
+passprompt_override
+ T_FLAG
+ "If set, passprompt will override system prompt in all cases."
+runas_default
+ T_STR
+ "Default user to run commands as: %s"
+secure_path
+ T_STR|T_BOOL
+ "Value to override user's $PATH with: %s"
+editor
+ T_STR|T_PATH
+ "Path to the editor for use by visudo: %s"
+listpw
+ T_TUPLE|T_BOOL
+ "When to require a password for 'list' pseudocommand: %s"
+ never any all always
+verifypw
+ T_TUPLE|T_BOOL
+ "When to require a password for 'verify' pseudocommand: %s"
+ never all any always
+noexec
+ T_FLAG
+ "Preload the dummy exec functions contained in 'noexec_file'"
+noexec_file
+ T_STR|T_PATH
+ "File containing dummy exec functions: %s"
+ignore_local_sudoers
+ T_FLAG
+ "If LDAP directory is up, do we ignore local sudoers file"
+closefrom
+ T_INT
+ "File descriptors >= %d will be closed before executing a command"
+closefrom_override
+ T_FLAG
+ "If set, users may override the value of `closefrom' with the -C option"
+setenv
+ T_FLAG
+ "Allow users to set arbitrary environment variables"
+env_reset
+ T_FLAG
+ "Reset the environment to a default set of variables"
+env_check
+ T_LIST|T_BOOL
+ "Environment variables to check for sanity:"
+env_delete
+ T_LIST|T_BOOL
+ "Environment variables to remove:"
+env_keep
+ T_LIST|T_BOOL
+ "Environment variables to preserve:"
+role
+ T_STR
+ "SELinux role to use in the new security context: %s"
+type
+ T_STR
+ "SELinux type to use in the new security context: %s"
+askpass
+ T_STR|T_PATH|T_BOOL
+ "Path to the askpass helper program: %s"
+env_file
+ T_STR|T_PATH|T_BOOL
+ "Path to the sudo-specific environment file: %s"
+sudoers_locale
+ T_STR
+ "Locale to use while parsing sudoers: %s"
+visiblepw
+ T_FLAG
+ "Allow sudo to prompt for a password even if it would be visisble"
+pwfeedback
+ T_FLAG
+ "Provide visual feedback at the password prompt when there is user input"
+fast_glob
+ T_FLAG
+ "Use faster globbing that is less accurate but does not access the filesystem"
+umask_override
+ T_FLAG
+ "The umask specified in sudoers will override the user's, even if it is more permissive"
+log_input
+ T_FLAG
+ "Log user's input for the command being run"
+log_output
+ T_FLAG
+ "Log the output of the command being run"
+compress_io
+ T_FLAG
+ "Compress I/O logs using zlib"
+use_pty
+ T_FLAG
+ "Always run commands in a pseudo-tty"
diff --git a/sudo-1.7.4p4/defaults.c b/sudo-1.7.4p4/defaults.c
new file mode 100644
index 0000000..10757ee
--- /dev/null
+++ b/sudo-1.7.4p4/defaults.c
@@ -0,0 +1,839 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2008, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+# ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <ctype.h>
+
+#include "sudo.h"
+#include "parse.h"
+#include <gram.h>
+
+/*
+ * For converting between syslog numbers and strings.
+ */
+struct strmap {
+ char *name;
+ int num;
+};
+
+#ifdef LOG_NFACILITIES
+static struct strmap facilities[] = {
+#ifdef LOG_AUTHPRIV
+ { "authpriv", LOG_AUTHPRIV },
+#endif
+ { "auth", LOG_AUTH },
+ { "daemon", LOG_DAEMON },
+ { "user", LOG_USER },
+ { "local0", LOG_LOCAL0 },
+ { "local1", LOG_LOCAL1 },
+ { "local2", LOG_LOCAL2 },
+ { "local3", LOG_LOCAL3 },
+ { "local4", LOG_LOCAL4 },
+ { "local5", LOG_LOCAL5 },
+ { "local6", LOG_LOCAL6 },
+ { "local7", LOG_LOCAL7 },
+ { NULL, -1 }
+};
+#endif /* LOG_NFACILITIES */
+
+static struct strmap priorities[] = {
+ { "alert", LOG_ALERT },
+ { "crit", LOG_CRIT },
+ { "debug", LOG_DEBUG },
+ { "emerg", LOG_EMERG },
+ { "err", LOG_ERR },
+ { "info", LOG_INFO },
+ { "notice", LOG_NOTICE },
+ { "warning", LOG_WARNING },
+ { NULL, -1 }
+};
+
+/*
+ * Local prototypes.
+ */
+static int store_int __P((char *, struct sudo_defs_types *, int));
+static int store_list __P((char *, struct sudo_defs_types *, int));
+static int store_mode __P((char *, struct sudo_defs_types *, int));
+static int store_str __P((char *, struct sudo_defs_types *, int));
+static int store_syslogfac __P((char *, struct sudo_defs_types *, int));
+static int store_syslogpri __P((char *, struct sudo_defs_types *, int));
+static int store_tuple __P((char *, struct sudo_defs_types *, int));
+static int store_uint __P((char *, struct sudo_defs_types *, int));
+static int store_float __P((char *, struct sudo_defs_types *, int));
+static void list_op __P((char *, size_t, struct sudo_defs_types *, enum list_ops));
+static const char *logfac2str __P((int));
+static const char *logpri2str __P((int));
+
+/*
+ * Table describing compile-time and run-time options.
+ */
+#include <def_data.c>
+
+/*
+ * Print version and configure info.
+ */
+void
+dump_defaults()
+{
+ struct sudo_defs_types *cur;
+ struct list_member *item;
+ struct def_values *def;
+
+ for (cur = sudo_defs_table; cur->name; cur++) {
+ if (cur->desc) {
+ switch (cur->type & T_MASK) {
+ case T_FLAG:
+ if (cur->sd_un.flag)
+ puts(cur->desc);
+ break;
+ case T_STR:
+ if (cur->sd_un.str) {
+ (void) printf(cur->desc, cur->sd_un.str);
+ putchar('\n');
+ }
+ break;
+ case T_LOGFAC:
+ if (cur->sd_un.ival) {
+ (void) printf(cur->desc, logfac2str(cur->sd_un.ival));
+ putchar('\n');
+ }
+ break;
+ case T_LOGPRI:
+ if (cur->sd_un.ival) {
+ (void) printf(cur->desc, logpri2str(cur->sd_un.ival));
+ putchar('\n');
+ }
+ break;
+ case T_UINT:
+ case T_INT:
+ (void) printf(cur->desc, cur->sd_un.ival);
+ putchar('\n');
+ break;
+ case T_FLOAT:
+ (void) printf(cur->desc, cur->sd_un.fval);
+ putchar('\n');
+ break;
+ case T_MODE:
+ (void) printf(cur->desc, cur->sd_un.mode);
+ putchar('\n');
+ break;
+ case T_LIST:
+ if (cur->sd_un.list) {
+ puts(cur->desc);
+ for (item = cur->sd_un.list; item; item = item->next)
+ printf("\t%s\n", item->value);
+ }
+ break;
+ case T_TUPLE:
+ for (def = cur->values; def->sval; def++) {
+ if (cur->sd_un.ival == def->ival) {
+ (void) printf(cur->desc, def->sval);
+ break;
+ }
+ }
+ putchar('\n');
+ break;
+ }
+ }
+ }
+}
+
+/*
+ * List each option along with its description.
+ */
+void
+list_options()
+{
+ struct sudo_defs_types *cur;
+ char *p;
+
+ (void) puts("Available options in a sudoers ``Defaults'' line:\n");
+ for (cur = sudo_defs_table; cur->name; cur++) {
+ if (cur->name && cur->desc) {
+ switch (cur->type & T_MASK) {
+ case T_FLAG:
+ (void) printf("%s: %s\n", cur->name, cur->desc);
+ break;
+ default:
+ p = strrchr(cur->desc, ':');
+ if (p)
+ (void) printf("%s: %.*s\n", cur->name,
+ (int) (p - cur->desc), cur->desc);
+ else
+ (void) printf("%s: %s\n", cur->name, cur->desc);
+ break;
+ }
+ }
+ }
+}
+
+/*
+ * Sets/clears an entry in the defaults structure
+ * If a variable that takes a value is used in a boolean
+ * context with op == 0, disable that variable.
+ * Eg. you may want to turn off logging to a file for some hosts.
+ * This is only meaningful for variables that are *optional*.
+ */
+int
+set_default(var, val, op)
+ char *var;
+ char *val;
+ int op; /* TRUE or FALSE */
+{
+ struct sudo_defs_types *cur;
+ int num;
+
+ for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
+ if (strcmp(var, cur->name) == 0)
+ break;
+ }
+ if (!cur->name) {
+ warningx("unknown defaults entry `%s'", var);
+ return(FALSE);
+ }
+
+ switch (cur->type & T_MASK) {
+ case T_LOGFAC:
+ if (!store_syslogfac(val, cur, op)) {
+ if (val)
+ warningx("value `%s' is invalid for option `%s'", val, var);
+ else
+ warningx("no value specified for `%s'", var);
+ return(FALSE);
+ }
+ break;
+ case T_LOGPRI:
+ if (!store_syslogpri(val, cur, op)) {
+ if (val)
+ warningx("value `%s' is invalid for option `%s'", val, var);
+ else
+ warningx("no value specified for `%s'", var);
+ return(FALSE);
+ }
+ break;
+ case T_STR:
+ if (!val) {
+ /* Check for bogus boolean usage or lack of a value. */
+ if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+ warningx("no value specified for `%s'", var);
+ return(FALSE);
+ }
+ }
+ if (ISSET(cur->type, T_PATH) && val && *val != '/') {
+ warningx("values for `%s' must start with a '/'", var);
+ return(FALSE);
+ }
+ if (!store_str(val, cur, op)) {
+ warningx("value `%s' is invalid for option `%s'", val, var);
+ return(FALSE);
+ }
+ break;
+ case T_INT:
+ if (!val) {
+ /* Check for bogus boolean usage or lack of a value. */
+ if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+ warningx("no value specified for `%s'", var);
+ return(FALSE);
+ }
+ }
+ if (!store_int(val, cur, op)) {
+ warningx("value `%s' is invalid for option `%s'", val, var);
+ return(FALSE);
+ }
+ break;
+ case T_UINT:
+ if (!val) {
+ /* Check for bogus boolean usage or lack of a value. */
+ if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+ warningx("no value specified for `%s'", var);
+ return(FALSE);
+ }
+ }
+ if (!store_uint(val, cur, op)) {
+ warningx("value `%s' is invalid for option `%s'", val, var);
+ return(FALSE);
+ }
+ break;
+ case T_FLOAT:
+ if (!val) {
+ /* Check for bogus boolean usage or lack of a value. */
+ if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+ warningx("no value specified for `%s'", var);
+ return(FALSE);
+ }
+ }
+ if (!store_float(val, cur, op)) {
+ warningx("value `%s' is invalid for option `%s'", val, var);
+ return(FALSE);
+ }
+ break;
+ case T_MODE:
+ if (!val) {
+ /* Check for bogus boolean usage or lack of a value. */
+ if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+ warningx("no value specified for `%s'", var);
+ return(FALSE);
+ }
+ }
+ if (!store_mode(val, cur, op)) {
+ warningx("value `%s' is invalid for option `%s'", val, var);
+ return(FALSE);
+ }
+ break;
+ case T_FLAG:
+ if (val) {
+ warningx("option `%s' does not take a value", var);
+ return(FALSE);
+ }
+ cur->sd_un.flag = op;
+ break;
+ case T_LIST:
+ if (!val) {
+ /* Check for bogus boolean usage or lack of a value. */
+ if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+ warningx("no value specified for `%s'", var);
+ return(FALSE);
+ }
+ }
+ if (!store_list(val, cur, op)) {
+ warningx("value `%s' is invalid for option `%s'", val, var);
+ return(FALSE);
+ }
+ break;
+ case T_TUPLE:
+ if (!val && !ISSET(cur->type, T_BOOL)) {
+ warningx("no value specified for `%s'", var);
+ return(FALSE);
+ }
+ if (!store_tuple(val, cur, op)) {
+ warningx("value `%s' is invalid for option `%s'", val, var);
+ return(FALSE);
+ }
+ break;
+ }
+
+ return(TRUE);
+}
+
+/*
+ * Set default options to compiled-in values.
+ * Any of these may be overridden at runtime by a "Defaults" file.
+ */
+void
+init_defaults()
+{
+ static int firsttime = 1;
+ struct sudo_defs_types *def;
+
+ /* Clear any old settings. */
+ if (!firsttime) {
+ for (def = sudo_defs_table; def->name; def++) {
+ switch (def->type & T_MASK) {
+ case T_STR:
+ efree(def->sd_un.str);
+ def->sd_un.str = NULL;
+ break;
+ case T_LIST:
+ list_op(NULL, 0, def, freeall);
+ break;
+ }
+ zero_bytes(&def->sd_un, sizeof(def->sd_un));
+ }
+ }
+
+ /* First initialize the flags. */
+#ifdef LONG_OTP_PROMPT
+ def_long_otp_prompt = TRUE;
+#endif
+#ifdef IGNORE_DOT_PATH
+ def_ignore_dot = TRUE;
+#endif
+#ifdef ALWAYS_SEND_MAIL
+ def_mail_always = TRUE;
+#endif
+#ifdef SEND_MAIL_WHEN_NO_USER
+ def_mail_no_user = TRUE;
+#endif
+#ifdef SEND_MAIL_WHEN_NO_HOST
+ def_mail_no_host = TRUE;
+#endif
+#ifdef SEND_MAIL_WHEN_NOT_OK
+ def_mail_no_perms = TRUE;
+#endif
+#ifndef NO_TTY_TICKETS
+ def_tty_tickets = TRUE;
+#endif
+#ifndef NO_LECTURE
+ def_lecture = once;
+#endif
+#ifndef NO_AUTHENTICATION
+ def_authenticate = TRUE;
+#endif
+#ifndef NO_ROOT_SUDO
+ def_root_sudo = TRUE;
+#endif
+#ifdef HOST_IN_LOG
+ def_log_host = TRUE;
+#endif
+#ifdef SHELL_IF_NO_ARGS
+ def_shell_noargs = TRUE;
+#endif
+#ifdef SHELL_SETS_HOME
+ def_set_home = TRUE;
+#endif
+#ifndef DONT_LEAK_PATH_INFO
+ def_path_info = TRUE;
+#endif
+#ifdef FQDN
+ def_fqdn = TRUE;
+#endif
+#ifdef USE_INSULTS
+ def_insults = TRUE;
+#endif
+#ifdef ENV_EDITOR
+ def_env_editor = TRUE;
+#endif
+#ifdef _PATH_SUDO_ASKPASS
+ def_askpass = estrdup(_PATH_SUDO_ASKPASS);
+#endif
+ def_sudoers_locale = estrdup("C");
+ def_env_reset = TRUE;
+ def_set_logname = TRUE;
+ def_closefrom = STDERR_FILENO + 1;
+
+ /* Syslog options need special care since they both strings and ints */
+#if (LOGGING & SLOG_SYSLOG)
+ (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE);
+ (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI],
+ TRUE);
+ (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI],
+ TRUE);
+#endif
+
+ /* Password flags also have a string and integer component. */
+ (void) store_tuple("any", &sudo_defs_table[I_LISTPW], TRUE);
+ (void) store_tuple("all", &sudo_defs_table[I_VERIFYPW], TRUE);
+
+ /* Then initialize the int-like things. */
+#ifdef SUDO_UMASK
+ def_umask = SUDO_UMASK;
+#else
+ def_umask = 0777;
+#endif
+ def_loglinelen = MAXLOGFILELEN;
+ def_timestamp_timeout = TIMEOUT;
+ def_passwd_timeout = PASSWORD_TIMEOUT;
+ def_passwd_tries = TRIES_FOR_PASSWORD;
+#ifdef HAVE_ZLIB_H
+ def_compress_io = TRUE;
+#endif
+
+ /* Now do the strings */
+ def_mailto = estrdup(MAILTO);
+ def_mailsub = estrdup(MAILSUBJECT);
+ def_badpass_message = estrdup(INCORRECT_PASSWORD);
+ def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR);
+ def_passprompt = estrdup(PASSPROMPT);
+ def_runas_default = estrdup(RUNAS_DEFAULT);
+#ifdef _PATH_SUDO_SENDMAIL
+ def_mailerpath = estrdup(_PATH_SUDO_SENDMAIL);
+ def_mailerflags = estrdup("-t");
+#endif
+#if (LOGGING & SLOG_FILE)
+ def_logfile = estrdup(_PATH_SUDO_LOGFILE);
+#endif
+#ifdef EXEMPTGROUP
+ def_exempt_group = estrdup(EXEMPTGROUP);
+#endif
+#ifdef SECURE_PATH
+ def_secure_path = estrdup(SECURE_PATH);
+#endif
+ def_editor = estrdup(EDITOR);
+#ifdef _PATH_SUDO_NOEXEC
+ def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
+#endif
+
+ /* Finally do the lists (currently just environment tables). */
+ init_envtables();
+
+ firsttime = 0;
+}
+
+/*
+ * Update the defaults based on what was set by sudoers.
+ * Pass in an OR'd list of which default types to update.
+ */
+int
+update_defaults(what)
+ int what;
+{
+ struct defaults *def;
+ int rc = TRUE;
+
+ tq_foreach_fwd(&defaults, def) {
+ switch (def->type) {
+ case DEFAULTS:
+ if (ISSET(what, SETDEF_GENERIC) &&
+ !set_default(def->var, def->val, def->op))
+ rc = FALSE;
+ break;
+ case DEFAULTS_USER:
+ if (ISSET(what, SETDEF_USER) &&
+ userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
+ !set_default(def->var, def->val, def->op))
+ rc = FALSE;
+ break;
+ case DEFAULTS_RUNAS:
+ if (ISSET(what, SETDEF_RUNAS) &&
+ runaslist_matches(&def->binding, NULL) == ALLOW &&
+ !set_default(def->var, def->val, def->op))
+ rc = FALSE;
+ break;
+ case DEFAULTS_HOST:
+ if (ISSET(what, SETDEF_HOST) &&
+ hostlist_matches(&def->binding) == ALLOW &&
+ !set_default(def->var, def->val, def->op))
+ rc = FALSE;
+ break;
+ case DEFAULTS_CMND:
+ if (ISSET(what, SETDEF_CMND) &&
+ cmndlist_matches(&def->binding) == ALLOW &&
+ !set_default(def->var, def->val, def->op))
+ rc = FALSE;
+ break;
+ }
+ }
+ return(rc);
+}
+
+static int
+store_int(val, def, op)
+ char *val;
+ struct sudo_defs_types *def;
+ int op;
+{
+ char *endp;
+ long l;
+
+ if (op == FALSE) {
+ def->sd_un.ival = 0;
+ } else {
+ l = strtol(val, &endp, 10);
+ if (*endp != '\0')
+ return(FALSE);
+ /* XXX - should check against INT_MAX */
+ def->sd_un.ival = (int)l;
+ }
+ if (def->callback)
+ return(def->callback(val));
+ return(TRUE);
+}
+
+static int
+store_uint(val, def, op)
+ char *val;
+ struct sudo_defs_types *def;
+ int op;
+{
+ char *endp;
+ long l;
+
+ if (op == FALSE) {
+ def->sd_un.ival = 0;
+ } else {
+ l = strtol(val, &endp, 10);
+ if (*endp != '\0' || l < 0)
+ return(FALSE);
+ /* XXX - should check against INT_MAX */
+ def->sd_un.ival = (unsigned int)l;
+ }
+ if (def->callback)
+ return(def->callback(val));
+ return(TRUE);
+}
+
+static int
+store_float(val, def, op)
+ char *val;
+ struct sudo_defs_types *def;
+ int op;
+{
+ char *endp;
+ double d;
+
+ if (op == FALSE) {
+ def->sd_un.fval = 0.0;
+ } else {
+ d = strtod(val, &endp);
+ if (*endp != '\0')
+ return(FALSE);
+ /* XXX - should check against HUGE_VAL */
+ def->sd_un.fval = d;
+ }
+ if (def->callback)
+ return(def->callback(val));
+ return(TRUE);
+}
+
+static int
+store_tuple(val, def, op)
+ char *val;
+ struct sudo_defs_types *def;
+ int op;
+{
+ struct def_values *v;
+
+ /*
+ * Since enums are really just ints we store the value as an ival.
+ * In the future, there may be multiple enums for different tuple
+ * types we want to avoid and special knowledge of the tuple type.
+ * This does assume that the first entry in the tuple enum will
+ * be the equivalent to a boolean "false".
+ */
+ if (!val) {
+ def->sd_un.ival = (op == FALSE) ? 0 : 1;
+ } else {
+ for (v = def->values; v->sval != NULL; v++) {
+ if (strcmp(v->sval, val) == 0) {
+ def->sd_un.ival = v->ival;
+ break;
+ }
+ }
+ if (v->sval == NULL)
+ return(FALSE);
+ }
+ if (def->callback)
+ return(def->callback(val));
+ return(TRUE);
+}
+
+static int
+store_str(val, def, op)
+ char *val;
+ struct sudo_defs_types *def;
+ int op;
+{
+
+ efree(def->sd_un.str);
+ if (op == FALSE)
+ def->sd_un.str = NULL;
+ else
+ def->sd_un.str = estrdup(val);
+ if (def->callback)
+ return(def->callback(val));
+ return(TRUE);
+}
+
+static int
+store_list(str, def, op)
+ char *str;
+ struct sudo_defs_types *def;
+ int op;
+{
+ char *start, *end;
+
+ /* Remove all old members. */
+ if (op == FALSE || op == TRUE)
+ list_op(NULL, 0, def, freeall);
+
+ /* Split str into multiple space-separated words and act on each one. */
+ if (op != FALSE) {
+ end = str;
+ do {
+ /* Remove leading blanks, if nothing but blanks we are done. */
+ for (start = end; isblank(*start); start++)
+ ;
+ if (*start == '\0')
+ break;
+
+ /* Find end position and perform operation. */
+ for (end = start; *end && !isblank(*end); end++)
+ ;
+ list_op(start, end - start, def, op == '-' ? delete : add);
+ } while (*end++ != '\0');
+ }
+ return(TRUE);
+}
+
+static int
+store_syslogfac(val, def, op)
+ char *val;
+ struct sudo_defs_types *def;
+ int op;
+{
+ struct strmap *fac;
+
+ if (op == FALSE) {
+ def->sd_un.ival = FALSE;
+ return(TRUE);
+ }
+#ifdef LOG_NFACILITIES
+ if (!val)
+ return(FALSE);
+ for (fac = facilities; fac->name && strcmp(val, fac->name); fac++)
+ ;
+ if (fac->name == NULL)
+ return(FALSE); /* not found */
+
+ def->sd_un.ival = fac->num;
+#else
+ def->sd_un.ival = -1;
+#endif /* LOG_NFACILITIES */
+ return(TRUE);
+}
+
+static const char *
+logfac2str(n)
+ int n;
+{
+#ifdef LOG_NFACILITIES
+ struct strmap *fac;
+
+ for (fac = facilities; fac->name && fac->num != n; fac++)
+ ;
+ return(fac->name);
+#else
+ return("default");
+#endif /* LOG_NFACILITIES */
+}
+
+static int
+store_syslogpri(val, def, op)
+ char *val;
+ struct sudo_defs_types *def;
+ int op;
+{
+ struct strmap *pri;
+
+ if (op == FALSE || !val)
+ return(FALSE);
+
+ for (pri = priorities; pri->name && strcmp(val, pri->name); pri++)
+ ;
+ if (pri->name == NULL)
+ return(FALSE); /* not found */
+
+ def->sd_un.ival = pri->num;
+ return(TRUE);
+}
+
+static const char *
+logpri2str(n)
+ int n;
+{
+ struct strmap *pri;
+
+ for (pri = priorities; pri->name && pri->num != n; pri++)
+ ;
+ return(pri->name);
+}
+
+static int
+store_mode(val, def, op)
+ char *val;
+ struct sudo_defs_types *def;
+ int op;
+{
+ char *endp;
+ long l;
+
+ if (op == FALSE) {
+ def->sd_un.mode = (mode_t)0777;
+ } else {
+ l = strtol(val, &endp, 8);
+ if (*endp != '\0' || l < 0 || l > 0777)
+ return(FALSE);
+ def->sd_un.mode = (mode_t)l;
+ }
+ if (def->callback)
+ return(def->callback(val));
+ return(TRUE);
+}
+
+static void
+list_op(val, len, def, op)
+ char *val;
+ size_t len;
+ struct sudo_defs_types *def;
+ enum list_ops op;
+{
+ struct list_member *cur, *prev, *tmp;
+
+ if (op == freeall) {
+ for (cur = def->sd_un.list; cur; ) {
+ tmp = cur;
+ cur = tmp->next;
+ efree(tmp->value);
+ efree(tmp);
+ }
+ def->sd_un.list = NULL;
+ return;
+ }
+
+ for (cur = def->sd_un.list, prev = NULL; cur; prev = cur, cur = cur->next) {
+ if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) {
+
+ if (op == add)
+ return; /* already exists */
+
+ /* Delete node */
+ if (prev != NULL)
+ prev->next = cur->next;
+ else
+ def->sd_un.list = cur->next;
+ efree(cur->value);
+ efree(cur);
+ break;
+ }
+ }
+
+ /* Add new node to the head of the list. */
+ if (op == add) {
+ cur = emalloc(sizeof(struct list_member));
+ cur->value = emalloc(len + 1);
+ (void) memcpy(cur->value, val, len);
+ cur->value[len] = '\0';
+ cur->next = def->sd_un.list;
+ def->sd_un.list = cur;
+ }
+}
diff --git a/sudo-1.7.4p4/defaults.h b/sudo-1.7.4p4/defaults.h
new file mode 100644
index 0000000..eb2188a
--- /dev/null
+++ b/sudo-1.7.4p4/defaults.h
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 1999-2005, 2008, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef _SUDO_DEFAULTS_H
+#define _SUDO_DEFAULTS_H
+
+#include <def_data.h>
+
+struct list_member {
+ char *value;
+ struct list_member *next;
+};
+
+struct def_values {
+ char *sval; /* string value */
+ int ival; /* actually an enum */
+};
+
+enum list_ops {
+ add,
+ delete,
+ freeall
+};
+
+/*
+ * Structure describing compile-time and run-time options.
+ */
+struct sudo_defs_types {
+ char *name;
+ int type;
+ char *desc;
+ struct def_values *values;
+ int (*callback) __P((char *));
+ union {
+ int flag;
+ int ival;
+ double fval;
+ enum def_tupple tuple;
+ char *str;
+ mode_t mode;
+ struct list_member *list;
+ } sd_un;
+};
+
+/*
+ * Four types of defaults: strings, integers, and flags.
+ * Also, T_INT, T_FLOAT or T_STR may be ANDed with T_BOOL to indicate that
+ * a value is not required. Flags are boolean by nature...
+ */
+#undef T_INT
+#define T_INT 0x001
+#undef T_UINT
+#define T_UINT 0x002
+#undef T_STR
+#define T_STR 0x003
+#undef T_FLAG
+#define T_FLAG 0x004
+#undef T_MODE
+#define T_MODE 0x005
+#undef T_LIST
+#define T_LIST 0x006
+#undef T_LOGFAC
+#define T_LOGFAC 0x007
+#undef T_LOGPRI
+#define T_LOGPRI 0x008
+#undef T_TUPLE
+#define T_TUPLE 0x009
+#undef T_FLOAT
+#define T_FLOAT 0x010
+#undef T_MASK
+#define T_MASK 0x0FF
+#undef T_BOOL
+#define T_BOOL 0x100
+#undef T_PATH
+#define T_PATH 0x200
+
+/*
+ * Argument to update_defaults()
+ */
+#define SETDEF_GENERIC 0x01
+#define SETDEF_HOST 0x02
+#define SETDEF_USER 0x04
+#define SETDEF_RUNAS 0x08
+#define SETDEF_CMND 0x10
+#define SETDEF_ALL (SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS|SETDEF_CMND)
+
+/*
+ * Prototypes
+ */
+int set_default __P((char *, char *, int));
+int update_defaults __P((int));
+void dump_default __P((void));
+void dump_defaults __P((void));
+void init_defaults __P((void));
+void list_options __P((void));
+
+extern struct sudo_defs_types sudo_defs_table[];
+
+#endif /* _SUDO_DEFAULTS_H */
diff --git a/sudo-1.7.4p4/emul/charclass.h b/sudo-1.7.4p4/emul/charclass.h
new file mode 100644
index 0000000..15463ff
--- /dev/null
+++ b/sudo-1.7.4p4/emul/charclass.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2008 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * POSIX character class support for fnmatch() and glob().
+ */
+static struct cclass {
+ const char *name;
+ int (*isctype) __P((int));
+} cclasses[] = {
+ { "alnum", isalnum },
+ { "alpha", isalpha },
+ { "blank", isblank },
+ { "cntrl", iscntrl },
+ { "digit", isdigit },
+ { "graph", isgraph },
+ { "lower", islower },
+ { "print", isprint },
+ { "punct", ispunct },
+ { "space", isspace },
+ { "upper", isupper },
+ { "xdigit", isxdigit },
+ { NULL, NULL }
+};
+
+#define NCCLASSES (sizeof(cclasses) / sizeof(cclasses[0]) - 1)
diff --git a/sudo-1.7.4p4/emul/fnmatch.h b/sudo-1.7.4p4/emul/fnmatch.h
new file mode 100644
index 0000000..9f65bc5
--- /dev/null
+++ b/sudo-1.7.4p4/emul/fnmatch.h
@@ -0,0 +1,46 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)fnmatch.h 8.1 (Berkeley) 6/2/93
+ * $OpenBSD: fnmatch.h,v 1.4 1997/09/22 05:25:32 millert Exp $
+ */
+
+#ifndef _FNMATCH_H_
+#define _FNMATCH_H_
+
+#define FNM_NOMATCH 1 /* Match failed. */
+
+#define FNM_NOESCAPE 0x01 /* Disable backslash escaping. */
+#define FNM_PATHNAME 0x02 /* Slash must be matched by slash. */
+#define FNM_PERIOD 0x04 /* Period must be matched by period. */
+#define FNM_LEADING_DIR 0x08 /* Ignore /<tail> after Imatch. */
+#define FNM_CASEFOLD 0x10 /* Case insensitive search. */
+
+int fnmatch __P((const char *, const char *, int));
+
+#endif /* !_FNMATCH_H_ */
diff --git a/sudo-1.7.4p4/emul/glob.h b/sudo-1.7.4p4/emul/glob.h
new file mode 100644
index 0000000..36efc00
--- /dev/null
+++ b/sudo-1.7.4p4/emul/glob.h
@@ -0,0 +1,84 @@
+/* $OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $ */
+
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)glob.h 8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _GLOB_H_
+#define _GLOB_H_
+
+struct stat;
+typedef struct {
+ int gl_pathc; /* Count of total paths so far. */
+ int gl_matchc; /* Count of paths matching pattern. */
+ int gl_offs; /* Reserved at beginning of gl_pathv. */
+ int gl_flags; /* Copy of flags parameter to glob. */
+ char **gl_pathv; /* List of paths matching pattern. */
+ /* Copy of errfunc parameter to glob. */
+#ifdef __STDC__
+ int (*gl_errfunc)(const char *, int);
+#else
+ int (*gl_errfunc)();
+#endif
+} glob_t;
+
+/* Flags */
+#define GLOB_APPEND 0x0001 /* Append to output from previous call. */
+#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */
+#define GLOB_ERR 0x0004 /* Return on error. */
+#define GLOB_MARK 0x0008 /* Append / to matching directories. */
+#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */
+#define GLOB_NOSORT 0x0020 /* Don't sort. */
+#define GLOB_NOESCAPE 0x0040 /* Disable backslash escaping. */
+
+/* Non-POSIX extensions */
+#define GLOB_MAGCHAR 0x0080 /* Pattern had globbing characters. */
+#define GLOB_BRACE 0x0100 /* Expand braces ala csh. */
+#define GLOB_TILDE 0x0200 /* Expand tilde names from the passwd file. */
+
+/* Error values returned by glob(3) */
+#define GLOB_NOSPACE (-1) /* Malloc call failed. */
+#define GLOB_ABORTED (-2) /* Unignored error. */
+#define GLOB_NOMATCH (-3) /* No match and GLOB_NOCHECK not set. */
+#define GLOB_NOSYS (-4) /* Function not supported. */
+#define GLOB_ABEND GLOB_ABORTED
+
+#ifdef __STDC__
+int glob(const char *, int, int (*)(const char *, int), glob_t *);
+void globfree(glob_t *);
+#else
+int glob();
+void globfree();
+#endif
+
+#endif /* !_GLOB_H_ */
diff --git a/sudo-1.7.4p4/emul/timespec.h b/sudo-1.7.4p4/emul/timespec.h
new file mode 100644
index 0000000..681c523
--- /dev/null
+++ b/sudo-1.7.4p4/emul/timespec.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_TIMESPEC_H
+#define _SUDO_TIMESPEC_H
+
+struct timespec {
+ time_t tv_sec;
+ long tv_nsec;
+};
+
+#endif /* _SUDO_TIMESPEC_H */
diff --git a/sudo-1.7.4p4/emul/utime.h b/sudo-1.7.4p4/emul/utime.h
new file mode 100644
index 0000000..e5c63a5
--- /dev/null
+++ b/sudo-1.7.4p4/emul/utime.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 1996, 1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _UTIME_H
+#define _UTIME_H
+
+struct utimbuf {
+ time_t actime; /* access time */
+ time_t modtime; /* mod time */
+};
+
+#ifdef __STDC__
+int utime(const char *, const struct utimbuf *);
+#else
+int utime();
+#endif
+
+#endif /* _UTIME_H */
diff --git a/sudo-1.7.4p4/env.c b/sudo-1.7.4p4/env.c
new file mode 100644
index 0000000..739631f
--- /dev/null
+++ b/sudo-1.7.4p4/env.c
@@ -0,0 +1,980 @@
+/*
+ * Copyright (c) 2000-2005, 2007-2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <errno.h>
+#include <pwd.h>
+
+#include "sudo.h"
+
+/*
+ * Flags used in rebuild_env()
+ */
+#undef DID_TERM
+#define DID_TERM 0x0001
+#undef DID_PATH
+#define DID_PATH 0x0002
+#undef DID_HOME
+#define DID_HOME 0x0004
+#undef DID_SHELL
+#define DID_SHELL 0x0008
+#undef DID_LOGNAME
+#define DID_LOGNAME 0x0010
+#undef DID_USER
+#define DID_USER 0x0020
+#undef DID_USERNAME
+#define DID_USERNAME 0x0040
+#undef DID_MAIL
+#define DID_MAIL 0x0080
+#undef DID_MAX
+#define DID_MAX 0x00ff
+
+#undef KEPT_TERM
+#define KEPT_TERM 0x0100
+#undef KEPT_PATH
+#define KEPT_PATH 0x0200
+#undef KEPT_HOME
+#define KEPT_HOME 0x0400
+#undef KEPT_SHELL
+#define KEPT_SHELL 0x0800
+#undef KEPT_LOGNAME
+#define KEPT_LOGNAME 0x1000
+#undef KEPT_USER
+#define KEPT_USER 0x2000
+#undef KEPT_USERNAME
+#define KEPT_USERNAME 0x4000
+#undef KEPT_MAIL
+#define KEPT_MAIL 0x8000
+#undef KEPT_MAX
+#define KEPT_MAX 0xff00
+
+struct environment {
+ char **envp; /* pointer to the new environment */
+ size_t env_size; /* size of new_environ in char **'s */
+ size_t env_len; /* number of slots used, not counting NULL */
+ int owned; /* do we own envp or is it the system's? */
+};
+
+/*
+ * Prototypes
+ */
+static void sudo_setenv __P((const char *, const char *, int));
+static void sudo_putenv __P((char *, int, int));
+
+extern char **environ; /* global environment */
+
+/*
+ * Copy of the sudo-managed environment.
+ */
+static struct environment env;
+
+/*
+ * Default table of "bad" variables to remove from the environment.
+ * XXX - how to omit TERMCAP if it starts with '/'?
+ */
+static const char *initial_badenv_table[] = {
+ "IFS",
+ "CDPATH",
+ "LOCALDOMAIN",
+ "RES_OPTIONS",
+ "HOSTALIASES",
+ "NLSPATH",
+ "PATH_LOCALE",
+ "LD_*",
+ "_RLD*",
+#ifdef __hpux
+ "SHLIB_PATH",
+#endif /* __hpux */
+#ifdef _AIX
+ "LDR_*",
+ "LIBPATH",
+ "AUTHSTATE",
+#endif
+#ifdef __APPLE__
+ "DYLD_*",
+#endif
+#ifdef HAVE_KERB4
+ "KRB_CONF*",
+ "KRBCONFDIR",
+ "KRBTKFILE",
+#endif /* HAVE_KERB4 */
+#ifdef HAVE_KERB5
+ "KRB5_CONFIG*",
+ "KRB5_KTNAME",
+#endif /* HAVE_KERB5 */
+#ifdef HAVE_SECURID
+ "VAR_ACE",
+ "USR_ACE",
+ "DLC_ACE",
+#endif /* HAVE_SECURID */
+ "TERMINFO", /* terminfo, exclusive path to terminfo files */
+ "TERMINFO_DIRS", /* terminfo, path(s) to terminfo files */
+ "TERMPATH", /* termcap, path(s) to termcap files */
+ "TERMCAP", /* XXX - only if it starts with '/' */
+ "ENV", /* ksh, file to source before script runs */
+ "BASH_ENV", /* bash, file to source before script runs */
+ "PS4", /* bash, prefix for lines in xtrace mode */
+ "GLOBIGNORE", /* bash, globbing patterns to ignore */
+ "SHELLOPTS", /* bash, extra command line options */
+ "JAVA_TOOL_OPTIONS", /* java, extra command line options */
+ "PERLIO_DEBUG ", /* perl, debugging output file */
+ "PERLLIB", /* perl, search path for modules/includes */
+ "PERL5LIB", /* perl 5, search path for modules/includes */
+ "PERL5OPT", /* perl 5, extra command line options */
+ "PERL5DB", /* perl 5, command used to load debugger */
+ "FPATH", /* ksh, search path for functions */
+ "NULLCMD", /* zsh, command for null file redirection */
+ "READNULLCMD", /* zsh, command for null file redirection */
+ "ZDOTDIR", /* zsh, search path for dot files */
+ "TMPPREFIX", /* zsh, prefix for temporary files */
+ "PYTHONHOME", /* python, module search path */
+ "PYTHONPATH", /* python, search path */
+ "PYTHONINSPECT", /* python, allow inspection */
+ "PYTHONUSERBASE", /* python, per user site-packages directory */
+ "RUBYLIB", /* ruby, library load path */
+ "RUBYOPT", /* ruby, extra command line options */
+ NULL
+};
+
+/*
+ * Default table of variables to check for '%' and '/' characters.
+ */
+static const char *initial_checkenv_table[] = {
+ "COLORTERM",
+ "LANG",
+ "LANGUAGE",
+ "LC_*",
+ "LINGUAS",
+ "TERM",
+ NULL
+};
+
+/*
+ * Default table of variables to preserve in the environment.
+ */
+static const char *initial_keepenv_table[] = {
+ "COLORS",
+ "DISPLAY",
+ "HOSTNAME",
+ "KRB5CCNAME",
+ "LS_COLORS",
+ "PATH",
+ "PS1",
+ "PS2",
+ "TZ",
+ "XAUTHORITY",
+ "XAUTHORIZATION",
+ NULL
+};
+
+/*
+ * Initialize env based on envp.
+ */
+void
+env_init(lazy)
+ int lazy;
+{
+ char * const *ep;
+ size_t len;
+
+ for (ep = environ; *ep != NULL; ep++)
+ continue;
+ len = (size_t)(ep - environ);
+
+ if (lazy) {
+ /*
+ * If we are already initialized due to lazy init (usualy via getenv())
+ * we need to avoid calling malloc() as it may call getenv() itself.
+ */
+ env.envp = environ;
+ env.env_len = len;
+ env.env_size = len;
+ } else if (!env.owned) {
+ env.env_len = len;
+ env.env_size = len + 1 + 128;
+ env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+ memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
+ memcpy(env.envp, environ, len * sizeof(char *));
+ env.envp[len] = '\0';
+ env.owned = TRUE;
+ }
+}
+
+char **
+env_get()
+{
+ return env.envp;
+}
+
+/*
+ * Similar to setenv(3) but operates on sudo's private copy of the environment
+ * (not environ) and it always overwrites. The dupcheck param determines
+ * whether we need to verify that the variable is not already set.
+ */
+static void
+sudo_setenv(var, val, dupcheck)
+ const char *var;
+ const char *val;
+ int dupcheck;
+{
+ char *estring;
+ size_t esize;
+
+ esize = strlen(var) + 1 + strlen(val) + 1;
+ estring = emalloc(esize);
+
+ /* Build environment string and insert it. */
+ if (strlcpy(estring, var, esize) >= esize ||
+ strlcat(estring, "=", esize) >= esize ||
+ strlcat(estring, val, esize) >= esize) {
+
+ errorx(1, "internal error, sudo_setenv() overflow");
+ }
+ sudo_putenv(estring, dupcheck, TRUE);
+}
+
+/*
+ * Version of getenv(3) that uses our own environ pointer.
+ */
+char *
+getenv(var)
+ const char *var;
+{
+ char *cp, **ev;
+ size_t vlen = strlen(var);
+
+ if (env.envp == NULL)
+ env_init(TRUE);
+
+ for (ev = env.envp; (cp = *ev) != NULL; ev++) {
+ if (strncmp(var, cp, vlen) == 0 && cp[vlen] == '=')
+ return cp + vlen + 1;
+ }
+ return NULL;
+}
+
+/*
+ * Version of setenv(3) that uses our own environ pointer.
+ */
+int
+setenv(var, val, overwrite)
+ const char *var;
+ const char *val;
+ int overwrite;
+{
+ char *estring, *ep;
+ const char *cp;
+ size_t esize;
+
+ if (!var || *var == '\0') {
+ errno = EINVAL;
+ return(-1);
+ }
+
+ if (env.envp == NULL)
+ env_init(TRUE);
+
+ /*
+ * POSIX says a var name with '=' is an error but BSD
+ * just ignores the '=' and anything after it.
+ */
+ for (cp = var; *cp && *cp != '='; cp++)
+ ;
+ esize = (size_t)(cp - var) + 2;
+ if (val) {
+ esize += strlen(val); /* glibc treats a NULL val as "" */
+ }
+
+ /* Allocate and fill in estring. */
+ estring = ep = emalloc(esize);
+ for (cp = var; *cp && *cp != '='; cp++)
+ *ep++ = *cp;
+ *ep++ = '=';
+ if (val) {
+ for (cp = val; *cp; cp++)
+ *ep++ = *cp;
+ }
+ *ep = '\0';
+
+#ifdef ENV_DEBUG
+ if (env.envp[env.env_len] != NULL)
+ errorx(1, "setenv: corrupted envp, len mismatch");
+#endif
+ sudo_putenv(estring, TRUE, overwrite);
+ return(0);
+}
+
+/*
+ * Version of unsetenv(3) that uses our own environ pointer.
+ */
+#ifdef UNSETENV_VOID
+void
+#else
+int
+#endif
+unsetenv(var)
+ const char *var;
+{
+ char **ep;
+ size_t len;
+
+ if (var == NULL || *var == '\0' || strchr(var, '=') != NULL) {
+ errno = EINVAL;
+#ifdef UNSETENV_VOID
+ return;
+#else
+ return(-1);
+#endif
+ }
+
+ if (env.envp == NULL)
+ env_init(TRUE);
+
+#ifdef ENV_DEBUG
+ if (env.envp[env.env_len] != NULL)
+ errorx(1, "unsetenv: corrupted envp, len mismatch");
+#endif
+
+ len = strlen(var);
+ for (ep = env.envp; *ep != NULL;) {
+ if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
+ /* Found it; shift remainder + NULL over by one. */
+ char **cur = ep;
+ while ((*cur = *(cur + 1)) != NULL)
+ cur++;
+ /* Keep going, could be multiple instances of the var. */
+ } else {
+ ep++;
+ }
+ }
+ env.env_len = ep - env.envp;
+#ifndef UNSETENV_VOID
+ return(0);
+#endif
+}
+
+/*
+ * Version of putenv(3) that uses our own environ pointer.
+ */
+int
+#ifdef PUTENV_CONST
+putenv(const char *string)
+#else
+putenv(string)
+ char *string;
+#endif
+{
+ if (env.envp == NULL)
+ env_init(TRUE);
+
+ if (strchr(string, '=') == NULL) {
+ errno = EINVAL;
+ return(-1);
+ }
+#ifdef ENV_DEBUG
+ if (env.envp[env.env_len] != NULL)
+ errorx(1, "putenv: corrupted envp, len mismatch");
+#endif
+ sudo_putenv((char *)string, TRUE, TRUE);
+ return(0);
+}
+
+/*
+ * Similar to putenv(3) but operates on sudo's private copy of the
+ * environment (not environ) and it always overwrites. The dupcheck param
+ * determines whether we need to verify that the variable is not already set.
+ * Will only overwrite an existing variable if overwrite is set.
+ */
+static void
+sudo_putenv(str, dupcheck, overwrite)
+ char *str;
+ int dupcheck;
+ int overwrite;
+{
+ char **ep;
+ size_t len;
+ int found = FALSE;
+
+ /* Make sure there is room for the new entry plus a NULL. */
+ if (env.env_len + 2 > env.env_size) {
+ env.env_size += 128;
+ if (env.owned) {
+ env.envp = erealloc3(env.envp, env.env_size, sizeof(char *));
+ } else {
+ /* We don't own env.envp, allocate a new one. */
+ ep = emalloc2(env.env_size, sizeof(char *));
+ memcpy(ep, env.envp, env.env_size * sizeof(char *));
+ env.envp = ep;
+ env.owned = TRUE;
+ }
+#ifdef ENV_DEBUG
+ memset(env.envp + env.env_len, 0,
+ (env.env_size - env.env_len) * sizeof(char *));
+#endif
+ }
+
+#ifdef ENV_DEBUG
+ if (env.envp[env.env_len] != NULL)
+ errorx(1, "sudo_putenv: corrupted envp, len mismatch");
+#endif
+
+ if (dupcheck) {
+ len = (strchr(str, '=') - str) + 1;
+ for (ep = env.envp; !found && *ep != NULL; ep++) {
+ if (strncmp(str, *ep, len) == 0) {
+ if (overwrite)
+ *ep = str;
+ found = TRUE;
+ }
+ }
+ /* Prune out duplicate variables. */
+ if (found && overwrite) {
+ while (*ep != NULL) {
+ if (strncmp(str, *ep, len) == 0) {
+ char **cur = ep;
+ while ((*cur = *(cur + 1)) != NULL)
+ cur++;
+ } else {
+ ep++;
+ }
+ }
+ env.env_len = ep - env.envp;
+ }
+ }
+
+ if (!found) {
+ ep = env.envp + env.env_len;
+ env.env_len++;
+ *ep++ = str;
+ *ep = NULL;
+ }
+}
+
+/*
+ * Check the env_delete blacklist.
+ * Returns TRUE if the variable was found, else false.
+ */
+static int
+matches_env_delete(var)
+ const char *var;
+{
+ struct list_member *cur;
+ size_t len;
+ int iswild, match = FALSE;
+
+ /* Skip anything listed in env_delete. */
+ for (cur = def_env_delete; cur; cur = cur->next) {
+ len = strlen(cur->value);
+ /* Deal with '*' wildcard */
+ if (cur->value[len - 1] == '*') {
+ len--;
+ iswild = TRUE;
+ } else
+ iswild = FALSE;
+ if (strncmp(cur->value, var, len) == 0 &&
+ (iswild || var[len] == '=')) {
+ match = TRUE;
+ break;
+ }
+ }
+ return(match);
+}
+
+/*
+ * Apply the env_check list.
+ * Returns TRUE if the variable is allowed, FALSE if denied
+ * or -1 if no match.
+ */
+static int
+matches_env_check(var)
+ const char *var;
+{
+ struct list_member *cur;
+ size_t len;
+ int iswild, keepit = -1;
+
+ for (cur = def_env_check; cur; cur = cur->next) {
+ len = strlen(cur->value);
+ /* Deal with '*' wildcard */
+ if (cur->value[len - 1] == '*') {
+ len--;
+ iswild = TRUE;
+ } else
+ iswild = FALSE;
+ if (strncmp(cur->value, var, len) == 0 &&
+ (iswild || var[len] == '=')) {
+ keepit = !strpbrk(var, "/%");
+ break;
+ }
+ }
+ return(keepit);
+}
+
+/*
+ * Check the env_keep list.
+ * Returns TRUE if the variable is allowed else FALSE.
+ */
+static int
+matches_env_keep(var)
+ const char *var;
+{
+ struct list_member *cur;
+ size_t len;
+ int iswild, keepit = FALSE;
+
+ for (cur = def_env_keep; cur; cur = cur->next) {
+ len = strlen(cur->value);
+ /* Deal with '*' wildcard */
+ if (cur->value[len - 1] == '*') {
+ len--;
+ iswild = TRUE;
+ } else
+ iswild = FALSE;
+ if (strncmp(cur->value, var, len) == 0 &&
+ (iswild || var[len] == '=')) {
+ keepit = TRUE;
+ break;
+ }
+ }
+ return(keepit);
+}
+
+/*
+ * Build a new environment and ether clear potentially dangerous
+ * variables from the old one or start with a clean slate.
+ * Also adds sudo-specific variables (SUDO_*).
+ */
+void
+rebuild_env(noexec)
+ int noexec;
+{
+ char **old_envp, **ep, *cp, *ps1;
+ char idbuf[MAX_UID_T_LEN];
+ unsigned int didvar;
+ int reset_home = FALSE;
+
+ /*
+ * Either clean out the environment or reset to a safe default.
+ */
+ ps1 = NULL;
+ didvar = 0;
+ env.env_len = 0;
+ env.env_size = 128;
+ old_envp = env.envp;
+ env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+ memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
+ if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+ /* Reset HOME based on target user unless keeping old value. */
+ reset_home = TRUE;
+
+ /* Pull in vars we want to keep from the old environment. */
+ for (ep = old_envp; *ep; ep++) {
+ int keepit;
+
+ /* Skip variables with values beginning with () (bash functions) */
+ if ((cp = strchr(*ep, '=')) != NULL) {
+ if (strncmp(cp, "=() ", 3) == 0)
+ continue;
+ }
+
+ /*
+ * First check certain variables for '%' and '/' characters.
+ * If no match there, check the keep list.
+ * If nothing matched, we remove it from the environment.
+ */
+ keepit = matches_env_check(*ep);
+ if (keepit == -1)
+ keepit = matches_env_keep(*ep);
+
+ /* For SUDO_PS1 -> PS1 conversion. */
+ if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
+ ps1 = *ep + 5;
+
+ if (keepit) {
+ /* Preserve variable. */
+ switch (**ep) {
+ case 'H':
+ if (strncmp(*ep, "HOME=", 5) == 0)
+ SET(didvar, DID_HOME);
+ break;
+ case 'L':
+ if (strncmp(*ep, "LOGNAME=", 8) == 0)
+ SET(didvar, DID_LOGNAME);
+ break;
+ case 'M':
+ if (strncmp(*ep, "MAIL=", 5) == 0)
+ SET(didvar, DID_MAIL);
+ break;
+ case 'P':
+ if (strncmp(*ep, "PATH=", 5) == 0)
+ SET(didvar, DID_PATH);
+ break;
+ case 'S':
+ if (strncmp(*ep, "SHELL=", 6) == 0)
+ SET(didvar, DID_SHELL);
+ break;
+ case 'T':
+ if (strncmp(*ep, "TERM=", 5) == 0)
+ SET(didvar, DID_TERM);
+ break;
+ case 'U':
+ if (strncmp(*ep, "USER=", 5) == 0)
+ SET(didvar, DID_USER);
+ if (strncmp(*ep, "USERNAME=", 5) == 0)
+ SET(didvar, DID_USERNAME);
+ break;
+ }
+ sudo_putenv(*ep, FALSE, FALSE);
+ }
+ }
+ didvar |= didvar << 8; /* convert DID_* to KEPT_* */
+
+ /*
+ * Add in defaults. In -i mode these come from the runas user,
+ * otherwise they may be from the user's environment (depends
+ * on sudoers options).
+ */
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+ sudo_setenv("SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL));
+ sudo_setenv("LOGNAME", runas_pw->pw_name,
+ ISSET(didvar, DID_LOGNAME));
+ sudo_setenv("USER", runas_pw->pw_name, ISSET(didvar, DID_USER));
+ sudo_setenv("USERNAME", runas_pw->pw_name,
+ ISSET(didvar, DID_USERNAME));
+ } else {
+ if (!ISSET(didvar, DID_SHELL))
+ sudo_setenv("SHELL", sudo_user.pw->pw_shell, FALSE);
+ if (!ISSET(didvar, DID_LOGNAME))
+ sudo_setenv("LOGNAME", user_name, FALSE);
+ if (!ISSET(didvar, DID_USER))
+ sudo_setenv("USER", user_name, FALSE);
+ if (!ISSET(didvar, DID_USERNAME))
+ sudo_setenv("USERNAME", user_name, FALSE);
+ }
+ /*
+ * Set MAIL to target user in -i mode or if MAIL is not preserved
+ * from user's environment.
+ */
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) {
+ cp = _PATH_MAILDIR;
+ if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
+ easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
+ else
+ easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
+ sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
+ }
+ } else {
+ /* Reset HOME based on target user if configured to. */
+ if (ISSET(sudo_mode, MODE_RUN)) {
+ if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) ||
+ (ISSET(sudo_mode, MODE_SHELL) && def_set_home))
+ reset_home = TRUE;
+ }
+
+ /*
+ * Copy environ entries as long as they don't match env_delete or
+ * env_check.
+ */
+ for (ep = old_envp; *ep; ep++) {
+ int okvar;
+
+ /* Skip variables with values beginning with () (bash functions) */
+ if ((cp = strchr(*ep, '=')) != NULL) {
+ if (strncmp(cp, "=() ", 3) == 0)
+ continue;
+ }
+
+ /*
+ * First check variables against the blacklist in env_delete.
+ * If no match there check for '%' and '/' characters.
+ */
+ okvar = matches_env_delete(*ep) != TRUE;
+ if (okvar)
+ okvar = matches_env_check(*ep) != FALSE;
+
+ if (okvar) {
+ if (strncmp(*ep, "SUDO_PS1=", 9) == 0)
+ ps1 = *ep + 5;
+ else if (strncmp(*ep, "PATH=", 5) == 0)
+ SET(didvar, DID_PATH);
+ else if (strncmp(*ep, "TERM=", 5) == 0)
+ SET(didvar, DID_TERM);
+ sudo_putenv(*ep, FALSE, FALSE);
+ }
+ }
+ }
+ /* Replace the PATH envariable with a secure one? */
+ if (def_secure_path && !user_is_exempt()) {
+ sudo_setenv("PATH", def_secure_path, TRUE);
+ SET(didvar, DID_PATH);
+ }
+
+ /* Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is true. */
+ if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+ if (!ISSET(didvar, KEPT_LOGNAME))
+ sudo_setenv("LOGNAME", runas_pw->pw_name, TRUE);
+ if (!ISSET(didvar, KEPT_USER))
+ sudo_setenv("USER", runas_pw->pw_name, TRUE);
+ if (!ISSET(didvar, KEPT_USERNAME))
+ sudo_setenv("USERNAME", runas_pw->pw_name, TRUE);
+ }
+
+ /* Set $HOME to target user if not preserving user's value. */
+ if (reset_home && !ISSET(didvar, KEPT_HOME))
+ sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
+
+ /* Provide default values for $TERM and $PATH if they are not set. */
+ if (!ISSET(didvar, DID_TERM))
+ sudo_putenv("TERM=unknown", FALSE, FALSE);
+ if (!ISSET(didvar, DID_PATH))
+ sudo_setenv("PATH", _PATH_STDPATH, FALSE);
+
+ /*
+ * Preload a noexec file? For a list of LD_PRELOAD-alikes, see
+ * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html
+ * XXX - should prepend to original value, if any
+ */
+ if (noexec && def_noexec_file != NULL) {
+#if defined(__darwin__) || defined(__APPLE__)
+ sudo_setenv("DYLD_INSERT_LIBRARIES", def_noexec_file, TRUE);
+ sudo_setenv("DYLD_FORCE_FLAT_NAMESPACE", "", TRUE);
+#else
+# if defined(__osf__) || defined(__sgi)
+ easprintf(&cp, "%s:DEFAULT", def_noexec_file);
+ sudo_setenv("_RLD_LIST", cp, TRUE);
+ efree(cp);
+# else
+# ifdef _AIX
+ sudo_setenv("LDR_PRELOAD", def_noexec_file, TRUE);
+# else
+ sudo_setenv("LD_PRELOAD", def_noexec_file, TRUE);
+# endif /* _AIX */
+# endif /* __osf__ || __sgi */
+#endif /* __darwin__ || __APPLE__ */
+ }
+
+ /* Set PS1 if SUDO_PS1 is set. */
+ if (ps1 != NULL)
+ sudo_putenv(ps1, TRUE, TRUE);
+
+ /* Add the SUDO_COMMAND envariable (cmnd + args). */
+ if (user_args) {
+ easprintf(&cp, "%s %s", user_cmnd, user_args);
+ sudo_setenv("SUDO_COMMAND", cp, TRUE);
+ efree(cp);
+ } else {
+ sudo_setenv("SUDO_COMMAND", user_cmnd, TRUE);
+ }
+
+ /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */
+ sudo_setenv("SUDO_USER", user_name, TRUE);
+ snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_uid);
+ sudo_setenv("SUDO_UID", idbuf, TRUE);
+ snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_gid);
+ sudo_setenv("SUDO_GID", idbuf, TRUE);
+
+ /* Free old environment. */
+ efree(old_envp);
+}
+
+void
+insert_env_vars(env_vars)
+ struct list_member *env_vars;
+{
+ struct list_member *cur;
+
+ /* Add user-specified environment variables. */
+ for (cur = env_vars; cur != NULL; cur = cur->next)
+ putenv(cur->value);
+}
+
+/*
+ * Validate the list of environment variables passed in on the command
+ * line against env_delete, env_check, and env_keep.
+ * Calls log_error() if any specified variables are not allowed.
+ */
+void
+validate_env_vars(env_vars)
+ struct list_member *env_vars;
+{
+ struct list_member *var;
+ char *eq, *bad = NULL;
+ size_t len, blen = 0, bsize = 0;
+ int okvar;
+
+ /* Add user-specified environment variables. */
+ for (var = env_vars; var != NULL; var = var->next) {
+ if (def_secure_path && !user_is_exempt() &&
+ strncmp(var->value, "PATH=", 5) == 0) {
+ okvar = FALSE;
+ } else if (def_env_reset) {
+ okvar = matches_env_check(var->value);
+ if (okvar == -1)
+ okvar = matches_env_keep(var->value);
+ } else {
+ okvar = matches_env_delete(var->value) == FALSE;
+ if (okvar == FALSE)
+ okvar = matches_env_check(var->value) != FALSE;
+ }
+ if (okvar == FALSE) {
+ /* Not allowed, add to error string, allocating as needed. */
+ if ((eq = strchr(var->value, '=')) != NULL)
+ *eq = '\0';
+ len = strlen(var->value) + 2;
+ if (blen + len >= bsize) {
+ do {
+ bsize += 1024;
+ } while (blen + len >= bsize);
+ bad = erealloc(bad, bsize);
+ bad[blen] = '\0';
+ }
+ strlcat(bad, var->value, bsize);
+ strlcat(bad, ", ", bsize);
+ blen += len;
+ if (eq != NULL)
+ *eq = '=';
+ }
+ }
+ if (bad != NULL) {
+ bad[blen - 2] = '\0'; /* remove trailing ", " */
+ log_error(NO_MAIL,
+ "sorry, you are not allowed to set the following environment variables: %s", bad);
+ /* NOTREACHED */
+ efree(bad);
+ }
+}
+
+/*
+ * Read in /etc/environment ala AIX and Linux.
+ * Lines may be in either of three formats:
+ * NAME=VALUE
+ * NAME="VALUE"
+ * NAME='VALUE'
+ * with an optional "export" prefix so the shell can source the file.
+ * Invalid lines, blank lines, or lines consisting solely of a comment
+ * character are skipped.
+ */
+void
+read_env_file(path, overwrite)
+ const char *path;
+ int overwrite;
+{
+ FILE *fp;
+ char *cp, *var, *val;
+ size_t var_len, val_len;
+
+ if ((fp = fopen(path, "r")) == NULL)
+ return;
+
+ while ((var = sudo_parseln(fp)) != NULL) {
+ /* Skip blank or comment lines */
+ if (*var == '\0')
+ continue;
+
+ /* Skip optional "export " */
+ if (strncmp(var, "export", 6) == 0 && isspace((unsigned char) var[6])) {
+ var += 7;
+ while (isspace((unsigned char) *var)) {
+ var++;
+ }
+ }
+
+ /* Must be of the form name=["']value['"] */
+ for (val = var; *val != '\0' && *val != '='; val++)
+ ;
+ if (var == val || *val != '=')
+ continue;
+ var_len = (size_t)(val - var);
+ val_len = strlen(++val);
+
+ /* Strip leading and trailing single/double quotes */
+ if ((val[0] == '\'' || val[0] == '\"') && val[0] == val[val_len - 1]) {
+ val[val_len - 1] = '\0';
+ val++;
+ val_len -= 2;
+ }
+
+ cp = emalloc(var_len + 1 + val_len + 1);
+ memcpy(cp, var, var_len + 1); /* includes '=' */
+ memcpy(cp + var_len + 1, val, val_len + 1); /* includes NUL */
+
+ sudo_putenv(cp, TRUE, overwrite);
+ }
+ fclose(fp);
+}
+
+void
+init_envtables()
+{
+ struct list_member *cur;
+ const char **p;
+
+ /* Fill in the "env_delete" list. */
+ for (p = initial_badenv_table; *p; p++) {
+ cur = emalloc(sizeof(struct list_member));
+ cur->value = estrdup(*p);
+ cur->next = def_env_delete;
+ def_env_delete = cur;
+ }
+
+ /* Fill in the "env_check" list. */
+ for (p = initial_checkenv_table; *p; p++) {
+ cur = emalloc(sizeof(struct list_member));
+ cur->value = estrdup(*p);
+ cur->next = def_env_check;
+ def_env_check = cur;
+ }
+
+ /* Fill in the "env_keep" list. */
+ for (p = initial_keepenv_table; *p; p++) {
+ cur = emalloc(sizeof(struct list_member));
+ cur->value = estrdup(*p);
+ cur->next = def_env_keep;
+ def_env_keep = cur;
+ }
+}
diff --git a/sudo-1.7.4p4/error.c b/sudo-1.7.4p4/error.c
new file mode 100644
index 0000000..317f105
--- /dev/null
+++ b/sudo-1.7.4p4/error.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <config.h>
+#include <compat.h>
+#include "error.h"
+
+static void _warning __P((int, const char *, va_list));
+ void cleanup __P((int));
+
+void
+#ifdef __STDC__
+error(int eval, const char *fmt, ...)
+#else
+error(eval, fmt, va_alist)
+ int eval;
+ const char *fmt;
+ va_dcl
+#endif
+{
+ va_list ap;
+#ifdef __STDC__
+ va_start(ap, fmt);
+#else
+ va_start(ap);
+#endif
+ _warning(1, fmt, ap);
+ va_end(ap);
+ cleanup(0);
+ exit(eval);
+}
+
+void
+#ifdef __STDC__
+errorx(int eval, const char *fmt, ...)
+#else
+errorx(eval, fmt, va_alist)
+ int eval;
+ const char *fmt;
+ va_dcl
+#endif
+{
+ va_list ap;
+#ifdef __STDC__
+ va_start(ap, fmt);
+#else
+ va_start(ap);
+#endif
+ _warning(0, fmt, ap);
+ va_end(ap);
+ cleanup(0);
+ exit(eval);
+}
+
+void
+#ifdef __STDC__
+warning(const char *fmt, ...)
+#else
+warning(fmt, va_alist)
+ const char *fmt;
+ va_dcl
+#endif
+{
+ va_list ap;
+#ifdef __STDC__
+ va_start(ap, fmt);
+#else
+ va_start(ap);
+#endif
+ _warning(1, fmt, ap);
+ va_end(ap);
+}
+
+void
+#ifdef __STDC__
+warningx(const char *fmt, ...)
+#else
+warningx(fmt, va_alist)
+ const char *fmt;
+ va_dcl
+#endif
+{
+ va_list ap;
+#ifdef __STDC__
+ va_start(ap, fmt);
+#else
+ va_start(ap);
+#endif
+ _warning(0, fmt, ap);
+ va_end(ap);
+}
+
+static void
+_warning(use_errno, fmt, ap)
+ int use_errno;
+ const char *fmt;
+ va_list ap;
+{
+ int serrno = errno;
+
+ fputs(getprogname(), stderr);
+ if (fmt != NULL) {
+ fputs(": ", stderr);
+ vfprintf(stderr, fmt, ap);
+ }
+ if (use_errno) {
+ fputs(": ", stderr);
+ fputs(strerror(serrno), stderr);
+ }
+ putc('\n', stderr);
+}
diff --git a/sudo-1.7.4p4/error.h b/sudo-1.7.4p4/error.h
new file mode 100644
index 0000000..5ac3076
--- /dev/null
+++ b/sudo-1.7.4p4/error.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_ERROR_H_
+#define _SUDO_ERROR_H_
+
+#ifdef __STDC__
+# include <stdarg.h>
+void error(int, const char *, ...) __attribute__((__noreturn__));
+void errorx(int, const char *, ...) __attribute__((__noreturn__));
+void warning(const char *, ...);
+void warningx(const char *, ...);
+#else
+# include <varargs.h>
+void error() __attribute__((__noreturn__));
+void errorx() __attribute__((__noreturn__));
+void warning();
+void warningx();
+#endif /* __STDC__ */
+
+#endif /* _SUDO_ERROR_H_ */
diff --git a/sudo-1.7.4p4/exec.c b/sudo-1.7.4p4/exec.c
new file mode 100644
index 0000000..784f90a
--- /dev/null
+++ b/sudo-1.7.4p4/exec.c
@@ -0,0 +1,404 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#ifdef HAVE_TERMIOS_H
+# include <termios.h>
+#else
+# include <termio.h>
+#endif /* HAVE_TERMIOS_H */
+#include <sys/ioctl.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif /* HAVE_SYS_SELECT_H */
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#ifdef HAVE_SETLOCALE
+# include <locale.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+#endif
+
+#include "sudo.h"
+#include "sudo_exec.h"
+
+/* shared with exec_pty.c */
+sig_atomic_t recvsig[NSIG];
+void handler __P((int s));
+
+/*
+ * Like execve(2) but falls back to running through /bin/sh
+ * ala execvp(3) if we get ENOEXEC.
+ */
+int
+my_execve(path, argv, envp)
+ const char *path;
+ char *argv[];
+ char *envp[];
+{
+ execve(path, argv, envp);
+ if (errno == ENOEXEC) {
+ argv--; /* at least one extra slot... */
+ argv[0] = "sh";
+ argv[1] = (char *)path;
+ execve(_PATH_BSHELL, argv, envp);
+ }
+ return -1;
+}
+
+/*
+ * Fork and execute a command, returns the child's pid.
+ * Sends errno back on sv[1] if execve() fails.
+ */
+static int fork_cmnd(path, argv, envp, sv, rbac_enabled)
+ const char *path;
+ char *argv[];
+ char *envp[];
+ int sv[2];
+ int rbac_enabled;
+{
+ struct command_status cstat;
+ sigaction_t sa;
+ int pid;
+
+ zero_bytes(&sa, sizeof(sa));
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
+ sa.sa_handler = handler;
+ sigaction(SIGCONT, &sa, NULL);
+
+ pid = fork();
+ switch (pid) {
+ case -1:
+ error(1, "fork");
+ break;
+ case 0:
+ /* child */
+ close(sv[0]);
+ fcntl(sv[1], F_SETFD, FD_CLOEXEC);
+ if (exec_setup(rbac_enabled, user_ttypath, -1) == TRUE) {
+ /* headed for execve() */
+ closefrom(def_closefrom);
+#ifdef HAVE_SELINUX
+ if (rbac_enabled)
+ selinux_execve(path, argv, envp);
+ else
+#endif
+ my_execve(path, argv, envp);
+ }
+ cstat.type = CMD_ERRNO;
+ cstat.val = errno;
+ send(sv[1], &cstat, sizeof(cstat), 0);
+ _exit(1);
+ }
+ return pid;
+}
+
+/*
+ * Execute a command, potentially in a pty with I/O loggging.
+ * This is a little bit tricky due to how POSIX job control works and
+ * we fact that we have two different controlling terminals to deal with.
+ */
+int
+sudo_execve(path, argv, envp, uid, cstat, dowait, bgmode)
+ const char *path;
+ char *argv[];
+ char *envp[];
+ uid_t uid;
+ struct command_status *cstat;
+ int dowait;
+ int bgmode;
+{
+ sigaction_t sa;
+ fd_set *fdsr, *fdsw;
+ int maxfd, n, nready, status, sv[2];
+ int rbac_enabled = 0;
+ int log_io;
+ pid_t child;
+
+ /* If running in background mode, fork and exit. */
+ if (bgmode) {
+ switch (fork()) {
+ case -1:
+ cstat->type = CMD_ERRNO;
+ cstat->val = errno;
+ return -1;
+ case 0:
+ /* child continues */
+ break;
+ default:
+ /* parent exits */
+ exit(0);
+ }
+ }
+
+#ifdef _PATH_SUDO_IO_LOGDIR
+ log_io = def_log_output || def_log_input || def_use_pty;
+ if (log_io) {
+ if (!bgmode)
+ pty_setup(uid);
+ io_log_open();
+ dowait = TRUE;
+ }
+#endif /* _PATH_SUDO_IO_LOGDIR */
+
+#ifdef HAVE_SELINUX
+ rbac_enabled = is_selinux_enabled() > 0 && user_role != NULL;
+ if (rbac_enabled)
+ dowait = TRUE;
+#endif
+
+ /*
+ * If we don't need to wait for the command to finish, just exec it.
+ */
+ if (!dowait) {
+ exec_setup(FALSE, NULL, -1);
+ closefrom(def_closefrom);
+ my_execve(path, argv, envp);
+ cstat->type = CMD_ERRNO;
+ cstat->val = errno;
+ return(127);
+ }
+
+ /*
+ * We communicate with the child over a bi-directional pair of sockets.
+ * Parent sends signal info to child and child sends back wait status.
+ */
+ if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sv) != 0)
+ error(1, "cannot create sockets");
+
+ zero_bytes(&sa, sizeof(sa));
+ sigemptyset(&sa.sa_mask);
+
+ /* Note: HP-UX select() will not be interrupted if SA_RESTART set */
+ sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
+ sa.sa_handler = handler;
+ sigaction(SIGCHLD, &sa, NULL);
+ sigaction(SIGHUP, &sa, NULL);
+ sigaction(SIGINT, &sa, NULL);
+ sigaction(SIGPIPE, &sa, NULL);
+ sigaction(SIGQUIT, &sa, NULL);
+ sigaction(SIGTERM, &sa, NULL);
+
+ /* Max fd we will be selecting on. */
+ maxfd = sv[0];
+
+ /*
+ * Child will run the command in the pty, parent will pass data
+ * to and from pty. Adjusts maxfd as needed.
+ */
+#ifdef _PATH_SUDO_IO_LOGDIR
+ if (log_io)
+ child = fork_pty(path, argv, envp, sv, rbac_enabled, &maxfd);
+ else
+#endif
+ child = fork_cmnd(path, argv, envp, sv, rbac_enabled);
+ close(sv[1]);
+
+#ifdef HAVE_SETLOCALE
+ /*
+ * I/O logging must be in the C locale for floating point numbers
+ * to be logged consistently.
+ */
+ setlocale(LC_ALL, "C");
+#endif
+
+ /*
+ * In the event loop we pass input from user tty to master
+ * and pass output from master to stdout and IO plugin.
+ */
+ fdsr = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+ fdsw = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+ for (;;) {
+ if (recvsig[SIGCHLD]) {
+ pid_t pid;
+
+ /*
+ * If logging I/O, child is the intermediate process,
+ * otherwise it is the command itself.
+ */
+ recvsig[SIGCHLD] = FALSE;
+ do {
+#ifdef sudo_waitpid
+ pid = sudo_waitpid(child, &status, WUNTRACED|WNOHANG);
+#else
+ pid = wait(&status);
+#endif
+ } while (pid == -1 && errno == EINTR);
+ if (pid == child) {
+ /* If not logging I/O and child has exited we are done. */
+ if (!log_io) {
+ if (WIFSTOPPED(status)) {
+ /* Child may not have privs to suspend us itself. */
+ kill(getpid(), WSTOPSIG(status));
+ } else {
+ /* Child has exited, we are done. */
+ cstat->type = CMD_WSTATUS;
+ cstat->val = status;
+ return 0;
+ }
+ }
+ /* Else we get ECONNRESET on sv[0] if child dies. */
+ }
+ }
+
+ zero_bytes(fdsw, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+ zero_bytes(fdsr, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+
+ FD_SET(sv[0], fdsr);
+#ifdef _PATH_SUDO_IO_LOGDIR
+ if (log_io)
+ fd_set_iobs(fdsr, fdsw); /* XXX - better name */
+#endif
+ for (n = 0; n < NSIG; n++) {
+ if (recvsig[n] && n != SIGCHLD) {
+ if (log_io) {
+ FD_SET(sv[0], fdsw);
+ break;
+ } else {
+ /* nothing listening on sv[0], send directly */
+ kill(child, n);
+ }
+ }
+ }
+
+ if (recvsig[SIGCHLD])
+ continue;
+ nready = select(maxfd + 1, fdsr, fdsw, NULL, NULL);
+ if (nready == -1) {
+ if (errno == EINTR)
+ continue;
+ error(1, "select failed");
+ }
+ if (FD_ISSET(sv[0], fdsr)) {
+ /* read child status */
+ n = recv(sv[0], cstat, sizeof(*cstat), 0);
+ if (n == -1) {
+ if (errno == EINTR)
+ continue;
+ /*
+ * If not logging I/O we will receive ECONNRESET when
+ * the command is executed. It is safe to ignore this.
+ */
+ if (log_io && errno != EAGAIN) {
+ cstat->type = CMD_ERRNO;
+ cstat->val = errno;
+ break;
+ }
+ }
+#ifdef _PATH_SUDO_IO_LOGDIR /* XXX */
+ if (cstat->type == CMD_WSTATUS) {
+ if (WIFSTOPPED(cstat->val)) {
+ /* Suspend parent and tell child how to resume on return. */
+ n = suspend_parent(WSTOPSIG(cstat->val));
+ recvsig[n] = TRUE;
+ continue;
+ } else {
+ /* Child exited or was killed, either way we are done. */
+ break;
+ }
+ } else
+#endif /* _PATH_SUDO_IO_LOGDIR */
+ if (cstat->type == CMD_ERRNO) {
+ /* Child was unable to execute command or broken pipe. */
+ break;
+ }
+ }
+
+#ifdef _PATH_SUDO_IO_LOGDIR
+ /* XXX - move this too */
+ if (FD_ISSET(sv[0], fdsw)) {
+ for (n = 0; n < NSIG; n++) {
+ if (!recvsig[n])
+ continue;
+ recvsig[n] = FALSE;
+ cstat->type = CMD_SIGNO;
+ cstat->val = n;
+ do {
+ n = send(sv[0], cstat, sizeof(*cstat), 0);
+ } while (n == -1 && errno == EINTR);
+ if (n != sizeof(*cstat)) {
+ recvsig[n] = TRUE;
+ break;
+ }
+ }
+ }
+ if (perform_io(fdsr, fdsw, cstat) != 0)
+ break;
+#endif /* _PATH_SUDO_IO_LOGDIR */
+ }
+
+#ifdef _PATH_SUDO_IO_LOGDIR
+ if (log_io) {
+ /* Flush any remaining output and free pty-related memory. */
+ pty_close(cstat);
+ }
+#endif /* _PATH_SUDO_IO_LOGDIR */
+
+#ifdef HAVE_SELINUX
+ if (rbac_enabled) {
+ /* This is probably not needed in log_io mode. */
+ if (selinux_restore_tty() != 0)
+ warningx("unable to restore tty label");
+ }
+#endif
+
+ efree(fdsr);
+ efree(fdsw);
+
+ return cstat->type == CMD_ERRNO ? -1 : 0;
+}
+
+/*
+ * Generic handler for signals passed from parent -> child.
+ * The recvsig[] array is checked in the main event loop.
+ */
+void
+handler(s)
+ int s;
+{
+ recvsig[s] = TRUE;
+}
diff --git a/sudo-1.7.4p4/exec_pty.c b/sudo-1.7.4p4/exec_pty.c
new file mode 100644
index 0000000..2d6b0e8
--- /dev/null
+++ b/sudo-1.7.4p4/exec_pty.c
@@ -0,0 +1,1057 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#ifdef HAVE_TERMIOS_H
+# include <termios.h>
+#else
+# include <termio.h>
+#endif /* HAVE_TERMIOS_H */
+#include <sys/ioctl.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif /* HAVE_SYS_SELECT_H */
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+
+#include "sudo.h"
+#include "sudo_exec.h"
+
+#define SFD_STDIN 0
+#define SFD_STDOUT 1
+#define SFD_STDERR 2
+#define SFD_MASTER 3
+#define SFD_SLAVE 4
+#define SFD_USERTTY 5
+
+#define TERM_COOKED 0
+#define TERM_RAW 1
+
+/* Compatibility with older tty systems. */
+#if !defined(TIOCGSIZE) && defined(TIOCGWINSZ)
+# define TIOCGSIZE TIOCGWINSZ
+# define TIOCSSIZE TIOCSWINSZ
+# define ttysize winsize
+# define ts_cols ws_col
+#endif
+
+struct io_buffer {
+ struct io_buffer *next;
+ int len; /* buffer length (how much produced) */
+ int off; /* write position (how much already consumed) */
+ int rfd; /* reader (producer) */
+ int wfd; /* writer (consumer) */
+ int (*action) __P((const char *buf, unsigned int len));
+ char buf[16 * 1024];
+};
+
+static char slavename[PATH_MAX];
+static int foreground;
+static int io_fds[6] = { -1, -1, -1, -1, -1, -1};
+static int pipeline = FALSE;
+static int tty_initialized;
+static int ttymode = TERM_COOKED;
+static pid_t ppgrp, child;
+static struct io_buffer *iobufs;
+
+static void flush_output __P((void));
+static int exec_monitor __P((const char *path, char *argv[],
+ char *envp[], int, int));
+static void exec_pty __P((const char *path, char *argv[],
+ char *envp[], int));
+static void sigwinch __P((int s));
+static void sync_ttysize __P((int src, int dst));
+static void deliver_signal __P((pid_t pid, int signo));
+static int safe_close __P((int fd));
+
+/*
+ * Allocate a pty if /dev/tty is a tty.
+ * Fills in io_fds[SFD_USERTTY], io_fds[SFD_MASTER], io_fds[SFD_SLAVE]
+ * and slavename globals.
+ */
+void
+pty_setup(uid)
+ uid_t uid;
+{
+ io_fds[SFD_USERTTY] = open(_PATH_TTY, O_RDWR|O_NOCTTY, 0);
+ if (io_fds[SFD_USERTTY] != -1) {
+ if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE],
+ slavename, sizeof(slavename), uid))
+ error(1, "Can't get pty");
+ }
+}
+
+/*
+ * Check whether we are running in the foregroup.
+ * Updates the foreground global and does lazy init of the
+ * the pty slave as needed.
+ */
+static void
+check_foreground()
+{
+ if (io_fds[SFD_USERTTY] != -1) {
+ foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp;
+ if (foreground && !tty_initialized) {
+ if (term_copy(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE])) {
+ tty_initialized = 1;
+ sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
+ }
+ }
+ }
+}
+
+/*
+ * Suspend sudo if the underlying command is suspended.
+ * Returns SIGUSR1 if the child should be resume in foreground else SIGUSR2.
+ */
+int
+suspend_parent(signo)
+ int signo;
+{
+ sigaction_t sa, osa;
+ int n, oldmode = ttymode, rval = 0;
+
+ switch (signo) {
+ case SIGTTOU:
+ case SIGTTIN:
+ /*
+ * If we are the foreground process, just resume the child.
+ * Otherwise, re-send the signal with the handler disabled.
+ */
+ if (!foreground)
+ check_foreground();
+ if (foreground) {
+ if (ttymode != TERM_RAW) {
+ do {
+ n = term_raw(io_fds[SFD_USERTTY], 0);
+ } while (!n && errno == EINTR);
+ ttymode = TERM_RAW;
+ }
+ rval = SIGUSR1; /* resume child in foreground */
+ break;
+ }
+ ttymode = TERM_RAW;
+ /* FALLTHROUGH */
+ case SIGSTOP:
+ case SIGTSTP:
+ /* Flush any remaining output before suspending. */
+ flush_output();
+
+ /* Restore original tty mode before suspending. */
+ if (oldmode != TERM_COOKED) {
+ do {
+ n = term_restore(io_fds[SFD_USERTTY], 0);
+ } while (!n && errno == EINTR);
+ }
+
+ /* Suspend self and continue child when we resume. */
+ sa.sa_handler = SIG_DFL;
+ sigaction(signo, &sa, &osa);
+ if (killpg(ppgrp, signo) != 0)
+ warning("killpg(%d, %d)", ppgrp, signo);
+
+ /* Check foreground/background status on resume. */
+ check_foreground();
+
+ /*
+ * Only modify term if we are foreground process and either
+ * the old tty mode was not cooked or child got SIGTT{IN,OU}
+ */
+ if (ttymode != TERM_COOKED) {
+ if (foreground) {
+ /* Set raw mode. */
+ do {
+ n = term_raw(io_fds[SFD_USERTTY], 0);
+ } while (!n && errno == EINTR);
+ } else {
+ /* Background process, no access to tty. */
+ ttymode = TERM_COOKED;
+ }
+ }
+
+ sigaction(signo, &osa, NULL);
+ rval = ttymode == TERM_RAW ? SIGUSR1 : SIGUSR2;
+ break;
+ }
+
+ return(rval);
+}
+
+/*
+ * Kill child with increasing urgency.
+ */
+static void
+terminate_child(pid, use_pgrp)
+ pid_t pid;
+ int use_pgrp;
+{
+ /*
+ * Note that SIGCHLD will interrupt the sleep()
+ */
+ if (use_pgrp) {
+ killpg(pid, SIGHUP);
+ killpg(pid, SIGTERM);
+ sleep(2);
+ killpg(pid, SIGKILL);
+ } else {
+ kill(pid, SIGHUP);
+ kill(pid, SIGTERM);
+ sleep(2);
+ kill(pid, SIGKILL);
+ }
+}
+
+/*
+ * Allocate a new io_buffer struct and insert it at the head of the list.
+ * Returns the new head element.
+ */
+static struct io_buffer *
+io_buf_new(rfd, wfd, action, head)
+ int rfd;
+ int wfd;
+ int (*action) __P((const char *, unsigned int));
+ struct io_buffer *head;
+{
+ struct io_buffer *iob;
+
+ iob = emalloc(sizeof(*iob));
+ zero_bytes(iob, sizeof(*iob));
+ iob->rfd = rfd;
+ iob->wfd = wfd;
+ iob->action = action;
+ iob->next = head;
+ return iob;
+}
+
+/*
+ * Read/write iobufs depending on fdsr and fdsw.
+ * Fills in cstat on error.
+ * Returns the number of errors.
+ */
+int
+perform_io(fdsr, fdsw, cstat)
+ fd_set *fdsr;
+ fd_set *fdsw;
+ struct command_status *cstat;
+{
+ struct io_buffer *iob;
+ int n, errors = 0;
+
+ for (iob = iobufs; iob; iob = iob->next) {
+ if (iob->rfd != -1 && FD_ISSET(iob->rfd, fdsr)) {
+ do {
+ n = read(iob->rfd, iob->buf + iob->len,
+ sizeof(iob->buf) - iob->len);
+ } while (n == -1 && errno == EINTR);
+ switch (n) {
+ case -1:
+ if (errno == EAGAIN)
+ break;
+ if (errno != ENXIO && errno != EBADF) {
+ errors++;
+ break;
+ }
+ /* FALLTHROUGH */
+ case 0:
+ /* got EOF or pty has gone away */
+ safe_close(iob->rfd);
+ iob->rfd = -1;
+ break;
+ default:
+ if (!iob->action(iob->buf + iob->len, n))
+ terminate_child(child, TRUE);
+ iob->len += n;
+ break;
+ }
+ }
+ if (iob->wfd != -1 && FD_ISSET(iob->wfd, fdsw)) {
+ do {
+ n = write(iob->wfd, iob->buf + iob->off,
+ iob->len - iob->off);
+ } while (n == -1 && errno == EINTR);
+ if (n == -1) {
+ if (errno == EPIPE || errno == ENXIO || errno == EBADF) {
+ /* other end of pipe closed or pty revoked */
+ if (iob->rfd != -1) {
+ safe_close(iob->rfd);
+ iob->rfd = -1;
+ }
+ safe_close(iob->wfd);
+ iob->wfd = -1;
+ continue;
+ }
+ if (errno != EAGAIN)
+ errors++;
+ } else {
+ iob->off += n;
+ }
+ }
+ }
+ if (errors && cstat != NULL) {
+ cstat->type = CMD_ERRNO;
+ cstat->val = errno;
+ }
+ return errors;
+}
+
+/*
+ * Fork a monitor process which runs the actual command as its own child
+ * process with std{in,out,err} hooked up to the pty or pipes as appropriate.
+ * Returns the child pid.
+ */
+int
+fork_pty(path, argv, envp, sv, rbac_enabled, maxfd)
+ const char *path;
+ char *argv[];
+ char *envp[];
+ int sv[2];
+ int rbac_enabled;
+ int *maxfd;
+{
+ struct command_status cstat;
+ struct io_buffer *iob;
+ int io_pipe[3][2], n;
+ sigaction_t sa;
+
+ ppgrp = getpgrp(); /* parent's pgrp, so child can signal us */
+
+ zero_bytes(&sa, sizeof(sa));
+ sigemptyset(&sa.sa_mask);
+
+ if (io_fds[SFD_USERTTY] != -1) {
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = sigwinch;
+ sigaction(SIGWINCH, &sa, NULL);
+ }
+
+ /*
+ * Setup stdin/stdout/stderr for child, to be duped after forking.
+ */
+ io_fds[SFD_STDIN] = io_fds[SFD_SLAVE];
+ io_fds[SFD_STDOUT] = io_fds[SFD_SLAVE];
+ io_fds[SFD_STDERR] = io_fds[SFD_SLAVE];
+
+ /* Copy /dev/tty -> pty master */
+ if (io_fds[SFD_USERTTY] != -1) {
+ iobufs = io_buf_new(io_fds[SFD_USERTTY], io_fds[SFD_MASTER],
+ log_ttyin, iobufs);
+
+ /* Copy pty master -> /dev/tty */
+ iobufs = io_buf_new(io_fds[SFD_MASTER], io_fds[SFD_USERTTY],
+ log_ttyout, iobufs);
+
+ /* Are we the foreground process? */
+ foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp;
+ }
+
+ /*
+ * If either stdin, stdout or stderr is not a tty we use a pipe
+ * to interpose ourselves instead of duping the pty fd.
+ */
+ memset(io_pipe, 0, sizeof(io_pipe));
+ if (io_fds[SFD_STDIN] == -1 || !isatty(STDIN_FILENO)) {
+ pipeline = TRUE;
+ if (pipe(io_pipe[STDIN_FILENO]) != 0)
+ error(1, "unable to create pipe");
+ iobufs = io_buf_new(STDIN_FILENO, io_pipe[STDIN_FILENO][1],
+ log_stdin, iobufs);
+ io_fds[SFD_STDIN] = io_pipe[STDIN_FILENO][0];
+ }
+ if (io_fds[SFD_STDOUT] == -1 || !isatty(STDOUT_FILENO)) {
+ pipeline = TRUE;
+ if (pipe(io_pipe[STDOUT_FILENO]) != 0)
+ error(1, "unable to create pipe");
+ iobufs = io_buf_new(io_pipe[STDOUT_FILENO][0], STDOUT_FILENO,
+ log_stdout, iobufs);
+ io_fds[SFD_STDOUT] = io_pipe[STDOUT_FILENO][1];
+ }
+ if (io_fds[SFD_STDERR] == -1 || !isatty(STDERR_FILENO)) {
+ if (pipe(io_pipe[STDERR_FILENO]) != 0)
+ error(1, "unable to create pipe");
+ iobufs = io_buf_new(io_pipe[STDERR_FILENO][0], STDERR_FILENO,
+ log_stderr, iobufs);
+ io_fds[SFD_STDERR] = io_pipe[STDERR_FILENO][1];
+ }
+
+ /* Job control signals to relay from parent to child. */
+ sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
+ sa.sa_handler = handler;
+ sigaction(SIGTSTP, &sa, NULL);
+
+ if (foreground) {
+ /* Copy terminal attrs from user tty -> pty slave. */
+ if (term_copy(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE])) {
+ tty_initialized = 1;
+ sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
+ }
+
+ /* Start out in raw mode if we are not part of a pipeline. */
+ if (!pipeline) {
+ ttymode = TERM_RAW;
+ do {
+ n = term_raw(io_fds[SFD_USERTTY], 0);
+ } while (!n && errno == EINTR);
+ if (!n)
+ error(1, "Can't set terminal to raw mode");
+ }
+ }
+
+ child = fork();
+ switch (child) {
+ case -1:
+ error(1, "fork");
+ break;
+ case 0:
+ /* child */
+ close(sv[0]);
+ fcntl(sv[1], F_SETFD, FD_CLOEXEC);
+ if (exec_setup(rbac_enabled, slavename, io_fds[SFD_SLAVE]) == TRUE) {
+ /* Close the other end of the stdin/stdout/stderr pipes and exec. */
+ if (io_pipe[STDIN_FILENO][1])
+ close(io_pipe[STDIN_FILENO][1]);
+ if (io_pipe[STDOUT_FILENO][0])
+ close(io_pipe[STDOUT_FILENO][0]);
+ if (io_pipe[STDERR_FILENO][0])
+ close(io_pipe[STDERR_FILENO][0]);
+ exec_monitor(path, argv, envp, sv[1], rbac_enabled);
+ }
+ cstat.type = CMD_ERRNO;
+ cstat.val = errno;
+ send(sv[1], &cstat, sizeof(cstat), 0);
+ _exit(1);
+ }
+
+ /* Close the other end of the stdin/stdout/stderr pipes. */
+ if (io_pipe[STDIN_FILENO][0])
+ close(io_pipe[STDIN_FILENO][0]);
+ if (io_pipe[STDOUT_FILENO][1])
+ close(io_pipe[STDOUT_FILENO][1]);
+ if (io_pipe[STDERR_FILENO][1])
+ close(io_pipe[STDERR_FILENO][1]);
+
+ for (iob = iobufs; iob; iob = iob->next) {
+ /* Adjust maxfd. */
+ if (iob->rfd > *maxfd)
+ *maxfd = iob->rfd;
+ if (iob->wfd > *maxfd)
+ *maxfd = iob->wfd;
+
+ /* Set non-blocking mode. */
+ n = fcntl(iob->rfd, F_GETFL, 0);
+ if (n != -1 && !ISSET(n, O_NONBLOCK))
+ (void) fcntl(iob->rfd, F_SETFL, n | O_NONBLOCK);
+ n = fcntl(iob->wfd, F_GETFL, 0);
+ if (n != -1 && !ISSET(n, O_NONBLOCK))
+ (void) fcntl(iob->wfd, F_SETFL, n | O_NONBLOCK);
+ }
+
+ return child;
+}
+
+/*
+ * Flush any remaining output and restore /dev/tty to the way we found it.
+ * If the command died due to a signal, writes the reason to stdout.
+ */
+void
+pty_close(cstat)
+ struct command_status *cstat;
+{
+ int n;
+
+ /* Flush any remaining output (the plugin already got it) */
+ if (io_fds[SFD_USERTTY] != -1) {
+ n = fcntl(io_fds[SFD_USERTTY], F_GETFL, 0);
+ if (n != -1 && ISSET(n, O_NONBLOCK)) {
+ CLR(n, O_NONBLOCK);
+ (void) fcntl(io_fds[SFD_USERTTY], F_SETFL, n);
+ }
+ }
+ flush_output();
+
+ if (io_fds[SFD_USERTTY] != -1) {
+ do {
+ n = term_restore(io_fds[SFD_USERTTY], 0);
+ } while (!n && errno == EINTR);
+ }
+
+ /* If child was signalled, write the reason to stdout like the shell. */
+ if (cstat->type == CMD_WSTATUS && WIFSIGNALED(cstat->val)) {
+ int signo = WTERMSIG(cstat->val);
+ if (signo && signo != SIGINT && signo != SIGPIPE) {
+ const char *reason = strsignal(signo);
+ n = io_fds[SFD_USERTTY] != -1 ?
+ io_fds[SFD_USERTTY] : STDOUT_FILENO;
+ write(n, reason, strlen(reason));
+ if (WCOREDUMP(cstat->val))
+ write(n, " (core dumped)", 14);
+ write(n, "\n", 1);
+ }
+ }
+}
+
+
+/*
+ * Fill in fdsr and fdsw based on the io buffers list.
+ * Called prior to select().
+ */
+void
+fd_set_iobs(fdsr, fdsw)
+ fd_set *fdsr;
+ fd_set *fdsw;
+{
+ struct io_buffer *iob;
+
+ for (iob = iobufs; iob; iob = iob->next) {
+ if (iob->rfd == -1 && iob->wfd == -1)
+ continue;
+ if (iob->off == iob->len) {
+ iob->off = iob->len = 0;
+ /* Forward the EOF from reader to writer. */
+ if (iob->rfd == -1) {
+ safe_close(iob->wfd);
+ iob->wfd = -1;
+ }
+ }
+ /* Don't read/write /dev/tty if we are not in the foreground. */
+ if (iob->rfd != -1 &&
+ (ttymode == TERM_RAW || iob->rfd != io_fds[SFD_USERTTY])) {
+ if (iob->len != sizeof(iob->buf))
+ FD_SET(iob->rfd, fdsr);
+ }
+ if (iob->wfd != -1 &&
+ (foreground || iob->wfd != io_fds[SFD_USERTTY])) {
+ if (iob->len > iob->off)
+ FD_SET(iob->wfd, fdsw);
+ }
+ }
+}
+
+/*
+ * Deliver a relayed signal to the command.
+ */
+static void
+deliver_signal(pid, signo)
+ pid_t pid;
+ int signo;
+{
+ int status;
+
+ /* Handle signal from parent. */
+ switch (signo) {
+ case SIGKILL:
+ _exit(1); /* XXX */
+ /* NOTREACHED */
+ case SIGPIPE:
+ case SIGHUP:
+ case SIGTERM:
+ case SIGINT:
+ case SIGQUIT:
+ case SIGTSTP:
+ /* relay signal to child */
+ killpg(pid, signo);
+ break;
+ case SIGALRM:
+ terminate_child(pid, TRUE);
+ break;
+ case SIGUSR1:
+ /* foreground process, grant it controlling tty. */
+ do {
+ status = tcsetpgrp(io_fds[SFD_SLAVE], pid);
+ } while (status == -1 && errno == EINTR);
+ killpg(pid, SIGCONT);
+ break;
+ case SIGUSR2:
+ /* background process, I take controlling tty. */
+ do {
+ status = tcsetpgrp(io_fds[SFD_SLAVE], getpid());
+ } while (status == -1 && errno == EINTR);
+ killpg(pid, SIGCONT);
+ break;
+ default:
+ warningx("unexpected signal from child: %d", signo);
+ break;
+ }
+}
+
+/*
+ * Send status to parent over socketpair.
+ * Return value is the same as send(2).
+ */
+static int
+send_status(fd, cstat)
+ int fd;
+ struct command_status *cstat;
+{
+ int n = -1;
+
+ if (cstat->type != CMD_INVALID) {
+ do {
+ n = send(fd, cstat, sizeof(*cstat), 0);
+ } while (n == -1 && errno == EINTR);
+ cstat->type = CMD_INVALID; /* prevent re-sending */
+ }
+ return n;
+}
+
+/*
+ * Wait for child status after receiving SIGCHLD.
+ * If the child was stopped, the status is send back to the parent.
+ * Otherwise, cstat is filled in but not sent.
+ * Returns TRUE if child is still alive, else FALSE.
+ */
+static int
+handle_sigchld(backchannel, cstat)
+ int backchannel;
+ struct command_status *cstat;
+{
+ int status, alive = TRUE;
+ pid_t pid;
+
+ /* read child status */
+ do {
+#ifdef sudo_waitpid
+ pid = sudo_waitpid(child, &status, WUNTRACED|WNOHANG);
+#else
+ pid = wait(&status);
+#endif
+ } while (pid == -1 && errno == EINTR);
+ if (pid == child) {
+ if (cstat->type != CMD_ERRNO) {
+ cstat->type = CMD_WSTATUS;
+ cstat->val = status;
+ if (WIFSTOPPED(status)) {
+ if (send_status(backchannel, cstat) == -1)
+ return alive; /* XXX */
+ }
+ }
+ if (!WIFSTOPPED(status))
+ alive = FALSE;
+ }
+ return alive;
+}
+
+/*
+ * Monitor process that creates a new session with the controlling tty,
+ * resets signal handlers and forks a child to call exec_pty().
+ * Waits for status changes from the command and relays them to the
+ * parent and relays signals from the parent to the command.
+ * Returns an error if fork(2) fails, else calls _exit(2).
+ */
+static int
+exec_monitor(path, argv, envp, backchannel, rbac)
+ const char *path;
+ char *argv[];
+ char *envp[];
+ int backchannel;
+ int rbac;
+{
+ struct command_status cstat;
+ struct timeval tv;
+ fd_set *fdsr;
+ sigaction_t sa;
+ int errpipe[2], maxfd, n, status;
+ int alive = TRUE;
+
+ /* Close unused fds. */
+ if (io_fds[SFD_MASTER] != -1)
+ close(io_fds[SFD_MASTER]);
+ if (io_fds[SFD_USERTTY] != -1)
+ close(io_fds[SFD_USERTTY]);
+
+ /* Reset SIGWINCH and SIGALRM. */
+ zero_bytes(&sa, sizeof(sa));
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = SIG_DFL;
+ sigaction(SIGWINCH, &sa, NULL);
+ sigaction(SIGALRM, &sa, NULL);
+
+ /* Ignore any SIGTTIN or SIGTTOU we get. */
+ sa.sa_handler = SIG_IGN;
+ sigaction(SIGTTIN, &sa, NULL);
+ sigaction(SIGTTOU, &sa, NULL);
+
+ /* Note: HP-UX select() will not be interrupted if SA_RESTART set */
+ sa.sa_flags = SA_INTERRUPT;
+ sa.sa_handler = handler;
+ sigaction(SIGCHLD, &sa, NULL);
+
+ /*
+ * Start a new session with the parent as the session leader
+ * and the slave pty as the controlling terminal.
+ * This allows us to be notified when the child has been suspended.
+ */
+ if (setsid() == -1) {
+ warning("setsid");
+ goto bad;
+ }
+ if (io_fds[SFD_SLAVE] != -1) {
+#ifdef TIOCSCTTY
+ if (ioctl(io_fds[SFD_SLAVE], TIOCSCTTY, NULL) != 0)
+ error(1, "unable to set controlling tty");
+#else
+ /* Set controlling tty by reopening slave. */
+ if ((n = open(slavename, O_RDWR)) >= 0)
+ close(n);
+#endif
+ }
+
+ /*
+ * If stdin/stdout is not a tty, start command in the background
+ * since it might be part of a pipeline that reads from /dev/tty.
+ * In this case, we rely on the command receiving SIGTTOU or SIGTTIN
+ * when it needs access to the controlling tty.
+ */
+ if (pipeline)
+ foreground = 0;
+
+ /* Start command and wait for it to stop or exit */
+ if (pipe(errpipe) == -1)
+ error(1, "unable to create pipe");
+ child = fork();
+ if (child == -1) {
+ warning("Can't fork");
+ goto bad;
+ }
+ if (child == 0) {
+ /* We pass errno back to our parent via pipe on exec failure. */
+ close(backchannel);
+ close(errpipe[0]);
+ fcntl(errpipe[1], F_SETFD, FD_CLOEXEC);
+
+ /* setup tty and exec command */
+ exec_pty(path, argv, envp, rbac);
+ cstat.type = CMD_ERRNO;
+ cstat.val = errno;
+ write(errpipe[1], &cstat, sizeof(cstat));
+ _exit(1);
+ }
+ close(errpipe[1]);
+
+ /* If any of stdin/stdout/stderr are pipes, close them in parent. */
+ if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE])
+ close(io_fds[SFD_STDIN]);
+ if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE])
+ close(io_fds[SFD_STDOUT]);
+ if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
+ close(io_fds[SFD_STDERR]);
+
+ /*
+ * Put child in its own process group. If we are starting the command
+ * in the foreground, assign its pgrp to the tty.
+ */
+ setpgid(child, child);
+ if (foreground) {
+ do {
+ status = tcsetpgrp(io_fds[SFD_SLAVE], child);
+ } while (status == -1 && errno == EINTR);
+ }
+
+ /* Wait for errno on pipe, signal on backchannel or for SIGCHLD */
+ maxfd = MAX(errpipe[0], backchannel);
+ fdsr = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+ zero_bytes(fdsr, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+ zero_bytes(&cstat, sizeof(cstat));
+ tv.tv_sec = 0;
+ tv.tv_usec = 0;
+ for (;;) {
+ /* Read child status. */
+ if (recvsig[SIGCHLD]) {
+ recvsig[SIGCHLD] = FALSE;
+ alive = handle_sigchld(backchannel, &cstat);
+ }
+
+ /* Check for signal on backchannel or errno on errpipe. */
+ FD_SET(backchannel, fdsr);
+ if (errpipe[0] != -1)
+ FD_SET(errpipe[0], fdsr);
+ maxfd = MAX(errpipe[0], backchannel);
+
+ if (recvsig[SIGCHLD])
+ continue;
+ /* If command exited we just poll, there may be data on errpipe. */
+ n = select(maxfd + 1, fdsr, NULL, NULL, alive ? NULL : &tv);
+ if (n <= 0) {
+ if (n == 0)
+ goto done;
+ if (errno == EINTR)
+ continue;
+ error(1, "select failed");
+ }
+
+ if (errpipe[0] != -1 && FD_ISSET(errpipe[0], fdsr)) {
+ /* read errno or EOF from command pipe */
+ n = read(errpipe[0], &cstat, sizeof(cstat));
+ if (n == -1) {
+ if (errno == EINTR)
+ continue;
+ warning("error reading from pipe");
+ goto done;
+ }
+ /* Got errno or EOF, either way we are done with errpipe. */
+ FD_CLR(errpipe[0], fdsr);
+ close(errpipe[0]);
+ errpipe[0] = -1;
+ }
+ if (FD_ISSET(backchannel, fdsr)) {
+ struct command_status cstmp;
+
+ /* read command from backchannel, should be a signal */
+ n = recv(backchannel, &cstmp, sizeof(cstmp), 0);
+ if (n == -1) {
+ if (errno == EINTR)
+ continue;
+ warning("error reading from socketpair");
+ goto done;
+ }
+ if (cstmp.type != CMD_SIGNO) {
+ warningx("unexpected reply type on backchannel: %d", cstmp.type);
+ continue;
+ }
+ deliver_signal(child, cstmp.val);
+ }
+ }
+
+done:
+ if (alive) {
+ /* XXX An error occurred, should send an error back. */
+ kill(child, SIGKILL);
+ } else {
+ /* Send parent status. */
+ send_status(backchannel, &cstat);
+ }
+ _exit(1);
+
+bad:
+ return errno;
+}
+
+/*
+ * Flush any output buffered in iobufs or readable from the fds.
+ * Does not read from /dev/tty.
+ */
+static void
+flush_output()
+{
+ struct io_buffer *iob;
+ struct timeval tv;
+ fd_set *fdsr, *fdsw;
+ int nready, nwriters, maxfd = -1;
+
+ /* Determine maxfd */
+ for (iob = iobufs; iob; iob = iob->next) {
+ if (iob->rfd > maxfd)
+ maxfd = iob->rfd;
+ if (iob->wfd > maxfd)
+ maxfd = iob->wfd;
+ }
+ if (maxfd == -1)
+ return;
+
+ fdsr = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+ fdsw = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+ for (;;) {
+ zero_bytes(fdsw, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+ zero_bytes(fdsr, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+
+ nwriters = 0;
+ for (iob = iobufs; iob; iob = iob->next) {
+ /* Don't read from /dev/tty while flushing. */
+ if (io_fds[SFD_USERTTY] != -1 && iob->rfd == io_fds[SFD_USERTTY])
+ continue;
+ if (iob->rfd == -1 && iob->wfd == -1)
+ continue;
+ if (iob->off == iob->len) {
+ iob->off = iob->len = 0;
+ /* Forward the EOF from reader to writer. */
+ if (iob->rfd == -1) {
+ safe_close(iob->wfd);
+ iob->wfd = -1;
+ }
+ }
+ if (iob->rfd != -1) {
+ if (iob->len != sizeof(iob->buf))
+ FD_SET(iob->rfd, fdsr);
+ }
+ if (iob->wfd != -1) {
+ if (iob->len > iob->off) {
+ nwriters++;
+ FD_SET(iob->wfd, fdsw);
+ }
+ }
+ }
+
+ /* Don't sleep in select if there are no buffers that need writing. */
+ tv.tv_sec = 0;
+ tv.tv_usec = 0;
+ nready = select(maxfd + 1, fdsr, fdsw, NULL, nwriters ? NULL : &tv);
+ if (nready <= 0) {
+ if (nready == 0)
+ break; /* all I/O flushed */
+ if (errno == EINTR)
+ continue;
+ error(1, "select failed");
+ }
+ if (perform_io(fdsr, fdsw, NULL) != 0)
+ break;
+ }
+ efree(fdsr);
+ efree(fdsw);
+}
+
+/*
+ * Sets up std{in,out,err} and executes the actual command.
+ * Returns only if execve() fails.
+ */
+static void
+exec_pty(path, argv, envp, rbac_enabled)
+ const char *path;
+ char *argv[];
+ char *envp[];
+ int rbac_enabled;
+{
+ sigaction_t sa;
+ pid_t self = getpid();
+
+ /* Reset signal handlers. */
+ zero_bytes(&sa, sizeof(sa));
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = SIG_DFL;
+ sigaction(SIGHUP, &sa, NULL);
+ sigaction(SIGTERM, &sa, NULL);
+ sigaction(SIGINT, &sa, NULL);
+ sigaction(SIGQUIT, &sa, NULL);
+ sigaction(SIGTSTP, &sa, NULL);
+ sigaction(SIGTTIN, &sa, NULL);
+ sigaction(SIGTTOU, &sa, NULL);
+ sigaction(SIGUSR1, &sa, NULL);
+ sigaction(SIGUSR2, &sa, NULL);
+ sigaction(SIGCHLD, &sa, NULL);
+
+ /* Set child process group here too to avoid a race. */
+ setpgid(0, self);
+
+ /* Wire up standard fds, note that stdout/stderr may be pipes. */
+ if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1 ||
+ dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1 ||
+ dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1)
+ error(1, "dup2");
+
+ /* Wait for parent to grant us the tty if we are foreground. */
+ if (foreground) {
+ while (tcgetpgrp(io_fds[SFD_SLAVE]) != self)
+ ; /* spin */
+ }
+
+ /* We have guaranteed that the slave fd is > 2 */
+ if (io_fds[SFD_SLAVE] != -1)
+ close(io_fds[SFD_SLAVE]);
+ if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE])
+ close(io_fds[SFD_STDIN]);
+ if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE])
+ close(io_fds[SFD_STDOUT]);
+ if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
+ close(io_fds[SFD_STDERR]);
+
+ closefrom(def_closefrom);
+#ifdef HAVE_SELINUX
+ if (rbac_enabled)
+ selinux_execve(path, argv, envp);
+ else
+#endif
+ my_execve(path, argv, envp);
+}
+
+/*
+ * Propagates tty size change signals to pty being used by the command.
+ */
+static void
+sync_ttysize(src, dst)
+ int src;
+ int dst;
+{
+#ifdef TIOCGSIZE
+ struct ttysize tsize;
+ pid_t pgrp;
+
+ if (ioctl(src, TIOCGSIZE, &tsize) == 0) {
+ ioctl(dst, TIOCSSIZE, &tsize);
+ if ((pgrp = tcgetpgrp(dst)) != -1)
+ killpg(pgrp, SIGWINCH);
+ }
+#endif
+}
+
+/*
+ * Handler for SIGWINCH in parent.
+ */
+static void
+sigwinch(s)
+ int s;
+{
+ int serrno = errno;
+
+ sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
+ errno = serrno;
+}
+
+/*
+ * Only close the fd if it is not /dev/tty or std{in,out,err}.
+ * Return value is the same as send(2).
+ */
+static int
+safe_close(fd)
+ int fd;
+{
+ /* Avoid closing /dev/tty or std{in,out,err}. */
+ if (fd < 3 || fd == io_fds[SFD_USERTTY]) {
+ errno = EINVAL;
+ return -1;
+ }
+ return close(fd);
+}
diff --git a/sudo-1.7.4p4/fileops.c b/sudo-1.7.4p4/fileops.c
new file mode 100644
index 0000000..ca4903f
--- /dev/null
+++ b/sudo-1.7.4p4/fileops.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2009, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#ifdef HAVE_FLOCK
+# include <sys/file.h>
+#endif /* HAVE_FLOCK */
+#include <stdio.h>
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <ctype.h>
+#include <limits.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <fcntl.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#ifndef HAVE_TIMESPEC
+# include <emul/timespec.h>
+#endif
+
+#include "sudo.h"
+
+#ifndef LINE_MAX
+# define LINE_MAX 2048
+#endif
+
+/*
+ * Update the access and modify times on an fd or file.
+ */
+int
+touch(fd, path, tvp)
+ int fd;
+ char *path;
+ struct timeval *tvp;
+{
+ struct timeval times[2];
+
+ if (tvp != NULL) {
+ times[0].tv_sec = times[1].tv_sec = tvp->tv_sec;
+ times[0].tv_usec = times[1].tv_usec = tvp->tv_usec;
+ }
+
+#if defined(HAVE_FUTIME) || defined(HAVE_FUTIMES)
+ if (fd != -1)
+ return(futimes(fd, tvp ? times : NULL));
+ else
+#endif
+ if (path != NULL)
+ return(utimes(path, tvp ? times : NULL));
+ else
+ return(-1);
+}
+
+/*
+ * Lock/unlock a file.
+ */
+#ifdef HAVE_LOCKF
+int
+lock_file(fd, lockit)
+ int fd;
+ int lockit;
+{
+ int op = 0;
+
+ switch (lockit) {
+ case SUDO_LOCK:
+ op = F_LOCK;
+ break;
+ case SUDO_TLOCK:
+ op = F_TLOCK;
+ break;
+ case SUDO_UNLOCK:
+ op = F_ULOCK;
+ break;
+ }
+ return(lockf(fd, op, 0) == 0);
+}
+#elif HAVE_FLOCK
+int
+lock_file(fd, lockit)
+ int fd;
+ int lockit;
+{
+ int op = 0;
+
+ switch (lockit) {
+ case SUDO_LOCK:
+ op = LOCK_EX;
+ break;
+ case SUDO_TLOCK:
+ op = LOCK_EX | LOCK_NB;
+ break;
+ case SUDO_UNLOCK:
+ op = LOCK_UN;
+ break;
+ }
+ return(flock(fd, op) == 0);
+}
+#else
+int
+lock_file(fd, lockit)
+ int fd;
+ int lockit;
+{
+#ifdef F_SETLK
+ int func;
+ struct flock lock;
+
+ lock.l_start = 0;
+ lock.l_len = 0;
+ lock.l_pid = getpid();
+ lock.l_type = (lockit == SUDO_UNLOCK) ? F_UNLCK : F_WRLCK;
+ lock.l_whence = SEEK_SET;
+ func = (lockit == SUDO_LOCK) ? F_SETLKW : F_SETLK;
+
+ return(fcntl(fd, func, &lock) == 0);
+#else
+ return(TRUE);
+#endif
+}
+#endif
+
+/*
+ * Read a line of input, remove comments and strip off leading
+ * and trailing spaces. Returns static storage that is reused.
+ */
+char *
+sudo_parseln(fp)
+ FILE *fp;
+{
+ size_t len;
+ char *cp = NULL;
+ static char buf[LINE_MAX];
+
+ if (fgets(buf, sizeof(buf), fp) != NULL) {
+ /* Remove comments */
+ if ((cp = strchr(buf, '#')) != NULL)
+ *cp = '\0';
+
+ /* Trim leading and trailing whitespace/newline */
+ len = strlen(buf);
+ while (len > 0 && isspace((unsigned char)buf[len - 1]))
+ buf[--len] = '\0';
+ for (cp = buf; isblank(*cp); cp++)
+ continue;
+ }
+ return(cp);
+}
diff --git a/sudo-1.7.4p4/find_path.c b/sudo-1.7.4p4/find_path.c
new file mode 100644
index 0000000..78c96ea
--- /dev/null
+++ b/sudo-1.7.4p4/find_path.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+
+#include "sudo.h"
+
+/*
+ * This function finds the full pathname for a command and
+ * stores it in a statically allocated array, filling in a pointer
+ * to the array. Returns FOUND if the command was found, NOT_FOUND
+ * if it was not found, or NOT_FOUND_DOT if it would have been found
+ * but it is in '.' and IGNORE_DOT is set.
+ */
+int
+find_path(infile, outfile, sbp, path, ignore_dot)
+ char *infile; /* file to find */
+ char **outfile; /* result parameter */
+ struct stat *sbp; /* stat result parameter */
+ char *path; /* path to search */
+ int ignore_dot; /* don't check cwd */
+{
+ static char command[PATH_MAX]; /* qualified filename */
+ char *n; /* for traversing path */
+ char *origpath; /* so we can free path later */
+ char *result = NULL; /* result of path/file lookup */
+ int checkdot = 0; /* check current dir? */
+ int len; /* length parameter */
+
+ if (strlen(infile) >= PATH_MAX)
+ errorx(1, "%s: File name too long", infile);
+
+ /*
+ * If we were given a fully qualified or relative path
+ * there is no need to look at $PATH.
+ */
+ if (strchr(infile, '/')) {
+ strlcpy(command, infile, sizeof(command)); /* paranoia */
+ if (sudo_goodpath(command, sbp)) {
+ *outfile = command;
+ return(FOUND);
+ } else
+ return(NOT_FOUND);
+ }
+
+ if (path == NULL)
+ return(NOT_FOUND);
+ path = estrdup(path);
+ origpath = path;
+
+ do {
+ if ((n = strchr(path, ':')))
+ *n = '\0';
+
+ /*
+ * Search current dir last if it is in PATH This will miss sneaky
+ * things like using './' or './/'
+ */
+ if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
+ checkdot = 1;
+ path = n + 1;
+ continue;
+ }
+
+ /*
+ * Resolve the path and exit the loop if found.
+ */
+ len = snprintf(command, sizeof(command), "%s/%s", path, infile);
+ if (len <= 0 || len >= sizeof(command))
+ errorx(1, "%s: File name too long", infile);
+ if ((result = sudo_goodpath(command, sbp)))
+ break;
+
+ path = n + 1;
+
+ } while (n);
+ efree(origpath);
+
+ /*
+ * Check current dir if dot was in the PATH
+ */
+ if (!result && checkdot) {
+ len = snprintf(command, sizeof(command), "./%s", infile);
+ if (len <= 0 || len >= sizeof(command))
+ errorx(1, "%s: File name too long", infile);
+ result = sudo_goodpath(command, sbp);
+ if (result && ignore_dot)
+ return(NOT_FOUND_DOT);
+ }
+
+ if (result) {
+ *outfile = result;
+ return(FOUND);
+ } else
+ return(NOT_FOUND);
+}
diff --git a/sudo-1.7.4p4/fnmatch.c b/sudo-1.7.4p4/fnmatch.c
new file mode 100644
index 0000000..2255e52
--- /dev/null
+++ b/sudo-1.7.4p4/fnmatch.c
@@ -0,0 +1,281 @@
+/*
+ * Copyright (c) 2008, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
+ * Compares a filename or pathname to a pattern.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <ctype.h>
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+
+#include <compat.h>
+#include "emul/fnmatch.h"
+#include "emul/charclass.h"
+
+#undef EOS
+#define EOS '\0'
+
+#define RANGE_MATCH 1
+#define RANGE_NOMATCH 0
+#define RANGE_ERROR (-1)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+__unused static const char rcsid[] = "$OpenBSD: fnmatch.c,v 1.6 1998/03/19 00:29:59 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+static int rangematch __P((const char *, int, int, char **));
+static int classmatch __P((const char *, int, int, const char **));
+
+int
+fnmatch(pattern, string, flags)
+ const char *pattern, *string;
+ int flags;
+{
+ const char *stringstart;
+ char *newp;
+ char c, test;
+
+ for (stringstart = string;;)
+ switch (c = *pattern++) {
+ case EOS:
+ if (ISSET(flags, FNM_LEADING_DIR) && *string == '/')
+ return (0);
+ return (*string == EOS ? 0 : FNM_NOMATCH);
+ case '?':
+ if (*string == EOS)
+ return (FNM_NOMATCH);
+ if (*string == '/' && ISSET(flags, FNM_PATHNAME))
+ return (FNM_NOMATCH);
+ if (*string == '.' && ISSET(flags, FNM_PERIOD) &&
+ (string == stringstart ||
+ (ISSET(flags, FNM_PATHNAME) && *(string - 1) == '/')))
+ return (FNM_NOMATCH);
+ ++string;
+ break;
+ case '*':
+ c = *pattern;
+ /* Collapse multiple stars. */
+ while (c == '*')
+ c = *++pattern;
+
+ if (*string == '.' && ISSET(flags, FNM_PERIOD) &&
+ (string == stringstart ||
+ (ISSET(flags, FNM_PATHNAME) && *(string - 1) == '/')))
+ return (FNM_NOMATCH);
+
+ /* Optimize for pattern with * at end or before /. */
+ if (c == EOS) {
+ if (ISSET(flags, FNM_PATHNAME))
+ return (ISSET(flags, FNM_LEADING_DIR) ||
+ strchr(string, '/') == NULL ?
+ 0 : FNM_NOMATCH);
+ else
+ return (0);
+ } else if (c == '/' && ISSET(flags, FNM_PATHNAME)) {
+ if ((string = strchr(string, '/')) == NULL)
+ return (FNM_NOMATCH);
+ break;
+ }
+
+ /* General case, use recursion. */
+ while ((test = *string) != EOS) {
+ if (!fnmatch(pattern, string, flags & ~FNM_PERIOD))
+ return (0);
+ if (test == '/' && ISSET(flags, FNM_PATHNAME))
+ break;
+ ++string;
+ }
+ return (FNM_NOMATCH);
+ case '[':
+ if (*string == EOS)
+ return (FNM_NOMATCH);
+ if (*string == '/' && ISSET(flags, FNM_PATHNAME))
+ return (FNM_NOMATCH);
+ if (*string == '.' && ISSET(flags, FNM_PERIOD) &&
+ (string == stringstart ||
+ (ISSET(flags, FNM_PATHNAME) && *(string - 1) == '/')))
+ return (FNM_NOMATCH);
+
+ switch (rangematch(pattern, *string, flags, &newp)) {
+ case RANGE_ERROR:
+ /* not a good range, treat as normal text */
+ goto normal;
+ case RANGE_MATCH:
+ pattern = newp;
+ break;
+ case RANGE_NOMATCH:
+ return (FNM_NOMATCH);
+ }
+ ++string;
+ break;
+ case '\\':
+ if (!ISSET(flags, FNM_NOESCAPE)) {
+ if ((c = *pattern++) == EOS) {
+ c = '\\';
+ --pattern;
+ }
+ }
+ /* FALLTHROUGH */
+ default:
+ normal:
+ if (c != *string && !(ISSET(flags, FNM_CASEFOLD) &&
+ (tolower((unsigned char)c) ==
+ tolower((unsigned char)*string))))
+ return (FNM_NOMATCH);
+ ++string;
+ break;
+ }
+ /* NOTREACHED */
+}
+
+static int
+#ifdef __STDC__
+rangematch(const char *pattern, int test, int flags, char **newp)
+#else
+rangematch(pattern, test, flags, newp)
+ const char *pattern;
+ int test;
+ int flags;
+ char **newp;
+#endif
+{
+ int negate, ok, rv;
+ char c, c2;
+
+ /*
+ * A bracket expression starting with an unquoted circumflex
+ * character produces unspecified results (IEEE 1003.2-1992,
+ * 3.13.2). This implementation treats it like '!', for
+ * consistency with the regular expression syntax.
+ * J.T. Conklin (conklin@ngai.kaleida.com)
+ */
+ if ((negate = (*pattern == '!' || *pattern == '^')))
+ ++pattern;
+
+ if (ISSET(flags, FNM_CASEFOLD))
+ test = tolower(test);
+
+ /*
+ * A right bracket shall lose its special meaning and represent
+ * itself in a bracket expression if it occurs first in the list.
+ * -- POSIX.2 2.8.3.2
+ */
+ ok = 0;
+ c = *pattern++;
+ do {
+ if (c == '[' && *pattern == ':') {
+ do {
+ rv = classmatch(pattern + 1, test,
+ (flags & FNM_CASEFOLD), &pattern);
+ if (rv == RANGE_MATCH)
+ ok = 1;
+ c = *pattern++;
+ } while (rv != RANGE_ERROR && c == '[' && *pattern == ':');
+ if (c == ']')
+ break;
+ }
+ if (c == '\\' && !ISSET(flags, FNM_NOESCAPE))
+ c = *pattern++;
+ if (c == EOS)
+ return (RANGE_ERROR);
+ if (c == '/' && ISSET(flags, FNM_PATHNAME))
+ return (RANGE_NOMATCH);
+ if (ISSET(flags, FNM_CASEFOLD))
+ c = tolower((unsigned char)c);
+ if (*pattern == '-'
+ && (c2 = *(pattern+1)) != EOS && c2 != ']') {
+ pattern += 2;
+ if (c2 == '\\' && !ISSET(flags, FNM_NOESCAPE))
+ c2 = *pattern++;
+ if (c2 == EOS)
+ return (RANGE_ERROR);
+ if (ISSET(flags, FNM_CASEFOLD))
+ c2 = tolower((unsigned char)c2);
+ if (c <= test && test <= c2)
+ ok = 1;
+ } else if (c == test)
+ ok = 1;
+ } while ((c = *pattern++) != ']');
+
+ *newp = (char *)pattern;
+ return (ok == negate ? RANGE_NOMATCH : RANGE_MATCH);
+}
+
+static int
+#ifdef __STDC__
+classmatch(const char *pattern, int test, int foldcase, const char **ep)
+#else
+classmatch(pattern, test, foldcase, ep)
+ const char *pattern;
+ int test;
+ int foldcase;
+ const char **ep;
+#endif
+{
+ struct cclass *cc;
+ const char *colon;
+ size_t len;
+ int rval = RANGE_NOMATCH;
+
+ if ((colon = strchr(pattern, ':')) == NULL || colon[1] != ']') {
+ *ep = pattern - 2;
+ return(RANGE_ERROR);
+ }
+ *ep = colon + 2;
+ len = (size_t)(colon - pattern);
+
+ if (foldcase && strncmp(pattern, "upper:]", 7) == 0)
+ pattern = "lower:]";
+ for (cc = cclasses; cc->name != NULL; cc++) {
+ if (!strncmp(pattern, cc->name, len) && cc->name[len] == '\0') {
+ if (cc->isctype(test))
+ rval = RANGE_MATCH;
+ break;
+ }
+ }
+ if (cc->name == NULL) {
+ /* invalid character class, return EOS */
+ *ep = colon + strlen(colon);
+ rval = RANGE_ERROR;
+ }
+ return(rval);
+}
diff --git a/sudo-1.7.4p4/get_pty.c b/sudo-1.7.4p4/get_pty.c
new file mode 100644
index 0000000..7b35108
--- /dev/null
+++ b/sudo-1.7.4p4/get_pty.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#ifdef HAVE_SYS_STROPTS_H
+#include <sys/stropts.h>
+#endif /* HAVE_SYS_STROPTS_H */
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <pwd.h>
+
+#ifdef HAVE_UTIL_H
+# include <util.h>
+#endif
+#ifdef HAVE_PTY_H
+# include <pty.h>
+#endif
+
+#include "sudo.h"
+
+#if defined(HAVE_OPENPTY)
+int
+get_pty(master, slave, name, namesz, ttyuid)
+ int *master;
+ int *slave;
+ char *name;
+ size_t namesz;
+ uid_t ttyuid;
+{
+ struct group *gr;
+ gid_t ttygid = -1;
+
+ if ((gr = sudo_getgrnam("tty")) != NULL)
+ ttygid = gr->gr_gid;
+
+ if (openpty(master, slave, name, NULL, NULL) != 0)
+ return(0);
+ (void) chown(name, ttyuid, ttygid);
+ return(1);
+}
+
+#elif defined(HAVE__GETPTY)
+int
+get_pty(master, slave, name, namesz, ttyuid)
+ int *master;
+ int *slave;
+ char *name;
+ size_t namesz;
+ uid_t ttyuid;
+{
+ char *line;
+
+ /* IRIX-style dynamic ptys (may fork) */
+ line = _getpty(master, O_RDWR, S_IRUSR|S_IWUSR|S_IWGRP, 0);
+ if (line == NULL)
+ return (0);
+ *slave = open(line, O_RDWR|O_NOCTTY, 0);
+ if (*slave == -1) {
+ close(*master);
+ return(0);
+ }
+ (void) chown(line, ttyuid, -1);
+ strlcpy(name, line, namesz);
+ return(1);
+}
+#elif defined(HAVE_GRANTPT)
+# ifndef HAVE_POSIX_OPENPT
+static int
+posix_openpt(oflag)
+ int oflag;
+{
+ int fd;
+
+# ifdef _AIX
+ fd = open("/dev/ptc", oflag);
+# else
+ fd = open("/dev/ptmx", oflag);
+# endif
+ return(fd);
+}
+# endif /* HAVE_POSIX_OPENPT */
+
+int
+get_pty(master, slave, name, namesz, ttyuid)
+ int *master;
+ int *slave;
+ char *name;
+ size_t namesz;
+ uid_t ttyuid;
+{
+ char *line;
+
+ *master = posix_openpt(O_RDWR|O_NOCTTY);
+ if (*master == -1)
+ return(0);
+
+ (void) grantpt(*master); /* may fork */
+ if (unlockpt(*master) != 0) {
+ close(*master);
+ return(0);
+ }
+ line = ptsname(*master);
+ if (line == NULL) {
+ close(*master);
+ return(0);
+ }
+ *slave = open(line, O_RDWR|O_NOCTTY, 0);
+ if (*slave == -1) {
+ close(*master);
+ return(0);
+ }
+# if defined(I_PUSH) && !defined(_AIX)
+ ioctl(*slave, I_PUSH, "ptem"); /* pseudo tty emulation module */
+ ioctl(*slave, I_PUSH, "ldterm"); /* line discipline module */
+# endif
+ (void) chown(line, ttyuid, -1);
+ strlcpy(name, line, namesz);
+ return(1);
+}
+
+#else /* Old-style BSD ptys */
+
+static char line[] = "/dev/ptyXX";
+
+int
+get_pty(master, slave, name, namesz, ttyuid)
+ int *master;
+ int *slave;
+ char *name;
+ size_t namesz;
+ uid_t ttyuid;
+{
+ char *bank, *cp;
+ struct group *gr;
+ gid_t ttygid = -1;
+
+ if ((gr = sudo_getgrnam("tty")) != NULL)
+ ttygid = gr->gr_gid;
+
+ for (bank = "pqrs"; *bank != '\0'; bank++) {
+ line[sizeof("/dev/ptyX") - 2] = *bank;
+ for (cp = "0123456789abcdef"; *cp != '\0'; cp++) {
+ line[sizeof("/dev/ptyXX") - 2] = *cp;
+ *master = open(line, O_RDWR|O_NOCTTY, 0);
+ if (*master == -1) {
+ if (errno == ENOENT)
+ return(0); /* out of ptys */
+ continue; /* already in use */
+ }
+ line[sizeof("/dev/p") - 2] = 't';
+ (void) chown(line, ttyuid, ttygid);
+ (void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
+# ifdef HAVE_REVOKE
+ (void) revoke(line);
+# endif
+ *slave = open(line, O_RDWR|O_NOCTTY, 0);
+ if (*slave != -1) {
+ strlcpy(name, line, namesz);
+ return(1); /* success */
+ }
+ (void) close(*master);
+ }
+ }
+ return(0);
+}
+#endif /* HAVE_OPENPTY */
diff --git a/sudo-1.7.4p4/getcwd.c b/sudo-1.7.4p4/getcwd.c
new file mode 100644
index 0000000..109794a
--- /dev/null
+++ b/sudo-1.7.4p4/getcwd.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright (c) 1989, 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+# include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+# include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+# include <ndir.h>
+# endif
+#endif
+
+#include <compat.h>
+
+#define ISDOT(dp) \
+ (dp->d_name[0] == '.' && (dp->d_name[1] == '\0' || \
+ (dp->d_name[1] == '.' && dp->d_name[2] == '\0')))
+
+char *
+getcwd(pt, size)
+ char *pt;
+ size_t size;
+{
+ struct dirent *dp;
+ DIR *dir = NULL;
+ dev_t dev;
+ ino_t ino;
+ int first;
+ char *bpt, *bup;
+ struct stat s;
+ dev_t root_dev;
+ ino_t root_ino;
+ size_t ptsize, upsize;
+ int save_errno;
+ char *ept, *eup, *up;
+
+ /*
+ * If no buffer specified by the user, allocate one as necessary.
+ * If a buffer is specified, the size has to be non-zero. The path
+ * is built from the end of the buffer backwards.
+ */
+ if (pt) {
+ ptsize = 0;
+ if (!size) {
+ errno = EINVAL;
+ return (NULL);
+ }
+ ept = pt + size;
+ } else {
+ if ((pt = malloc(ptsize = 1024 - 4)) == NULL)
+ return (NULL);
+ ept = pt + ptsize;
+ }
+ bpt = ept - 1;
+ *bpt = '\0';
+
+ /*
+ * Allocate bytes (1024 - malloc space) for the string of "../"'s.
+ * Should always be enough (it's 340 levels). If it's not, allocate
+ * as necessary. Special * case the first stat, it's ".", not "..".
+ */
+ if ((up = malloc(upsize = 1024 - 4)) == NULL)
+ goto err;
+ eup = up + PATH_MAX;
+ bup = up;
+ up[0] = '.';
+ up[1] = '\0';
+
+ /* Save root values, so know when to stop. */
+ if (stat("/", &s))
+ goto err;
+ root_dev = s.st_dev;
+ root_ino = s.st_ino;
+
+ errno = 0; /* XXX readdir has no error return. */
+
+ for (first = 1;; first = 0) {
+ /* Stat the current level. */
+ if (lstat(up, &s))
+ goto err;
+
+ /* Save current node values. */
+ ino = s.st_ino;
+ dev = s.st_dev;
+
+ /* Check for reaching root. */
+ if (root_dev == dev && root_ino == ino) {
+ *--bpt = '/';
+ /*
+ * It's unclear that it's a requirement to copy the
+ * path to the beginning of the buffer, but it's always
+ * been that way and stuff would probably break.
+ */
+ bcopy(bpt, pt, ept - bpt);
+ free(up);
+ return (pt);
+ }
+
+ /*
+ * Build pointer to the parent directory, allocating memory
+ * as necessary. Max length is 3 for "../", the largest
+ * possible component name, plus a trailing NULL.
+ */
+ if (bup + 3 + MAXNAMLEN + 1 >= eup) {
+ char *nup;
+
+ if ((nup = realloc(up, upsize *= 2)) == NULL)
+ goto err;
+ up = nup;
+ bup = up;
+ eup = up + upsize;
+ }
+ *bup++ = '.';
+ *bup++ = '.';
+ *bup = '\0';
+
+ /* Open and stat parent directory. */
+ if (!(dir = opendir(up)) || fstat(dirfd(dir), &s))
+ goto err;
+
+ /* Add trailing slash for next directory. */
+ *bup++ = '/';
+
+ /*
+ * If it's a mount point, have to stat each element because
+ * the inode number in the directory is for the entry in the
+ * parent directory, not the inode number of the mounted file.
+ */
+ save_errno = 0;
+ if (s.st_dev == dev) {
+ for (;;) {
+ if (!(dp = readdir(dir)))
+ goto notfound;
+ if (dp->d_fileno == ino)
+ break;
+ }
+ } else
+ for (;;) {
+ if (!(dp = readdir(dir)))
+ goto notfound;
+ if (ISDOT(dp))
+ continue;
+ bcopy(dp->d_name, bup, NAMLEN(dp) + 1);
+
+ /* Save the first error for later. */
+ if (lstat(up, &s)) {
+ if (!save_errno)
+ save_errno = errno;
+ errno = 0;
+ continue;
+ }
+ if (s.st_dev == dev && s.st_ino == ino)
+ break;
+ }
+
+ /*
+ * Check for length of the current name, preceding slash,
+ * leading slash.
+ */
+ if (bpt - pt <= NAMLEN(dp) + (first ? 1 : 2)) {
+ size_t len, off;
+ char *npt;
+
+ if (!ptsize) {
+ errno = ERANGE;
+ goto err;
+ }
+ off = bpt - pt;
+ len = ept - bpt;
+ if ((npt = realloc(pt, ptsize *= 2)) == NULL)
+ goto err;
+ pt = npt;
+ bpt = pt + off;
+ ept = pt + ptsize;
+ bcopy(bpt, ept - len, len);
+ bpt = ept - len;
+ }
+ if (!first)
+ *--bpt = '/';
+ bpt -= NAMLEN(dp);
+ bcopy(dp->d_name, bpt, NAMLEN(dp));
+ (void)closedir(dir);
+
+ /* Truncate any file name. */
+ *bup = '\0';
+ }
+
+notfound:
+ /*
+ * If readdir set errno, use it, not any saved error; otherwise,
+ * didn't find the current directory in its parent directory, set
+ * errno to ENOENT.
+ */
+ if (!errno)
+ errno = save_errno ? save_errno : ENOENT;
+ /* FALLTHROUGH */
+err:
+ if (ptsize)
+ free(pt);
+ if (up)
+ free(up);
+ if (dir)
+ (void)closedir(dir);
+ return (NULL);
+}
diff --git a/sudo-1.7.4p4/getdate.c b/sudo-1.7.4p4/getdate.c
new file mode 100644
index 0000000..928246b
--- /dev/null
+++ b/sudo-1.7.4p4/getdate.c
@@ -0,0 +1,1595 @@
+#include <stdlib.h>
+#include <string.h>
+#define YYBYACC 1
+#define YYMAJOR 1
+#define YYMINOR 9
+#define YYLEX yylex()
+#define YYEMPTY -1
+#define yyclearin (yychar=(YYEMPTY))
+#define yyerrok (yyerrflag=0)
+#define YYRECOVERING() (yyerrflag!=0)
+#define YYPREFIX "yy"
+#line 2 "getdate.y"
+/*
+** Originally written by Steven M. Bellovin <smb@research.att.com> while
+** at the University of North Carolina at Chapel Hill. Later tweaked by
+** a couple of people on Usenet. Completely overhauled by Rich $alz
+** <rsalz@bbn.com> and Jim Berets <jberets@bbn.com> in August, 1990;
+**
+** This grammar has 10 shift/reduce conflicts.
+**
+** This code is in the public domain and has no copyright.
+*/
+/* SUPPRESS 287 on yaccpar_sccsid *//* Unused static variable */
+/* SUPPRESS 288 on yyerrlab *//* Label unused */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <ctype.h>
+
+#include "compat.h"
+
+
+#define EPOCH 1970
+#define HOUR(x) ((time_t)(x) * 60)
+#define SECSPERDAY (24L * 60L * 60L)
+
+
+/*
+** An entry in the lexical lookup table.
+*/
+typedef struct _TABLE {
+ char *name;
+ int type;
+ time_t value;
+} TABLE;
+
+
+/*
+** Daylight-savings mode: on, off, or not yet known.
+*/
+typedef enum _DSTMODE {
+ DSTon, DSToff, DSTmaybe
+} DSTMODE;
+
+/*
+** Meridian: am, pm, or 24-hour style.
+*/
+typedef enum _MERIDIAN {
+ MERam, MERpm, MER24
+} MERIDIAN;
+
+
+/*
+** Global variables. We could get rid of most of these by using a good
+** union as the yacc stack. (This routine was originally written before
+** yacc had the %union construct.) Maybe someday; right now we only use
+** the %union very rarely.
+*/
+static char *yyInput;
+static DSTMODE yyDSTmode;
+static time_t yyDayOrdinal;
+static time_t yyDayNumber;
+static int yyHaveDate;
+static int yyHaveDay;
+static int yyHaveRel;
+static int yyHaveTime;
+static int yyHaveZone;
+static time_t yyTimezone;
+static time_t yyDay;
+static time_t yyHour;
+static time_t yyMinutes;
+static time_t yyMonth;
+static time_t yySeconds;
+static time_t yyYear;
+static MERIDIAN yyMeridian;
+static time_t yyRelMonth;
+static time_t yyRelSeconds;
+
+static int yyerror __P((char *s));
+static int yylex __P((void));
+static int yyparse __P((void));
+
+#line 107 "getdate.y"
+#ifndef YYSTYPE_DEFINED
+#define YYSTYPE_DEFINED
+typedef union {
+ time_t Number;
+ enum _MERIDIAN Meridian;
+} YYSTYPE;
+#endif /* YYSTYPE_DEFINED */
+#line 125 "y.tab.c"
+#define tAGO 257
+#define tDAY 258
+#define tDAYZONE 259
+#define tID 260
+#define tMERIDIAN 261
+#define tMINUTE_UNIT 262
+#define tMONTH 263
+#define tMONTH_UNIT 264
+#define tSEC_UNIT 265
+#define tSNUMBER 266
+#define tUNUMBER 267
+#define tZONE 268
+#define tDST 269
+#define YYERRCODE 256
+#if defined(__cplusplus) || defined(__STDC__)
+const short yylhs[] =
+#else
+short yylhs[] =
+#endif
+ { -1,
+ 0, 0, 2, 2, 2, 2, 2, 2, 3, 3,
+ 3, 3, 3, 4, 4, 4, 6, 6, 6, 5,
+ 5, 5, 5, 5, 5, 5, 5, 7, 7, 9,
+ 9, 9, 9, 9, 9, 9, 9, 9, 8, 1,
+ 1,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yylen[] =
+#else
+short yylen[] =
+#endif
+ { 2,
+ 0, 2, 1, 1, 1, 1, 1, 1, 2, 4,
+ 4, 6, 6, 1, 1, 2, 1, 2, 2, 3,
+ 5, 3, 3, 2, 4, 2, 3, 2, 1, 2,
+ 2, 1, 2, 2, 1, 2, 2, 1, 1, 0,
+ 1,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yydefred[] =
+#else
+short yydefred[] =
+#endif
+ { 1,
+ 0, 0, 15, 32, 0, 38, 35, 0, 0, 0,
+ 2, 3, 4, 5, 6, 7, 8, 0, 18, 0,
+ 31, 36, 33, 19, 9, 30, 0, 37, 34, 0,
+ 0, 0, 16, 28, 0, 23, 27, 22, 0, 0,
+ 25, 41, 11, 0, 10, 0, 0, 21, 13, 12,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yydgoto[] =
+#else
+short yydgoto[] =
+#endif
+ { 1,
+ 45, 11, 12, 13, 14, 15, 16, 17, 18,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yysindex[] =
+#else
+short yysindex[] =
+#endif
+ { 0,
+ -249, -38, 0, 0, -260, 0, 0, -240, -47, -248,
+ 0, 0, 0, 0, 0, 0, 0, -237, 0, -18,
+ 0, 0, 0, 0, 0, 0, -262, 0, 0, -239,
+ -238, -236, 0, 0, -235, 0, 0, 0, -56, -19,
+ 0, 0, 0, -234, 0, -232, -258, 0, 0, 0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yyrindex[] =
+#else
+short yyrindex[] =
+#endif
+ { 0,
+ 0, 1, 0, 0, 0, 0, 0, 0, 69, 12,
+ 0, 0, 0, 0, 0, 0, 0, 23, 0, 34,
+ 0, 0, 0, 0, 0, 0, 67, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 56, 45,
+ 0, 0, 0, 0, 0, 0, 56, 0, 0, 0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yygindex[] =
+#else
+short yygindex[] =
+#endif
+ { 0,
+ -17, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+#define YYTABLESIZE 337
+#if defined(__cplusplus) || defined(__STDC__)
+const short yytable[] =
+#else
+short yytable[] =
+#endif
+ { 32,
+ 17, 44, 42, 36, 37, 19, 20, 49, 2, 3,
+ 31, 14, 4, 5, 6, 7, 8, 9, 10, 34,
+ 33, 21, 29, 22, 23, 35, 38, 46, 39, 50,
+ 40, 41, 47, 24, 48, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 20, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 40, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 26, 0, 39, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 42, 0, 0, 0, 0, 43,
+ 24, 0, 0, 25, 26, 27, 28, 29, 30, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 17, 17,
+ 0, 0, 17, 17, 17, 17, 17, 17, 17, 14,
+ 14, 0, 0, 14, 14, 14, 14, 14, 14, 14,
+ 29, 29, 0, 0, 29, 29, 29, 29, 29, 29,
+ 29, 24, 24, 0, 0, 24, 24, 24, 24, 24,
+ 24, 24, 20, 20, 0, 0, 20, 20, 20, 20,
+ 20, 20, 20, 40, 40, 0, 0, 40, 40, 40,
+ 40, 0, 40, 40, 26, 26, 0, 39, 26, 26,
+ 26, 26, 0, 0, 26, 39, 39,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yycheck[] =
+#else
+short yycheck[] =
+#endif
+ { 47,
+ 0, 58, 261, 266, 267, 44, 267, 266, 258, 259,
+ 58, 0, 262, 263, 264, 265, 266, 267, 268, 257,
+ 269, 262, 0, 264, 265, 44, 266, 47, 267, 47,
+ 267, 267, 267, 0, 267, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, 0, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 0, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 0, -1, 0, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, 261, -1, -1, -1, -1, 266,
+ 258, -1, -1, 261, 262, 263, 264, 265, 266, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, 258, 259,
+ -1, -1, 262, 263, 264, 265, 266, 267, 268, 258,
+ 259, -1, -1, 262, 263, 264, 265, 266, 267, 268,
+ 258, 259, -1, -1, 262, 263, 264, 265, 266, 267,
+ 268, 258, 259, -1, -1, 262, 263, 264, 265, 266,
+ 267, 268, 258, 259, -1, -1, 262, 263, 264, 265,
+ 266, 267, 268, 258, 259, -1, -1, 262, 263, 264,
+ 265, -1, 267, 268, 258, 259, -1, 259, 262, 263,
+ 264, 265, -1, -1, 268, 267, 268,
+};
+#define YYFINAL 1
+#ifndef YYDEBUG
+#define YYDEBUG 0
+#endif
+#define YYMAXTOKEN 269
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const yyname[] =
+#else
+char *yyname[] =
+#endif
+ {
+"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,"','",0,0,"'/'",0,0,0,0,0,0,0,0,0,0,"':'",0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"tAGO","tDAY",
+"tDAYZONE","tID","tMERIDIAN","tMINUTE_UNIT","tMONTH","tMONTH_UNIT","tSEC_UNIT",
+"tSNUMBER","tUNUMBER","tZONE","tDST",
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const yyrule[] =
+#else
+char *yyrule[] =
+#endif
+ {"$accept : spec",
+"spec :",
+"spec : spec item",
+"item : time",
+"item : zone",
+"item : date",
+"item : day",
+"item : rel",
+"item : number",
+"time : tUNUMBER tMERIDIAN",
+"time : tUNUMBER ':' tUNUMBER o_merid",
+"time : tUNUMBER ':' tUNUMBER tSNUMBER",
+"time : tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid",
+"time : tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER",
+"zone : tZONE",
+"zone : tDAYZONE",
+"zone : tZONE tDST",
+"day : tDAY",
+"day : tDAY ','",
+"day : tUNUMBER tDAY",
+"date : tUNUMBER '/' tUNUMBER",
+"date : tUNUMBER '/' tUNUMBER '/' tUNUMBER",
+"date : tUNUMBER tSNUMBER tSNUMBER",
+"date : tUNUMBER tMONTH tSNUMBER",
+"date : tMONTH tUNUMBER",
+"date : tMONTH tUNUMBER ',' tUNUMBER",
+"date : tUNUMBER tMONTH",
+"date : tUNUMBER tMONTH tUNUMBER",
+"rel : relunit tAGO",
+"rel : relunit",
+"relunit : tUNUMBER tMINUTE_UNIT",
+"relunit : tSNUMBER tMINUTE_UNIT",
+"relunit : tMINUTE_UNIT",
+"relunit : tSNUMBER tSEC_UNIT",
+"relunit : tUNUMBER tSEC_UNIT",
+"relunit : tSEC_UNIT",
+"relunit : tSNUMBER tMONTH_UNIT",
+"relunit : tUNUMBER tMONTH_UNIT",
+"relunit : tMONTH_UNIT",
+"number : tUNUMBER",
+"o_merid :",
+"o_merid : tMERIDIAN",
+};
+#endif
+#ifdef YYSTACKSIZE
+#undef YYMAXDEPTH
+#define YYMAXDEPTH YYSTACKSIZE
+#else
+#ifdef YYMAXDEPTH
+#define YYSTACKSIZE YYMAXDEPTH
+#else
+#define YYSTACKSIZE 10000
+#define YYMAXDEPTH 10000
+#endif
+#endif
+#define YYINITSTACKSIZE 200
+/* LINTUSED */
+int yydebug;
+int yynerrs;
+int yyerrflag;
+int yychar;
+short *yyssp;
+YYSTYPE *yyvsp;
+YYSTYPE yyval;
+YYSTYPE yylval;
+short *yyss;
+short *yysslim;
+YYSTYPE *yyvs;
+int yystacksize;
+#line 326 "getdate.y"
+
+/* Month and day table. */
+static TABLE const MonthDayTable[] = {
+ { "january", tMONTH, 1 },
+ { "february", tMONTH, 2 },
+ { "march", tMONTH, 3 },
+ { "april", tMONTH, 4 },
+ { "may", tMONTH, 5 },
+ { "june", tMONTH, 6 },
+ { "july", tMONTH, 7 },
+ { "august", tMONTH, 8 },
+ { "september", tMONTH, 9 },
+ { "sept", tMONTH, 9 },
+ { "october", tMONTH, 10 },
+ { "november", tMONTH, 11 },
+ { "december", tMONTH, 12 },
+ { "sunday", tDAY, 0 },
+ { "monday", tDAY, 1 },
+ { "tuesday", tDAY, 2 },
+ { "tues", tDAY, 2 },
+ { "wednesday", tDAY, 3 },
+ { "wednes", tDAY, 3 },
+ { "thursday", tDAY, 4 },
+ { "thur", tDAY, 4 },
+ { "thurs", tDAY, 4 },
+ { "friday", tDAY, 5 },
+ { "saturday", tDAY, 6 },
+ { NULL }
+};
+
+/* Time units table. */
+static TABLE const UnitsTable[] = {
+ { "year", tMONTH_UNIT, 12 },
+ { "month", tMONTH_UNIT, 1 },
+ { "fortnight", tMINUTE_UNIT, 14 * 24 * 60 },
+ { "week", tMINUTE_UNIT, 7 * 24 * 60 },
+ { "day", tMINUTE_UNIT, 1 * 24 * 60 },
+ { "hour", tMINUTE_UNIT, 60 },
+ { "minute", tMINUTE_UNIT, 1 },
+ { "min", tMINUTE_UNIT, 1 },
+ { "second", tSEC_UNIT, 1 },
+ { "sec", tSEC_UNIT, 1 },
+ { NULL }
+};
+
+/* Assorted relative-time words. */
+static TABLE const OtherTable[] = {
+ { "tomorrow", tMINUTE_UNIT, 1 * 24 * 60 },
+ { "yesterday", tMINUTE_UNIT, -1 * 24 * 60 },
+ { "today", tMINUTE_UNIT, 0 },
+ { "now", tMINUTE_UNIT, 0 },
+ { "last", tUNUMBER, -1 },
+ { "this", tMINUTE_UNIT, 0 },
+ { "next", tUNUMBER, 2 },
+ { "first", tUNUMBER, 1 },
+/* { "second", tUNUMBER, 2 }, */
+ { "third", tUNUMBER, 3 },
+ { "fourth", tUNUMBER, 4 },
+ { "fifth", tUNUMBER, 5 },
+ { "sixth", tUNUMBER, 6 },
+ { "seventh", tUNUMBER, 7 },
+ { "eighth", tUNUMBER, 8 },
+ { "ninth", tUNUMBER, 9 },
+ { "tenth", tUNUMBER, 10 },
+ { "eleventh", tUNUMBER, 11 },
+ { "twelfth", tUNUMBER, 12 },
+ { "ago", tAGO, 1 },
+ { NULL }
+};
+
+/* The timezone table. */
+/* Some of these are commented out because a time_t can't store a float. */
+static TABLE const TimezoneTable[] = {
+ { "gmt", tZONE, HOUR( 0) }, /* Greenwich Mean */
+ { "ut", tZONE, HOUR( 0) }, /* Universal (Coordinated) */
+ { "utc", tZONE, HOUR( 0) },
+ { "wet", tZONE, HOUR( 0) }, /* Western European */
+ { "bst", tDAYZONE, HOUR( 0) }, /* British Summer */
+ { "wat", tZONE, HOUR( 1) }, /* West Africa */
+ { "at", tZONE, HOUR( 2) }, /* Azores */
+#if 0
+ /* For completeness. BST is also British Summer, and GST is
+ * also Guam Standard. */
+ { "bst", tZONE, HOUR( 3) }, /* Brazil Standard */
+ { "gst", tZONE, HOUR( 3) }, /* Greenland Standard */
+#endif
+#if 0
+ { "nft", tZONE, HOUR(3.5) }, /* Newfoundland */
+ { "nst", tZONE, HOUR(3.5) }, /* Newfoundland Standard */
+ { "ndt", tDAYZONE, HOUR(3.5) }, /* Newfoundland Daylight */
+#endif
+ { "ast", tZONE, HOUR( 4) }, /* Atlantic Standard */
+ { "adt", tDAYZONE, HOUR( 4) }, /* Atlantic Daylight */
+ { "est", tZONE, HOUR( 5) }, /* Eastern Standard */
+ { "edt", tDAYZONE, HOUR( 5) }, /* Eastern Daylight */
+ { "cst", tZONE, HOUR( 6) }, /* Central Standard */
+ { "cdt", tDAYZONE, HOUR( 6) }, /* Central Daylight */
+ { "mst", tZONE, HOUR( 7) }, /* Mountain Standard */
+ { "mdt", tDAYZONE, HOUR( 7) }, /* Mountain Daylight */
+ { "pst", tZONE, HOUR( 8) }, /* Pacific Standard */
+ { "pdt", tDAYZONE, HOUR( 8) }, /* Pacific Daylight */
+ { "yst", tZONE, HOUR( 9) }, /* Yukon Standard */
+ { "ydt", tDAYZONE, HOUR( 9) }, /* Yukon Daylight */
+ { "hst", tZONE, HOUR(10) }, /* Hawaii Standard */
+ { "hdt", tDAYZONE, HOUR(10) }, /* Hawaii Daylight */
+ { "cat", tZONE, HOUR(10) }, /* Central Alaska */
+ { "ahst", tZONE, HOUR(10) }, /* Alaska-Hawaii Standard */
+ { "nt", tZONE, HOUR(11) }, /* Nome */
+ { "idlw", tZONE, HOUR(12) }, /* International Date Line West */
+ { "cet", tZONE, -HOUR(1) }, /* Central European */
+ { "met", tZONE, -HOUR(1) }, /* Middle European */
+ { "mewt", tZONE, -HOUR(1) }, /* Middle European Winter */
+ { "mest", tDAYZONE, -HOUR(1) }, /* Middle European Summer */
+ { "swt", tZONE, -HOUR(1) }, /* Swedish Winter */
+ { "sst", tDAYZONE, -HOUR(1) }, /* Swedish Summer */
+ { "fwt", tZONE, -HOUR(1) }, /* French Winter */
+ { "fst", tDAYZONE, -HOUR(1) }, /* French Summer */
+ { "eet", tZONE, -HOUR(2) }, /* Eastern Europe, USSR Zone 1 */
+ { "bt", tZONE, -HOUR(3) }, /* Baghdad, USSR Zone 2 */
+#if 0
+ { "it", tZONE, -HOUR(3.5) },/* Iran */
+#endif
+ { "zp4", tZONE, -HOUR(4) }, /* USSR Zone 3 */
+ { "zp5", tZONE, -HOUR(5) }, /* USSR Zone 4 */
+#if 0
+ { "ist", tZONE, -HOUR(5.5) },/* Indian Standard */
+#endif
+ { "zp6", tZONE, -HOUR(6) }, /* USSR Zone 5 */
+#if 0
+ /* For completeness. NST is also Newfoundland Stanard, and SST is
+ * also Swedish Summer. */
+ { "nst", tZONE, -HOUR(6.5) },/* North Sumatra */
+ { "sst", tZONE, -HOUR(7) }, /* South Sumatra, USSR Zone 6 */
+#endif /* 0 */
+ { "wast", tZONE, -HOUR(7) }, /* West Australian Standard */
+ { "wadt", tDAYZONE, -HOUR(7) }, /* West Australian Daylight */
+#if 0
+ { "jt", tZONE, -HOUR(7.5) },/* Java (3pm in Cronusland!) */
+#endif
+ { "cct", tZONE, -HOUR(8) }, /* China Coast, USSR Zone 7 */
+ { "jst", tZONE, -HOUR(9) }, /* Japan Standard, USSR Zone 8 */
+#if 0
+ { "cast", tZONE, -HOUR(9.5) },/* Central Australian Standard */
+ { "cadt", tDAYZONE, -HOUR(9.5) },/* Central Australian Daylight */
+#endif
+ { "east", tZONE, -HOUR(10) }, /* Eastern Australian Standard */
+ { "eadt", tDAYZONE, -HOUR(10) }, /* Eastern Australian Daylight */
+ { "gst", tZONE, -HOUR(10) }, /* Guam Standard, USSR Zone 9 */
+ { "nzt", tZONE, -HOUR(12) }, /* New Zealand */
+ { "nzst", tZONE, -HOUR(12) }, /* New Zealand Standard */
+ { "nzdt", tDAYZONE, -HOUR(12) }, /* New Zealand Daylight */
+ { "idle", tZONE, -HOUR(12) }, /* International Date Line East */
+ { NULL }
+};
+
+/* Military timezone table. */
+static TABLE const MilitaryTable[] = {
+ { "a", tZONE, HOUR( 1) },
+ { "b", tZONE, HOUR( 2) },
+ { "c", tZONE, HOUR( 3) },
+ { "d", tZONE, HOUR( 4) },
+ { "e", tZONE, HOUR( 5) },
+ { "f", tZONE, HOUR( 6) },
+ { "g", tZONE, HOUR( 7) },
+ { "h", tZONE, HOUR( 8) },
+ { "i", tZONE, HOUR( 9) },
+ { "k", tZONE, HOUR( 10) },
+ { "l", tZONE, HOUR( 11) },
+ { "m", tZONE, HOUR( 12) },
+ { "n", tZONE, HOUR(- 1) },
+ { "o", tZONE, HOUR(- 2) },
+ { "p", tZONE, HOUR(- 3) },
+ { "q", tZONE, HOUR(- 4) },
+ { "r", tZONE, HOUR(- 5) },
+ { "s", tZONE, HOUR(- 6) },
+ { "t", tZONE, HOUR(- 7) },
+ { "u", tZONE, HOUR(- 8) },
+ { "v", tZONE, HOUR(- 9) },
+ { "w", tZONE, HOUR(-10) },
+ { "x", tZONE, HOUR(-11) },
+ { "y", tZONE, HOUR(-12) },
+ { "z", tZONE, HOUR( 0) },
+ { NULL }
+};
+
+�
+
+
+/* ARGSUSED */
+static int
+yyerror(s)
+ char *s;
+{
+ return 0;
+}
+
+
+static time_t
+ToSeconds(Hours, Minutes, Seconds, Meridian)
+ time_t Hours;
+ time_t Minutes;
+ time_t Seconds;
+ MERIDIAN Meridian;
+{
+ if (Minutes < 0 || Minutes > 59 || Seconds < 0 || Seconds > 59)
+ return -1;
+ switch (Meridian) {
+ case MER24:
+ if (Hours < 0 || Hours > 23)
+ return -1;
+ return (Hours * 60L + Minutes) * 60L + Seconds;
+ case MERam:
+ if (Hours < 1 || Hours > 12)
+ return -1;
+ if (Hours == 12)
+ Hours = 0;
+ return (Hours * 60L + Minutes) * 60L + Seconds;
+ case MERpm:
+ if (Hours < 1 || Hours > 12)
+ return -1;
+ if (Hours == 12)
+ Hours = 0;
+ return ((Hours + 12) * 60L + Minutes) * 60L + Seconds;
+ default:
+ abort ();
+ }
+ /* NOTREACHED */
+}
+
+
+/* Year is either
+ * A negative number, which means to use its absolute value (why?)
+ * A number from 0 to 99, which means a year from 1900 to 1999, or
+ * The actual year (>=100). */
+static time_t
+Convert(Month, Day, Year, Hours, Minutes, Seconds, Meridian, DSTmode)
+ time_t Month;
+ time_t Day;
+ time_t Year;
+ time_t Hours;
+ time_t Minutes;
+ time_t Seconds;
+ MERIDIAN Meridian;
+ DSTMODE DSTmode;
+{
+ static int DaysInMonth[12] = {
+ 31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+ };
+ time_t tod;
+ time_t Julian;
+ int i;
+
+ if (Year < 0)
+ Year = -Year;
+ if (Year < 69)
+ Year += 2000;
+ else if (Year < 100) {
+ Year += 1900;
+ if (Year < EPOCH)
+ Year += 100;
+ }
+ DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
+ ? 29 : 28;
+ /* Checking for 2038 bogusly assumes that time_t is 32 bits. But
+ I'm too lazy to try to check for time_t overflow in another way. */
+ if (Year < EPOCH || Year > 2038
+ || Month < 1 || Month > 12
+ /* Lint fluff: "conversion from long may lose accuracy" */
+ || Day < 1 || Day > DaysInMonth[(int)--Month])
+ return -1;
+
+ for (Julian = Day - 1, i = 0; i < Month; i++)
+ Julian += DaysInMonth[i];
+ for (i = EPOCH; i < Year; i++)
+ Julian += 365 + (i % 4 == 0);
+ Julian *= SECSPERDAY;
+ Julian += yyTimezone * 60L;
+ if ((tod = ToSeconds(Hours, Minutes, Seconds, Meridian)) < 0)
+ return -1;
+ Julian += tod;
+ if (DSTmode == DSTon
+ || (DSTmode == DSTmaybe && localtime(&Julian)->tm_isdst))
+ Julian -= 60 * 60;
+ return Julian;
+}
+
+
+static time_t
+DSTcorrect(Start, Future)
+ time_t Start;
+ time_t Future;
+{
+ time_t StartDay;
+ time_t FutureDay;
+
+ StartDay = (localtime(&Start)->tm_hour + 1) % 24;
+ FutureDay = (localtime(&Future)->tm_hour + 1) % 24;
+ return (Future - Start) + (StartDay - FutureDay) * 60L * 60L;
+}
+
+
+static time_t
+RelativeDate(Start, DayOrdinal, DayNumber)
+ time_t Start;
+ time_t DayOrdinal;
+ time_t DayNumber;
+{
+ struct tm *tm;
+ time_t now;
+
+ now = Start;
+ tm = localtime(&now);
+ now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7);
+ now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1);
+ return DSTcorrect(Start, now);
+}
+
+
+static time_t
+RelativeMonth(Start, RelMonth)
+ time_t Start;
+ time_t RelMonth;
+{
+ struct tm *tm;
+ time_t Month;
+ time_t Year;
+
+ if (RelMonth == 0)
+ return 0;
+ tm = localtime(&Start);
+ Month = 12 * (tm->tm_year + 1900) + tm->tm_mon + RelMonth;
+ Year = Month / 12;
+ Month = Month % 12 + 1;
+ return DSTcorrect(Start,
+ Convert(Month, (time_t)tm->tm_mday, Year,
+ (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec,
+ MER24, DSTmaybe));
+}
+
+
+static int
+LookupWord(buff)
+ char *buff;
+{
+ char *p;
+ char *q;
+ const TABLE *tp;
+ int i;
+ int abbrev;
+
+ /* Make it lowercase. */
+ for (p = buff; *p; p++)
+ if (isupper((unsigned char)*p))
+ *p = tolower((unsigned char)*p);
+
+ if (strcmp(buff, "am") == 0 || strcmp(buff, "a.m.") == 0) {
+ yylval.Meridian = MERam;
+ return tMERIDIAN;
+ }
+ if (strcmp(buff, "pm") == 0 || strcmp(buff, "p.m.") == 0) {
+ yylval.Meridian = MERpm;
+ return tMERIDIAN;
+ }
+
+ /* See if we have an abbreviation for a month. */
+ if (strlen(buff) == 3)
+ abbrev = 1;
+ else if (strlen(buff) == 4 && buff[3] == '.') {
+ abbrev = 1;
+ buff[3] = '\0';
+ }
+ else
+ abbrev = 0;
+
+ for (tp = MonthDayTable; tp->name; tp++) {
+ if (abbrev) {
+ if (strncmp(buff, tp->name, 3) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+ }
+ else if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+ }
+
+ for (tp = TimezoneTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+
+ if (strcmp(buff, "dst") == 0)
+ return tDST;
+
+ for (tp = UnitsTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+
+ /* Strip off any plural and try the units table again. */
+ i = strlen(buff) - 1;
+ if (buff[i] == 's') {
+ buff[i] = '\0';
+ for (tp = UnitsTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+ buff[i] = 's'; /* Put back for "this" in OtherTable. */
+ }
+
+ for (tp = OtherTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+
+ /* Military timezones. */
+ if (buff[1] == '\0' && isalpha((unsigned char)*buff)) {
+ for (tp = MilitaryTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+ }
+
+ /* Drop out any periods and try the timezone table again. */
+ for (i = 0, p = q = buff; *q; q++)
+ if (*q != '.')
+ *p++ = *q;
+ else
+ i++;
+ *p = '\0';
+ if (i)
+ for (tp = TimezoneTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+
+ return tID;
+}
+
+
+static int
+yylex()
+{
+ char c;
+ char *p;
+ char buff[20];
+ int Count;
+ int sign;
+
+ for ( ; ; ) {
+ while (isspace((unsigned char)*yyInput))
+ yyInput++;
+
+ if (isdigit((unsigned char)(c = *yyInput)) || c == '-' || c == '+') {
+ if (c == '-' || c == '+') {
+ sign = c == '-' ? -1 : 1;
+ if (!isdigit((unsigned char)*++yyInput))
+ /* skip the '-' sign */
+ continue;
+ }
+ else
+ sign = 0;
+ for (yylval.Number = 0; isdigit((unsigned char)(c = *yyInput++)); )
+ yylval.Number = 10 * yylval.Number + c - '0';
+ yyInput--;
+ if (sign < 0)
+ yylval.Number = -yylval.Number;
+ return sign ? tSNUMBER : tUNUMBER;
+ }
+ if (isalpha((unsigned char)c)) {
+ for (p = buff; isalpha((unsigned char)(c = *yyInput++)) || c == '.'; )
+ if (p < &buff[sizeof buff - 1])
+ *p++ = c;
+ *p = '\0';
+ yyInput--;
+ return LookupWord(buff);
+ }
+ if (c != '(')
+ return *yyInput++;
+ Count = 0;
+ do {
+ c = *yyInput++;
+ if (c == '\0')
+ return c;
+ if (c == '(')
+ Count++;
+ else if (c == ')')
+ Count--;
+ } while (Count > 0);
+ }
+}
+
+#define TM_YEAR_ORIGIN 1900
+
+/* Yield A - B, measured in seconds. */
+static long
+difftm (a, b)
+ struct tm *a, *b;
+{
+ int ay = a->tm_year + (TM_YEAR_ORIGIN - 1);
+ int by = b->tm_year + (TM_YEAR_ORIGIN - 1);
+ int days = (
+ /* difference in day of year */
+ a->tm_yday - b->tm_yday
+ /* + intervening leap days */
+ + ((ay >> 2) - (by >> 2))
+ - (ay/100 - by/100)
+ + ((ay/100 >> 2) - (by/100 >> 2))
+ /* + difference in years * 365 */
+ + (long)(ay-by) * 365
+ );
+ return (60*(60*(24*days + (a->tm_hour - b->tm_hour))
+ + (a->tm_min - b->tm_min))
+ + (a->tm_sec - b->tm_sec));
+}
+
+time_t
+get_date(p)
+ char *p;
+{
+ struct tm *tm, *gmt, gmtbuf;
+ time_t Start;
+ time_t tod;
+ time_t now;
+ time_t timezone;
+
+ yyInput = p;
+ (void)time (&now);
+
+ gmt = gmtime (&now);
+ if (gmt != NULL)
+ {
+ /* Make a copy, in case localtime modifies *tm (I think
+ that comment now applies to *gmt, but I am too
+ lazy to dig into how gmtime and locatime allocate the
+ structures they return pointers to). */
+ gmtbuf = *gmt;
+ gmt = &gmtbuf;
+ }
+
+ if (! (tm = localtime (&now)))
+ return -1;
+
+ if (gmt != NULL)
+ timezone = difftm (gmt, tm) / 60;
+ else
+ /* We are on a system like VMS, where the system clock is
+ in local time and the system has no concept of timezones.
+ Hopefully we can fake this out (for the case in which the
+ user specifies no timezone) by just saying the timezone
+ is zero. */
+ timezone = 0;
+
+ if(tm->tm_isdst)
+ timezone += 60;
+
+ tm = localtime(&now);
+ yyYear = tm->tm_year + 1900;
+ yyMonth = tm->tm_mon + 1;
+ yyDay = tm->tm_mday;
+ yyTimezone = timezone;
+ yyDSTmode = DSTmaybe;
+ yyHour = 0;
+ yyMinutes = 0;
+ yySeconds = 0;
+ yyMeridian = MER24;
+ yyRelSeconds = 0;
+ yyRelMonth = 0;
+ yyHaveDate = 0;
+ yyHaveDay = 0;
+ yyHaveRel = 0;
+ yyHaveTime = 0;
+ yyHaveZone = 0;
+
+ if (yyparse()
+ || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1)
+ return -1;
+
+ if (yyHaveDate || yyHaveTime || yyHaveDay) {
+ Start = Convert(yyMonth, yyDay, yyYear, yyHour, yyMinutes, yySeconds,
+ yyMeridian, yyDSTmode);
+ if (Start < 0)
+ return -1;
+ }
+ else {
+ Start = now;
+ if (!yyHaveRel)
+ Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec;
+ }
+
+ Start += yyRelSeconds;
+ Start += RelativeMonth(Start, yyRelMonth);
+
+ if (yyHaveDay && !yyHaveDate) {
+ tod = RelativeDate(Start, yyDayOrdinal, yyDayNumber);
+ Start += tod;
+ }
+
+ /* Have to do *something* with a legitimate -1 so it's distinguishable
+ * from the error return value. (Alternately could set errno on error.) */
+ return Start == -1 ? 0 : Start;
+}
+
+
+#if defined(TEST)
+
+/* ARGSUSED */
+int
+main(ac, av)
+ int ac;
+ char *av[];
+{
+ char buff[128];
+ time_t d;
+
+ (void)printf("Enter date, or blank line to exit.\n\t> ");
+ (void)fflush(stdout);
+ while (gets(buff) && buff[0]) {
+ d = get_date(buff);
+ if (d == -1)
+ (void)printf("Bad format - couldn't convert.\n");
+ else
+ (void)printf("%s", ctime(&d));
+ (void)printf("\t> ");
+ (void)fflush(stdout);
+ }
+ exit(0);
+ /* NOTREACHED */
+}
+#endif /* defined(TEST) */
+#line 979 "y.tab.c"
+/* allocate initial stack or double stack size, up to YYMAXDEPTH */
+#if defined(__cplusplus) || defined(__STDC__)
+static int yygrowstack(void)
+#else
+static int yygrowstack()
+#endif
+{
+ int newsize, i;
+ short *newss;
+ YYSTYPE *newvs;
+
+ if ((newsize = yystacksize) == 0)
+ newsize = YYINITSTACKSIZE;
+ else if (newsize >= YYMAXDEPTH)
+ return -1;
+ else if ((newsize *= 2) > YYMAXDEPTH)
+ newsize = YYMAXDEPTH;
+ i = yyssp - yyss;
+#ifdef SIZE_MAX
+#define YY_SIZE_MAX SIZE_MAX
+#else
+#define YY_SIZE_MAX 0x7fffffff
+#endif
+ if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
+ goto bail;
+ newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
+ (short *)malloc(newsize * sizeof *newss); /* overflow check above */
+ if (newss == NULL)
+ goto bail;
+ yyss = newss;
+ yyssp = newss + i;
+ if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
+ goto bail;
+ newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
+ (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
+ if (newvs == NULL)
+ goto bail;
+ yyvs = newvs;
+ yyvsp = newvs + i;
+ yystacksize = newsize;
+ yysslim = yyss + newsize - 1;
+ return 0;
+bail:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return -1;
+}
+
+#define YYABORT goto yyabort
+#define YYREJECT goto yyabort
+#define YYACCEPT goto yyaccept
+#define YYERROR goto yyerrlab
+int
+#if defined(__cplusplus) || defined(__STDC__)
+yyparse(void)
+#else
+yyparse()
+#endif
+{
+ int yym, yyn, yystate;
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+ const char *yys;
+#else /* !(defined(__cplusplus) || defined(__STDC__)) */
+ char *yys;
+#endif /* !(defined(__cplusplus) || defined(__STDC__)) */
+
+ if ((yys = getenv("YYDEBUG")))
+ {
+ yyn = *yys;
+ if (yyn >= '0' && yyn <= '9')
+ yydebug = yyn - '0';
+ }
+#endif /* YYDEBUG */
+
+ yynerrs = 0;
+ yyerrflag = 0;
+ yychar = (-1);
+
+ if (yyss == NULL && yygrowstack()) goto yyoverflow;
+ yyssp = yyss;
+ yyvsp = yyvs;
+ *yyssp = yystate = 0;
+
+yyloop:
+ if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
+ if (yychar < 0)
+ {
+ if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+ if (yydebug)
+ {
+ yys = 0;
+ if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+ if (!yys) yys = "illegal-symbol";
+ printf("%sdebug: state %d, reading %d (%s)\n",
+ YYPREFIX, yystate, yychar, yys);
+ }
+#endif
+ }
+ if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: state %d, shifting to state %d\n",
+ YYPREFIX, yystate, yytable[yyn]);
+#endif
+ if (yyssp >= yysslim && yygrowstack())
+ {
+ goto yyoverflow;
+ }
+ *++yyssp = yystate = yytable[yyn];
+ *++yyvsp = yylval;
+ yychar = (-1);
+ if (yyerrflag > 0) --yyerrflag;
+ goto yyloop;
+ }
+ if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+ {
+ yyn = yytable[yyn];
+ goto yyreduce;
+ }
+ if (yyerrflag) goto yyinrecovery;
+#if defined(lint) || defined(__GNUC__)
+ goto yynewerror;
+#endif
+yynewerror:
+ yyerror("syntax error");
+#if defined(lint) || defined(__GNUC__)
+ goto yyerrlab;
+#endif
+yyerrlab:
+ ++yynerrs;
+yyinrecovery:
+ if (yyerrflag < 3)
+ {
+ yyerrflag = 3;
+ for (;;)
+ {
+ if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: state %d, error recovery shifting\
+ to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
+#endif
+ if (yyssp >= yysslim && yygrowstack())
+ {
+ goto yyoverflow;
+ }
+ *++yyssp = yystate = yytable[yyn];
+ *++yyvsp = yylval;
+ goto yyloop;
+ }
+ else
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: error recovery discarding state %d\n",
+ YYPREFIX, *yyssp);
+#endif
+ if (yyssp <= yyss) goto yyabort;
+ --yyssp;
+ --yyvsp;
+ }
+ }
+ }
+ else
+ {
+ if (yychar == 0) goto yyabort;
+#if YYDEBUG
+ if (yydebug)
+ {
+ yys = 0;
+ if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+ if (!yys) yys = "illegal-symbol";
+ printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
+ YYPREFIX, yystate, yychar, yys);
+ }
+#endif
+ yychar = (-1);
+ goto yyloop;
+ }
+yyreduce:
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: state %d, reducing by rule %d (%s)\n",
+ YYPREFIX, yystate, yyn, yyrule[yyn]);
+#endif
+ yym = yylen[yyn];
+ if (yym)
+ yyval = yyvsp[1-yym];
+ else
+ memset(&yyval, 0, sizeof yyval);
+ switch (yyn)
+ {
+case 3:
+#line 125 "getdate.y"
+{
+ yyHaveTime++;
+ }
+break;
+case 4:
+#line 128 "getdate.y"
+{
+ yyHaveZone++;
+ }
+break;
+case 5:
+#line 131 "getdate.y"
+{
+ yyHaveDate++;
+ }
+break;
+case 6:
+#line 134 "getdate.y"
+{
+ yyHaveDay++;
+ }
+break;
+case 7:
+#line 137 "getdate.y"
+{
+ yyHaveRel++;
+ }
+break;
+case 9:
+#line 143 "getdate.y"
+{
+ yyHour = yyvsp[-1].Number;
+ yyMinutes = 0;
+ yySeconds = 0;
+ yyMeridian = yyvsp[0].Meridian;
+ }
+break;
+case 10:
+#line 149 "getdate.y"
+{
+ yyHour = yyvsp[-3].Number;
+ yyMinutes = yyvsp[-1].Number;
+ yySeconds = 0;
+ yyMeridian = yyvsp[0].Meridian;
+ }
+break;
+case 11:
+#line 155 "getdate.y"
+{
+ yyHour = yyvsp[-3].Number;
+ yyMinutes = yyvsp[-1].Number;
+ yyMeridian = MER24;
+ yyDSTmode = DSToff;
+ yyTimezone = - (yyvsp[0].Number % 100 + (yyvsp[0].Number / 100) * 60);
+ }
+break;
+case 12:
+#line 162 "getdate.y"
+{
+ yyHour = yyvsp[-5].Number;
+ yyMinutes = yyvsp[-3].Number;
+ yySeconds = yyvsp[-1].Number;
+ yyMeridian = yyvsp[0].Meridian;
+ }
+break;
+case 13:
+#line 168 "getdate.y"
+{
+ yyHour = yyvsp[-5].Number;
+ yyMinutes = yyvsp[-3].Number;
+ yySeconds = yyvsp[-1].Number;
+ yyMeridian = MER24;
+ yyDSTmode = DSToff;
+ yyTimezone = - (yyvsp[0].Number % 100 + (yyvsp[0].Number / 100) * 60);
+ }
+break;
+case 14:
+#line 178 "getdate.y"
+{
+ yyTimezone = yyvsp[0].Number;
+ yyDSTmode = DSToff;
+ }
+break;
+case 15:
+#line 182 "getdate.y"
+{
+ yyTimezone = yyvsp[0].Number;
+ yyDSTmode = DSTon;
+ }
+break;
+case 16:
+#line 187 "getdate.y"
+{
+ yyTimezone = yyvsp[-1].Number;
+ yyDSTmode = DSTon;
+ }
+break;
+case 17:
+#line 193 "getdate.y"
+{
+ yyDayOrdinal = 1;
+ yyDayNumber = yyvsp[0].Number;
+ }
+break;
+case 18:
+#line 197 "getdate.y"
+{
+ yyDayOrdinal = 1;
+ yyDayNumber = yyvsp[-1].Number;
+ }
+break;
+case 19:
+#line 201 "getdate.y"
+{
+ yyDayOrdinal = yyvsp[-1].Number;
+ yyDayNumber = yyvsp[0].Number;
+ }
+break;
+case 20:
+#line 207 "getdate.y"
+{
+ yyMonth = yyvsp[-2].Number;
+ yyDay = yyvsp[0].Number;
+ }
+break;
+case 21:
+#line 211 "getdate.y"
+{
+ if (yyvsp[-4].Number >= 100) {
+ yyYear = yyvsp[-4].Number;
+ yyMonth = yyvsp[-2].Number;
+ yyDay = yyvsp[0].Number;
+ } else {
+ yyMonth = yyvsp[-4].Number;
+ yyDay = yyvsp[-2].Number;
+ yyYear = yyvsp[0].Number;
+ }
+ }
+break;
+case 22:
+#line 222 "getdate.y"
+{
+ /* ISO 8601 format. yyyy-mm-dd. */
+ yyYear = yyvsp[-2].Number;
+ yyMonth = -yyvsp[-1].Number;
+ yyDay = -yyvsp[0].Number;
+ }
+break;
+case 23:
+#line 228 "getdate.y"
+{
+ /* e.g. 17-JUN-1992. */
+ yyDay = yyvsp[-2].Number;
+ yyMonth = yyvsp[-1].Number;
+ yyYear = -yyvsp[0].Number;
+ }
+break;
+case 24:
+#line 234 "getdate.y"
+{
+ yyMonth = yyvsp[-1].Number;
+ yyDay = yyvsp[0].Number;
+ }
+break;
+case 25:
+#line 238 "getdate.y"
+{
+ yyMonth = yyvsp[-3].Number;
+ yyDay = yyvsp[-2].Number;
+ yyYear = yyvsp[0].Number;
+ }
+break;
+case 26:
+#line 243 "getdate.y"
+{
+ yyMonth = yyvsp[0].Number;
+ yyDay = yyvsp[-1].Number;
+ }
+break;
+case 27:
+#line 247 "getdate.y"
+{
+ yyMonth = yyvsp[-1].Number;
+ yyDay = yyvsp[-2].Number;
+ yyYear = yyvsp[0].Number;
+ }
+break;
+case 28:
+#line 254 "getdate.y"
+{
+ yyRelSeconds = -yyRelSeconds;
+ yyRelMonth = -yyRelMonth;
+ }
+break;
+case 30:
+#line 261 "getdate.y"
+{
+ yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number * 60L;
+ }
+break;
+case 31:
+#line 264 "getdate.y"
+{
+ yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number * 60L;
+ }
+break;
+case 32:
+#line 267 "getdate.y"
+{
+ yyRelSeconds += yyvsp[0].Number * 60L;
+ }
+break;
+case 33:
+#line 270 "getdate.y"
+{
+ yyRelSeconds += yyvsp[-1].Number;
+ }
+break;
+case 34:
+#line 273 "getdate.y"
+{
+ yyRelSeconds += yyvsp[-1].Number;
+ }
+break;
+case 35:
+#line 276 "getdate.y"
+{
+ yyRelSeconds++;
+ }
+break;
+case 36:
+#line 279 "getdate.y"
+{
+ yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number;
+ }
+break;
+case 37:
+#line 282 "getdate.y"
+{
+ yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number;
+ }
+break;
+case 38:
+#line 285 "getdate.y"
+{
+ yyRelMonth += yyvsp[0].Number;
+ }
+break;
+case 39:
+#line 290 "getdate.y"
+{
+ if (yyHaveTime && yyHaveDate && !yyHaveRel)
+ yyYear = yyvsp[0].Number;
+ else {
+ if(yyvsp[0].Number>10000) {
+ yyHaveDate++;
+ yyDay= (yyvsp[0].Number)%100;
+ yyMonth= (yyvsp[0].Number/100)%100;
+ yyYear = yyvsp[0].Number/10000;
+ }
+ else {
+ yyHaveTime++;
+ if (yyvsp[0].Number < 100) {
+ yyHour = yyvsp[0].Number;
+ yyMinutes = 0;
+ }
+ else {
+ yyHour = yyvsp[0].Number / 100;
+ yyMinutes = yyvsp[0].Number % 100;
+ }
+ yySeconds = 0;
+ yyMeridian = MER24;
+ }
+ }
+ }
+break;
+case 40:
+#line 317 "getdate.y"
+{
+ yyval.Meridian = MER24;
+ }
+break;
+case 41:
+#line 320 "getdate.y"
+{
+ yyval.Meridian = yyvsp[0].Meridian;
+ }
+break;
+#line 1474 "y.tab.c"
+ }
+ yyssp -= yym;
+ yystate = *yyssp;
+ yyvsp -= yym;
+ yym = yylhs[yyn];
+ if (yystate == 0 && yym == 0)
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: after reduction, shifting from state 0 to\
+ state %d\n", YYPREFIX, YYFINAL);
+#endif
+ yystate = YYFINAL;
+ *++yyssp = YYFINAL;
+ *++yyvsp = yyval;
+ if (yychar < 0)
+ {
+ if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+ if (yydebug)
+ {
+ yys = 0;
+ if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+ if (!yys) yys = "illegal-symbol";
+ printf("%sdebug: state %d, reading %d (%s)\n",
+ YYPREFIX, YYFINAL, yychar, yys);
+ }
+#endif
+ }
+ if (yychar == 0) goto yyaccept;
+ goto yyloop;
+ }
+ if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
+ yystate = yytable[yyn];
+ else
+ yystate = yydgoto[yym];
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: after reduction, shifting from state %d \
+to state %d\n", YYPREFIX, *yyssp, yystate);
+#endif
+ if (yyssp >= yysslim && yygrowstack())
+ {
+ goto yyoverflow;
+ }
+ *++yyssp = yystate;
+ *++yyvsp = yyval;
+ goto yyloop;
+yyoverflow:
+ yyerror("yacc stack overflow");
+yyabort:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return (1);
+yyaccept:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return (0);
+}
diff --git a/sudo-1.7.4p4/getdate.y b/sudo-1.7.4p4/getdate.y
new file mode 100644
index 0000000..2b2e3c9
--- /dev/null
+++ b/sudo-1.7.4p4/getdate.y
@@ -0,0 +1,962 @@
+%{
+/*
+** Originally written by Steven M. Bellovin <smb@research.att.com> while
+** at the University of North Carolina at Chapel Hill. Later tweaked by
+** a couple of people on Usenet. Completely overhauled by Rich $alz
+** <rsalz@bbn.com> and Jim Berets <jberets@bbn.com> in August, 1990;
+**
+** This grammar has 10 shift/reduce conflicts.
+**
+** This code is in the public domain and has no copyright.
+*/
+/* SUPPRESS 287 on yaccpar_sccsid *//* Unused static variable */
+/* SUPPRESS 288 on yyerrlab *//* Label unused */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <ctype.h>
+
+#include "compat.h"
+
+
+#define EPOCH 1970
+#define HOUR(x) ((time_t)(x) * 60)
+#define SECSPERDAY (24L * 60L * 60L)
+
+
+/*
+** An entry in the lexical lookup table.
+*/
+typedef struct _TABLE {
+ char *name;
+ int type;
+ time_t value;
+} TABLE;
+
+
+/*
+** Daylight-savings mode: on, off, or not yet known.
+*/
+typedef enum _DSTMODE {
+ DSTon, DSToff, DSTmaybe
+} DSTMODE;
+
+/*
+** Meridian: am, pm, or 24-hour style.
+*/
+typedef enum _MERIDIAN {
+ MERam, MERpm, MER24
+} MERIDIAN;
+
+
+/*
+** Global variables. We could get rid of most of these by using a good
+** union as the yacc stack. (This routine was originally written before
+** yacc had the %union construct.) Maybe someday; right now we only use
+** the %union very rarely.
+*/
+static char *yyInput;
+static DSTMODE yyDSTmode;
+static time_t yyDayOrdinal;
+static time_t yyDayNumber;
+static int yyHaveDate;
+static int yyHaveDay;
+static int yyHaveRel;
+static int yyHaveTime;
+static int yyHaveZone;
+static time_t yyTimezone;
+static time_t yyDay;
+static time_t yyHour;
+static time_t yyMinutes;
+static time_t yyMonth;
+static time_t yySeconds;
+static time_t yyYear;
+static MERIDIAN yyMeridian;
+static time_t yyRelMonth;
+static time_t yyRelSeconds;
+
+static int yyerror __P((char *s));
+static int yylex __P((void));
+static int yyparse __P((void));
+
+%}
+
+%union {
+ time_t Number;
+ enum _MERIDIAN Meridian;
+}
+
+%token tAGO tDAY tDAYZONE tID tMERIDIAN tMINUTE_UNIT tMONTH tMONTH_UNIT
+%token tSEC_UNIT tSNUMBER tUNUMBER tZONE tDST
+
+%type <Number> tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT
+%type <Number> tSEC_UNIT tSNUMBER tUNUMBER tZONE
+%type <Meridian> tMERIDIAN o_merid
+
+%%
+
+spec : /* NULL */
+ | spec item
+ ;
+
+item : time {
+ yyHaveTime++;
+ }
+ | zone {
+ yyHaveZone++;
+ }
+ | date {
+ yyHaveDate++;
+ }
+ | day {
+ yyHaveDay++;
+ }
+ | rel {
+ yyHaveRel++;
+ }
+ | number
+ ;
+
+time : tUNUMBER tMERIDIAN {
+ yyHour = $1;
+ yyMinutes = 0;
+ yySeconds = 0;
+ yyMeridian = $2;
+ }
+ | tUNUMBER ':' tUNUMBER o_merid {
+ yyHour = $1;
+ yyMinutes = $3;
+ yySeconds = 0;
+ yyMeridian = $4;
+ }
+ | tUNUMBER ':' tUNUMBER tSNUMBER {
+ yyHour = $1;
+ yyMinutes = $3;
+ yyMeridian = MER24;
+ yyDSTmode = DSToff;
+ yyTimezone = - ($4 % 100 + ($4 / 100) * 60);
+ }
+ | tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid {
+ yyHour = $1;
+ yyMinutes = $3;
+ yySeconds = $5;
+ yyMeridian = $6;
+ }
+ | tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER {
+ yyHour = $1;
+ yyMinutes = $3;
+ yySeconds = $5;
+ yyMeridian = MER24;
+ yyDSTmode = DSToff;
+ yyTimezone = - ($6 % 100 + ($6 / 100) * 60);
+ }
+ ;
+
+zone : tZONE {
+ yyTimezone = $1;
+ yyDSTmode = DSToff;
+ }
+ | tDAYZONE {
+ yyTimezone = $1;
+ yyDSTmode = DSTon;
+ }
+ |
+ tZONE tDST {
+ yyTimezone = $1;
+ yyDSTmode = DSTon;
+ }
+ ;
+
+day : tDAY {
+ yyDayOrdinal = 1;
+ yyDayNumber = $1;
+ }
+ | tDAY ',' {
+ yyDayOrdinal = 1;
+ yyDayNumber = $1;
+ }
+ | tUNUMBER tDAY {
+ yyDayOrdinal = $1;
+ yyDayNumber = $2;
+ }
+ ;
+
+date : tUNUMBER '/' tUNUMBER {
+ yyMonth = $1;
+ yyDay = $3;
+ }
+ | tUNUMBER '/' tUNUMBER '/' tUNUMBER {
+ if ($1 >= 100) {
+ yyYear = $1;
+ yyMonth = $3;
+ yyDay = $5;
+ } else {
+ yyMonth = $1;
+ yyDay = $3;
+ yyYear = $5;
+ }
+ }
+ | tUNUMBER tSNUMBER tSNUMBER {
+ /* ISO 8601 format. yyyy-mm-dd. */
+ yyYear = $1;
+ yyMonth = -$2;
+ yyDay = -$3;
+ }
+ | tUNUMBER tMONTH tSNUMBER {
+ /* e.g. 17-JUN-1992. */
+ yyDay = $1;
+ yyMonth = $2;
+ yyYear = -$3;
+ }
+ | tMONTH tUNUMBER {
+ yyMonth = $1;
+ yyDay = $2;
+ }
+ | tMONTH tUNUMBER ',' tUNUMBER {
+ yyMonth = $1;
+ yyDay = $2;
+ yyYear = $4;
+ }
+ | tUNUMBER tMONTH {
+ yyMonth = $2;
+ yyDay = $1;
+ }
+ | tUNUMBER tMONTH tUNUMBER {
+ yyMonth = $2;
+ yyDay = $1;
+ yyYear = $3;
+ }
+ ;
+
+rel : relunit tAGO {
+ yyRelSeconds = -yyRelSeconds;
+ yyRelMonth = -yyRelMonth;
+ }
+ | relunit
+ ;
+
+relunit : tUNUMBER tMINUTE_UNIT {
+ yyRelSeconds += $1 * $2 * 60L;
+ }
+ | tSNUMBER tMINUTE_UNIT {
+ yyRelSeconds += $1 * $2 * 60L;
+ }
+ | tMINUTE_UNIT {
+ yyRelSeconds += $1 * 60L;
+ }
+ | tSNUMBER tSEC_UNIT {
+ yyRelSeconds += $1;
+ }
+ | tUNUMBER tSEC_UNIT {
+ yyRelSeconds += $1;
+ }
+ | tSEC_UNIT {
+ yyRelSeconds++;
+ }
+ | tSNUMBER tMONTH_UNIT {
+ yyRelMonth += $1 * $2;
+ }
+ | tUNUMBER tMONTH_UNIT {
+ yyRelMonth += $1 * $2;
+ }
+ | tMONTH_UNIT {
+ yyRelMonth += $1;
+ }
+ ;
+
+number : tUNUMBER {
+ if (yyHaveTime && yyHaveDate && !yyHaveRel)
+ yyYear = $1;
+ else {
+ if($1>10000) {
+ yyHaveDate++;
+ yyDay= ($1)%100;
+ yyMonth= ($1/100)%100;
+ yyYear = $1/10000;
+ }
+ else {
+ yyHaveTime++;
+ if ($1 < 100) {
+ yyHour = $1;
+ yyMinutes = 0;
+ }
+ else {
+ yyHour = $1 / 100;
+ yyMinutes = $1 % 100;
+ }
+ yySeconds = 0;
+ yyMeridian = MER24;
+ }
+ }
+ }
+ ;
+
+o_merid : /* NULL */ {
+ $$ = MER24;
+ }
+ | tMERIDIAN {
+ $$ = $1;
+ }
+ ;
+
+%%
+
+/* Month and day table. */
+static TABLE const MonthDayTable[] = {
+ { "january", tMONTH, 1 },
+ { "february", tMONTH, 2 },
+ { "march", tMONTH, 3 },
+ { "april", tMONTH, 4 },
+ { "may", tMONTH, 5 },
+ { "june", tMONTH, 6 },
+ { "july", tMONTH, 7 },
+ { "august", tMONTH, 8 },
+ { "september", tMONTH, 9 },
+ { "sept", tMONTH, 9 },
+ { "october", tMONTH, 10 },
+ { "november", tMONTH, 11 },
+ { "december", tMONTH, 12 },
+ { "sunday", tDAY, 0 },
+ { "monday", tDAY, 1 },
+ { "tuesday", tDAY, 2 },
+ { "tues", tDAY, 2 },
+ { "wednesday", tDAY, 3 },
+ { "wednes", tDAY, 3 },
+ { "thursday", tDAY, 4 },
+ { "thur", tDAY, 4 },
+ { "thurs", tDAY, 4 },
+ { "friday", tDAY, 5 },
+ { "saturday", tDAY, 6 },
+ { NULL }
+};
+
+/* Time units table. */
+static TABLE const UnitsTable[] = {
+ { "year", tMONTH_UNIT, 12 },
+ { "month", tMONTH_UNIT, 1 },
+ { "fortnight", tMINUTE_UNIT, 14 * 24 * 60 },
+ { "week", tMINUTE_UNIT, 7 * 24 * 60 },
+ { "day", tMINUTE_UNIT, 1 * 24 * 60 },
+ { "hour", tMINUTE_UNIT, 60 },
+ { "minute", tMINUTE_UNIT, 1 },
+ { "min", tMINUTE_UNIT, 1 },
+ { "second", tSEC_UNIT, 1 },
+ { "sec", tSEC_UNIT, 1 },
+ { NULL }
+};
+
+/* Assorted relative-time words. */
+static TABLE const OtherTable[] = {
+ { "tomorrow", tMINUTE_UNIT, 1 * 24 * 60 },
+ { "yesterday", tMINUTE_UNIT, -1 * 24 * 60 },
+ { "today", tMINUTE_UNIT, 0 },
+ { "now", tMINUTE_UNIT, 0 },
+ { "last", tUNUMBER, -1 },
+ { "this", tMINUTE_UNIT, 0 },
+ { "next", tUNUMBER, 2 },
+ { "first", tUNUMBER, 1 },
+/* { "second", tUNUMBER, 2 }, */
+ { "third", tUNUMBER, 3 },
+ { "fourth", tUNUMBER, 4 },
+ { "fifth", tUNUMBER, 5 },
+ { "sixth", tUNUMBER, 6 },
+ { "seventh", tUNUMBER, 7 },
+ { "eighth", tUNUMBER, 8 },
+ { "ninth", tUNUMBER, 9 },
+ { "tenth", tUNUMBER, 10 },
+ { "eleventh", tUNUMBER, 11 },
+ { "twelfth", tUNUMBER, 12 },
+ { "ago", tAGO, 1 },
+ { NULL }
+};
+
+/* The timezone table. */
+/* Some of these are commented out because a time_t can't store a float. */
+static TABLE const TimezoneTable[] = {
+ { "gmt", tZONE, HOUR( 0) }, /* Greenwich Mean */
+ { "ut", tZONE, HOUR( 0) }, /* Universal (Coordinated) */
+ { "utc", tZONE, HOUR( 0) },
+ { "wet", tZONE, HOUR( 0) }, /* Western European */
+ { "bst", tDAYZONE, HOUR( 0) }, /* British Summer */
+ { "wat", tZONE, HOUR( 1) }, /* West Africa */
+ { "at", tZONE, HOUR( 2) }, /* Azores */
+#if 0
+ /* For completeness. BST is also British Summer, and GST is
+ * also Guam Standard. */
+ { "bst", tZONE, HOUR( 3) }, /* Brazil Standard */
+ { "gst", tZONE, HOUR( 3) }, /* Greenland Standard */
+#endif
+#if 0
+ { "nft", tZONE, HOUR(3.5) }, /* Newfoundland */
+ { "nst", tZONE, HOUR(3.5) }, /* Newfoundland Standard */
+ { "ndt", tDAYZONE, HOUR(3.5) }, /* Newfoundland Daylight */
+#endif
+ { "ast", tZONE, HOUR( 4) }, /* Atlantic Standard */
+ { "adt", tDAYZONE, HOUR( 4) }, /* Atlantic Daylight */
+ { "est", tZONE, HOUR( 5) }, /* Eastern Standard */
+ { "edt", tDAYZONE, HOUR( 5) }, /* Eastern Daylight */
+ { "cst", tZONE, HOUR( 6) }, /* Central Standard */
+ { "cdt", tDAYZONE, HOUR( 6) }, /* Central Daylight */
+ { "mst", tZONE, HOUR( 7) }, /* Mountain Standard */
+ { "mdt", tDAYZONE, HOUR( 7) }, /* Mountain Daylight */
+ { "pst", tZONE, HOUR( 8) }, /* Pacific Standard */
+ { "pdt", tDAYZONE, HOUR( 8) }, /* Pacific Daylight */
+ { "yst", tZONE, HOUR( 9) }, /* Yukon Standard */
+ { "ydt", tDAYZONE, HOUR( 9) }, /* Yukon Daylight */
+ { "hst", tZONE, HOUR(10) }, /* Hawaii Standard */
+ { "hdt", tDAYZONE, HOUR(10) }, /* Hawaii Daylight */
+ { "cat", tZONE, HOUR(10) }, /* Central Alaska */
+ { "ahst", tZONE, HOUR(10) }, /* Alaska-Hawaii Standard */
+ { "nt", tZONE, HOUR(11) }, /* Nome */
+ { "idlw", tZONE, HOUR(12) }, /* International Date Line West */
+ { "cet", tZONE, -HOUR(1) }, /* Central European */
+ { "met", tZONE, -HOUR(1) }, /* Middle European */
+ { "mewt", tZONE, -HOUR(1) }, /* Middle European Winter */
+ { "mest", tDAYZONE, -HOUR(1) }, /* Middle European Summer */
+ { "swt", tZONE, -HOUR(1) }, /* Swedish Winter */
+ { "sst", tDAYZONE, -HOUR(1) }, /* Swedish Summer */
+ { "fwt", tZONE, -HOUR(1) }, /* French Winter */
+ { "fst", tDAYZONE, -HOUR(1) }, /* French Summer */
+ { "eet", tZONE, -HOUR(2) }, /* Eastern Europe, USSR Zone 1 */
+ { "bt", tZONE, -HOUR(3) }, /* Baghdad, USSR Zone 2 */
+#if 0
+ { "it", tZONE, -HOUR(3.5) },/* Iran */
+#endif
+ { "zp4", tZONE, -HOUR(4) }, /* USSR Zone 3 */
+ { "zp5", tZONE, -HOUR(5) }, /* USSR Zone 4 */
+#if 0
+ { "ist", tZONE, -HOUR(5.5) },/* Indian Standard */
+#endif
+ { "zp6", tZONE, -HOUR(6) }, /* USSR Zone 5 */
+#if 0
+ /* For completeness. NST is also Newfoundland Stanard, and SST is
+ * also Swedish Summer. */
+ { "nst", tZONE, -HOUR(6.5) },/* North Sumatra */
+ { "sst", tZONE, -HOUR(7) }, /* South Sumatra, USSR Zone 6 */
+#endif /* 0 */
+ { "wast", tZONE, -HOUR(7) }, /* West Australian Standard */
+ { "wadt", tDAYZONE, -HOUR(7) }, /* West Australian Daylight */
+#if 0
+ { "jt", tZONE, -HOUR(7.5) },/* Java (3pm in Cronusland!) */
+#endif
+ { "cct", tZONE, -HOUR(8) }, /* China Coast, USSR Zone 7 */
+ { "jst", tZONE, -HOUR(9) }, /* Japan Standard, USSR Zone 8 */
+#if 0
+ { "cast", tZONE, -HOUR(9.5) },/* Central Australian Standard */
+ { "cadt", tDAYZONE, -HOUR(9.5) },/* Central Australian Daylight */
+#endif
+ { "east", tZONE, -HOUR(10) }, /* Eastern Australian Standard */
+ { "eadt", tDAYZONE, -HOUR(10) }, /* Eastern Australian Daylight */
+ { "gst", tZONE, -HOUR(10) }, /* Guam Standard, USSR Zone 9 */
+ { "nzt", tZONE, -HOUR(12) }, /* New Zealand */
+ { "nzst", tZONE, -HOUR(12) }, /* New Zealand Standard */
+ { "nzdt", tDAYZONE, -HOUR(12) }, /* New Zealand Daylight */
+ { "idle", tZONE, -HOUR(12) }, /* International Date Line East */
+ { NULL }
+};
+
+/* Military timezone table. */
+static TABLE const MilitaryTable[] = {
+ { "a", tZONE, HOUR( 1) },
+ { "b", tZONE, HOUR( 2) },
+ { "c", tZONE, HOUR( 3) },
+ { "d", tZONE, HOUR( 4) },
+ { "e", tZONE, HOUR( 5) },
+ { "f", tZONE, HOUR( 6) },
+ { "g", tZONE, HOUR( 7) },
+ { "h", tZONE, HOUR( 8) },
+ { "i", tZONE, HOUR( 9) },
+ { "k", tZONE, HOUR( 10) },
+ { "l", tZONE, HOUR( 11) },
+ { "m", tZONE, HOUR( 12) },
+ { "n", tZONE, HOUR(- 1) },
+ { "o", tZONE, HOUR(- 2) },
+ { "p", tZONE, HOUR(- 3) },
+ { "q", tZONE, HOUR(- 4) },
+ { "r", tZONE, HOUR(- 5) },
+ { "s", tZONE, HOUR(- 6) },
+ { "t", tZONE, HOUR(- 7) },
+ { "u", tZONE, HOUR(- 8) },
+ { "v", tZONE, HOUR(- 9) },
+ { "w", tZONE, HOUR(-10) },
+ { "x", tZONE, HOUR(-11) },
+ { "y", tZONE, HOUR(-12) },
+ { "z", tZONE, HOUR( 0) },
+ { NULL }
+};
+
+�
+
+
+/* ARGSUSED */
+static int
+yyerror(s)
+ char *s;
+{
+ return 0;
+}
+
+
+static time_t
+ToSeconds(Hours, Minutes, Seconds, Meridian)
+ time_t Hours;
+ time_t Minutes;
+ time_t Seconds;
+ MERIDIAN Meridian;
+{
+ if (Minutes < 0 || Minutes > 59 || Seconds < 0 || Seconds > 59)
+ return -1;
+ switch (Meridian) {
+ case MER24:
+ if (Hours < 0 || Hours > 23)
+ return -1;
+ return (Hours * 60L + Minutes) * 60L + Seconds;
+ case MERam:
+ if (Hours < 1 || Hours > 12)
+ return -1;
+ if (Hours == 12)
+ Hours = 0;
+ return (Hours * 60L + Minutes) * 60L + Seconds;
+ case MERpm:
+ if (Hours < 1 || Hours > 12)
+ return -1;
+ if (Hours == 12)
+ Hours = 0;
+ return ((Hours + 12) * 60L + Minutes) * 60L + Seconds;
+ default:
+ abort ();
+ }
+ /* NOTREACHED */
+}
+
+
+/* Year is either
+ * A negative number, which means to use its absolute value (why?)
+ * A number from 0 to 99, which means a year from 1900 to 1999, or
+ * The actual year (>=100). */
+static time_t
+Convert(Month, Day, Year, Hours, Minutes, Seconds, Meridian, DSTmode)
+ time_t Month;
+ time_t Day;
+ time_t Year;
+ time_t Hours;
+ time_t Minutes;
+ time_t Seconds;
+ MERIDIAN Meridian;
+ DSTMODE DSTmode;
+{
+ static int DaysInMonth[12] = {
+ 31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+ };
+ time_t tod;
+ time_t Julian;
+ int i;
+
+ if (Year < 0)
+ Year = -Year;
+ if (Year < 69)
+ Year += 2000;
+ else if (Year < 100) {
+ Year += 1900;
+ if (Year < EPOCH)
+ Year += 100;
+ }
+ DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
+ ? 29 : 28;
+ /* Checking for 2038 bogusly assumes that time_t is 32 bits. But
+ I'm too lazy to try to check for time_t overflow in another way. */
+ if (Year < EPOCH || Year > 2038
+ || Month < 1 || Month > 12
+ /* Lint fluff: "conversion from long may lose accuracy" */
+ || Day < 1 || Day > DaysInMonth[(int)--Month])
+ return -1;
+
+ for (Julian = Day - 1, i = 0; i < Month; i++)
+ Julian += DaysInMonth[i];
+ for (i = EPOCH; i < Year; i++)
+ Julian += 365 + (i % 4 == 0);
+ Julian *= SECSPERDAY;
+ Julian += yyTimezone * 60L;
+ if ((tod = ToSeconds(Hours, Minutes, Seconds, Meridian)) < 0)
+ return -1;
+ Julian += tod;
+ if (DSTmode == DSTon
+ || (DSTmode == DSTmaybe && localtime(&Julian)->tm_isdst))
+ Julian -= 60 * 60;
+ return Julian;
+}
+
+
+static time_t
+DSTcorrect(Start, Future)
+ time_t Start;
+ time_t Future;
+{
+ time_t StartDay;
+ time_t FutureDay;
+
+ StartDay = (localtime(&Start)->tm_hour + 1) % 24;
+ FutureDay = (localtime(&Future)->tm_hour + 1) % 24;
+ return (Future - Start) + (StartDay - FutureDay) * 60L * 60L;
+}
+
+
+static time_t
+RelativeDate(Start, DayOrdinal, DayNumber)
+ time_t Start;
+ time_t DayOrdinal;
+ time_t DayNumber;
+{
+ struct tm *tm;
+ time_t now;
+
+ now = Start;
+ tm = localtime(&now);
+ now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7);
+ now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1);
+ return DSTcorrect(Start, now);
+}
+
+
+static time_t
+RelativeMonth(Start, RelMonth)
+ time_t Start;
+ time_t RelMonth;
+{
+ struct tm *tm;
+ time_t Month;
+ time_t Year;
+
+ if (RelMonth == 0)
+ return 0;
+ tm = localtime(&Start);
+ Month = 12 * (tm->tm_year + 1900) + tm->tm_mon + RelMonth;
+ Year = Month / 12;
+ Month = Month % 12 + 1;
+ return DSTcorrect(Start,
+ Convert(Month, (time_t)tm->tm_mday, Year,
+ (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec,
+ MER24, DSTmaybe));
+}
+
+
+static int
+LookupWord(buff)
+ char *buff;
+{
+ char *p;
+ char *q;
+ const TABLE *tp;
+ int i;
+ int abbrev;
+
+ /* Make it lowercase. */
+ for (p = buff; *p; p++)
+ if (isupper((unsigned char)*p))
+ *p = tolower((unsigned char)*p);
+
+ if (strcmp(buff, "am") == 0 || strcmp(buff, "a.m.") == 0) {
+ yylval.Meridian = MERam;
+ return tMERIDIAN;
+ }
+ if (strcmp(buff, "pm") == 0 || strcmp(buff, "p.m.") == 0) {
+ yylval.Meridian = MERpm;
+ return tMERIDIAN;
+ }
+
+ /* See if we have an abbreviation for a month. */
+ if (strlen(buff) == 3)
+ abbrev = 1;
+ else if (strlen(buff) == 4 && buff[3] == '.') {
+ abbrev = 1;
+ buff[3] = '\0';
+ }
+ else
+ abbrev = 0;
+
+ for (tp = MonthDayTable; tp->name; tp++) {
+ if (abbrev) {
+ if (strncmp(buff, tp->name, 3) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+ }
+ else if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+ }
+
+ for (tp = TimezoneTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+
+ if (strcmp(buff, "dst") == 0)
+ return tDST;
+
+ for (tp = UnitsTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+
+ /* Strip off any plural and try the units table again. */
+ i = strlen(buff) - 1;
+ if (buff[i] == 's') {
+ buff[i] = '\0';
+ for (tp = UnitsTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+ buff[i] = 's'; /* Put back for "this" in OtherTable. */
+ }
+
+ for (tp = OtherTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+
+ /* Military timezones. */
+ if (buff[1] == '\0' && isalpha((unsigned char)*buff)) {
+ for (tp = MilitaryTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+ }
+
+ /* Drop out any periods and try the timezone table again. */
+ for (i = 0, p = q = buff; *q; q++)
+ if (*q != '.')
+ *p++ = *q;
+ else
+ i++;
+ *p = '\0';
+ if (i)
+ for (tp = TimezoneTable; tp->name; tp++)
+ if (strcmp(buff, tp->name) == 0) {
+ yylval.Number = tp->value;
+ return tp->type;
+ }
+
+ return tID;
+}
+
+
+static int
+yylex()
+{
+ char c;
+ char *p;
+ char buff[20];
+ int Count;
+ int sign;
+
+ for ( ; ; ) {
+ while (isspace((unsigned char)*yyInput))
+ yyInput++;
+
+ if (isdigit((unsigned char)(c = *yyInput)) || c == '-' || c == '+') {
+ if (c == '-' || c == '+') {
+ sign = c == '-' ? -1 : 1;
+ if (!isdigit((unsigned char)*++yyInput))
+ /* skip the '-' sign */
+ continue;
+ }
+ else
+ sign = 0;
+ for (yylval.Number = 0; isdigit((unsigned char)(c = *yyInput++)); )
+ yylval.Number = 10 * yylval.Number + c - '0';
+ yyInput--;
+ if (sign < 0)
+ yylval.Number = -yylval.Number;
+ return sign ? tSNUMBER : tUNUMBER;
+ }
+ if (isalpha((unsigned char)c)) {
+ for (p = buff; isalpha((unsigned char)(c = *yyInput++)) || c == '.'; )
+ if (p < &buff[sizeof buff - 1])
+ *p++ = c;
+ *p = '\0';
+ yyInput--;
+ return LookupWord(buff);
+ }
+ if (c != '(')
+ return *yyInput++;
+ Count = 0;
+ do {
+ c = *yyInput++;
+ if (c == '\0')
+ return c;
+ if (c == '(')
+ Count++;
+ else if (c == ')')
+ Count--;
+ } while (Count > 0);
+ }
+}
+
+#define TM_YEAR_ORIGIN 1900
+
+/* Yield A - B, measured in seconds. */
+static long
+difftm (a, b)
+ struct tm *a, *b;
+{
+ int ay = a->tm_year + (TM_YEAR_ORIGIN - 1);
+ int by = b->tm_year + (TM_YEAR_ORIGIN - 1);
+ int days = (
+ /* difference in day of year */
+ a->tm_yday - b->tm_yday
+ /* + intervening leap days */
+ + ((ay >> 2) - (by >> 2))
+ - (ay/100 - by/100)
+ + ((ay/100 >> 2) - (by/100 >> 2))
+ /* + difference in years * 365 */
+ + (long)(ay-by) * 365
+ );
+ return (60*(60*(24*days + (a->tm_hour - b->tm_hour))
+ + (a->tm_min - b->tm_min))
+ + (a->tm_sec - b->tm_sec));
+}
+
+time_t
+get_date(p)
+ char *p;
+{
+ struct tm *tm, *gmt, gmtbuf;
+ time_t Start;
+ time_t tod;
+ time_t now;
+ time_t timezone;
+
+ yyInput = p;
+ (void)time (&now);
+
+ gmt = gmtime (&now);
+ if (gmt != NULL)
+ {
+ /* Make a copy, in case localtime modifies *tm (I think
+ that comment now applies to *gmt, but I am too
+ lazy to dig into how gmtime and locatime allocate the
+ structures they return pointers to). */
+ gmtbuf = *gmt;
+ gmt = &gmtbuf;
+ }
+
+ if (! (tm = localtime (&now)))
+ return -1;
+
+ if (gmt != NULL)
+ timezone = difftm (gmt, tm) / 60;
+ else
+ /* We are on a system like VMS, where the system clock is
+ in local time and the system has no concept of timezones.
+ Hopefully we can fake this out (for the case in which the
+ user specifies no timezone) by just saying the timezone
+ is zero. */
+ timezone = 0;
+
+ if(tm->tm_isdst)
+ timezone += 60;
+
+ tm = localtime(&now);
+ yyYear = tm->tm_year + 1900;
+ yyMonth = tm->tm_mon + 1;
+ yyDay = tm->tm_mday;
+ yyTimezone = timezone;
+ yyDSTmode = DSTmaybe;
+ yyHour = 0;
+ yyMinutes = 0;
+ yySeconds = 0;
+ yyMeridian = MER24;
+ yyRelSeconds = 0;
+ yyRelMonth = 0;
+ yyHaveDate = 0;
+ yyHaveDay = 0;
+ yyHaveRel = 0;
+ yyHaveTime = 0;
+ yyHaveZone = 0;
+
+ if (yyparse()
+ || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1)
+ return -1;
+
+ if (yyHaveDate || yyHaveTime || yyHaveDay) {
+ Start = Convert(yyMonth, yyDay, yyYear, yyHour, yyMinutes, yySeconds,
+ yyMeridian, yyDSTmode);
+ if (Start < 0)
+ return -1;
+ }
+ else {
+ Start = now;
+ if (!yyHaveRel)
+ Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec;
+ }
+
+ Start += yyRelSeconds;
+ Start += RelativeMonth(Start, yyRelMonth);
+
+ if (yyHaveDay && !yyHaveDate) {
+ tod = RelativeDate(Start, yyDayOrdinal, yyDayNumber);
+ Start += tod;
+ }
+
+ /* Have to do *something* with a legitimate -1 so it's distinguishable
+ * from the error return value. (Alternately could set errno on error.) */
+ return Start == -1 ? 0 : Start;
+}
+
+
+#if defined(TEST)
+
+/* ARGSUSED */
+int
+main(ac, av)
+ int ac;
+ char *av[];
+{
+ char buff[128];
+ time_t d;
+
+ (void)printf("Enter date, or blank line to exit.\n\t> ");
+ (void)fflush(stdout);
+ while (gets(buff) && buff[0]) {
+ d = get_date(buff);
+ if (d == -1)
+ (void)printf("Bad format - couldn't convert.\n");
+ else
+ (void)printf("%s", ctime(&d));
+ (void)printf("\t> ");
+ (void)fflush(stdout);
+ }
+ exit(0);
+ /* NOTREACHED */
+}
+#endif /* defined(TEST) */
diff --git a/sudo-1.7.4p4/getline.c b/sudo-1.7.4p4/getline.c
new file mode 100644
index 0000000..b7db379
--- /dev/null
+++ b/sudo-1.7.4p4/getline.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <limits.h>
+
+#include "compat.h"
+#include "alloc.h"
+
+#ifndef LINE_MAX
+# define LINE_MAX 2048
+#endif
+
+#ifdef HAVE_FGETLN
+ssize_t
+getline(bufp, bufsizep, fp)
+ char **bufp;
+ size_t *bufsizep;
+ FILE *fp;
+{
+ char *buf;
+ size_t bufsize;
+ size_t len;
+
+ buf = fgetln(fp, &len);
+ if (buf) {
+ bufsize = *bufp ? *bufsizep : 0;
+ if (bufsize < len + 1) {
+ bufsize = len + 1;
+ *bufp = erealloc(*bufp, bufsize);
+ *bufsizep = bufsize;
+ }
+ memcpy(*bufp, buf, len);
+ (*bufp)[len] = '\0';
+ }
+ return(buf ? len : -1);
+}
+#else
+ssize_t
+getline(bufp, bufsizep, fp)
+ char **bufp;
+ size_t *bufsizep;
+ FILE *fp;
+{
+ char *buf;
+ size_t bufsize;
+ ssize_t len = 0;
+
+ buf = *bufp;
+ bufsize = *bufsizep;
+ if (buf == NULL || bufsize == 0) {
+ bufsize = LINE_MAX;
+ buf = erealloc(buf, LINE_MAX);
+ }
+
+ for (;;) {
+ if (fgets(buf + len, bufsize - len, fp) == NULL) {
+ len = -1;
+ break;
+ }
+ len = strlen(buf);
+ if (!len || buf[len - 1] == '\n' || feof(fp))
+ break;
+ bufsize *= 2;
+ buf = erealloc(buf, bufsize);
+ }
+ *bufp = buf;
+ *bufsizep = bufsize;
+ return(len);
+}
+#endif
diff --git a/sudo-1.7.4p4/getprogname.c b/sudo-1.7.4p4/getprogname.c
new file mode 100644
index 0000000..f269405
--- /dev/null
+++ b/sudo-1.7.4p4/getprogname.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2003-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <config.h>
+#include <compat.h>
+
+const char *
+getprogname()
+{
+ static const char *progname;
+ extern int Argc;
+ extern char **Argv;
+
+ if (progname == NULL) {
+ if (Argc < 0)
+ progname = "sudo";
+ else if ((progname = strrchr(Argv[0], '/')) != NULL)
+ progname++;
+ else
+ progname = Argv[0];
+ }
+ return(progname);
+}
diff --git a/sudo-1.7.4p4/getspwuid.c b/sudo-1.7.4p4/getspwuid.c
new file mode 100644
index 0000000..7ee5eba
--- /dev/null
+++ b/sudo-1.7.4p4/getspwuid.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <grp.h>
+#ifdef HAVE_GETSPNAM
+# include <shadow.h>
+#endif /* HAVE_GETSPNAM */
+#ifdef HAVE_GETPRPWNAM
+# ifdef __hpux
+# undef MAXINT
+# include <hpsecurity.h>
+# else
+# include <sys/security.h>
+# endif /* __hpux */
+# include <prot.h>
+#endif /* HAVE_GETPRPWNAM */
+#ifdef HAVE_GETPWANAM
+# include <sys/label.h>
+# include <sys/audit.h>
+# include <pwdadj.h>
+#endif /* HAVE_GETPWANAM */
+#ifdef HAVE_GETAUTHUID
+# include <auth.h>
+#endif /* HAVE_GETAUTHUID */
+
+#include "sudo.h"
+
+/*
+ * Exported for auth/secureware.c
+ */
+#if defined(HAVE_GETPRPWNAM) && defined(__alpha)
+int crypt_type = INT_MAX;
+#endif /* HAVE_GETPRPWNAM && __alpha */
+
+/*
+ * Return a copy of the encrypted password for the user described by pw.
+ * If shadow passwords are in use, look in the shadow file.
+ */
+char *
+sudo_getepw(pw)
+ const struct passwd *pw;
+{
+ char *epw;
+
+ /* If there is a function to check for shadow enabled, use it... */
+#ifdef HAVE_ISCOMSEC
+ if (!iscomsec())
+ return(estrdup(pw->pw_passwd));
+#endif /* HAVE_ISCOMSEC */
+#ifdef HAVE_ISSECURE
+ if (!issecure())
+ return(estrdup(pw->pw_passwd));
+#endif /* HAVE_ISSECURE */
+
+ epw = NULL;
+#ifdef HAVE_GETPRPWNAM
+ {
+ struct pr_passwd *spw;
+
+ if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) {
+# ifdef __alpha
+ crypt_type = spw->ufld.fd_oldcrypt;
+# endif /* __alpha */
+ epw = estrdup(spw->ufld.fd_encrypt);
+ }
+ if (epw)
+ return(epw);
+ }
+#endif /* HAVE_GETPRPWNAM */
+#ifdef HAVE_GETSPNAM
+ {
+ struct spwd *spw;
+
+ if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp)
+ epw = estrdup(spw->sp_pwdp);
+ if (epw)
+ return(epw);
+ }
+#endif /* HAVE_GETSPNAM */
+#ifdef HAVE_GETSPWUID
+ {
+ struct s_passwd *spw;
+
+ if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd)
+ epw = estrdup(spw->pw_passwd);
+ if (epw)
+ return(epw);
+ }
+#endif /* HAVE_GETSPWUID */
+#ifdef HAVE_GETPWANAM
+ {
+ struct passwd_adjunct *spw;
+
+ if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd)
+ epw = estrdup(spw->pwa_passwd);
+ if (epw)
+ return(epw);
+ }
+#endif /* HAVE_GETPWANAM */
+#ifdef HAVE_GETAUTHUID
+ {
+ AUTHORIZATION *spw;
+
+ if ((spw = getauthuid(pw->pw_uid)) && spw->a_password)
+ epw = estrdup(spw->a_password);
+ if (epw)
+ return(epw);
+ }
+#endif /* HAVE_GETAUTHUID */
+
+ /* Fall back on normal password. */
+ return(estrdup(pw->pw_passwd));
+}
+
+void
+sudo_setspent()
+{
+#ifdef HAVE_GETPRPWNAM
+ setprpwent();
+#endif
+#ifdef HAVE_GETSPNAM
+ setspent();
+#endif
+#ifdef HAVE_GETSPWUID
+ setspwent();
+#endif
+#ifdef HAVE_GETPWANAM
+ setpwaent();
+#endif
+#ifdef HAVE_GETAUTHUID
+ setauthent();
+#endif
+}
+
+void
+sudo_endspent()
+{
+#ifdef HAVE_GETPRPWNAM
+ endprpwent();
+#endif
+#ifdef HAVE_GETSPNAM
+ endspent();
+#endif
+#ifdef HAVE_GETSPWUID
+ endspwent();
+#endif
+#ifdef HAVE_GETPWANAM
+ endpwaent();
+#endif
+#ifdef HAVE_GETAUTHUID
+ endauthent();
+#endif
+}
diff --git a/sudo-1.7.4p4/gettime.c b/sudo-1.7.4p4/gettime.c
new file mode 100644
index 0000000..9a13003
--- /dev/null
+++ b/sudo-1.7.4p4/gettime.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2004-2005, 2008, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <stdio.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+
+#include <compat.h>
+
+/*
+ * Get the current time via gettimeofday() for systems with
+ * timespecs in struct stat or, otherwise, using time().
+ */
+int
+gettime(tv)
+ struct timeval *tv;
+{
+ int rval;
+#if defined(HAVE_GETTIMEOFDAY) && (defined(HAVE_ST_MTIM) || defined(HAVE_ST_MTIMESPEC))
+ rval = gettimeofday(tv, NULL);
+#else
+ rval = (int)time(&tv->tv_sec);
+ tv->tv_usec = 0;
+#endif
+ return (rval);
+}
diff --git a/sudo-1.7.4p4/glob.c b/sudo-1.7.4p4/glob.c
new file mode 100644
index 0000000..9673626
--- /dev/null
+++ b/sudo-1.7.4p4/glob.c
@@ -0,0 +1,949 @@
+/*
+ * Copyright (c) 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)glob.c 8.3 (Berkeley) 10/13/93
+ */
+
+/*
+ * glob(3) -- a superset of the one defined in POSIX 1003.2.
+ *
+ * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
+ *
+ * Optional extra services, controlled by flags not defined by POSIX:
+ *
+ * GLOB_MAGCHAR:
+ * Set in gl_flags if pattern contained a globbing character.
+ * GLOB_TILDE:
+ * expand ~user/foo to the /home/dir/of/user/foo
+ * GLOB_BRACE:
+ * expand {1,2}{a,b} to 1a 1b 2a 2b
+ * gl_matchc:
+ * Number of matches in the current invocation of glob.
+ */
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+#else
+# define dirent direct
+# ifdef HAVE_SYS_NDIR_H
+# include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+# include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+# include <ndir.h>
+# endif
+#endif
+#include <errno.h>
+#include <limits.h>
+#include <pwd.h>
+
+#include <compat.h>
+#include "emul/glob.h"
+#include "emul/charclass.h"
+
+#define DOLLAR '$'
+#define DOT '.'
+#define EOS '\0'
+#define LBRACKET '['
+#define NOT '!'
+#define QUESTION '?'
+#define QUOTE '\\'
+#define RANGE '-'
+#define RBRACKET ']'
+#define SEP '/'
+#define STAR '*'
+#define TILDE '~'
+#define UNDERSCORE '_'
+#define LBRACE '{'
+#define RBRACE '}'
+#define SLASH '/'
+#define COMMA ','
+
+#ifndef DEBUG
+
+#define M_QUOTE 0x8000
+#define M_PROTECT 0x4000
+#define M_MASK 0xffff
+#define M_ASCII 0x00ff
+
+typedef unsigned short Char;
+
+#else
+
+#define M_QUOTE 0x80
+#define M_PROTECT 0x40
+#define M_MASK 0xff
+#define M_ASCII 0x7f
+
+typedef char Char;
+
+#endif
+
+
+#define CHAR(c) ((Char)((c)&M_ASCII))
+#define META(c) ((Char)((c)|M_QUOTE))
+#define M_ALL META('*')
+#define M_END META(']')
+#define M_NOT META('!')
+#define M_ONE META('?')
+#define M_RNG META('-')
+#define M_SET META('[')
+#define M_CLASS META(':')
+#define ismeta(c) (((c)&M_QUOTE) != 0)
+
+
+static int compare __P((const void *, const void *));
+static int g_Ctoc __P((const Char *, char *, unsigned int));
+static int g_lstat __P((Char *, struct stat *, glob_t *));
+static DIR *g_opendir __P((Char *, glob_t *));
+static Char *g_strchr __P((const Char *, int));
+static int g_strncmp __P((const Char *, const char *, size_t));
+static int g_stat __P((Char *, struct stat *, glob_t *));
+static int glob0 __P((const Char *, glob_t *));
+static int glob1 __P((Char *, Char *, glob_t *));
+static int glob2 __P((Char *, Char *, Char *, Char *, Char *, Char *,
+ glob_t *));
+static int glob3 __P((Char *, Char *, Char *, Char *, Char *, Char *,
+ Char *, Char *, glob_t *));
+static int globextend __P((const Char *, glob_t *));
+static const Char *
+ globtilde __P((const Char *, Char *, size_t, glob_t *));
+static int globexp1 __P((const Char *, glob_t *));
+static int globexp2 __P((const Char *, const Char *, glob_t *, int *));
+static int match __P((Char *, Char *, Char *));
+#ifdef DEBUG
+static void qprintf __P((const char *, Char *));
+#endif
+
+extern struct passwd *sudo_getpwnam __P((const char *));
+extern struct passwd *sudo_getpwuid __P((uid_t));
+
+int
+glob(pattern, flags, errfunc, pglob)
+ const char *pattern;
+ int flags, (*errfunc) __P((const char *, int));
+ glob_t *pglob;
+{
+ const unsigned char *patnext;
+ int c;
+ Char *bufnext, *bufend, patbuf[PATH_MAX];
+
+ patnext = (unsigned char *) pattern;
+ if (!(flags & GLOB_APPEND)) {
+ pglob->gl_pathc = 0;
+ pglob->gl_pathv = NULL;
+ if (!(flags & GLOB_DOOFFS))
+ pglob->gl_offs = 0;
+ }
+ pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+ pglob->gl_errfunc = errfunc;
+ pglob->gl_matchc = 0;
+
+ bufnext = patbuf;
+ bufend = bufnext + PATH_MAX - 1;
+ if (flags & GLOB_NOESCAPE)
+ while (bufnext < bufend && (c = *patnext++) != EOS)
+ *bufnext++ = c;
+ else {
+ /* Protect the quoted characters. */
+ while (bufnext < bufend && (c = *patnext++) != EOS)
+ if (c == QUOTE) {
+ if ((c = *patnext++) == EOS) {
+ c = QUOTE;
+ --patnext;
+ }
+ *bufnext++ = c | M_PROTECT;
+ } else
+ *bufnext++ = c;
+ }
+ *bufnext = EOS;
+
+ if (flags & GLOB_BRACE)
+ return globexp1(patbuf, pglob);
+ else
+ return glob0(patbuf, pglob);
+}
+
+/*
+ * Expand recursively a glob {} pattern. When there is no more expansion
+ * invoke the standard globbing routine to glob the rest of the magic
+ * characters
+ */
+static int
+globexp1(pattern, pglob)
+ const Char *pattern;
+ glob_t *pglob;
+{
+ const Char* ptr = pattern;
+ int rv;
+
+ /* Protect a single {}, for find(1), like csh */
+ if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
+ return glob0(pattern, pglob);
+
+ while ((ptr = (const Char *) g_strchr(ptr, LBRACE)) != NULL)
+ if (!globexp2(ptr, pattern, pglob, &rv))
+ return rv;
+
+ return glob0(pattern, pglob);
+}
+
+
+/*
+ * Recursive brace globbing helper. Tries to expand a single brace.
+ * If it succeeds then it invokes globexp1 with the new pattern.
+ * If it fails then it tries to glob the rest of the pattern and returns.
+ */
+static int
+globexp2(ptr, pattern, pglob, rv)
+ const Char *ptr, *pattern;
+ glob_t *pglob;
+ int *rv;
+{
+ int i;
+ Char *lm, *ls;
+ const Char *pe, *pm, *pl;
+ Char patbuf[PATH_MAX];
+
+ /* copy part up to the brace */
+ for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+ continue;
+ *lm = EOS;
+ ls = lm;
+
+ /* Find the balanced brace */
+ for (i = 0, pe = ++ptr; *pe; pe++)
+ if (*pe == LBRACKET) {
+ /* Ignore everything between [] */
+ for (pm = pe++; *pe != RBRACKET && *pe != EOS; pe++)
+ continue;
+ if (*pe == EOS) {
+ /*
+ * We could not find a matching RBRACKET.
+ * Ignore and just look for RBRACE
+ */
+ pe = pm;
+ }
+ } else if (*pe == LBRACE)
+ i++;
+ else if (*pe == RBRACE) {
+ if (i == 0)
+ break;
+ i--;
+ }
+
+ /* Non matching braces; just glob the pattern */
+ if (i != 0 || *pe == EOS) {
+ *rv = glob0(patbuf, pglob);
+ return 0;
+ }
+
+ for (i = 0, pl = pm = ptr; pm <= pe; pm++) {
+ switch (*pm) {
+ case LBRACKET:
+ /* Ignore everything between [] */
+ for (pl = pm++; *pm != RBRACKET && *pm != EOS; pm++)
+ continue;
+ if (*pm == EOS) {
+ /*
+ * We could not find a matching RBRACKET.
+ * Ignore and just look for RBRACE
+ */
+ pm = pl;
+ }
+ break;
+
+ case LBRACE:
+ i++;
+ break;
+
+ case RBRACE:
+ if (i) {
+ i--;
+ break;
+ }
+ /* FALLTHROUGH */
+ case COMMA:
+ if (i && *pm == COMMA)
+ break;
+ else {
+ /* Append the current string */
+ for (lm = ls; (pl < pm); *lm++ = *pl++)
+ continue;
+
+ /*
+ * Append the rest of the pattern after the
+ * closing brace
+ */
+ for (pl = pe + 1; (*lm++ = *pl++) != EOS; )
+ continue;
+
+ /* Expand the current pattern */
+#ifdef DEBUG
+ qprintf("globexp2:", patbuf);
+#endif
+ *rv = globexp1(patbuf, pglob);
+
+ /* move after the comma, to the next string */
+ pl = pm + 1;
+ }
+ break;
+
+ default:
+ break;
+ }
+ }
+ *rv = 0;
+ return 0;
+}
+
+
+
+/*
+ * expand tilde from the passwd file.
+ */
+static const Char *
+globtilde(pattern, patbuf, patbuf_len, pglob)
+ const Char *pattern;
+ Char *patbuf;
+ size_t patbuf_len;
+ glob_t *pglob;
+{
+ struct passwd *pwd;
+ char *h;
+ const Char *p;
+ Char *b, *eb;
+
+ if (*pattern != TILDE || !(pglob->gl_flags & GLOB_TILDE))
+ return pattern;
+
+ /* Copy up to the end of the string or / */
+ eb = &patbuf[patbuf_len - 1];
+ for (p = pattern + 1, h = (char *) patbuf;
+ h < (char *)eb && *p && *p != SLASH; *h++ = *p++)
+ continue;
+
+ *h = EOS;
+
+ if (((char *) patbuf)[0] == EOS) {
+ /*
+ * handle a plain ~ or ~/ by expanding $HOME
+ * first and then trying the password file
+ */
+ if ((h = getenv("HOME")) == NULL) {
+ if ((pwd = sudo_getpwuid(getuid())) == NULL)
+ return pattern;
+ else
+ h = pwd->pw_dir;
+ }
+ } else {
+ /*
+ * Expand a ~user
+ */
+ if ((pwd = sudo_getpwnam((char*) patbuf)) == NULL)
+ return pattern;
+ else
+ h = pwd->pw_dir;
+ }
+
+ /* Copy the home directory */
+ for (b = patbuf; b < eb && *h; *b++ = *h++)
+ continue;
+
+ /* Append the rest of the pattern */
+ while (b < eb && (*b++ = *p++) != EOS)
+ continue;
+ *b = EOS;
+
+ return patbuf;
+}
+
+static int
+g_strncmp(s1, s2, n)
+ const Char *s1;
+ const char *s2;
+ size_t n;
+{
+ int rv = 0;
+
+ while (n--) {
+ rv = *(Char *)s1 - *(const unsigned char *)s2++;
+ if (rv)
+ break;
+ if (*s1++ == '\0')
+ break;
+ }
+ return rv;
+}
+
+static int
+g_charclass(patternp, bufnextp)
+ const Char **patternp;
+ Char **bufnextp;
+{
+ const Char *pattern = *patternp + 1;
+ Char *bufnext = *bufnextp;
+ const Char *colon;
+ struct cclass *cc;
+ size_t len;
+
+ if ((colon = g_strchr(pattern, ':')) == NULL || colon[1] != ']')
+ return 1; /* not a character class */
+
+ len = (size_t)(colon - pattern);
+ for (cc = cclasses; cc->name != NULL; cc++) {
+ if (!g_strncmp(pattern, cc->name, len) && cc->name[len] == '\0')
+ break;
+ }
+ if (cc->name == NULL)
+ return -1; /* invalid character class */
+ *bufnext++ = M_CLASS;
+ *bufnext++ = (Char)(cc - &cclasses[0]);
+ *bufnextp = bufnext;
+ *patternp += len + 3;
+
+ return 0;
+}
+
+/*
+ * The main glob() routine: compiles the pattern (optionally processing
+ * quotes), calls glob1() to do the real pattern matching, and finally
+ * sorts the list (unless unsorted operation is requested). Returns 0
+ * if things went well, nonzero if errors occurred. It is not an error
+ * to find no matches.
+ */
+static int
+glob0(pattern, pglob)
+ const Char *pattern;
+ glob_t *pglob;
+{
+ const Char *qpatnext;
+ int c, err, oldpathc;
+ Char *bufnext, patbuf[PATH_MAX];
+
+ qpatnext = globtilde(pattern, patbuf, PATH_MAX, pglob);
+ oldpathc = pglob->gl_pathc;
+ bufnext = patbuf;
+
+ /* We don't need to check for buffer overflow any more. */
+ while ((c = *qpatnext++) != EOS) {
+ switch (c) {
+ case LBRACKET:
+ c = *qpatnext;
+ if (c == NOT)
+ ++qpatnext;
+ if (*qpatnext == EOS ||
+ g_strchr(qpatnext+1, RBRACKET) == NULL) {
+ *bufnext++ = LBRACKET;
+ if (c == NOT)
+ --qpatnext;
+ break;
+ }
+ *bufnext++ = M_SET;
+ if (c == NOT)
+ *bufnext++ = M_NOT;
+ c = *qpatnext++;
+ do {
+ if (c == LBRACKET && *qpatnext == ':') {
+ do {
+ err = g_charclass(&qpatnext,
+ &bufnext);
+ if (err)
+ break;
+ c = *qpatnext++;
+ } while (c == LBRACKET && *qpatnext == ':');
+ if (err == -1 &&
+ !(pglob->gl_flags & GLOB_NOCHECK))
+ return GLOB_NOMATCH;
+ if (c == RBRACKET)
+ break;
+ }
+ *bufnext++ = CHAR(c);
+ if (*qpatnext == RANGE &&
+ (c = qpatnext[1]) != RBRACKET) {
+ *bufnext++ = M_RNG;
+ *bufnext++ = CHAR(c);
+ qpatnext += 2;
+ }
+ } while ((c = *qpatnext++) != RBRACKET);
+ pglob->gl_flags |= GLOB_MAGCHAR;
+ *bufnext++ = M_END;
+ break;
+ case QUESTION:
+ pglob->gl_flags |= GLOB_MAGCHAR;
+ *bufnext++ = M_ONE;
+ break;
+ case STAR:
+ pglob->gl_flags |= GLOB_MAGCHAR;
+ /* collapse adjacent stars to one,
+ * to avoid exponential behavior
+ */
+ if (bufnext == patbuf || bufnext[-1] != M_ALL)
+ *bufnext++ = M_ALL;
+ break;
+ default:
+ *bufnext++ = CHAR(c);
+ break;
+ }
+ }
+ *bufnext = EOS;
+#ifdef DEBUG
+ qprintf("glob0:", patbuf);
+#endif
+
+ if ((err = glob1(patbuf, patbuf + PATH_MAX - 1, pglob)) != 0)
+ return(err);
+
+ /*
+ * If there was no match we are going to append the pattern
+ * if GLOB_NOCHECK was specified.
+ */
+ if (pglob->gl_pathc == oldpathc) {
+ if (pglob->gl_flags & GLOB_NOCHECK)
+ return(globextend(pattern, pglob));
+ else
+ return(GLOB_NOMATCH);
+ }
+ if (!(pglob->gl_flags & GLOB_NOSORT))
+ qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+ pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+ return(0);
+}
+
+static int
+compare(p, q)
+ const void *p, *q;
+{
+ return(strcmp(*(char **)p, *(char **)q));
+}
+
+static int
+glob1(pattern, pattern_last, pglob)
+ Char *pattern, *pattern_last;
+ glob_t *pglob;
+{
+ Char pathbuf[PATH_MAX];
+
+ /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+ if (*pattern == EOS)
+ return(0);
+ return(glob2(pathbuf, pathbuf + PATH_MAX - 1,
+ pathbuf, pathbuf + PATH_MAX - 1,
+ pattern, pattern_last, pglob));
+}
+
+/*
+ * The functions glob2 and glob3 are mutually recursive; there is one level
+ * of recursion for each segment in the pattern that contains one or more
+ * meta characters.
+ */
+static int
+glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last, pglob)
+ Char *pathbuf, *pathbuf_last;
+ Char *pathend, *pathend_last;
+ Char *pattern, *pattern_last;
+ glob_t *pglob;
+{
+ struct stat sb;
+ Char *p, *q;
+ int anymeta;
+
+ /*
+ * Loop over pattern segments until end of pattern or until
+ * segment with meta character found.
+ */
+ for (anymeta = 0;;) {
+ if (*pattern == EOS) { /* End of pattern? */
+ *pathend = EOS;
+ if (g_lstat(pathbuf, &sb, pglob))
+ return(0);
+
+ if (((pglob->gl_flags & GLOB_MARK) &&
+ pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) ||
+ (S_ISLNK(sb.st_mode) &&
+ (g_stat(pathbuf, &sb, pglob) == 0) &&
+ S_ISDIR(sb.st_mode)))) {
+ if (pathend+1 > pathend_last)
+ return (1);
+ *pathend++ = SEP;
+ *pathend = EOS;
+ }
+ ++pglob->gl_matchc;
+ return(globextend(pathbuf, pglob));
+ }
+
+ /* Find end of next segment, copy tentatively to pathend. */
+ q = pathend;
+ p = pattern;
+ while (*p != EOS && *p != SEP) {
+ if (ismeta(*p))
+ anymeta = 1;
+ if (q+1 > pathend_last)
+ return (1);
+ *q++ = *p++;
+ }
+
+ if (!anymeta) { /* No expansion, do next segment. */
+ pathend = q;
+ pattern = p;
+ while (*pattern == SEP) {
+ if (pathend+1 > pathend_last)
+ return (1);
+ *pathend++ = *pattern++;
+ }
+ } else
+ /* Need expansion, recurse. */
+ return(glob3(pathbuf, pathbuf_last, pathend,
+ pathend_last, pattern, pattern_last,
+ p, pattern_last, pglob));
+ }
+ /* NOTREACHED */
+}
+
+static int
+glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
+ restpattern, restpattern_last, pglob)
+ Char *pathbuf, *pathbuf_last, *pathend, *pathend_last;
+ Char *pattern, *pattern_last, *restpattern, *restpattern_last;
+ glob_t *pglob;
+{
+ struct dirent *dp;
+ DIR *dirp;
+ int err;
+ char buf[PATH_MAX];
+
+ if (pathend > pathend_last)
+ return (1);
+ *pathend = EOS;
+ errno = 0;
+
+ if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+ /* TODO: don't call for ENOENT or ENOTDIR? */
+ if (pglob->gl_errfunc) {
+ if (g_Ctoc(pathbuf, buf, sizeof(buf)))
+ return(GLOB_ABORTED);
+ if (pglob->gl_errfunc(buf, errno) ||
+ pglob->gl_flags & GLOB_ERR)
+ return(GLOB_ABORTED);
+ }
+ return(0);
+ }
+
+ err = 0;
+
+ /* Search directory for matching names. */
+ while ((dp = readdir(dirp))) {
+ unsigned char *sc;
+ Char *dc;
+
+ /* Initial DOT must be matched literally. */
+ if (dp->d_name[0] == DOT && *pattern != DOT)
+ continue;
+ dc = pathend;
+ sc = (unsigned char *) dp->d_name;
+ while (dc < pathend_last && (*dc++ = *sc++) != EOS)
+ continue;
+ if (dc >= pathend_last) {
+ *dc = EOS;
+ err = 1;
+ break;
+ }
+
+ if (!match(pathend, pattern, restpattern)) {
+ *pathend = EOS;
+ continue;
+ }
+ err = glob2(pathbuf, pathbuf_last, --dc, pathend_last,
+ restpattern, restpattern_last, pglob);
+ if (err)
+ break;
+ }
+
+ closedir(dirp);
+ return(err);
+}
+
+/*
+ * Extend the gl_pathv member of a glob_t structure to accommodate a new item,
+ * add the new item, and update gl_pathc.
+ *
+ * This assumes the BSD realloc, which only copies the block when its size
+ * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
+ * behavior.
+ *
+ * Return 0 if new item added, error code if memory couldn't be allocated.
+ *
+ * Invariant of the glob_t structure:
+ * Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
+ * gl_pathv points to (gl_offs + gl_pathc + 1) items.
+ */
+static int
+globextend(path, pglob)
+ const Char *path;
+ glob_t *pglob;
+{
+ char **pathv;
+ int i;
+ unsigned int newsize, len;
+ char *copy;
+ const Char *p;
+
+ newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+ pathv = pglob->gl_pathv ?
+ (char **)realloc((char *)pglob->gl_pathv, newsize) :
+ (char **)malloc(newsize);
+ if (pathv == NULL) {
+ if (pglob->gl_pathv) {
+ free(pglob->gl_pathv);
+ pglob->gl_pathv = NULL;
+ }
+ return(GLOB_NOSPACE);
+ }
+
+ if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+ /* first time around -- clear initial gl_offs items */
+ pathv += pglob->gl_offs;
+ for (i = pglob->gl_offs; --i >= 0; )
+ *--pathv = NULL;
+ }
+ pglob->gl_pathv = pathv;
+
+ for (p = path; *p++;)
+ continue;
+ len = (size_t)(p - path);
+ if ((copy = malloc(len)) != NULL) {
+ if (g_Ctoc(path, copy, len)) {
+ free(copy);
+ return(GLOB_NOSPACE);
+ }
+ pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+ }
+ pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+
+ return(copy == NULL ? GLOB_NOSPACE : 0);
+}
+
+/*
+ * pattern matching function for filenames. Each occurrence of the *
+ * pattern causes a recursion level.
+ */
+static int
+match(name, pat, patend)
+ Char *name, *pat, *patend;
+{
+ int ok, negate_range;
+ Char c, k;
+
+ while (pat < patend) {
+ c = *pat++;
+ switch (c & M_MASK) {
+ case M_ALL:
+ if (pat == patend)
+ return(1);
+ do {
+ if (match(name, pat, patend))
+ return(1);
+ } while (*name++ != EOS);
+ return(0);
+ case M_ONE:
+ if (*name++ == EOS)
+ return(0);
+ break;
+ case M_SET:
+ ok = 0;
+ if ((k = *name++) == EOS)
+ return(0);
+ if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS)
+ ++pat;
+ while (((c = *pat++) & M_MASK) != M_END) {
+ if ((c & M_MASK) == M_CLASS) {
+ int idx = *pat & M_MASK;
+ if (idx < NCCLASSES &&
+ cclasses[idx].isctype(k))
+ ok = 1;
+ ++pat;
+ }
+ if ((*pat & M_MASK) == M_RNG) {
+ if (c <= k && k <= pat[1])
+ ok = 1;
+ pat += 2;
+ } else if (c == k)
+ ok = 1;
+ }
+ if (ok == negate_range)
+ return(0);
+ break;
+ default:
+ if (*name++ != c)
+ return(0);
+ break;
+ }
+ }
+ return(*name == EOS);
+}
+
+/* Free allocated data belonging to a glob_t structure. */
+void
+globfree(pglob)
+ glob_t *pglob;
+{
+ int i;
+ char **pp;
+
+ if (pglob->gl_pathv != NULL) {
+ pp = pglob->gl_pathv + pglob->gl_offs;
+ for (i = pglob->gl_pathc; i--; ++pp)
+ if (*pp)
+ free(*pp);
+ free(pglob->gl_pathv);
+ pglob->gl_pathv = NULL;
+ }
+}
+
+static DIR *
+g_opendir(str, pglob)
+ Char *str;
+ glob_t *pglob;
+{
+ char buf[PATH_MAX];
+
+ if (!*str) {
+ buf[0] = '.';
+ buf[1] = '\0';
+ } else {
+ if (g_Ctoc(str, buf, sizeof(buf)))
+ return(NULL);
+ }
+ return(opendir(buf));
+}
+
+static int
+g_lstat(fn, sb, pglob)
+ Char *fn;
+ struct stat *sb;
+ glob_t *pglob;
+{
+ char buf[PATH_MAX];
+
+ if (g_Ctoc(fn, buf, sizeof(buf)))
+ return(-1);
+ return(lstat(buf, sb));
+}
+
+static int
+g_stat(fn, sb, pglob)
+ Char *fn;
+ struct stat *sb;
+ glob_t *pglob;
+{
+ char buf[PATH_MAX];
+
+ if (g_Ctoc(fn, buf, sizeof(buf)))
+ return(-1);
+ return(stat(buf, sb));
+}
+
+static Char *
+g_strchr(str, ch)
+ const Char *str;
+ int ch;
+{
+ do {
+ if (*str == ch)
+ return ((Char *)str);
+ } while (*str++);
+ return (NULL);
+}
+
+static int
+g_Ctoc(str, buf, len)
+ const Char *str;
+ char *buf;
+ unsigned int len;
+{
+
+ while (len--) {
+ if ((*buf++ = *str++) == EOS)
+ return (0);
+ }
+ return (1);
+}
+
+#ifdef DEBUG
+static void
+qprintf(str, s)
+ const char *str;
+ Char *s;
+{
+ Char *p;
+
+ (void)printf("%s:\n", str);
+ for (p = s; *p; p++)
+ (void)printf("%c", CHAR(*p));
+ (void)printf("\n");
+ for (p = s; *p; p++)
+ (void)printf("%c", *p & M_PROTECT ? '"' : ' ');
+ (void)printf("\n");
+ for (p = s; *p; p++)
+ (void)printf("%c", ismeta(*p) ? '_' : ' ');
+ (void)printf("\n");
+}
+#endif
diff --git a/sudo-1.7.4p4/goodpath.c b/sudo-1.7.4p4/goodpath.c
new file mode 100644
index 0000000..1971314
--- /dev/null
+++ b/sudo-1.7.4p4/goodpath.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <errno.h>
+
+#include "sudo.h"
+
+/*
+ * Verify that path is a normal file and executable by root.
+ */
+char *
+sudo_goodpath(path, sbp)
+ const char *path;
+ struct stat *sbp;
+{
+ struct stat sb;
+
+ /* Check for brain damage */
+ if (path == NULL || path[0] == '\0')
+ return(NULL);
+
+ if (stat(path, &sb))
+ return(NULL);
+
+ /* Make sure path describes an executable regular file. */
+ if (!S_ISREG(sb.st_mode) || !(sb.st_mode & 0000111)) {
+ errno = EACCES;
+ return(NULL);
+ }
+
+ if (sbp != NULL)
+ (void) memcpy(sbp, &sb, sizeof(struct stat));
+ return((char *)path);
+}
diff --git a/sudo-1.7.4p4/gram.c b/sudo-1.7.4p4/gram.c
new file mode 100644
index 0000000..d2e8b46
--- /dev/null
+++ b/sudo-1.7.4p4/gram.c
@@ -0,0 +1,1665 @@
+#include <stdlib.h>
+#include <string.h>
+#define YYBYACC 1
+#define YYMAJOR 1
+#define YYMINOR 9
+#define YYLEX yylex()
+#define YYEMPTY -1
+#define yyclearin (yychar=(YYEMPTY))
+#define yyerrok (yyerrflag=0)
+#define YYRECOVERING() (yyerrflag!=0)
+#define YYPREFIX "yy"
+#line 2 "gram.y"
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
+# include <alloca.h>
+#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
+#include <limits.h>
+
+#include "sudo.h"
+#include "parse.h"
+
+/*
+ * We must define SIZE_MAX for yacc's skeleton.c.
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x).
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+# define SIZE_MAX SIZE_T_MAX
+# else
+# define SIZE_MAX INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
+
+/*
+ * Globals
+ */
+extern int sudolineno;
+extern char *sudoers;
+int parse_error;
+int pedantic = FALSE;
+int verbose = FALSE;
+int errorlineno = -1;
+char *errorfile = NULL;
+
+struct defaults_list defaults;
+struct userspec_list userspecs;
+
+/*
+ * Local protoypes
+ */
+static void add_defaults __P((int, struct member *, struct defaults *));
+static void add_userspec __P((struct member *, struct privilege *));
+static struct defaults *new_default __P((char *, char *, int));
+static struct member *new_member __P((char *, int));
+ void yyerror __P((const char *));
+
+void
+yyerror(s)
+ const char *s;
+{
+ /* Save the line the first error occurred on. */
+ if (errorlineno == -1) {
+ errorlineno = sudolineno ? sudolineno - 1 : 0;
+ errorfile = estrdup(sudoers);
+ }
+ if (verbose && s != NULL) {
+#ifndef TRACELEXER
+ (void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
+ sudolineno ? sudolineno - 1 : 0);
+#else
+ (void) fprintf(stderr, "<*> ");
+#endif
+ }
+ parse_error = TRUE;
+}
+#line 112 "gram.y"
+#ifndef YYSTYPE_DEFINED
+#define YYSTYPE_DEFINED
+typedef union {
+ struct cmndspec *cmndspec;
+ struct defaults *defaults;
+ struct member *member;
+ struct runascontainer *runas;
+ struct privilege *privilege;
+ struct sudo_command command;
+ struct cmndtag tag;
+ struct selinux_info seinfo;
+ char *string;
+ int tok;
+} YYSTYPE;
+#endif /* YYSTYPE_DEFINED */
+#line 138 "y.tab.c"
+#define COMMAND 257
+#define ALIAS 258
+#define DEFVAR 259
+#define NTWKADDR 260
+#define NETGROUP 261
+#define USERGROUP 262
+#define WORD 263
+#define DEFAULTS 264
+#define DEFAULTS_HOST 265
+#define DEFAULTS_USER 266
+#define DEFAULTS_RUNAS 267
+#define DEFAULTS_CMND 268
+#define NOPASSWD 269
+#define PASSWD 270
+#define NOEXEC 271
+#define EXEC 272
+#define SETENV 273
+#define NOSETENV 274
+#define LOG_INPUT 275
+#define NOLOG_INPUT 276
+#define LOG_OUTPUT 277
+#define NOLOG_OUTPUT 278
+#define ALL 279
+#define COMMENT 280
+#define HOSTALIAS 281
+#define CMNDALIAS 282
+#define USERALIAS 283
+#define RUNASALIAS 284
+#define ERROR 285
+#define TYPE 286
+#define ROLE 287
+#define YYERRCODE 256
+#if defined(__cplusplus) || defined(__STDC__)
+const short yylhs[] =
+#else
+short yylhs[] =
+#endif
+ { -1,
+ 0, 0, 25, 25, 26, 26, 26, 26, 26, 26,
+ 26, 26, 26, 26, 26, 26, 4, 4, 3, 3,
+ 3, 3, 3, 20, 20, 19, 10, 10, 8, 8,
+ 8, 8, 8, 2, 2, 1, 6, 6, 23, 24,
+ 22, 22, 22, 22, 22, 17, 17, 18, 18, 18,
+ 21, 21, 21, 21, 21, 21, 21, 21, 21, 21,
+ 21, 5, 5, 5, 28, 28, 31, 9, 9, 29,
+ 29, 32, 7, 7, 30, 30, 33, 27, 27, 34,
+ 13, 13, 11, 11, 12, 12, 12, 12, 12, 16,
+ 16, 14, 14, 15, 15, 15,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yylen[] =
+#else
+short yylen[] =
+#endif
+ { 2,
+ 0, 1, 1, 2, 1, 2, 2, 2, 2, 2,
+ 2, 2, 3, 3, 3, 3, 1, 3, 1, 2,
+ 3, 3, 3, 1, 3, 3, 1, 2, 1, 1,
+ 1, 1, 1, 1, 3, 4, 1, 2, 3, 3,
+ 0, 1, 1, 2, 2, 0, 3, 1, 3, 2,
+ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 1, 1, 1, 1, 3, 3, 1, 3, 1,
+ 3, 3, 1, 3, 1, 3, 3, 1, 3, 3,
+ 1, 3, 1, 2, 1, 1, 1, 1, 1, 1,
+ 3, 1, 2, 1, 1, 1,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yydefred[] =
+#else
+short yydefred[] =
+#endif
+ { 0,
+ 0, 85, 87, 88, 89, 0, 0, 0, 0, 0,
+ 86, 5, 0, 0, 0, 0, 0, 0, 81, 83,
+ 0, 0, 3, 6, 0, 0, 17, 0, 29, 32,
+ 31, 33, 30, 0, 27, 0, 68, 0, 0, 64,
+ 63, 62, 0, 37, 73, 0, 0, 0, 65, 0,
+ 0, 70, 0, 0, 78, 0, 0, 75, 84, 0,
+ 0, 24, 0, 4, 0, 0, 0, 20, 0, 28,
+ 0, 0, 0, 0, 38, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 82, 0, 0, 21, 22,
+ 23, 18, 69, 74, 0, 66, 0, 71, 0, 79,
+ 0, 76, 0, 34, 0, 0, 25, 0, 0, 0,
+ 0, 0, 0, 51, 0, 0, 94, 96, 95, 0,
+ 90, 92, 0, 0, 47, 35, 0, 0, 0, 44,
+ 45, 93, 0, 0, 40, 39, 52, 53, 54, 55,
+ 56, 57, 58, 59, 60, 61, 36, 91,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yydgoto[] =
+#else
+short yydgoto[] =
+#endif
+ { 18,
+ 104, 105, 27, 28, 44, 45, 46, 35, 61, 37,
+ 19, 20, 21, 121, 122, 123, 106, 110, 62, 63,
+ 129, 114, 115, 116, 22, 23, 54, 48, 51, 57,
+ 49, 52, 58, 55,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yysindex[] =
+#else
+short yysindex[] =
+#endif
+ { 475,
+ -270, 0, 0, 0, 0, -29, 567, 594, 594, -2,
+ 0, 0, -240, -222, -216, -212, -241, 0, 0, 0,
+ -25, 475, 0, 0, -10, -207, 0, 9, 0, 0,
+ 0, 0, 0, -235, 0, -33, 0, -31, -31, 0,
+ 0, 0, -242, 0, 0, -30, -7, 3, 0, -6,
+ 4, 0, -5, 6, 0, -1, 8, 0, 0, 594,
+ -20, 0, 10, 0, -205, -196, -194, 0, -29, 0,
+ 567, 9, 9, 9, 0, -2, 9, 567, -240, -2,
+ -222, 594, -216, 594, -212, 0, 31, 567, 0, 0,
+ 0, 0, 0, 0, 26, 0, 28, 0, 29, 0,
+ 29, 0, 541, 0, 32, -247, 0, 86, -15, 33,
+ 31, 14, 16, 0, -208, -204, 0, 0, 0, -231,
+ 0, 0, 38, 86, 0, 0, -179, -178, 491, 0,
+ 0, 0, 86, 38, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yyrindex[] =
+#else
+short yyrindex[] =
+#endif
+ { 87,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 90, 0, 0, 1, 0, 0, 177, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 207, 0, 0,
+ 237, 0, 0, 271, 0, 0, 300, 0, 0, 0,
+ 0, 0, 329, 0, 0, 0, 0, 0, 0, 0,
+ 0, 358, 387, 417, 0, 0, 446, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, -26, 0, 0, 0,
+ 0, 0, 0, 0, 30, 0, 59, 0, 89, 0,
+ 118, 0, 0, 0, 148, 514, 0, 0, 45, 0,
+ -26, 0, 0, 0, 537, 565, 0, 0, 0, 0,
+ 0, 0, 50, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 52, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yygindex[] =
+#else
+short yygindex[] =
+#endif
+ { 0,
+ -17, 0, 27, 11, 54, -64, 15, 64, 2, 34,
+ 39, 84, -3, -27, -18, -21, 0, 0, 19, 0,
+ 0, 0, -12, -4, 0, 88, 0, 0, 0, 0,
+ 35, 40, 23, 37,
+};
+#define YYTABLESIZE 873
+#if defined(__cplusplus) || defined(__STDC__)
+const short yytable[] =
+#else
+short yytable[] =
+#endif
+ { 26,
+ 19, 26, 26, 26, 38, 39, 46, 34, 36, 24,
+ 71, 94, 60, 76, 40, 41, 2, 47, 60, 3,
+ 4, 5, 29, 71, 30, 31, 117, 32, 60, 67,
+ 43, 118, 66, 19, 67, 50, 42, 11, 112, 113,
+ 87, 53, 124, 33, 19, 56, 72, 119, 73, 74,
+ 65, 68, 69, 78, 80, 82, 77, 89, 72, 84,
+ 79, 81, 67, 83, 147, 85, 90, 88, 91, 71,
+ 103, 76, 60, 125, 127, 111, 128, 112, 99, 95,
+ 101, 133, 113, 135, 136, 48, 1, 67, 80, 2,
+ 50, 72, 49, 126, 97, 92, 75, 70, 86, 109,
+ 59, 132, 134, 131, 93, 148, 107, 102, 0, 64,
+ 130, 0, 0, 96, 0, 0, 72, 77, 120, 100,
+ 98, 80, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 80, 26, 0, 0,
+ 77, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 77, 12, 0, 0, 0,
+ 26, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 26, 9, 0, 0, 12,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 25, 0, 25, 25, 25,
+ 46, 46, 29, 0, 30, 31, 10, 32, 0, 9,
+ 0, 0, 46, 46, 46, 46, 46, 46, 46, 46,
+ 46, 46, 46, 33, 40, 41, 19, 0, 19, 46,
+ 46, 19, 19, 19, 19, 19, 19, 19, 19, 10,
+ 8, 0, 0, 0, 0, 0, 42, 0, 0, 19,
+ 19, 19, 19, 19, 19, 67, 0, 67, 0, 0,
+ 67, 67, 67, 67, 67, 67, 67, 67, 0, 11,
+ 0, 0, 0, 8, 0, 0, 0, 0, 67, 67,
+ 67, 67, 67, 67, 72, 0, 72, 0, 0, 72,
+ 72, 72, 72, 72, 72, 72, 72, 0, 7, 0,
+ 0, 0, 11, 0, 0, 0, 0, 72, 72, 72,
+ 72, 72, 72, 117, 80, 0, 80, 0, 118, 80,
+ 80, 80, 80, 80, 80, 80, 80, 15, 0, 0,
+ 0, 7, 0, 0, 119, 0, 0, 80, 80, 80,
+ 80, 80, 80, 77, 0, 77, 0, 0, 77, 77,
+ 77, 77, 77, 77, 77, 77, 13, 0, 0, 0,
+ 15, 0, 0, 0, 0, 0, 77, 77, 77, 77,
+ 77, 77, 0, 26, 0, 26, 0, 0, 26, 26,
+ 26, 26, 26, 26, 26, 26, 14, 0, 0, 13,
+ 0, 0, 0, 0, 0, 0, 26, 26, 26, 26,
+ 26, 26, 12, 0, 12, 0, 0, 12, 12, 12,
+ 12, 12, 12, 12, 12, 16, 0, 0, 0, 14,
+ 0, 0, 0, 0, 0, 12, 12, 12, 12, 12,
+ 12, 0, 9, 0, 9, 0, 0, 9, 9, 9,
+ 9, 9, 9, 9, 9, 0, 0, 0, 16, 0,
+ 0, 0, 0, 0, 0, 9, 9, 9, 9, 9,
+ 9, 0, 10, 0, 10, 0, 0, 10, 10, 10,
+ 10, 10, 10, 10, 10, 0, 0, 17, 0, 0,
+ 0, 0, 0, 0, 0, 10, 10, 10, 10, 10,
+ 10, 0, 0, 43, 0, 0, 8, 0, 8, 0,
+ 0, 8, 8, 8, 8, 8, 8, 8, 8, 0,
+ 0, 0, 0, 0, 0, 0, 41, 0, 0, 8,
+ 8, 8, 8, 8, 8, 11, 0, 11, 0, 0,
+ 11, 11, 11, 11, 11, 11, 11, 11, 0, 42,
+ 0, 0, 0, 17, 0, 0, 0, 0, 11, 11,
+ 11, 11, 11, 11, 7, 0, 7, 0, 0, 7,
+ 7, 7, 7, 7, 7, 7, 7, 43, 108, 34,
+ 0, 0, 0, 0, 0, 0, 0, 7, 7, 7,
+ 7, 7, 7, 15, 0, 15, 0, 0, 15, 15,
+ 15, 15, 15, 15, 15, 15, 17, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 15, 15, 15, 15,
+ 15, 15, 13, 0, 13, 0, 0, 13, 13, 13,
+ 13, 13, 13, 13, 13, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 13, 13, 13, 13, 13,
+ 13, 0, 14, 0, 14, 0, 0, 14, 14, 14,
+ 14, 14, 14, 14, 14, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 14, 14, 14, 14, 14,
+ 14, 16, 0, 16, 0, 0, 16, 16, 16, 16,
+ 16, 16, 16, 16, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 16, 16, 16, 16, 16, 16,
+ 1, 0, 2, 0, 0, 3, 4, 5, 6, 7,
+ 8, 9, 10, 0, 0, 0, 0, 40, 41, 0,
+ 0, 0, 0, 11, 12, 13, 14, 15, 16, 137,
+ 138, 139, 140, 141, 142, 143, 144, 145, 146, 42,
+ 41, 41, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 41, 41, 41, 41, 41, 41, 41, 41,
+ 41, 41, 41, 42, 42, 0, 0, 0, 2, 0,
+ 0, 3, 4, 5, 0, 42, 42, 42, 42, 42,
+ 42, 42, 42, 42, 42, 42, 0, 0, 0, 11,
+ 0, 43, 43, 0, 29, 0, 30, 31, 0, 32,
+ 0, 0, 0, 43, 43, 43, 43, 43, 43, 43,
+ 43, 43, 43, 43, 0, 33, 0, 0, 0, 0,
+ 0, 2, 0, 0, 3, 4, 5, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 11,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yycheck[] =
+#else
+short yycheck[] =
+#endif
+ { 33,
+ 0, 33, 33, 33, 8, 9, 33, 33, 7, 280,
+ 44, 76, 44, 44, 257, 258, 258, 258, 44, 261,
+ 262, 263, 258, 44, 260, 261, 258, 263, 44, 0,
+ 33, 263, 43, 33, 45, 258, 279, 279, 286, 287,
+ 61, 258, 58, 279, 44, 258, 36, 279, 38, 39,
+ 61, 259, 44, 61, 61, 61, 46, 263, 0, 61,
+ 58, 58, 33, 58, 129, 58, 263, 58, 263, 44,
+ 40, 44, 44, 41, 61, 44, 61, 286, 82, 78,
+ 84, 44, 287, 263, 263, 41, 0, 58, 0, 0,
+ 41, 33, 41, 111, 80, 69, 43, 34, 60, 103,
+ 17, 120, 124, 116, 71, 133, 88, 85, -1, 22,
+ 115, -1, -1, 79, -1, -1, 58, 0, 33, 83,
+ 81, 33, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 58, 0, -1, -1,
+ 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 58, 0, -1, -1, -1,
+ 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 58, 0, -1, -1, 33,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 259, -1, 259, 259, 259,
+ 257, 258, 258, -1, 260, 261, 0, 263, -1, 33,
+ -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
+ 277, 278, 279, 279, 257, 258, 256, -1, 258, 286,
+ 287, 261, 262, 263, 264, 265, 266, 267, 268, 33,
+ 0, -1, -1, -1, -1, -1, 279, -1, -1, 279,
+ 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
+ 261, 262, 263, 264, 265, 266, 267, 268, -1, 0,
+ -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
+ 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
+ 262, 263, 264, 265, 266, 267, 268, -1, 0, -1,
+ -1, -1, 33, -1, -1, -1, -1, 279, 280, 281,
+ 282, 283, 284, 258, 256, -1, 258, -1, 263, 261,
+ 262, 263, 264, 265, 266, 267, 268, 0, -1, -1,
+ -1, 33, -1, -1, 279, -1, -1, 279, 280, 281,
+ 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
+ 263, 264, 265, 266, 267, 268, 0, -1, -1, -1,
+ 33, -1, -1, -1, -1, -1, 279, 280, 281, 282,
+ 283, 284, -1, 256, -1, 258, -1, -1, 261, 262,
+ 263, 264, 265, 266, 267, 268, 0, -1, -1, 33,
+ -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
+ 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
+ 264, 265, 266, 267, 268, 0, -1, -1, -1, 33,
+ -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+ 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
+ 264, 265, 266, 267, 268, -1, -1, -1, 33, -1,
+ -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+ 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
+ 264, 265, 266, 267, 268, -1, -1, 33, -1, -1,
+ -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+ 284, -1, -1, 33, -1, -1, 256, -1, 258, -1,
+ -1, 261, 262, 263, 264, 265, 266, 267, 268, -1,
+ -1, -1, -1, -1, -1, -1, 33, -1, -1, 279,
+ 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
+ 261, 262, 263, 264, 265, 266, 267, 268, -1, 33,
+ -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
+ 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
+ 262, 263, 264, 265, 266, 267, 268, 33, 58, 33,
+ -1, -1, -1, -1, -1, -1, -1, 279, 280, 281,
+ 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
+ 263, 264, 265, 266, 267, 268, 33, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
+ 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
+ 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+ 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
+ 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+ 284, 256, -1, 258, -1, -1, 261, 262, 263, 264,
+ 265, 266, 267, 268, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, 279, 280, 281, 282, 283, 284,
+ 256, -1, 258, -1, -1, 261, 262, 263, 264, 265,
+ 266, 267, 268, -1, -1, -1, -1, 257, 258, -1,
+ -1, -1, -1, 279, 280, 281, 282, 283, 284, 269,
+ 270, 271, 272, 273, 274, 275, 276, 277, 278, 279,
+ 257, 258, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
+ 277, 278, 279, 257, 258, -1, -1, -1, 258, -1,
+ -1, 261, 262, 263, -1, 269, 270, 271, 272, 273,
+ 274, 275, 276, 277, 278, 279, -1, -1, -1, 279,
+ -1, 257, 258, -1, 258, -1, 260, 261, -1, 263,
+ -1, -1, -1, 269, 270, 271, 272, 273, 274, 275,
+ 276, 277, 278, 279, -1, 279, -1, -1, -1, -1,
+ -1, 258, -1, -1, 261, 262, 263, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, 279,
+};
+#define YYFINAL 18
+#ifndef YYDEBUG
+#define YYDEBUG 0
+#endif
+#define YYMAXTOKEN 287
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const yyname[] =
+#else
+char *yyname[] =
+#endif
+ {
+"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+"'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",
+0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
+"DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD",
+"PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT",
+"LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS",
+"RUNASALIAS","ERROR","TYPE","ROLE",
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const yyrule[] =
+#else
+char *yyrule[] =
+#endif
+ {"$accept : file",
+"file :",
+"file : line",
+"line : entry",
+"line : line entry",
+"entry : COMMENT",
+"entry : error COMMENT",
+"entry : userlist privileges",
+"entry : USERALIAS useraliases",
+"entry : HOSTALIAS hostaliases",
+"entry : CMNDALIAS cmndaliases",
+"entry : RUNASALIAS runasaliases",
+"entry : DEFAULTS defaults_list",
+"entry : DEFAULTS_USER userlist defaults_list",
+"entry : DEFAULTS_RUNAS userlist defaults_list",
+"entry : DEFAULTS_HOST hostlist defaults_list",
+"entry : DEFAULTS_CMND cmndlist defaults_list",
+"defaults_list : defaults_entry",
+"defaults_list : defaults_list ',' defaults_entry",
+"defaults_entry : DEFVAR",
+"defaults_entry : '!' DEFVAR",
+"defaults_entry : DEFVAR '=' WORD",
+"defaults_entry : DEFVAR '+' WORD",
+"defaults_entry : DEFVAR '-' WORD",
+"privileges : privilege",
+"privileges : privileges ':' privilege",
+"privilege : hostlist '=' cmndspeclist",
+"ophost : host",
+"ophost : '!' host",
+"host : ALIAS",
+"host : ALL",
+"host : NETGROUP",
+"host : NTWKADDR",
+"host : WORD",
+"cmndspeclist : cmndspec",
+"cmndspeclist : cmndspeclist ',' cmndspec",
+"cmndspec : runasspec selinux cmndtag opcmnd",
+"opcmnd : cmnd",
+"opcmnd : '!' cmnd",
+"rolespec : ROLE '=' WORD",
+"typespec : TYPE '=' WORD",
+"selinux :",
+"selinux : rolespec",
+"selinux : typespec",
+"selinux : rolespec typespec",
+"selinux : typespec rolespec",
+"runasspec :",
+"runasspec : '(' runaslist ')'",
+"runaslist : userlist",
+"runaslist : userlist ':' grouplist",
+"runaslist : ':' grouplist",
+"cmndtag :",
+"cmndtag : cmndtag NOPASSWD",
+"cmndtag : cmndtag PASSWD",
+"cmndtag : cmndtag NOEXEC",
+"cmndtag : cmndtag EXEC",
+"cmndtag : cmndtag SETENV",
+"cmndtag : cmndtag NOSETENV",
+"cmndtag : cmndtag LOG_INPUT",
+"cmndtag : cmndtag NOLOG_INPUT",
+"cmndtag : cmndtag LOG_OUTPUT",
+"cmndtag : cmndtag NOLOG_OUTPUT",
+"cmnd : ALL",
+"cmnd : ALIAS",
+"cmnd : COMMAND",
+"hostaliases : hostalias",
+"hostaliases : hostaliases ':' hostalias",
+"hostalias : ALIAS '=' hostlist",
+"hostlist : ophost",
+"hostlist : hostlist ',' ophost",
+"cmndaliases : cmndalias",
+"cmndaliases : cmndaliases ':' cmndalias",
+"cmndalias : ALIAS '=' cmndlist",
+"cmndlist : opcmnd",
+"cmndlist : cmndlist ',' opcmnd",
+"runasaliases : runasalias",
+"runasaliases : runasaliases ':' runasalias",
+"runasalias : ALIAS '=' userlist",
+"useraliases : useralias",
+"useraliases : useraliases ':' useralias",
+"useralias : ALIAS '=' userlist",
+"userlist : opuser",
+"userlist : userlist ',' opuser",
+"opuser : user",
+"opuser : '!' user",
+"user : ALIAS",
+"user : ALL",
+"user : NETGROUP",
+"user : USERGROUP",
+"user : WORD",
+"grouplist : opgroup",
+"grouplist : grouplist ',' opgroup",
+"opgroup : group",
+"opgroup : '!' group",
+"group : ALIAS",
+"group : ALL",
+"group : WORD",
+};
+#endif
+#ifdef YYSTACKSIZE
+#undef YYMAXDEPTH
+#define YYMAXDEPTH YYSTACKSIZE
+#else
+#ifdef YYMAXDEPTH
+#define YYSTACKSIZE YYMAXDEPTH
+#else
+#define YYSTACKSIZE 10000
+#define YYMAXDEPTH 10000
+#endif
+#endif
+#define YYINITSTACKSIZE 200
+/* LINTUSED */
+int yydebug;
+int yynerrs;
+int yyerrflag;
+int yychar;
+short *yyssp;
+YYSTYPE *yyvsp;
+YYSTYPE yyval;
+YYSTYPE yylval;
+short *yyss;
+short *yysslim;
+YYSTYPE *yyvs;
+int yystacksize;
+#line 606 "gram.y"
+static struct defaults *
+new_default(var, val, op)
+ char *var;
+ char *val;
+ int op;
+{
+ struct defaults *d;
+
+ d = emalloc(sizeof(struct defaults));
+ d->var = var;
+ d->val = val;
+ tq_init(&d->binding);
+ d->type = 0;
+ d->op = op;
+ d->prev = d;
+ d->next = NULL;
+
+ return(d);
+}
+
+static struct member *
+new_member(name, type)
+ char *name;
+ int type;
+{
+ struct member *m;
+
+ m = emalloc(sizeof(struct member));
+ m->name = name;
+ m->type = type;
+ m->prev = m;
+ m->next = NULL;
+
+ return(m);
+}
+
+/*
+ * Add a list of defaults structures to the defaults list.
+ * The binding, if non-NULL, specifies a list of hosts, users, or
+ * runas users the entries apply to (specified by the type).
+ */
+static void
+add_defaults(type, bmem, defs)
+ int type;
+ struct member *bmem;
+ struct defaults *defs;
+{
+ struct defaults *d;
+ struct member_list binding;
+
+ /*
+ * We can only call list2tq once on bmem as it will zero
+ * out the prev pointer when it consumes bmem.
+ */
+ list2tq(&binding, bmem);
+
+ /*
+ * Set type and binding (who it applies to) for new entries.
+ */
+ for (d = defs; d != NULL; d = d->next) {
+ d->type = type;
+ d->binding = binding;
+ }
+ tq_append(&defaults, defs);
+}
+
+/*
+ * Allocate a new struct userspec, populate it, and insert it at the
+ * and of the userspecs list.
+ */
+static void
+add_userspec(members, privs)
+ struct member *members;
+ struct privilege *privs;
+{
+ struct userspec *u;
+
+ u = emalloc(sizeof(*u));
+ list2tq(&u->users, members);
+ list2tq(&u->privileges, privs);
+ u->prev = u;
+ u->next = NULL;
+ tq_append(&userspecs, u);
+}
+
+/*
+ * Free up space used by data structures from a previous parser run and sets
+ * the current sudoers file to path.
+ */
+void
+init_parser(path, quiet)
+ char *path;
+ int quiet;
+{
+ struct defaults *d;
+ struct member *m, *binding;
+ struct userspec *us;
+ struct privilege *priv;
+ struct cmndspec *cs;
+ struct sudo_command *c;
+
+ while ((us = tq_pop(&userspecs)) != NULL) {
+ while ((m = tq_pop(&us->users)) != NULL) {
+ efree(m->name);
+ efree(m);
+ }
+ while ((priv = tq_pop(&us->privileges)) != NULL) {
+ struct member *runasuser = NULL, *runasgroup = NULL;
+#ifdef HAVE_SELINUX
+ char *role = NULL, *type = NULL;
+#endif /* HAVE_SELINUX */
+
+ while ((m = tq_pop(&priv->hostlist)) != NULL) {
+ efree(m->name);
+ efree(m);
+ }
+ while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
+#ifdef HAVE_SELINUX
+ /* Only free the first instance of a role/type. */
+ if (cs->role != role) {
+ role = cs->role;
+ efree(cs->role);
+ }
+ if (cs->type != type) {
+ type = cs->type;
+ efree(cs->type);
+ }
+#endif /* HAVE_SELINUX */
+ if (tq_last(&cs->runasuserlist) != runasuser) {
+ runasuser = tq_last(&cs->runasuserlist);
+ while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
+ efree(m->name);
+ efree(m);
+ }
+ }
+ if (tq_last(&cs->runasgrouplist) != runasgroup) {
+ runasgroup = tq_last(&cs->runasgrouplist);
+ while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
+ efree(m->name);
+ efree(m);
+ }
+ }
+ if (cs->cmnd->type == COMMAND) {
+ c = (struct sudo_command *) cs->cmnd->name;
+ efree(c->cmnd);
+ efree(c->args);
+ }
+ efree(cs->cmnd->name);
+ efree(cs->cmnd);
+ efree(cs);
+ }
+ efree(priv);
+ }
+ efree(us);
+ }
+ tq_init(&userspecs);
+
+ binding = NULL;
+ while ((d = tq_pop(&defaults)) != NULL) {
+ if (tq_last(&d->binding) != binding) {
+ binding = tq_last(&d->binding);
+ while ((m = tq_pop(&d->binding)) != NULL) {
+ if (m->type == COMMAND) {
+ c = (struct sudo_command *) m->name;
+ efree(c->cmnd);
+ efree(c->args);
+ }
+ efree(m->name);
+ efree(m);
+ }
+ }
+ efree(d->var);
+ efree(d->val);
+ efree(d);
+ }
+ tq_init(&defaults);
+
+ init_aliases();
+
+ init_lexer();
+
+ efree(sudoers);
+ sudoers = path ? estrdup(path) : NULL;
+
+ parse_error = FALSE;
+ errorlineno = -1;
+ errorfile = NULL;
+ sudolineno = 1;
+ verbose = !quiet;
+}
+#line 775 "y.tab.c"
+/* allocate initial stack or double stack size, up to YYMAXDEPTH */
+#if defined(__cplusplus) || defined(__STDC__)
+static int yygrowstack(void)
+#else
+static int yygrowstack()
+#endif
+{
+ int newsize, i;
+ short *newss;
+ YYSTYPE *newvs;
+
+ if ((newsize = yystacksize) == 0)
+ newsize = YYINITSTACKSIZE;
+ else if (newsize >= YYMAXDEPTH)
+ return -1;
+ else if ((newsize *= 2) > YYMAXDEPTH)
+ newsize = YYMAXDEPTH;
+ i = yyssp - yyss;
+#ifdef SIZE_MAX
+#define YY_SIZE_MAX SIZE_MAX
+#else
+#define YY_SIZE_MAX 0x7fffffff
+#endif
+ if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
+ goto bail;
+ newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
+ (short *)malloc(newsize * sizeof *newss); /* overflow check above */
+ if (newss == NULL)
+ goto bail;
+ yyss = newss;
+ yyssp = newss + i;
+ if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
+ goto bail;
+ newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
+ (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
+ if (newvs == NULL)
+ goto bail;
+ yyvs = newvs;
+ yyvsp = newvs + i;
+ yystacksize = newsize;
+ yysslim = yyss + newsize - 1;
+ return 0;
+bail:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return -1;
+}
+
+#define YYABORT goto yyabort
+#define YYREJECT goto yyabort
+#define YYACCEPT goto yyaccept
+#define YYERROR goto yyerrlab
+int
+#if defined(__cplusplus) || defined(__STDC__)
+yyparse(void)
+#else
+yyparse()
+#endif
+{
+ int yym, yyn, yystate;
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+ const char *yys;
+#else /* !(defined(__cplusplus) || defined(__STDC__)) */
+ char *yys;
+#endif /* !(defined(__cplusplus) || defined(__STDC__)) */
+
+ if ((yys = getenv("YYDEBUG")))
+ {
+ yyn = *yys;
+ if (yyn >= '0' && yyn <= '9')
+ yydebug = yyn - '0';
+ }
+#endif /* YYDEBUG */
+
+ yynerrs = 0;
+ yyerrflag = 0;
+ yychar = (-1);
+
+ if (yyss == NULL && yygrowstack()) goto yyoverflow;
+ yyssp = yyss;
+ yyvsp = yyvs;
+ *yyssp = yystate = 0;
+
+yyloop:
+ if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
+ if (yychar < 0)
+ {
+ if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+ if (yydebug)
+ {
+ yys = 0;
+ if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+ if (!yys) yys = "illegal-symbol";
+ printf("%sdebug: state %d, reading %d (%s)\n",
+ YYPREFIX, yystate, yychar, yys);
+ }
+#endif
+ }
+ if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: state %d, shifting to state %d\n",
+ YYPREFIX, yystate, yytable[yyn]);
+#endif
+ if (yyssp >= yysslim && yygrowstack())
+ {
+ goto yyoverflow;
+ }
+ *++yyssp = yystate = yytable[yyn];
+ *++yyvsp = yylval;
+ yychar = (-1);
+ if (yyerrflag > 0) --yyerrflag;
+ goto yyloop;
+ }
+ if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+ {
+ yyn = yytable[yyn];
+ goto yyreduce;
+ }
+ if (yyerrflag) goto yyinrecovery;
+#if defined(lint) || defined(__GNUC__)
+ goto yynewerror;
+#endif
+yynewerror:
+ yyerror("syntax error");
+#if defined(lint) || defined(__GNUC__)
+ goto yyerrlab;
+#endif
+yyerrlab:
+ ++yynerrs;
+yyinrecovery:
+ if (yyerrflag < 3)
+ {
+ yyerrflag = 3;
+ for (;;)
+ {
+ if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: state %d, error recovery shifting\
+ to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
+#endif
+ if (yyssp >= yysslim && yygrowstack())
+ {
+ goto yyoverflow;
+ }
+ *++yyssp = yystate = yytable[yyn];
+ *++yyvsp = yylval;
+ goto yyloop;
+ }
+ else
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: error recovery discarding state %d\n",
+ YYPREFIX, *yyssp);
+#endif
+ if (yyssp <= yyss) goto yyabort;
+ --yyssp;
+ --yyvsp;
+ }
+ }
+ }
+ else
+ {
+ if (yychar == 0) goto yyabort;
+#if YYDEBUG
+ if (yydebug)
+ {
+ yys = 0;
+ if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+ if (!yys) yys = "illegal-symbol";
+ printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
+ YYPREFIX, yystate, yychar, yys);
+ }
+#endif
+ yychar = (-1);
+ goto yyloop;
+ }
+yyreduce:
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: state %d, reducing by rule %d (%s)\n",
+ YYPREFIX, yystate, yyn, yyrule[yyn]);
+#endif
+ yym = yylen[yyn];
+ if (yym)
+ yyval = yyvsp[1-yym];
+ else
+ memset(&yyval, 0, sizeof yyval);
+ switch (yyn)
+ {
+case 1:
+#line 187 "gram.y"
+{ ; }
+break;
+case 5:
+#line 195 "gram.y"
+{
+ ;
+ }
+break;
+case 6:
+#line 198 "gram.y"
+{
+ yyerrok;
+ }
+break;
+case 7:
+#line 201 "gram.y"
+{
+ add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
+ }
+break;
+case 8:
+#line 204 "gram.y"
+{
+ ;
+ }
+break;
+case 9:
+#line 207 "gram.y"
+{
+ ;
+ }
+break;
+case 10:
+#line 210 "gram.y"
+{
+ ;
+ }
+break;
+case 11:
+#line 213 "gram.y"
+{
+ ;
+ }
+break;
+case 12:
+#line 216 "gram.y"
+{
+ add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
+ }
+break;
+case 13:
+#line 219 "gram.y"
+{
+ add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
+ }
+break;
+case 14:
+#line 222 "gram.y"
+{
+ add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
+ }
+break;
+case 15:
+#line 225 "gram.y"
+{
+ add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
+ }
+break;
+case 16:
+#line 228 "gram.y"
+{
+ add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
+ }
+break;
+case 18:
+#line 234 "gram.y"
+{
+ list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
+ yyval.defaults = yyvsp[-2].defaults;
+ }
+break;
+case 19:
+#line 240 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[0].string, NULL, TRUE);
+ }
+break;
+case 20:
+#line 243 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[0].string, NULL, FALSE);
+ }
+break;
+case 21:
+#line 246 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, TRUE);
+ }
+break;
+case 22:
+#line 249 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
+ }
+break;
+case 23:
+#line 252 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
+ }
+break;
+case 25:
+#line 258 "gram.y"
+{
+ list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
+ yyval.privilege = yyvsp[-2].privilege;
+ }
+break;
+case 26:
+#line 264 "gram.y"
+{
+ struct privilege *p = emalloc(sizeof(*p));
+ list2tq(&p->hostlist, yyvsp[-2].member);
+ list2tq(&p->cmndlist, yyvsp[0].cmndspec);
+ p->prev = p;
+ p->next = NULL;
+ yyval.privilege = p;
+ }
+break;
+case 27:
+#line 274 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = FALSE;
+ }
+break;
+case 28:
+#line 278 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = TRUE;
+ }
+break;
+case 29:
+#line 284 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, ALIAS);
+ }
+break;
+case 30:
+#line 287 "gram.y"
+{
+ yyval.member = new_member(NULL, ALL);
+ }
+break;
+case 31:
+#line 290 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, NETGROUP);
+ }
+break;
+case 32:
+#line 293 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, NTWKADDR);
+ }
+break;
+case 33:
+#line 296 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, WORD);
+ }
+break;
+case 35:
+#line 302 "gram.y"
+{
+ list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
+#ifdef HAVE_SELINUX
+ /* propagate role and type */
+ if (yyvsp[0].cmndspec->role == NULL)
+ yyvsp[0].cmndspec->role = yyvsp[0].cmndspec->prev->role;
+ if (yyvsp[0].cmndspec->type == NULL)
+ yyvsp[0].cmndspec->type = yyvsp[0].cmndspec->prev->type;
+#endif /* HAVE_SELINUX */
+ /* propagate tags and runas list */
+ if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC)
+ yyvsp[0].cmndspec->tags.nopasswd = yyvsp[0].cmndspec->prev->tags.nopasswd;
+ if (yyvsp[0].cmndspec->tags.noexec == UNSPEC)
+ yyvsp[0].cmndspec->tags.noexec = yyvsp[0].cmndspec->prev->tags.noexec;
+ if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
+ yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED)
+ yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv;
+ if (yyvsp[0].cmndspec->tags.log_input == UNSPEC)
+ yyvsp[0].cmndspec->tags.log_input = yyvsp[0].cmndspec->prev->tags.log_input;
+ if (yyvsp[0].cmndspec->tags.log_output == UNSPEC)
+ yyvsp[0].cmndspec->tags.log_output = yyvsp[0].cmndspec->prev->tags.log_output;
+ if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) &&
+ tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) &&
+ (!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) ||
+ !tq_empty(&yyvsp[0].cmndspec->prev->runasgrouplist))) {
+ yyvsp[0].cmndspec->runasuserlist = yyvsp[0].cmndspec->prev->runasuserlist;
+ yyvsp[0].cmndspec->runasgrouplist = yyvsp[0].cmndspec->prev->runasgrouplist;
+ }
+ yyval.cmndspec = yyvsp[-2].cmndspec;
+ }
+break;
+case 36:
+#line 334 "gram.y"
+{
+ struct cmndspec *cs = emalloc(sizeof(*cs));
+ if (yyvsp[-3].runas != NULL) {
+ list2tq(&cs->runasuserlist, yyvsp[-3].runas->runasusers);
+ list2tq(&cs->runasgrouplist, yyvsp[-3].runas->runasgroups);
+ efree(yyvsp[-3].runas);
+ } else {
+ tq_init(&cs->runasuserlist);
+ tq_init(&cs->runasgrouplist);
+ }
+#ifdef HAVE_SELINUX
+ cs->role = yyvsp[-2].seinfo.role;
+ cs->type = yyvsp[-2].seinfo.type;
+#endif
+ cs->tags = yyvsp[-1].tag;
+ cs->cmnd = yyvsp[0].member;
+ cs->prev = cs;
+ cs->next = NULL;
+ /* sudo "ALL" implies the SETENV tag */
+ if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
+ cs->tags.setenv == UNSPEC)
+ cs->tags.setenv = IMPLIED;
+ yyval.cmndspec = cs;
+ }
+break;
+case 37:
+#line 360 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = FALSE;
+ }
+break;
+case 38:
+#line 364 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = TRUE;
+ }
+break;
+case 39:
+#line 370 "gram.y"
+{
+ yyval.string = yyvsp[0].string;
+ }
+break;
+case 40:
+#line 375 "gram.y"
+{
+ yyval.string = yyvsp[0].string;
+ }
+break;
+case 41:
+#line 380 "gram.y"
+{
+ yyval.seinfo.role = NULL;
+ yyval.seinfo.type = NULL;
+ }
+break;
+case 42:
+#line 384 "gram.y"
+{
+ yyval.seinfo.role = yyvsp[0].string;
+ yyval.seinfo.type = NULL;
+ }
+break;
+case 43:
+#line 388 "gram.y"
+{
+ yyval.seinfo.type = yyvsp[0].string;
+ yyval.seinfo.role = NULL;
+ }
+break;
+case 44:
+#line 392 "gram.y"
+{
+ yyval.seinfo.role = yyvsp[-1].string;
+ yyval.seinfo.type = yyvsp[0].string;
+ }
+break;
+case 45:
+#line 396 "gram.y"
+{
+ yyval.seinfo.type = yyvsp[-1].string;
+ yyval.seinfo.role = yyvsp[0].string;
+ }
+break;
+case 46:
+#line 402 "gram.y"
+{
+ yyval.runas = NULL;
+ }
+break;
+case 47:
+#line 405 "gram.y"
+{
+ yyval.runas = yyvsp[-1].runas;
+ }
+break;
+case 48:
+#line 410 "gram.y"
+{
+ yyval.runas = emalloc(sizeof(struct runascontainer));
+ yyval.runas->runasusers = yyvsp[0].member;
+ yyval.runas->runasgroups = NULL;
+ }
+break;
+case 49:
+#line 415 "gram.y"
+{
+ yyval.runas = emalloc(sizeof(struct runascontainer));
+ yyval.runas->runasusers = yyvsp[-2].member;
+ yyval.runas->runasgroups = yyvsp[0].member;
+ }
+break;
+case 50:
+#line 420 "gram.y"
+{
+ yyval.runas = emalloc(sizeof(struct runascontainer));
+ yyval.runas->runasusers = NULL;
+ yyval.runas->runasgroups = yyvsp[0].member;
+ }
+break;
+case 51:
+#line 427 "gram.y"
+{
+ yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
+ yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
+ }
+break;
+case 52:
+#line 431 "gram.y"
+{
+ yyval.tag.nopasswd = TRUE;
+ }
+break;
+case 53:
+#line 434 "gram.y"
+{
+ yyval.tag.nopasswd = FALSE;
+ }
+break;
+case 54:
+#line 437 "gram.y"
+{
+ yyval.tag.noexec = TRUE;
+ }
+break;
+case 55:
+#line 440 "gram.y"
+{
+ yyval.tag.noexec = FALSE;
+ }
+break;
+case 56:
+#line 443 "gram.y"
+{
+ yyval.tag.setenv = TRUE;
+ }
+break;
+case 57:
+#line 446 "gram.y"
+{
+ yyval.tag.setenv = FALSE;
+ }
+break;
+case 58:
+#line 449 "gram.y"
+{
+ yyval.tag.log_input = TRUE;
+ }
+break;
+case 59:
+#line 452 "gram.y"
+{
+ yyval.tag.log_input = FALSE;
+ }
+break;
+case 60:
+#line 455 "gram.y"
+{
+ yyval.tag.log_output = TRUE;
+ }
+break;
+case 61:
+#line 458 "gram.y"
+{
+ yyval.tag.log_output = FALSE;
+ }
+break;
+case 62:
+#line 463 "gram.y"
+{
+ yyval.member = new_member(NULL, ALL);
+ }
+break;
+case 63:
+#line 466 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, ALIAS);
+ }
+break;
+case 64:
+#line 469 "gram.y"
+{
+ struct sudo_command *c = emalloc(sizeof(*c));
+ c->cmnd = yyvsp[0].command.cmnd;
+ c->args = yyvsp[0].command.args;
+ yyval.member = new_member((char *)c, COMMAND);
+ }
+break;
+case 67:
+#line 481 "gram.y"
+{
+ char *s;
+ if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+break;
+case 69:
+#line 491 "gram.y"
+{
+ list_append(yyvsp[-2].member, yyvsp[0].member);
+ yyval.member = yyvsp[-2].member;
+ }
+break;
+case 72:
+#line 501 "gram.y"
+{
+ char *s;
+ if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+break;
+case 74:
+#line 511 "gram.y"
+{
+ list_append(yyvsp[-2].member, yyvsp[0].member);
+ yyval.member = yyvsp[-2].member;
+ }
+break;
+case 77:
+#line 521 "gram.y"
+{
+ char *s;
+ if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+break;
+case 80:
+#line 534 "gram.y"
+{
+ char *s;
+ if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+break;
+case 82:
+#line 544 "gram.y"
+{
+ list_append(yyvsp[-2].member, yyvsp[0].member);
+ yyval.member = yyvsp[-2].member;
+ }
+break;
+case 83:
+#line 550 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = FALSE;
+ }
+break;
+case 84:
+#line 554 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = TRUE;
+ }
+break;
+case 85:
+#line 560 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, ALIAS);
+ }
+break;
+case 86:
+#line 563 "gram.y"
+{
+ yyval.member = new_member(NULL, ALL);
+ }
+break;
+case 87:
+#line 566 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, NETGROUP);
+ }
+break;
+case 88:
+#line 569 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, USERGROUP);
+ }
+break;
+case 89:
+#line 572 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, WORD);
+ }
+break;
+case 91:
+#line 578 "gram.y"
+{
+ list_append(yyvsp[-2].member, yyvsp[0].member);
+ yyval.member = yyvsp[-2].member;
+ }
+break;
+case 92:
+#line 584 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = FALSE;
+ }
+break;
+case 93:
+#line 588 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = TRUE;
+ }
+break;
+case 94:
+#line 594 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, ALIAS);
+ }
+break;
+case 95:
+#line 597 "gram.y"
+{
+ yyval.member = new_member(NULL, ALL);
+ }
+break;
+case 96:
+#line 600 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, WORD);
+ }
+break;
+#line 1544 "y.tab.c"
+ }
+ yyssp -= yym;
+ yystate = *yyssp;
+ yyvsp -= yym;
+ yym = yylhs[yyn];
+ if (yystate == 0 && yym == 0)
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: after reduction, shifting from state 0 to\
+ state %d\n", YYPREFIX, YYFINAL);
+#endif
+ yystate = YYFINAL;
+ *++yyssp = YYFINAL;
+ *++yyvsp = yyval;
+ if (yychar < 0)
+ {
+ if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+ if (yydebug)
+ {
+ yys = 0;
+ if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+ if (!yys) yys = "illegal-symbol";
+ printf("%sdebug: state %d, reading %d (%s)\n",
+ YYPREFIX, YYFINAL, yychar, yys);
+ }
+#endif
+ }
+ if (yychar == 0) goto yyaccept;
+ goto yyloop;
+ }
+ if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
+ yystate = yytable[yyn];
+ else
+ yystate = yydgoto[yym];
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: after reduction, shifting from state %d \
+to state %d\n", YYPREFIX, *yyssp, yystate);
+#endif
+ if (yyssp >= yysslim && yygrowstack())
+ {
+ goto yyoverflow;
+ }
+ *++yyssp = yystate;
+ *++yyvsp = yyval;
+ goto yyloop;
+yyoverflow:
+ yyerror("yacc stack overflow");
+yyabort:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return (1);
+yyaccept:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return (0);
+}
diff --git a/sudo-1.7.4p4/gram.h b/sudo-1.7.4p4/gram.h
new file mode 100644
index 0000000..2bec420
--- /dev/null
+++ b/sudo-1.7.4p4/gram.h
@@ -0,0 +1,47 @@
+#define COMMAND 257
+#define ALIAS 258
+#define DEFVAR 259
+#define NTWKADDR 260
+#define NETGROUP 261
+#define USERGROUP 262
+#define WORD 263
+#define DEFAULTS 264
+#define DEFAULTS_HOST 265
+#define DEFAULTS_USER 266
+#define DEFAULTS_RUNAS 267
+#define DEFAULTS_CMND 268
+#define NOPASSWD 269
+#define PASSWD 270
+#define NOEXEC 271
+#define EXEC 272
+#define SETENV 273
+#define NOSETENV 274
+#define LOG_INPUT 275
+#define NOLOG_INPUT 276
+#define LOG_OUTPUT 277
+#define NOLOG_OUTPUT 278
+#define ALL 279
+#define COMMENT 280
+#define HOSTALIAS 281
+#define CMNDALIAS 282
+#define USERALIAS 283
+#define RUNASALIAS 284
+#define ERROR 285
+#define TYPE 286
+#define ROLE 287
+#ifndef YYSTYPE_DEFINED
+#define YYSTYPE_DEFINED
+typedef union {
+ struct cmndspec *cmndspec;
+ struct defaults *defaults;
+ struct member *member;
+ struct runascontainer *runas;
+ struct privilege *privilege;
+ struct sudo_command command;
+ struct cmndtag tag;
+ struct selinux_info seinfo;
+ char *string;
+ int tok;
+} YYSTYPE;
+#endif /* YYSTYPE_DEFINED */
+extern YYSTYPE yylval;
diff --git a/sudo-1.7.4p4/gram.y b/sudo-1.7.4p4/gram.y
new file mode 100644
index 0000000..f319eea
--- /dev/null
+++ b/sudo-1.7.4p4/gram.y
@@ -0,0 +1,795 @@
+%{
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
+# include <alloca.h>
+#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
+#include <limits.h>
+
+#include "sudo.h"
+#include "parse.h"
+
+/*
+ * We must define SIZE_MAX for yacc's skeleton.c.
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x).
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+# define SIZE_MAX SIZE_T_MAX
+# else
+# define SIZE_MAX INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
+
+/*
+ * Globals
+ */
+extern int sudolineno;
+extern char *sudoers;
+int parse_error;
+int pedantic = FALSE;
+int verbose = FALSE;
+int errorlineno = -1;
+char *errorfile = NULL;
+
+struct defaults_list defaults;
+struct userspec_list userspecs;
+
+/*
+ * Local protoypes
+ */
+static void add_defaults __P((int, struct member *, struct defaults *));
+static void add_userspec __P((struct member *, struct privilege *));
+static struct defaults *new_default __P((char *, char *, int));
+static struct member *new_member __P((char *, int));
+ void yyerror __P((const char *));
+
+void
+yyerror(s)
+ const char *s;
+{
+ /* Save the line the first error occurred on. */
+ if (errorlineno == -1) {
+ errorlineno = sudolineno ? sudolineno - 1 : 0;
+ errorfile = estrdup(sudoers);
+ }
+ if (verbose && s != NULL) {
+#ifndef TRACELEXER
+ (void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
+ sudolineno ? sudolineno - 1 : 0);
+#else
+ (void) fprintf(stderr, "<*> ");
+#endif
+ }
+ parse_error = TRUE;
+}
+%}
+
+%union {
+ struct cmndspec *cmndspec;
+ struct defaults *defaults;
+ struct member *member;
+ struct runascontainer *runas;
+ struct privilege *privilege;
+ struct sudo_command command;
+ struct cmndtag tag;
+ struct selinux_info seinfo;
+ char *string;
+ int tok;
+}
+
+%start file /* special start symbol */
+%token <command> COMMAND /* absolute pathname w/ optional args */
+%token <string> ALIAS /* an UPPERCASE alias name */
+%token <string> DEFVAR /* a Defaults variable name */
+%token <string> NTWKADDR /* ipv4 or ipv6 address */
+%token <string> NETGROUP /* a netgroup (+NAME) */
+%token <string> USERGROUP /* a usergroup (%NAME) */
+%token <string> WORD /* a word */
+%token <tok> DEFAULTS /* Defaults entry */
+%token <tok> DEFAULTS_HOST /* Host-specific defaults entry */
+%token <tok> DEFAULTS_USER /* User-specific defaults entry */
+%token <tok> DEFAULTS_RUNAS /* Runas-specific defaults entry */
+%token <tok> DEFAULTS_CMND /* Command-specific defaults entry */
+%token <tok> NOPASSWD /* no passwd req for command */
+%token <tok> PASSWD /* passwd req for command (default) */
+%token <tok> NOEXEC /* preload dummy execve() for cmnd */
+%token <tok> EXEC /* don't preload dummy execve() */
+%token <tok> SETENV /* user may set environment for cmnd */
+%token <tok> NOSETENV /* user may not set environment */
+%token <tok> LOG_INPUT /* log user's cmnd input */
+%token <tok> NOLOG_INPUT /* don't log user's cmnd input */
+%token <tok> LOG_OUTPUT /* log cmnd output */
+%token <tok> NOLOG_OUTPUT /* don't log cmnd output */
+%token <tok> ALL /* ALL keyword */
+%token <tok> COMMENT /* comment and/or carriage return */
+%token <tok> HOSTALIAS /* Host_Alias keyword */
+%token <tok> CMNDALIAS /* Cmnd_Alias keyword */
+%token <tok> USERALIAS /* User_Alias keyword */
+%token <tok> RUNASALIAS /* Runas_Alias keyword */
+%token <tok> ':' '=' ',' '!' '+' '-' /* union member tokens */
+%token <tok> '(' ')' /* runas tokens */
+%token <tok> ERROR
+%token <tok> TYPE /* SELinux type */
+%token <tok> ROLE /* SELinux role */
+
+%type <cmndspec> cmndspec
+%type <cmndspec> cmndspeclist
+%type <defaults> defaults_entry
+%type <defaults> defaults_list
+%type <member> cmnd
+%type <member> opcmnd
+%type <member> cmndlist
+%type <member> host
+%type <member> hostlist
+%type <member> ophost
+%type <member> opuser
+%type <member> user
+%type <member> userlist
+%type <member> opgroup
+%type <member> group
+%type <member> grouplist
+%type <runas> runasspec
+%type <runas> runaslist
+%type <privilege> privilege
+%type <privilege> privileges
+%type <tag> cmndtag
+%type <seinfo> selinux
+%type <string> rolespec
+%type <string> typespec
+
+%%
+
+file : { ; }
+ | line
+ ;
+
+line : entry
+ | line entry
+ ;
+
+entry : COMMENT {
+ ;
+ }
+ | error COMMENT {
+ yyerrok;
+ }
+ | userlist privileges {
+ add_userspec($1, $2);
+ }
+ | USERALIAS useraliases {
+ ;
+ }
+ | HOSTALIAS hostaliases {
+ ;
+ }
+ | CMNDALIAS cmndaliases {
+ ;
+ }
+ | RUNASALIAS runasaliases {
+ ;
+ }
+ | DEFAULTS defaults_list {
+ add_defaults(DEFAULTS, NULL, $2);
+ }
+ | DEFAULTS_USER userlist defaults_list {
+ add_defaults(DEFAULTS_USER, $2, $3);
+ }
+ | DEFAULTS_RUNAS userlist defaults_list {
+ add_defaults(DEFAULTS_RUNAS, $2, $3);
+ }
+ | DEFAULTS_HOST hostlist defaults_list {
+ add_defaults(DEFAULTS_HOST, $2, $3);
+ }
+ | DEFAULTS_CMND cmndlist defaults_list {
+ add_defaults(DEFAULTS_CMND, $2, $3);
+ }
+ ;
+
+defaults_list : defaults_entry
+ | defaults_list ',' defaults_entry {
+ list_append($1, $3);
+ $$ = $1;
+ }
+ ;
+
+defaults_entry : DEFVAR {
+ $$ = new_default($1, NULL, TRUE);
+ }
+ | '!' DEFVAR {
+ $$ = new_default($2, NULL, FALSE);
+ }
+ | DEFVAR '=' WORD {
+ $$ = new_default($1, $3, TRUE);
+ }
+ | DEFVAR '+' WORD {
+ $$ = new_default($1, $3, '+');
+ }
+ | DEFVAR '-' WORD {
+ $$ = new_default($1, $3, '-');
+ }
+ ;
+
+privileges : privilege
+ | privileges ':' privilege {
+ list_append($1, $3);
+ $$ = $1;
+ }
+ ;
+
+privilege : hostlist '=' cmndspeclist {
+ struct privilege *p = emalloc(sizeof(*p));
+ list2tq(&p->hostlist, $1);
+ list2tq(&p->cmndlist, $3);
+ p->prev = p;
+ p->next = NULL;
+ $$ = p;
+ }
+ ;
+
+ophost : host {
+ $$ = $1;
+ $$->negated = FALSE;
+ }
+ | '!' host {
+ $$ = $2;
+ $$->negated = TRUE;
+ }
+ ;
+
+host : ALIAS {
+ $$ = new_member($1, ALIAS);
+ }
+ | ALL {
+ $$ = new_member(NULL, ALL);
+ }
+ | NETGROUP {
+ $$ = new_member($1, NETGROUP);
+ }
+ | NTWKADDR {
+ $$ = new_member($1, NTWKADDR);
+ }
+ | WORD {
+ $$ = new_member($1, WORD);
+ }
+ ;
+
+cmndspeclist : cmndspec
+ | cmndspeclist ',' cmndspec {
+ list_append($1, $3);
+#ifdef HAVE_SELINUX
+ /* propagate role and type */
+ if ($3->role == NULL)
+ $3->role = $3->prev->role;
+ if ($3->type == NULL)
+ $3->type = $3->prev->type;
+#endif /* HAVE_SELINUX */
+ /* propagate tags and runas list */
+ if ($3->tags.nopasswd == UNSPEC)
+ $3->tags.nopasswd = $3->prev->tags.nopasswd;
+ if ($3->tags.noexec == UNSPEC)
+ $3->tags.noexec = $3->prev->tags.noexec;
+ if ($3->tags.setenv == UNSPEC &&
+ $3->prev->tags.setenv != IMPLIED)
+ $3->tags.setenv = $3->prev->tags.setenv;
+ if ($3->tags.log_input == UNSPEC)
+ $3->tags.log_input = $3->prev->tags.log_input;
+ if ($3->tags.log_output == UNSPEC)
+ $3->tags.log_output = $3->prev->tags.log_output;
+ if ((tq_empty(&$3->runasuserlist) &&
+ tq_empty(&$3->runasgrouplist)) &&
+ (!tq_empty(&$3->prev->runasuserlist) ||
+ !tq_empty(&$3->prev->runasgrouplist))) {
+ $3->runasuserlist = $3->prev->runasuserlist;
+ $3->runasgrouplist = $3->prev->runasgrouplist;
+ }
+ $$ = $1;
+ }
+ ;
+
+cmndspec : runasspec selinux cmndtag opcmnd {
+ struct cmndspec *cs = emalloc(sizeof(*cs));
+ if ($1 != NULL) {
+ list2tq(&cs->runasuserlist, $1->runasusers);
+ list2tq(&cs->runasgrouplist, $1->runasgroups);
+ efree($1);
+ } else {
+ tq_init(&cs->runasuserlist);
+ tq_init(&cs->runasgrouplist);
+ }
+#ifdef HAVE_SELINUX
+ cs->role = $2.role;
+ cs->type = $2.type;
+#endif
+ cs->tags = $3;
+ cs->cmnd = $4;
+ cs->prev = cs;
+ cs->next = NULL;
+ /* sudo "ALL" implies the SETENV tag */
+ if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
+ cs->tags.setenv == UNSPEC)
+ cs->tags.setenv = IMPLIED;
+ $$ = cs;
+ }
+ ;
+
+opcmnd : cmnd {
+ $$ = $1;
+ $$->negated = FALSE;
+ }
+ | '!' cmnd {
+ $$ = $2;
+ $$->negated = TRUE;
+ }
+ ;
+
+rolespec : ROLE '=' WORD {
+ $$ = $3;
+ }
+ ;
+
+typespec : TYPE '=' WORD {
+ $$ = $3;
+ }
+ ;
+
+selinux : /* empty */ {
+ $$.role = NULL;
+ $$.type = NULL;
+ }
+ | rolespec {
+ $$.role = $1;
+ $$.type = NULL;
+ }
+ | typespec {
+ $$.type = $1;
+ $$.role = NULL;
+ }
+ | rolespec typespec {
+ $$.role = $1;
+ $$.type = $2;
+ }
+ | typespec rolespec {
+ $$.type = $1;
+ $$.role = $2;
+ }
+ ;
+
+runasspec : /* empty */ {
+ $$ = NULL;
+ }
+ | '(' runaslist ')' {
+ $$ = $2;
+ }
+ ;
+
+runaslist : userlist {
+ $$ = emalloc(sizeof(struct runascontainer));
+ $$->runasusers = $1;
+ $$->runasgroups = NULL;
+ }
+ | userlist ':' grouplist {
+ $$ = emalloc(sizeof(struct runascontainer));
+ $$->runasusers = $1;
+ $$->runasgroups = $3;
+ }
+ | ':' grouplist {
+ $$ = emalloc(sizeof(struct runascontainer));
+ $$->runasusers = NULL;
+ $$->runasgroups = $2;
+ }
+ ;
+
+cmndtag : /* empty */ {
+ $$.nopasswd = $$.noexec = $$.setenv =
+ $$.log_input = $$.log_output = UNSPEC;
+ }
+ | cmndtag NOPASSWD {
+ $$.nopasswd = TRUE;
+ }
+ | cmndtag PASSWD {
+ $$.nopasswd = FALSE;
+ }
+ | cmndtag NOEXEC {
+ $$.noexec = TRUE;
+ }
+ | cmndtag EXEC {
+ $$.noexec = FALSE;
+ }
+ | cmndtag SETENV {
+ $$.setenv = TRUE;
+ }
+ | cmndtag NOSETENV {
+ $$.setenv = FALSE;
+ }
+ | cmndtag LOG_INPUT {
+ $$.log_input = TRUE;
+ }
+ | cmndtag NOLOG_INPUT {
+ $$.log_input = FALSE;
+ }
+ | cmndtag LOG_OUTPUT {
+ $$.log_output = TRUE;
+ }
+ | cmndtag NOLOG_OUTPUT {
+ $$.log_output = FALSE;
+ }
+ ;
+
+cmnd : ALL {
+ $$ = new_member(NULL, ALL);
+ }
+ | ALIAS {
+ $$ = new_member($1, ALIAS);
+ }
+ | COMMAND {
+ struct sudo_command *c = emalloc(sizeof(*c));
+ c->cmnd = $1.cmnd;
+ c->args = $1.args;
+ $$ = new_member((char *)c, COMMAND);
+ }
+ ;
+
+hostaliases : hostalias
+ | hostaliases ':' hostalias
+ ;
+
+hostalias : ALIAS '=' hostlist {
+ char *s;
+ if ((s = alias_add($1, HOSTALIAS, $3)) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+ ;
+
+hostlist : ophost
+ | hostlist ',' ophost {
+ list_append($1, $3);
+ $$ = $1;
+ }
+ ;
+
+cmndaliases : cmndalias
+ | cmndaliases ':' cmndalias
+ ;
+
+cmndalias : ALIAS '=' cmndlist {
+ char *s;
+ if ((s = alias_add($1, CMNDALIAS, $3)) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+ ;
+
+cmndlist : opcmnd
+ | cmndlist ',' opcmnd {
+ list_append($1, $3);
+ $$ = $1;
+ }
+ ;
+
+runasaliases : runasalias
+ | runasaliases ':' runasalias
+ ;
+
+runasalias : ALIAS '=' userlist {
+ char *s;
+ if ((s = alias_add($1, RUNASALIAS, $3)) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+ ;
+
+useraliases : useralias
+ | useraliases ':' useralias
+ ;
+
+useralias : ALIAS '=' userlist {
+ char *s;
+ if ((s = alias_add($1, USERALIAS, $3)) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+ ;
+
+userlist : opuser
+ | userlist ',' opuser {
+ list_append($1, $3);
+ $$ = $1;
+ }
+ ;
+
+opuser : user {
+ $$ = $1;
+ $$->negated = FALSE;
+ }
+ | '!' user {
+ $$ = $2;
+ $$->negated = TRUE;
+ }
+ ;
+
+user : ALIAS {
+ $$ = new_member($1, ALIAS);
+ }
+ | ALL {
+ $$ = new_member(NULL, ALL);
+ }
+ | NETGROUP {
+ $$ = new_member($1, NETGROUP);
+ }
+ | USERGROUP {
+ $$ = new_member($1, USERGROUP);
+ }
+ | WORD {
+ $$ = new_member($1, WORD);
+ }
+ ;
+
+grouplist : opgroup
+ | grouplist ',' opgroup {
+ list_append($1, $3);
+ $$ = $1;
+ }
+ ;
+
+opgroup : group {
+ $$ = $1;
+ $$->negated = FALSE;
+ }
+ | '!' group {
+ $$ = $2;
+ $$->negated = TRUE;
+ }
+ ;
+
+group : ALIAS {
+ $$ = new_member($1, ALIAS);
+ }
+ | ALL {
+ $$ = new_member(NULL, ALL);
+ }
+ | WORD {
+ $$ = new_member($1, WORD);
+ }
+ ;
+
+%%
+static struct defaults *
+new_default(var, val, op)
+ char *var;
+ char *val;
+ int op;
+{
+ struct defaults *d;
+
+ d = emalloc(sizeof(struct defaults));
+ d->var = var;
+ d->val = val;
+ tq_init(&d->binding);
+ d->type = 0;
+ d->op = op;
+ d->prev = d;
+ d->next = NULL;
+
+ return(d);
+}
+
+static struct member *
+new_member(name, type)
+ char *name;
+ int type;
+{
+ struct member *m;
+
+ m = emalloc(sizeof(struct member));
+ m->name = name;
+ m->type = type;
+ m->prev = m;
+ m->next = NULL;
+
+ return(m);
+}
+
+/*
+ * Add a list of defaults structures to the defaults list.
+ * The binding, if non-NULL, specifies a list of hosts, users, or
+ * runas users the entries apply to (specified by the type).
+ */
+static void
+add_defaults(type, bmem, defs)
+ int type;
+ struct member *bmem;
+ struct defaults *defs;
+{
+ struct defaults *d;
+ struct member_list binding;
+
+ /*
+ * We can only call list2tq once on bmem as it will zero
+ * out the prev pointer when it consumes bmem.
+ */
+ list2tq(&binding, bmem);
+
+ /*
+ * Set type and binding (who it applies to) for new entries.
+ */
+ for (d = defs; d != NULL; d = d->next) {
+ d->type = type;
+ d->binding = binding;
+ }
+ tq_append(&defaults, defs);
+}
+
+/*
+ * Allocate a new struct userspec, populate it, and insert it at the
+ * and of the userspecs list.
+ */
+static void
+add_userspec(members, privs)
+ struct member *members;
+ struct privilege *privs;
+{
+ struct userspec *u;
+
+ u = emalloc(sizeof(*u));
+ list2tq(&u->users, members);
+ list2tq(&u->privileges, privs);
+ u->prev = u;
+ u->next = NULL;
+ tq_append(&userspecs, u);
+}
+
+/*
+ * Free up space used by data structures from a previous parser run and sets
+ * the current sudoers file to path.
+ */
+void
+init_parser(path, quiet)
+ char *path;
+ int quiet;
+{
+ struct defaults *d;
+ struct member *m, *binding;
+ struct userspec *us;
+ struct privilege *priv;
+ struct cmndspec *cs;
+ struct sudo_command *c;
+
+ while ((us = tq_pop(&userspecs)) != NULL) {
+ while ((m = tq_pop(&us->users)) != NULL) {
+ efree(m->name);
+ efree(m);
+ }
+ while ((priv = tq_pop(&us->privileges)) != NULL) {
+ struct member *runasuser = NULL, *runasgroup = NULL;
+#ifdef HAVE_SELINUX
+ char *role = NULL, *type = NULL;
+#endif /* HAVE_SELINUX */
+
+ while ((m = tq_pop(&priv->hostlist)) != NULL) {
+ efree(m->name);
+ efree(m);
+ }
+ while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
+#ifdef HAVE_SELINUX
+ /* Only free the first instance of a role/type. */
+ if (cs->role != role) {
+ role = cs->role;
+ efree(cs->role);
+ }
+ if (cs->type != type) {
+ type = cs->type;
+ efree(cs->type);
+ }
+#endif /* HAVE_SELINUX */
+ if (tq_last(&cs->runasuserlist) != runasuser) {
+ runasuser = tq_last(&cs->runasuserlist);
+ while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
+ efree(m->name);
+ efree(m);
+ }
+ }
+ if (tq_last(&cs->runasgrouplist) != runasgroup) {
+ runasgroup = tq_last(&cs->runasgrouplist);
+ while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
+ efree(m->name);
+ efree(m);
+ }
+ }
+ if (cs->cmnd->type == COMMAND) {
+ c = (struct sudo_command *) cs->cmnd->name;
+ efree(c->cmnd);
+ efree(c->args);
+ }
+ efree(cs->cmnd->name);
+ efree(cs->cmnd);
+ efree(cs);
+ }
+ efree(priv);
+ }
+ efree(us);
+ }
+ tq_init(&userspecs);
+
+ binding = NULL;
+ while ((d = tq_pop(&defaults)) != NULL) {
+ if (tq_last(&d->binding) != binding) {
+ binding = tq_last(&d->binding);
+ while ((m = tq_pop(&d->binding)) != NULL) {
+ if (m->type == COMMAND) {
+ c = (struct sudo_command *) m->name;
+ efree(c->cmnd);
+ efree(c->args);
+ }
+ efree(m->name);
+ efree(m);
+ }
+ }
+ efree(d->var);
+ efree(d->val);
+ efree(d);
+ }
+ tq_init(&defaults);
+
+ init_aliases();
+
+ init_lexer();
+
+ efree(sudoers);
+ sudoers = path ? estrdup(path) : NULL;
+
+ parse_error = FALSE;
+ errorlineno = -1;
+ errorfile = NULL;
+ sudolineno = 1;
+ verbose = !quiet;
+}
diff --git a/sudo-1.7.4p4/indent.pro b/sudo-1.7.4p4/indent.pro
new file mode 100644
index 0000000..db27ed3
--- /dev/null
+++ b/sudo-1.7.4p4/indent.pro
@@ -0,0 +1,36 @@
+-br
+-cdb
+-ce
+-d0
+-di1
+-ei
+-i4
+-nlp
+-npcs
+-npsl
+-ps
+-sc
+-TYYSTYPE
+-TLIST
+-TLINK
+-Tu_char
+-Tu_short
+-Tu_int
+-Tu_long
+-Tushort
+-Tuint
+-Tdaddr_t
+-Tcaddr_t
+-Tino_t
+-Tswblk_t
+-Tsize_t
+-Ttime_t
+-Tdev_t
+-Toff_t
+-Tuid_t
+-Tgid_t
+-Tfixpt_t
+-Tkey_t
+-Tpaddr_t
+-Tfd_mask
+-Tfd_set
diff --git a/sudo-1.7.4p4/ins_2001.h b/sudo-1.7.4p4/ins_2001.h
new file mode 100644
index 0000000..63a5d64
--- /dev/null
+++ b/sudo-1.7.4p4/ins_2001.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INS_2001_H
+#define _SUDO_INS_2001_H
+
+ /*
+ * HAL insults (paraphrased) from 2001.
+ */
+
+ "Just what do you think you're doing Dave?",
+ "It can only be attributed to human error.",
+ "That's something I cannot allow to happen.",
+ "My mind is going. I can feel it.",
+ "Sorry about this, I know it's a bit silly.",
+ "Take a stress pill and think things over.",
+ "This mission is too important for me to allow you to jeopardize it.",
+ "I feel much better now.",
+
+#endif /* _SUDO_INS_2001_H */
diff --git a/sudo-1.7.4p4/ins_classic.h b/sudo-1.7.4p4/ins_classic.h
new file mode 100644
index 0000000..b1942bd
--- /dev/null
+++ b/sudo-1.7.4p4/ins_classic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INS_CLASSIC_H
+#define _SUDO_INS_CLASSIC_H
+
+ /*
+ * Insults from the original sudo(8).
+ */
+
+ "Wrong! You cheating scum!",
+#ifdef PC_INSULTS
+ "And you call yourself a Rocket Scientist!",
+#else
+ "No soap, honkie-lips.",
+#endif
+ "Where did you learn to type?",
+ "Are you on drugs?",
+ "My pet ferret can type better than you!",
+ "You type like i drive.",
+ "Do you think like you type?",
+ "Your mind just hasn't been the same since the electro-shock, has it?",
+
+#endif /* _SUDO_INS_CLASSIC_H */
diff --git a/sudo-1.7.4p4/ins_csops.h b/sudo-1.7.4p4/ins_csops.h
new file mode 100644
index 0000000..20e9b02
--- /dev/null
+++ b/sudo-1.7.4p4/ins_csops.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 1996, 1998, 1999, 2004
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INS_CSOPS_H
+#define _SUDO_INS_CSOPS_H
+
+ /*
+ * CSOps insults (may be site dependent).
+ */
+
+ "Maybe if you used more than just two fingers...",
+ "BOB says: You seem to have forgotten your passwd, enter another!",
+ "stty: unknown mode: doofus",
+ "I can't hear you -- I'm using the scrambler.",
+ "The more you drive -- the dumber you get.",
+#ifdef PC_INSULTS
+ "Listen, broccoli brains, I don't have time to listen to this trash.",
+#else
+ "Listen, burrito brains, I don't have time to listen to this trash.",
+#endif
+ "I've seen penguins that can type better than that.",
+ "Have you considered trying to match wits with a rutabaga?",
+ "You speak an infinite deal of nothing",
+
+#endif /* _SUDO_INS_CSOPS_H */
diff --git a/sudo-1.7.4p4/ins_goons.h b/sudo-1.7.4p4/ins_goons.h
new file mode 100644
index 0000000..16a262a
--- /dev/null
+++ b/sudo-1.7.4p4/ins_goons.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INS_GOONS_H
+#define _SUDO_INS_GOONS_H
+
+ /*
+ * Insults from the "Goon Show."
+ */
+
+ "You silly, twisted boy you.",
+ "He has fallen in the water!",
+ "We'll all be murdered in our beds!",
+ "You can't come in. Our tiger has got flu",
+ "I don't wish to know that.",
+ "What, what, what, what, what, what, what, what, what, what?",
+ "You can't get the wood, you know.",
+ "You'll starve!",
+ "... and it used to be so popular...",
+ "Pauses for audience applause, not a sausage",
+ "Hold it up to the light --- not a brain in sight!",
+ "Have a gorilla...",
+ "There must be cure for it!",
+ "There's a lot of it about, you know.",
+ "You do that again and see what happens...",
+ "Ying Tong Iddle I Po",
+ "Harm can come to a young lad like that!",
+ "And with that remarks folks, the case of the Crown vs yourself was proven.",
+ "Speak English you fool --- there are no subtitles in this scene.",
+ "You gotta go owwwww!",
+ "I have been called worse.",
+ "It's only your word against mine.",
+ "I think ... err ... I think ... I think I'll go home",
+
+#endif /* _SUDO_INS_GOONS_H */
diff --git a/sudo-1.7.4p4/install-sh b/sudo-1.7.4p4/install-sh
new file mode 100755
index 0000000..7a207e2
--- /dev/null
+++ b/sudo-1.7.4p4/install-sh
@@ -0,0 +1,233 @@
+#! /bin/sh
+
+## (From INN-1.4, written by Rich Salz)
+## $Revision$
+## A script to install files and directories.
+
+PROGNAME=`basename $0`
+
+## Paths to programs. CHOWN, STRIP and WHOAMI are checked below.
+CHOWN=chown
+CHGRP=chgrp
+CHMOD=chmod
+CP=cp
+LN=ln
+MKDIR=mkdir
+MV=mv
+RM=rm
+STRIP=strip
+WHOAMI="echo root"
+
+## Some systems don't support -x, so we have to use -f.
+for d in /sbin /etc /usr/sbin /usr/etc; do
+ if [ -f $d/chown ]; then
+ CHOWN=${d}/chown
+ break
+ fi
+done
+
+for d in /usr/bin /bin /usr/ucb /usr/bsd; do
+ if [ -f $d/whoami ]; then
+ WHOAMI=${d}/whoami
+ break
+ elif [ -f $d/id ]; then
+ WHOAMI=${d}/id | sed -n 's/^[^(]*(\([^)]*\)).*/\1/p'
+ fi
+done
+
+for d in /usr/ccs/bin /usr/bin /bin; do
+ if [ -f $d/strip ]; then
+ STRIP=${d}/strip
+ break
+ fi
+done
+
+## Defaults.
+CHOWNIT=false
+CHGROUPIT=false
+CHMODIT=false
+STRIPIT=false
+BACKIT=false
+TOUCHIT=true
+DIRMODE=false
+
+case `${WHOAMI}` in
+root)
+ ROOT=true
+ ;;
+*)
+ ROOT=false
+ ;;
+esac
+
+## Process JCL.
+MORETODO=true
+while ${MORETODO} ; do
+ case X"$1" in
+ X-b)
+ BACKIT=true
+ BACKUP="$2"
+ shift
+ ;;
+ X-b*)
+ BACKIT=true
+ BACKUP=`expr "$1" : '-b\(.*\)'`
+ ;;
+ X-c)
+ # backwards compatibility
+ ;;
+ X-d)
+ DIRMODE=true
+ ;;
+ X-g)
+ GROUP="$2"
+ CHGROUPIT=true
+ shift
+ ;;
+ X-g*)
+ GROUP=`expr "$1" : '-g\(.*\)'`
+ CHGROUPIT=true
+ ;;
+ X-G)
+ GROUP="$2"
+ shift
+ ${ROOT} && CHGROUPIT=true
+ ;;
+ X-G*)
+ if ${ROOT} ; then
+ GROUP=`expr "$1" : '-g\(.*\)'`
+ CHGROUPIT=true
+ fi
+ ;;
+ X-m)
+ MODE="$2"
+ CHMODIT=true
+ shift
+ ;;
+ X-m*)
+ MODE=`expr "$1" : '-m\(.*\)'`
+ CHMODIT=true
+ ;;
+ X-M)
+ MODE="$2"
+ ${ROOT} && CHMODIT=true
+ shift
+ ;;
+ X-M*)
+ MODE=`expr "$1" : '-m\(.*\)'`
+ ${ROOT} && CHMODIT=true
+ ;;
+ X-n)
+ TOUCHIT=false
+ ;;
+ X-o)
+ OWNER="$2"
+ CHOWNIT=true
+ shift
+ ;;
+ X-o*)
+ OWNER=`expr "$1" : '-o\(.*\)'`
+ CHOWNIT=true
+ ;;
+ X-O)
+ OWNER="$2"
+ shift
+ ${ROOT} && CHOWNIT=true
+ ;;
+ X-O*)
+ if ${ROOT} ; then
+ OWNER=`expr "$1" : '-o\(.*\)'`
+ CHOWNIT=true
+ fi
+ ;;
+ X-s)
+ STRIPIT=true
+ ;;
+ X--)
+ shift
+ MORETODO=false
+ ;;
+ X-*)
+ echo "${PROGNAME}: Unknown flag $1" 1>&2
+ exit 1
+ ;;
+ *)
+ MORETODO=false
+ ;;
+ esac
+ ${MORETODO} && shift
+done
+
+## Making a directory?
+if ${DIRMODE} ; then
+ while test $# != 0; do
+ DEST="$1"
+ if [ ! -d "${DEST}" ] ; then
+ ${MKDIR} "${DEST}" || exit 1
+ fi
+ if ${CHOWNIT} ; then
+ ${CHOWN} "${OWNER}" "${DEST}" || exit 1
+ fi
+ if ${CHGROUPIT} ; then
+ ${CHGRP} "${GROUP}" "${DEST}" || exit 1
+ fi
+ if ${CHMODIT} ; then
+ ${CHMOD} "${MODE}" "${DEST}" || exit 1
+ fi
+ shift;
+ done
+ exit 0
+fi
+
+## Process arguments.
+if [ $# -ne 2 ] ; then
+ echo "Usage: ${PROGNAME} [flags] source destination"
+ exit 1
+fi
+
+## Get the destination and a temp file in the destination diretory.
+if [ -d "$2" ] ; then
+ DEST="$2/`basename $1`"
+ TEMP="$2/$$.tmp"
+else
+ DEST="$2"
+ TEMP="`expr "$2" : '\(.*\)/.*'`/$$.tmp"
+fi
+
+## If not given the same name, we must try to copy.
+if [ X"$1" != X"$2" ] ; then
+ if cmp -s "$1" "${DEST}" ; then
+ ## Files are same; touch or not.
+ ${TOUCHIT} && touch "${DEST}"
+ else
+ ## If destination exists and we wish to backup, link to backup.
+ if [ -f "${DEST}" ] ; then
+ if ${BACKIT} ; then
+ ${RM} -f "${DEST}${BACKUP}"
+ ${LN} "${DEST}" "${DEST}${BACKUP}"
+ fi
+ fi
+ ## Copy source to the right dir, then move to right spot.
+ ## Done in two parts so we can hope for atomicity.
+ ## We need to rm DEST due to bugs in "mv -f" on some systems.
+ ${RM} -f "${TEMP}" || exit 1
+ ${CP} "$1" "${TEMP}" || exit 1
+ ${RM} -f "${DEST}" || exit 1
+ ${MV} -f "${TEMP}" "${DEST}" || exit 1
+ fi
+fi
+
+## Strip and set the modes.
+if ${STRIPIT} ; then
+ ${STRIP} "${DEST}" || exit 1
+fi
+if ${CHOWNIT} ; then
+ ${CHOWN} "${OWNER}" "${DEST}" || exit 1
+fi
+if ${CHGROUPIT} ; then
+ ${CHGRP} "${GROUP}" "${DEST}" || exit 1
+fi
+if ${CHMODIT} ; then
+ ${CHMOD} "${MODE}" "${DEST}" || exit 1
+fi
+exit 0
diff --git a/sudo-1.7.4p4/insults.h b/sudo-1.7.4p4/insults.h
new file mode 100644
index 0000000..bdb3fc6
--- /dev/null
+++ b/sudo-1.7.4p4/insults.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1994-1996, 1998-1999, 2004
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INSULTS_H
+#define _SUDO_INSULTS_H
+
+#if defined(HAL_INSULTS) || defined(GOONS_INSULTS) || defined(CLASSIC_INSULTS) || defined(CSOPS_INSULTS)
+
+/*
+ * Use one or more set of insults as determined by configure
+ */
+
+char *insults[] = {
+
+# ifdef HAL_INSULTS
+# include "ins_2001.h"
+# endif
+
+# ifdef GOONS_INSULTS
+# include "ins_goons.h"
+# endif
+
+# ifdef CLASSIC_INSULTS
+# include "ins_classic.h"
+# endif
+
+# ifdef CSOPS_INSULTS
+# include "ins_csops.h"
+# endif
+
+ (char *) 0
+
+};
+
+/*
+ * How may I insult you? Let me count the ways...
+ */
+#define NOFINSULTS (sizeof(insults) / sizeof(insults[0]) - 1)
+
+/*
+ * return a pseudo-random insult.
+ */
+#define INSULT (insults[time(NULL) % NOFINSULTS])
+
+#endif /* HAL_INSULTS || GOONS_INSULTS || CLASSIC_INSULTS || CSOPS_INSULTS */
+
+#endif /* _SUDO_INSULTS_H */
diff --git a/sudo-1.7.4p4/interfaces.c b/sudo-1.7.4p4/interfaces.c
new file mode 100644
index 0000000..502cb94
--- /dev/null
+++ b/sudo-1.7.4p4/interfaces.c
@@ -0,0 +1,353 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+/*
+ * Suppress a warning w/ gcc on Digital UN*X.
+ * The system headers should really do this....
+ */
+#if defined(__osf__) && !defined(__cplusplus)
+struct mbuf;
+struct rtentry;
+#endif
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#if defined(HAVE_SYS_SOCKIO_H) && !defined(SIOCGIFCONF)
+# include <sys/sockio.h>
+#endif
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <netdb.h>
+#include <errno.h>
+#ifdef _ISC
+# include <sys/stream.h>
+# include <sys/sioctl.h>
+# include <sys/stropts.h>
+# define STRSET(cmd, param, len) {strioctl.ic_cmd=(cmd);\
+ strioctl.ic_dp=(param);\
+ strioctl.ic_timout=0;\
+ strioctl.ic_len=(len);}
+#endif /* _ISC */
+#ifdef _MIPS
+# include <net/soioctl.h>
+#endif /* _MIPS */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#ifdef HAVE_GETIFADDRS
+# include <ifaddrs.h>
+#endif
+
+#include "sudo.h"
+#include "interfaces.h"
+
+/* Minix apparently lacks IFF_LOOPBACK */
+#ifndef IFF_LOOPBACK
+# define IFF_LOOPBACK 0
+#endif
+
+#ifdef HAVE_GETIFADDRS
+
+/*
+ * Allocate and fill in the interfaces global variable with the
+ * machine's ip addresses and netmasks.
+ */
+void
+load_interfaces()
+{
+ struct ifaddrs *ifa, *ifaddrs;
+ struct sockaddr_in *sin;
+#ifdef HAVE_IN6_ADDR
+ struct sockaddr_in6 *sin6;
+#endif
+ int i;
+
+ if (getifaddrs(&ifaddrs))
+ return;
+
+ /* Allocate space for the interfaces list. */
+ for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) {
+ /* Skip interfaces marked "down" and "loopback". */
+ if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
+ ISSET(ifa->ifa_flags, IFF_LOOPBACK))
+ continue;
+
+ switch(ifa->ifa_addr->sa_family) {
+ case AF_INET:
+#ifdef HAVE_IN6_ADDR
+ case AF_INET6:
+#endif
+ num_interfaces++;
+ break;
+ }
+ }
+ if (num_interfaces == 0)
+ return;
+ interfaces =
+ (struct interface *) emalloc2(num_interfaces, sizeof(struct interface));
+
+ /* Store the ip addr / netmask pairs. */
+ for (ifa = ifaddrs, i = 0; ifa != NULL; ifa = ifa -> ifa_next) {
+ /* Skip interfaces marked "down" and "loopback". */
+ if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
+ ISSET(ifa->ifa_flags, IFF_LOOPBACK))
+ continue;
+
+ switch(ifa->ifa_addr->sa_family) {
+ case AF_INET:
+ sin = (struct sockaddr_in *)ifa->ifa_addr;
+ if (sin == NULL)
+ continue;
+ memcpy(&interfaces[i].addr, &sin->sin_addr,
+ sizeof(struct in_addr));
+ sin = (struct sockaddr_in *)ifa->ifa_netmask;
+ if (sin == NULL)
+ continue;
+ memcpy(&interfaces[i].netmask, &sin->sin_addr,
+ sizeof(struct in_addr));
+ interfaces[i].family = AF_INET;
+ i++;
+ break;
+#ifdef HAVE_IN6_ADDR
+ case AF_INET6:
+ sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
+ if (sin6 == NULL)
+ continue;
+ memcpy(&interfaces[i].addr, &sin6->sin6_addr,
+ sizeof(struct in6_addr));
+ sin6 = (struct sockaddr_in6 *)ifa->ifa_netmask;
+ if (sin6 == NULL)
+ continue;
+ memcpy(&interfaces[i].netmask, &sin6->sin6_addr,
+ sizeof(struct in6_addr));
+ interfaces[i].family = AF_INET6;
+ i++;
+ break;
+#endif /* HAVE_IN6_ADDR */
+ }
+ }
+#ifdef HAVE_FREEIFADDRS
+ freeifaddrs(ifaddrs);
+#else
+ efree(ifaddrs);
+#endif
+}
+
+#elif defined(SIOCGIFCONF) && !defined(STUB_LOAD_INTERFACES)
+
+/*
+ * Allocate and fill in the interfaces global variable with the
+ * machine's ip addresses and netmasks.
+ */
+void
+load_interfaces()
+{
+ struct ifconf *ifconf;
+ struct ifreq *ifr, ifr_tmp;
+ struct sockaddr_in *sin;
+ int sock, n, i;
+ size_t len = sizeof(struct ifconf) + BUFSIZ;
+ char *previfname = "", *ifconf_buf = NULL;
+#ifdef _ISC
+ struct strioctl strioctl;
+#endif /* _ISC */
+
+ sock = socket(AF_INET, SOCK_DGRAM, 0);
+ if (sock < 0)
+ error(1, "cannot open socket");
+
+ /*
+ * Get interface configuration or return (leaving num_interfaces == 0)
+ */
+ for (;;) {
+ ifconf_buf = erealloc(ifconf_buf, len);
+ ifconf = (struct ifconf *) ifconf_buf;
+ ifconf->ifc_len = len - sizeof(struct ifconf);
+ ifconf->ifc_buf = (caddr_t) (ifconf_buf + sizeof(struct ifconf));
+
+#ifdef _ISC
+ STRSET(SIOCGIFCONF, (caddr_t) ifconf, len);
+ if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0) {
+#else
+ /* Note that some kernels return EINVAL if the buffer is too small */
+ if (ioctl(sock, SIOCGIFCONF, (caddr_t) ifconf) < 0 && errno != EINVAL) {
+#endif /* _ISC */
+ efree(ifconf_buf);
+ (void) close(sock);
+ return;
+ }
+
+ /* Break out of loop if we have a big enough buffer. */
+ if (ifconf->ifc_len + sizeof(struct ifreq) < len)
+ break;
+ len += BUFSIZ;
+ }
+
+ /* Allocate space for the maximum number of interfaces that could exist. */
+ if ((n = ifconf->ifc_len / sizeof(struct ifreq)) == 0)
+ return;
+ interfaces = (struct interface *) emalloc2(n, sizeof(struct interface));
+
+ /* For each interface, store the ip address and netmask. */
+ for (i = 0; i < ifconf->ifc_len; ) {
+ /* Get a pointer to the current interface. */
+ ifr = (struct ifreq *) &ifconf->ifc_buf[i];
+
+ /* Set i to the subscript of the next interface. */
+ i += sizeof(struct ifreq);
+#ifdef HAVE_SA_LEN
+ if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr))
+ i += ifr->ifr_addr.sa_len - sizeof(struct sockaddr);
+#endif /* HAVE_SA_LEN */
+
+ /* Skip duplicates and interfaces with NULL addresses. */
+ sin = (struct sockaddr_in *) &ifr->ifr_addr;
+ if (sin->sin_addr.s_addr == 0 ||
+ strncmp(previfname, ifr->ifr_name, sizeof(ifr->ifr_name) - 1) == 0)
+ continue;
+
+ if (ifr->ifr_addr.sa_family != AF_INET)
+ continue;
+
+#ifdef SIOCGIFFLAGS
+ zero_bytes(&ifr_tmp, sizeof(ifr_tmp));
+ strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1);
+ if (ioctl(sock, SIOCGIFFLAGS, (caddr_t) &ifr_tmp) < 0)
+#endif
+ ifr_tmp = *ifr;
+
+ /* Skip interfaces marked "down" and "loopback". */
+ if (!ISSET(ifr_tmp.ifr_flags, IFF_UP) ||
+ ISSET(ifr_tmp.ifr_flags, IFF_LOOPBACK))
+ continue;
+
+ sin = (struct sockaddr_in *) &ifr->ifr_addr;
+ interfaces[num_interfaces].addr.ip4.s_addr = sin->sin_addr.s_addr;
+
+ /* Stash the name of the interface we saved. */
+ previfname = ifr->ifr_name;
+
+ /* Get the netmask. */
+ zero_bytes(&ifr_tmp, sizeof(ifr_tmp));
+ strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1);
+#ifdef SIOCGIFNETMASK
+#ifdef _ISC
+ STRSET(SIOCGIFNETMASK, (caddr_t) &ifr_tmp, sizeof(ifr_tmp));
+ if (ioctl(sock, I_STR, (caddr_t) &strioctl) == 0) {
+#else
+ if (ioctl(sock, SIOCGIFNETMASK, (caddr_t) &ifr_tmp) == 0) {
+#endif /* _ISC */
+ sin = (struct sockaddr_in *) &ifr_tmp.ifr_addr;
+
+ interfaces[num_interfaces].netmask.ip4.s_addr = sin->sin_addr.s_addr;
+ } else {
+#else
+ {
+#endif /* SIOCGIFNETMASK */
+ if (IN_CLASSC(interfaces[num_interfaces].addr.ip4.s_addr))
+ interfaces[num_interfaces].netmask.ip4.s_addr = htonl(IN_CLASSC_NET);
+ else if (IN_CLASSB(interfaces[num_interfaces].addr.ip4.s_addr))
+ interfaces[num_interfaces].netmask.ip4.s_addr = htonl(IN_CLASSB_NET);
+ else
+ interfaces[num_interfaces].netmask.ip4.s_addr = htonl(IN_CLASSA_NET);
+ }
+
+ /* Only now can we be sure it was a good/interesting interface. */
+ interfaces[num_interfaces].family = AF_INET;
+ num_interfaces++;
+ }
+
+ /* If the expected size < real size, realloc the array. */
+ if (n != num_interfaces) {
+ if (num_interfaces != 0)
+ interfaces = (struct interface *) erealloc3(interfaces,
+ num_interfaces, sizeof(struct interface));
+ else
+ efree(interfaces);
+ }
+ efree(ifconf_buf);
+ (void) close(sock);
+}
+
+#else /* !SIOCGIFCONF || STUB_LOAD_INTERFACES */
+
+/*
+ * Stub function for those without SIOCGIFCONF
+ */
+void
+load_interfaces()
+{
+ return;
+}
+
+#endif /* SIOCGIFCONF && !STUB_LOAD_INTERFACES */
+
+void
+dump_interfaces()
+{
+ int i;
+#ifdef HAVE_IN6_ADDR
+ char addrbuf[INET6_ADDRSTRLEN], maskbuf[INET6_ADDRSTRLEN];
+#endif
+
+ puts("Local IP address and netmask pairs:");
+ for (i = 0; i < num_interfaces; i++) {
+ switch(interfaces[i].family) {
+ case AF_INET:
+ printf("\t%s / ", inet_ntoa(interfaces[i].addr.ip4));
+ puts(inet_ntoa(interfaces[i].netmask.ip4));
+ break;
+#ifdef HAVE_IN6_ADDR
+ case AF_INET6:
+ inet_ntop(AF_INET6, &interfaces[i].addr.ip6,
+ addrbuf, sizeof(addrbuf));
+ inet_ntop(AF_INET6, &interfaces[i].netmask.ip6,
+ maskbuf, sizeof(maskbuf));
+ printf("\t%s / %s\n", addrbuf, maskbuf);
+ break;
+#endif /* HAVE_IN6_ADDR */
+ }
+ }
+}
diff --git a/sudo-1.7.4p4/interfaces.h b/sudo-1.7.4p4/interfaces.h
new file mode 100644
index 0000000..06b0b85
--- /dev/null
+++ b/sudo-1.7.4p4/interfaces.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2007
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef _SUDO_INTERFACES_H
+#define _SUDO_INTERFACES_H
+
+/*
+ * Union to hold either strucr in_addr or in6_add
+ */
+union sudo_in_addr_un {
+ struct in_addr ip4;
+#ifdef HAVE_IN6_ADDR
+ struct in6_addr ip6;
+#endif
+};
+
+/*
+ * IP address and netmask pairs for checking against local interfaces.
+ */
+struct interface {
+ int family; /* AF_INET or AF_INET6 */
+ union sudo_in_addr_un addr;
+ union sudo_in_addr_un netmask;
+};
+
+/*
+ * Prototypes for external functions.
+ */
+void load_interfaces __P((void));
+void dump_interfaces __P((void));
+
+/*
+ * Definitions for external variables.
+ */
+#ifndef _SUDO_MAIN
+extern struct interface *interfaces;
+extern int num_interfaces;
+#endif
+
+#endif /* _SUDO_INTERFACES_H */
diff --git a/sudo-1.7.4p4/iolog.c b/sudo-1.7.4p4/iolog.c
new file mode 100644
index 0000000..4e492b6
--- /dev/null
+++ b/sudo-1.7.4p4/iolog.c
@@ -0,0 +1,404 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <pwd.h>
+#include <grp.h>
+#ifdef HAVE_ZLIB_H
+# include <zlib.h>
+#endif
+
+#include "sudo.h"
+
+union io_fd {
+ FILE *f;
+#ifdef HAVE_ZLIB_H
+ gzFile g;
+#endif
+ void *v;
+};
+
+struct script_buf {
+ int len; /* buffer length (how much read in) */
+ int off; /* write position (how much already consumed) */
+ char buf[16 * 1024];
+};
+
+#define IOFD_STDIN 0
+#define IOFD_STDOUT 1
+#define IOFD_STDERR 2
+#define IOFD_TTYIN 3
+#define IOFD_TTYOUT 4
+#define IOFD_TIMING 5
+#define IOFD_MAX 6
+
+#ifdef __STDC__
+# define SESSID_MAX 2176782336U
+#else
+# define SESSID_MAX (unsigned long)2176782336
+#endif
+
+static sigset_t ttyblock;
+static struct timeval last_time;
+static union io_fd io_fds[IOFD_MAX];
+
+void
+io_nextid()
+{
+ struct stat sb;
+ char buf[32], *ep;
+ int fd, i, ch;
+ unsigned long id = 0;
+ int len;
+ ssize_t nread;
+ char pathbuf[PATH_MAX];
+
+ /*
+ * Create _PATH_SUDO_IO_LOGDIR if it doesn't already exist.
+ */
+ if (stat(_PATH_SUDO_IO_LOGDIR, &sb) != 0) {
+ if (mkdir(_PATH_SUDO_IO_LOGDIR, S_IRWXU) != 0)
+ log_error(USE_ERRNO, "Can't mkdir %s", _PATH_SUDO_IO_LOGDIR);
+ } else if (!S_ISDIR(sb.st_mode)) {
+ log_error(0, "%s exists but is not a directory (0%o)",
+ _PATH_SUDO_IO_LOGDIR, (unsigned int) sb.st_mode);
+ }
+
+ /*
+ * Open sequence file
+ */
+ len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", _PATH_SUDO_IO_LOGDIR);
+ if (len <= 0 || len >= sizeof(pathbuf)) {
+ errno = ENAMETOOLONG;
+ log_error(USE_ERRNO, "%s/seq", pathbuf);
+ }
+ fd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
+ if (fd == -1)
+ log_error(USE_ERRNO, "cannot open %s", pathbuf);
+ lock_file(fd, SUDO_LOCK);
+
+ /* Read seq number (base 36). */
+ nread = read(fd, buf, sizeof(buf));
+ if (nread != 0) {
+ if (nread == -1)
+ log_error(USE_ERRNO, "cannot read %s", pathbuf);
+ id = strtoul(buf, &ep, 36);
+ if (buf == ep || id >= SESSID_MAX)
+ log_error(0, "invalid sequence number %s", pathbuf);
+ }
+ id++;
+
+ /*
+ * Convert id to a string and stash in sudo_user.sessid.
+ * Note that that least significant digits go at the end of the string.
+ */
+ for (i = 5; i >= 0; i--) {
+ ch = id % 36;
+ id /= 36;
+ buf[i] = ch < 10 ? ch + '0' : ch - 10 + 'A';
+ }
+ buf[6] = '\n';
+
+ /* Stash id logging purposes */
+ memcpy(sudo_user.sessid, buf, 6);
+ sudo_user.sessid[6] = '\0';
+
+ /* Rewind and overwrite old seq file. */
+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1 || write(fd, buf, 7) != 7)
+ log_error(USE_ERRNO, "Can't write to %s", pathbuf);
+ close(fd);
+}
+
+static int
+build_idpath(pathbuf, pathsize)
+ char *pathbuf;
+ size_t pathsize;
+{
+ struct stat sb;
+ int i, len;
+
+ if (sudo_user.sessid[0] == '\0')
+ log_error(0, "tried to build a session id path without a session id");
+
+ /*
+ * Path is of the form /var/log/sudo-session/00/00/01.
+ */
+ len = snprintf(pathbuf, pathsize, "%s/%c%c/%c%c/%c%c", _PATH_SUDO_IO_LOGDIR,
+ sudo_user.sessid[0], sudo_user.sessid[1], sudo_user.sessid[2],
+ sudo_user.sessid[3], sudo_user.sessid[4], sudo_user.sessid[5]);
+ if (len <= 0 && len >= pathsize) {
+ errno = ENAMETOOLONG;
+ log_error(USE_ERRNO, "%s/%s", _PATH_SUDO_IO_LOGDIR, sudo_user.sessid);
+ }
+
+ /*
+ * Create the intermediate subdirs as needed.
+ */
+ for (i = 6; i > 0; i -= 3) {
+ pathbuf[len - i] = '\0';
+ if (stat(pathbuf, &sb) != 0) {
+ if (mkdir(pathbuf, S_IRWXU) != 0)
+ log_error(USE_ERRNO, "Can't mkdir %s", pathbuf);
+ } else if (!S_ISDIR(sb.st_mode)) {
+ log_error(0, "%s: %s", pathbuf, strerror(ENOTDIR));
+ }
+ pathbuf[len - i] = '/';
+ }
+
+ return(len);
+}
+
+static void *
+open_io_fd(pathbuf, len, suffix, docompress)
+ char *pathbuf;
+ int len;
+ const char *suffix;
+ int docompress;
+{
+ void *vfd = NULL;
+ int fd;
+
+ pathbuf[len] = '\0';
+ strlcat(pathbuf, suffix, PATH_MAX);
+ fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
+ if (fd != -1) {
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+#ifdef HAVE_ZLIB_H
+ if (docompress)
+ vfd = gzdopen(fd, "w");
+ else
+#endif
+ vfd = fdopen(fd, "w");
+ }
+ return vfd;
+}
+
+int
+io_log_open()
+{
+ char pathbuf[PATH_MAX];
+ FILE *io_logfile;
+ int len;
+
+ if (!def_log_input && !def_log_output)
+ return FALSE;
+
+ /*
+ * Build a path containing the session id split into two-digit subdirs,
+ * so ID 000001 becomes /var/log/sudo-session/00/00/01.
+ */
+ len = build_idpath(pathbuf, sizeof(pathbuf));
+ if (len == -1)
+ return -1;
+
+ if (mkdir(pathbuf, S_IRUSR|S_IWUSR|S_IXUSR) != 0)
+ log_error(USE_ERRNO, "Can't mkdir %s", pathbuf);
+
+ /*
+ * We create 7 files: a log file, a timing file and 5 for input/output.
+ */
+ io_logfile = open_io_fd(pathbuf, len, "/log", FALSE);
+ if (io_logfile == NULL)
+ log_error(USE_ERRNO, "Can't create %s", pathbuf);
+
+ io_fds[IOFD_TIMING].v = open_io_fd(pathbuf, len, "/timing", def_compress_io);
+ if (io_fds[IOFD_TIMING].v == NULL)
+ log_error(USE_ERRNO, "Can't create %s", pathbuf);
+
+ if (def_log_input) {
+ io_fds[IOFD_TTYIN].v = open_io_fd(pathbuf, len, "/ttyin", def_compress_io);
+ if (io_fds[IOFD_TTYIN].v == NULL)
+ log_error(USE_ERRNO, "Can't create %s", pathbuf);
+ }
+
+ if (def_log_output) {
+ io_fds[IOFD_TTYOUT].v = open_io_fd(pathbuf, len, "/ttyout", def_compress_io);
+ if (io_fds[IOFD_TTYOUT].v == NULL)
+ log_error(USE_ERRNO, "Can't create %s", pathbuf);
+ }
+
+ if (def_log_input) {
+ io_fds[IOFD_STDIN].v = open_io_fd(pathbuf, len, "/stdin", def_compress_io);
+ if (io_fds[IOFD_STDIN].v == NULL)
+ log_error(USE_ERRNO, "Can't create %s", pathbuf);
+ }
+
+ if (def_log_output) {
+ io_fds[IOFD_STDOUT].v = open_io_fd(pathbuf, len, "/stdout", def_compress_io);
+ if (io_fds[IOFD_STDOUT].v == NULL)
+ log_error(USE_ERRNO, "Can't create %s", pathbuf);
+ }
+
+ if (def_log_output) {
+ io_fds[IOFD_STDERR].v = open_io_fd(pathbuf, len, "/stderr", def_compress_io);
+ if (io_fds[IOFD_STDERR].v == NULL)
+ log_error(USE_ERRNO, "Can't create %s", pathbuf);
+ }
+
+ /* So we can block tty-generated signals */
+ sigemptyset(&ttyblock);
+ sigaddset(&ttyblock, SIGINT);
+ sigaddset(&ttyblock, SIGQUIT);
+ sigaddset(&ttyblock, SIGTSTP);
+ sigaddset(&ttyblock, SIGTTIN);
+ sigaddset(&ttyblock, SIGTTOU);
+
+ gettimeofday(&last_time, NULL);
+
+ /* XXX - log more stuff? window size? environment? */
+ fprintf(io_logfile, "%ld:%s:%s:%s:%s\n", (long)last_time.tv_sec, user_name,
+ runas_pw->pw_name, runas_gr ? runas_gr->gr_name : "", user_tty);
+ fprintf(io_logfile, "%s\n", user_cwd);
+ fprintf(io_logfile, "%s%s%s\n", user_cmnd, user_args ? " " : "",
+ user_args ? user_args : "");
+ fclose(io_logfile);
+
+ return TRUE;
+}
+
+void
+io_log_close()
+{
+ int i;
+
+ for (i = 0; i < IOFD_MAX; i++) {
+ if (io_fds[i].v == NULL)
+ continue;
+#ifdef HAVE_ZLIB_H
+ if (def_compress_io)
+ gzclose(io_fds[i].g);
+ else
+#endif
+ fclose(io_fds[i].f);
+ }
+}
+
+static int
+log_io(buf, len, idx)
+ const char *buf;
+ unsigned int len;
+ int idx;
+{
+ struct timeval now, delay;
+ sigset_t omask;
+
+ gettimeofday(&now, NULL);
+
+ sigprocmask(SIG_BLOCK, &ttyblock, &omask);
+
+#ifdef HAVE_ZLIB_H
+ if (def_compress_io)
+ gzwrite(io_fds[idx].g, buf, len);
+ else
+#endif
+ fwrite(buf, 1, len, io_fds[idx].f);
+ delay.tv_sec = now.tv_sec;
+ delay.tv_usec = now.tv_usec;
+ timevalsub(&delay, &last_time);
+#ifdef HAVE_ZLIB_H
+ if (def_compress_io)
+ gzprintf(io_fds[IOFD_TIMING].g, "%d %f %d\n", idx,
+ delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
+ else
+#endif
+ fprintf(io_fds[IOFD_TIMING].f, "%d %f %d\n", idx,
+ delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
+ last_time.tv_sec = now.tv_sec;
+ last_time.tv_usec = now.tv_usec;
+
+ sigprocmask(SIG_SETMASK, &omask, NULL);
+
+ return TRUE;
+}
+
+int
+log_ttyin(buf, len)
+ const char *buf;
+ unsigned int len;
+{
+ if (!io_fds[IOFD_TTYIN].v)
+ return TRUE;
+ return log_io(buf, len, IOFD_TTYIN);
+}
+
+int
+log_ttyout(buf, len)
+ const char *buf;
+ unsigned int len;
+{
+ if (!io_fds[IOFD_TTYOUT].v)
+ return TRUE;
+ return log_io(buf, len, IOFD_TTYOUT);
+}
+
+int
+log_stdin(buf, len)
+ const char *buf;
+ unsigned int len;
+{
+ if (!io_fds[IOFD_STDIN].v)
+ return TRUE;
+ return log_io(buf, len, IOFD_STDIN);
+}
+
+int
+log_stdout(buf, len)
+ const char *buf;
+ unsigned int len;
+{
+ if (!io_fds[IOFD_STDOUT].v)
+ return TRUE;
+ return log_io(buf, len, IOFD_STDOUT);
+}
+
+int
+log_stderr(buf, len)
+ const char *buf;
+ unsigned int len;
+{
+ if (!io_fds[IOFD_STDOUT].v)
+ return TRUE;
+ return log_io(buf, len, IOFD_STDERR);
+}
diff --git a/sudo-1.7.4p4/isblank.c b/sudo-1.7.4p4/isblank.c
new file mode 100644
index 0000000..e6ad58d
--- /dev/null
+++ b/sudo-1.7.4p4/isblank.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2008 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+#include <compat.h>
+
+#undef isblank
+int
+isblank(ch)
+ int ch;
+{
+ return(ch == ' ' || ch == '\t');
+}
diff --git a/sudo-1.7.4p4/lbuf.c b/sudo-1.7.4p4/lbuf.c
new file mode 100644
index 0000000..bd218da
--- /dev/null
+++ b/sudo-1.7.4p4/lbuf.c
@@ -0,0 +1,305 @@
+/*
+ * Copyright (c) 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#ifdef HAVE_TERMIOS_H
+# include <termios.h>
+#else
+# ifdef HAVE_TERMIO_H
+# include <termio.h>
+# endif
+#endif
+
+#include "sudo.h"
+#include "lbuf.h"
+
+#if !defined(TIOCGSIZE) && defined(TIOCGWINSZ)
+# define TIOCGSIZE TIOCGWINSZ
+# define ttysize winsize
+# define ts_cols ws_col
+#endif
+
+int
+get_ttycols()
+{
+ char *p;
+ int cols;
+#ifdef TIOCGSIZE
+ struct ttysize win;
+
+ if (ioctl(STDERR_FILENO, TIOCGSIZE, &win) == 0 && win.ts_cols != 0)
+ return((int)win.ts_cols);
+#endif
+
+ /* Fall back on $COLUMNS. */
+ if ((p = getenv("COLUMNS")) == NULL || (cols = atoi(p)) <= 0)
+ cols = 80;
+ return(cols);
+}
+
+void
+lbuf_init(lbuf, output, indent, continuation)
+ struct lbuf *lbuf;
+ int (*output)__P((const char *));
+ int indent;
+ const char *continuation;
+{
+ lbuf->output = output;
+ lbuf->continuation = continuation;
+ lbuf->indent = indent;
+ lbuf->cols = get_ttycols();
+ lbuf->len = 0;
+ lbuf->size = 0;
+ lbuf->buf = NULL;
+}
+
+void
+lbuf_destroy(lbuf)
+ struct lbuf *lbuf;
+{
+ efree(lbuf->buf);
+ lbuf->buf = NULL;
+}
+
+/*
+ * Append strings to the buffer, expanding it as needed.
+ */
+void
+#ifdef __STDC__
+lbuf_append_quoted(struct lbuf *lbuf, const char *set, ...)
+#else
+lbuf_append_quoted(lbuf, set, va_alist)
+ struct lbuf *lbuf;
+ const char *set;
+ va_dcl
+#endif
+{
+ va_list ap;
+ int len = 0;
+ char *cp, *s;
+
+#ifdef __STDC__
+ va_start(ap, set);
+#else
+ va_start(ap);
+#endif
+ while ((s = va_arg(ap, char *)) != NULL) {
+ len += strlen(s);
+ for (cp = s; (cp = strpbrk(cp, set)) != NULL; cp++)
+ len++;
+ }
+ va_end(ap);
+
+ /* Expand buffer as needed. */
+ if (lbuf->len + len >= lbuf->size) {
+ do {
+ lbuf->size += 256;
+ } while (lbuf->len + len >= lbuf->size);
+ lbuf->buf = erealloc(lbuf->buf, lbuf->size);
+ }
+
+#ifdef __STDC__
+ va_start(ap, set);
+#else
+ va_start(ap);
+#endif
+ /* Append each string. */
+ while ((s = va_arg(ap, char *)) != NULL) {
+ while ((cp = strpbrk(s, set)) != NULL) {
+ len = (int)(cp - s);
+ memcpy(lbuf->buf + lbuf->len, s, len);
+ lbuf->len += len;
+ lbuf->buf[lbuf->len++] = '\\';
+ lbuf->buf[lbuf->len++] = *cp;
+ s = cp + 1;
+ }
+ if (*s != '\0') {
+ len = strlen(s);
+ memcpy(lbuf->buf + lbuf->len, s, len);
+ lbuf->len += len;
+ }
+ }
+ lbuf->buf[lbuf->len] = '\0';
+ va_end(ap);
+}
+
+/*
+ * Append strings to the buffer, expanding it as needed.
+ */
+void
+#ifdef __STDC__
+lbuf_append(struct lbuf *lbuf, ...)
+#else
+lbuf_append(lbuf, va_alist)
+ struct lbuf *lbuf;
+ va_dcl
+#endif
+{
+ va_list ap;
+ int len = 0;
+ char *s;
+
+#ifdef __STDC__
+ va_start(ap, lbuf);
+#else
+ va_start(ap);
+#endif
+ while ((s = va_arg(ap, char *)) != NULL)
+ len += strlen(s);
+ va_end(ap);
+
+ /* Expand buffer as needed. */
+ if (lbuf->len + len >= lbuf->size) {
+ do {
+ lbuf->size += 256;
+ } while (lbuf->len + len >= lbuf->size);
+ lbuf->buf = erealloc(lbuf->buf, lbuf->size);
+ }
+
+#ifdef __STDC__
+ va_start(ap, lbuf);
+#else
+ va_start(ap);
+#endif
+ /* Append each string. */
+ while ((s = va_arg(ap, char *)) != NULL) {
+ len = strlen(s);
+ memcpy(lbuf->buf + lbuf->len, s, len);
+ lbuf->len += len;
+ }
+ lbuf->buf[lbuf->len] = '\0';
+ va_end(ap);
+}
+
+static void
+lbuf_println(lbuf, line, len)
+ struct lbuf *lbuf;
+ char *line;
+ int len;
+{
+ char *cp, save;
+ int i, have, contlen;
+
+ contlen = lbuf->continuation ? strlen(lbuf->continuation) : 0;
+
+ /*
+ * Print the buffer, splitting the line as needed on a word
+ * boundary.
+ */
+ cp = line;
+ have = lbuf->cols;
+ while (cp != NULL && *cp != '\0') {
+ char *ep = NULL;
+ int need = len - (int)(cp - line);
+
+ if (need > have) {
+ have -= contlen; /* subtract for continuation char */
+ if ((ep = memrchr(cp, ' ', have)) == NULL)
+ ep = memchr(cp + have, ' ', need - have);
+ if (ep != NULL)
+ need = (int)(ep - cp);
+ }
+ if (cp != line) {
+ /* indent continued lines */
+ /* XXX - build up string instead? */
+ for (i = 0; i < lbuf->indent; i++)
+ lbuf->output(" ");
+ }
+ /* NUL-terminate cp for the output function and restore afterwards */
+ save = cp[need];
+ cp[need] = '\0';
+ lbuf->output(cp);
+ cp[need] = save;
+ cp = ep;
+
+ /*
+ * If there is more to print, reset have, incremement cp past
+ * the whitespace, and print a line continuaton char if needed.
+ */
+ if (cp != NULL) {
+ have = lbuf->cols - lbuf->indent;
+ ep = line + len;
+ while (cp < ep && isblank((unsigned char)*cp)) {
+ cp++;
+ }
+ if (contlen)
+ lbuf->output(lbuf->continuation);
+ }
+ lbuf->output("\n");
+ }
+}
+
+/*
+ * Print the buffer with word wrap based on the tty width.
+ * The lbuf is reset on return.
+ */
+void
+lbuf_print(lbuf)
+ struct lbuf *lbuf;
+{
+ char *cp, *ep;
+ int len, contlen;
+
+ contlen = lbuf->continuation ? strlen(lbuf->continuation) : 0;
+
+ /* For very small widths just give up... */
+ if (lbuf->cols <= lbuf->indent + contlen + 20) {
+ lbuf->output(lbuf->buf);
+ lbuf->output("\n");
+ goto done;
+ }
+
+ /* Print each line in the buffer */
+ for (cp = lbuf->buf; cp != NULL && *cp != '\0'; ) {
+ if (*cp == '\n') {
+ lbuf->output("\n");
+ cp++;
+ } else {
+ ep = memchr(cp, '\n', lbuf->len - (cp - lbuf->buf));
+ len = ep ? (int)(ep - cp) : lbuf->len;
+ lbuf_println(lbuf, cp, len);
+ cp = ep ? ep + 1 : NULL;
+ }
+ }
+
+done:
+ lbuf->len = 0; /* reset the buffer for re-use. */
+}
diff --git a/sudo-1.7.4p4/lbuf.h b/sudo-1.7.4p4/lbuf.h
new file mode 100644
index 0000000..db6f964
--- /dev/null
+++ b/sudo-1.7.4p4/lbuf.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2007, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _SUDO_LBUF_H
+#define _SUDO_LBUF_H
+
+/*
+ * Line buffer struct.
+ */
+struct lbuf {
+ int (*output)__P((const char *));
+ char *buf;
+ const char *continuation;
+ int indent;
+ int len;
+ int size;
+ int cols;
+};
+
+int get_ttycols __P((void));
+void lbuf_append __P((struct lbuf *, ...));
+void lbuf_append_quoted __P((struct lbuf *, const char *, ...));
+void lbuf_destroy __P((struct lbuf *));
+void lbuf_init __P((struct lbuf *, int (*)(const char *), int, const char *));
+void lbuf_print __P((struct lbuf *));
+
+#endif /* _SUDO_LBUF_H */
diff --git a/sudo-1.7.4p4/ldap.c b/sudo-1.7.4p4/ldap.c
new file mode 100644
index 0000000..81d3c40
--- /dev/null
+++ b/sudo-1.7.4p4/ldap.c
@@ -0,0 +1,2049 @@
+/*
+ * Copyright (c) 2003-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * This code is derived from software contributed by Aaron Spangler.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#ifdef HAVE_LBER_H
+# include <lber.h>
+#endif
+#include <ldap.h>
+#if defined(HAVE_LDAP_SSL_H)
+# include <ldap_ssl.h>
+#elif defined(HAVE_MPS_LDAP_SSL_H)
+# include <mps/ldap_ssl.h>
+#endif
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+# ifdef HAVE_SASL_SASL_H
+# include <sasl/sasl.h>
+# else
+# include <sasl.h>
+# endif
+# if HAVE_GSS_KRB5_CCACHE_NAME
+# if defined(HAVE_GSSAPI_GSSAPI_KRB5_H)
+# include <gssapi/gssapi.h>
+# include <gssapi/gssapi_krb5.h>
+# elif defined(HAVE_GSSAPI_GSSAPI_H)
+# include <gssapi/gssapi.h>
+# else
+# include <gssapi.h>
+# endif
+# endif
+#endif
+
+#include "sudo.h"
+#include "parse.h"
+#include "lbuf.h"
+
+#ifndef LDAP_OPT_SUCCESS
+# define LDAP_OPT_SUCCESS LDAP_SUCCESS
+#endif
+
+#ifndef LDAPS_PORT
+# define LDAPS_PORT 636
+#endif
+
+#if defined(HAVE_LDAP_SASL_INTERACTIVE_BIND_S) && !defined(LDAP_SASL_QUIET)
+# define LDAP_SASL_QUIET 0
+#endif
+
+#ifndef HAVE_LDAP_UNBIND_EXT_S
+#define ldap_unbind_ext_s(a, b, c) ldap_unbind_s(a)
+#endif
+
+#ifndef HAVE_LDAP_SEARCH_EXT_S
+#define ldap_search_ext_s(a, b, c, d, e, f, g, h, i, j, k) \
+ ldap_search_s(a, b, c, d, e, f, k)
+#endif
+
+#define LDAP_FOREACH(var, ld, res) \
+ for ((var) = ldap_first_entry((ld), (res)); \
+ (var) != NULL; \
+ (var) = ldap_next_entry((ld), (var)))
+
+#define DPRINTF(args, level) if (ldap_conf.debug >= level) warningx args
+
+#define CONF_BOOL 0
+#define CONF_INT 1
+#define CONF_STR 2
+#define CONF_LIST_STR 4
+
+#define SUDO_LDAP_SSL 1
+#define SUDO_LDAP_STARTTLS 2
+
+struct ldap_config_table {
+ const char *conf_str; /* config file string */
+ short type; /* CONF_BOOL, CONF_INT, CONF_STR */
+ short connected; /* connection-specific value? */
+ int opt_val; /* LDAP_OPT_* (or -1 for sudo internal) */
+ void *valp; /* pointer into ldap_conf */
+};
+
+struct ldap_config_list_str {
+ struct ldap_config_list_str *next;
+ char val[1];
+};
+
+/* ldap configuration structure */
+static struct ldap_config {
+ int port;
+ int version;
+ int debug;
+ int ldap_debug;
+ int tls_checkpeer;
+ int timelimit;
+ int bind_timelimit;
+ int use_sasl;
+ int rootuse_sasl;
+ int ssl_mode;
+ char *host;
+ struct ldap_config_list_str *uri;
+ char *binddn;
+ char *bindpw;
+ char *rootbinddn;
+ struct ldap_config_list_str *base;
+ char *ssl;
+ char *tls_cacertfile;
+ char *tls_cacertdir;
+ char *tls_random_file;
+ char *tls_cipher_suite;
+ char *tls_certfile;
+ char *tls_keyfile;
+ char *sasl_auth_id;
+ char *rootsasl_auth_id;
+ char *sasl_secprops;
+ char *krb5_ccname;
+} ldap_conf;
+
+static struct ldap_config_table ldap_conf_table[] = {
+ { "sudoers_debug", CONF_INT, FALSE, -1, &ldap_conf.debug },
+ { "host", CONF_STR, FALSE, -1, &ldap_conf.host },
+ { "port", CONF_INT, FALSE, -1, &ldap_conf.port },
+ { "ssl", CONF_STR, FALSE, -1, &ldap_conf.ssl },
+ { "sslpath", CONF_STR, FALSE, -1, &ldap_conf.tls_certfile },
+ { "uri", CONF_LIST_STR, FALSE, -1, &ldap_conf.uri },
+#ifdef LDAP_OPT_DEBUG_LEVEL
+ { "debug", CONF_INT, FALSE, LDAP_OPT_DEBUG_LEVEL, &ldap_conf.ldap_debug },
+#endif
+#ifdef LDAP_OPT_PROTOCOL_VERSION
+ { "ldap_version", CONF_INT, TRUE, LDAP_OPT_PROTOCOL_VERSION,
+ &ldap_conf.version },
+#endif
+#ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
+ { "tls_checkpeer", CONF_BOOL, FALSE, LDAP_OPT_X_TLS_REQUIRE_CERT,
+ &ldap_conf.tls_checkpeer },
+#else
+ { "tls_checkpeer", CONF_BOOL, FALSE, -1, &ldap_conf.tls_checkpeer },
+#endif
+#ifdef LDAP_OPT_X_TLS_CACERTFILE
+ { "tls_cacertfile", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTFILE,
+ &ldap_conf.tls_cacertfile },
+ { "tls_cacert", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTFILE,
+ &ldap_conf.tls_cacertfile },
+#endif
+#ifdef LDAP_OPT_X_TLS_CACERTDIR
+ { "tls_cacertdir", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTDIR,
+ &ldap_conf.tls_cacertdir },
+#endif
+#ifdef LDAP_OPT_X_TLS_RANDOM_FILE
+ { "tls_randfile", CONF_STR, FALSE, LDAP_OPT_X_TLS_RANDOM_FILE,
+ &ldap_conf.tls_random_file },
+#endif
+#ifdef LDAP_OPT_X_TLS_CIPHER_SUITE
+ { "tls_ciphers", CONF_STR, FALSE, LDAP_OPT_X_TLS_CIPHER_SUITE,
+ &ldap_conf.tls_cipher_suite },
+#endif
+#ifdef LDAP_OPT_X_TLS_CERTFILE
+ { "tls_cert", CONF_STR, FALSE, LDAP_OPT_X_TLS_CERTFILE,
+ &ldap_conf.tls_certfile },
+#else
+ { "tls_cert", CONF_STR, FALSE, -1, &ldap_conf.tls_certfile },
+#endif
+#ifdef LDAP_OPT_X_TLS_KEYFILE
+ { "tls_key", CONF_STR, FALSE, LDAP_OPT_X_TLS_KEYFILE,
+ &ldap_conf.tls_keyfile },
+#else
+ { "tls_key", CONF_STR, FALSE, -1, &ldap_conf.tls_keyfile },
+#endif
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+ { "bind_timelimit", CONF_INT, TRUE, -1 /* needs timeval, set manually */,
+ &ldap_conf.bind_timelimit },
+#elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
+ { "bind_timelimit", CONF_INT, TRUE, LDAP_X_OPT_CONNECT_TIMEOUT,
+ &ldap_conf.bind_timelimit },
+#endif
+ { "timelimit", CONF_INT, TRUE, LDAP_OPT_TIMELIMIT, &ldap_conf.timelimit },
+ { "binddn", CONF_STR, FALSE, -1, &ldap_conf.binddn },
+ { "bindpw", CONF_STR, FALSE, -1, &ldap_conf.bindpw },
+ { "rootbinddn", CONF_STR, FALSE, -1, &ldap_conf.rootbinddn },
+ { "sudoers_base", CONF_LIST_STR, FALSE, -1, &ldap_conf.base },
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+ { "use_sasl", CONF_BOOL, FALSE, -1, &ldap_conf.use_sasl },
+ { "sasl_auth_id", CONF_STR, FALSE, -1, &ldap_conf.sasl_auth_id },
+ { "rootuse_sasl", CONF_BOOL, FALSE, -1, &ldap_conf.rootuse_sasl },
+ { "rootsasl_auth_id", CONF_STR, FALSE, -1, &ldap_conf.rootsasl_auth_id },
+# ifdef LDAP_OPT_X_SASL_SECPROPS
+ { "sasl_secprops", CONF_STR, TRUE, LDAP_OPT_X_SASL_SECPROPS,
+ &ldap_conf.sasl_secprops },
+# endif
+ { "krb5_ccname", CONF_STR, FALSE, -1, &ldap_conf.krb5_ccname },
+#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
+ { NULL }
+};
+
+/* sudo_nss implementation */
+static int sudo_ldap_open __P((struct sudo_nss *nss));
+static int sudo_ldap_close __P((struct sudo_nss *nss));
+static int sudo_ldap_parse __P((struct sudo_nss *nss));
+static int sudo_ldap_setdefs __P((struct sudo_nss *nss));
+static int sudo_ldap_lookup __P((struct sudo_nss *nss, int ret, int pwflag));
+static int sudo_ldap_display_cmnd __P((struct sudo_nss *nss,
+ struct passwd *pw));
+static int sudo_ldap_display_defaults __P((struct sudo_nss *nss,
+ struct passwd *pw, struct lbuf *lbuf));
+static int sudo_ldap_display_bound_defaults __P((struct sudo_nss *nss,
+ struct passwd *pw, struct lbuf *lbuf));
+static int sudo_ldap_display_privs __P((struct sudo_nss *nss,
+ struct passwd *pw, struct lbuf *lbuf));
+
+struct sudo_nss sudo_nss_ldap = {
+ &sudo_nss_ldap,
+ NULL,
+ sudo_ldap_open,
+ sudo_ldap_close,
+ sudo_ldap_parse,
+ sudo_ldap_setdefs,
+ sudo_ldap_lookup,
+ sudo_ldap_display_cmnd,
+ sudo_ldap_display_defaults,
+ sudo_ldap_display_bound_defaults,
+ sudo_ldap_display_privs
+};
+
+#ifdef HAVE_LDAP_CREATE
+/*
+ * Rebuild the hosts list and include a specific port for each host.
+ * ldap_create() does not take a default port parameter so we must
+ * append one if we want something other than LDAP_PORT.
+ */
+static void
+sudo_ldap_conf_add_ports()
+{
+
+ char *host, *port, defport[13];
+ char hostbuf[LINE_MAX * 2];
+
+ hostbuf[0] = '\0';
+ if (snprintf(defport, sizeof(defport), ":%d", ldap_conf.port) >= sizeof(defport))
+ errorx(1, "sudo_ldap_conf_add_ports: port too large");
+
+ for ((host = strtok(ldap_conf.host, " \t")); host; (host = strtok(NULL, " \t"))) {
+ if (hostbuf[0] != '\0') {
+ if (strlcat(hostbuf, " ", sizeof(hostbuf)) >= sizeof(hostbuf))
+ goto toobig;
+ }
+
+ if (strlcat(hostbuf, host, sizeof(hostbuf)) >= sizeof(hostbuf))
+ goto toobig;
+ /* Append port if there is not one already. */
+ if ((port = strrchr(host, ':')) == NULL ||
+ !isdigit((unsigned char)port[1])) {
+ if (strlcat(hostbuf, defport, sizeof(hostbuf)) >= sizeof(hostbuf))
+ goto toobig;
+ }
+ }
+
+ free(ldap_conf.host);
+ ldap_conf.host = estrdup(hostbuf);
+ return;
+
+toobig:
+ errorx(1, "sudo_ldap_conf_add_ports: out of space expanding hostbuf");
+}
+#endif
+
+#ifndef HAVE_LDAP_INITIALIZE
+/*
+ * For each uri, convert to host:port pairs. For ldaps:// enable SSL
+ * Accepts: uris of the form ldap:/// or ldap://hostname:portnum/
+ * where the trailing slash is optional.
+ */
+static int
+sudo_ldap_parse_uri(uri_list)
+ const struct ldap_config_list_str *uri_list;
+{
+ char *buf, *uri, *host, *cp, *port;
+ char hostbuf[LINE_MAX];
+ int nldap = 0, nldaps = 0;
+ int rc = -1;
+
+ do {
+ buf = estrdup(uri_list->val);
+ hostbuf[0] = '\0';
+ for ((uri = strtok(buf, " \t")); uri != NULL; (uri = strtok(NULL, " \t"))) {
+ if (strncasecmp(uri, "ldap://", 7) == 0) {
+ nldap++;
+ host = uri + 7;
+ } else if (strncasecmp(uri, "ldaps://", 8) == 0) {
+ nldaps++;
+ host = uri + 8;
+ } else {
+ warningx("unsupported LDAP uri type: %s", uri);
+ goto done;
+ }
+
+ /* trim optional trailing slash */
+ if ((cp = strrchr(host, '/')) != NULL && cp[1] == '\0') {
+ *cp = '\0';
+ }
+
+ if (hostbuf[0] != '\0') {
+ if (strlcat(hostbuf, " ", sizeof(hostbuf)) >= sizeof(hostbuf))
+ goto toobig;
+ }
+
+ if (*host == '\0')
+ host = "localhost"; /* no host specified, use localhost */
+
+ if (strlcat(hostbuf, host, sizeof(hostbuf)) >= sizeof(hostbuf))
+ goto toobig;
+
+ /* If using SSL and no port specified, add port 636 */
+ if (nldaps) {
+ if ((port = strrchr(host, ':')) == NULL ||
+ !isdigit((unsigned char)port[1]))
+ if (strlcat(hostbuf, ":636", sizeof(hostbuf)) >= sizeof(hostbuf))
+ goto toobig;
+ }
+ }
+ if (hostbuf[0] == '\0') {
+ warningx("invalid uri: %s", uri_list);
+ goto done;
+ }
+
+ if (nldaps != 0) {
+ if (nldap != 0) {
+ warningx("cannot mix ldap and ldaps URIs");
+ goto done;
+ }
+ if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) {
+ warningx("cannot mix ldaps and starttls");
+ goto done;
+ }
+ ldap_conf.ssl_mode = SUDO_LDAP_SSL;
+ }
+
+ free(ldap_conf.host);
+ ldap_conf.host = estrdup(hostbuf);
+ efree(buf);
+ } while ((uri_list = uri_list->next));
+
+ buf = NULL;
+ rc = 0;
+
+done:
+ efree(buf);
+ return(rc);
+
+toobig:
+ errorx(1, "sudo_ldap_parse_uri: out of space building hostbuf");
+}
+#else
+static char *
+sudo_ldap_join_uri(uri_list)
+ struct ldap_config_list_str *uri_list;
+{
+ struct ldap_config_list_str *uri;
+ size_t len = 0;
+ char *buf, *cp;
+
+ /* Usually just a single entry. */
+ if (uri_list->next == NULL)
+ return(estrdup(uri_list->val));
+
+ for (uri = uri_list; uri != NULL; uri = uri->next) {
+ len += strlen(uri->val) + 1;
+ }
+ buf = cp = emalloc(len);
+ buf[0] = '\0';
+ for (uri = uri_list; uri != NULL; uri = uri->next) {
+ cp += strlcpy(cp, uri->val, len - (cp - buf));
+ *cp++ = ' ';
+ }
+ cp[-1] = '\0';
+ return(buf);
+}
+#endif /* HAVE_LDAP_INITIALIZE */
+
+static int
+sudo_ldap_init(ldp, host, port)
+ LDAP **ldp;
+ const char *host;
+ int port;
+{
+ LDAP *ld = NULL;
+ int rc = LDAP_CONNECT_ERROR;
+
+#ifdef HAVE_LDAPSSL_INIT
+ if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
+ DPRINTF(("ldapssl_clientauth_init(%s, %s)",
+ ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
+ ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2);
+ rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL,
+ ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL);
+ /*
+ * Mozilla-derived SDKs have a bug starting with version 5.0
+ * where the path can no longer be a file name and must be a dir.
+ */
+ if (rc != LDAP_SUCCESS) {
+ char *cp;
+ if (ldap_conf.tls_certfile) {
+ cp = strrchr(ldap_conf.tls_certfile, '/');
+ if (cp != NULL && strncmp(cp + 1, "cert", 4) == 0)
+ *cp = '\0';
+ }
+ if (ldap_conf.tls_keyfile) {
+ cp = strrchr(ldap_conf.tls_keyfile, '/');
+ if (cp != NULL && strncmp(cp + 1, "key", 3) == 0)
+ *cp = '\0';
+ }
+ DPRINTF(("ldapssl_clientauth_init(%s, %s)",
+ ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
+ ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2);
+ rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL,
+ ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL);
+ if (rc != LDAP_SUCCESS) {
+ warningx("unable to initialize SSL cert and key db: %s",
+ ldapssl_err2string(rc));
+ goto done;
+ }
+ }
+
+ DPRINTF(("ldapssl_init(%s, %d, 1)", host, port), 2);
+ if ((ld = ldapssl_init(host, port, 1)) != NULL)
+ rc = LDAP_SUCCESS;
+ } else
+#endif
+ {
+#ifdef HAVE_LDAP_CREATE
+ DPRINTF(("ldap_create()"), 2);
+ if ((rc = ldap_create(&ld)) != LDAP_SUCCESS)
+ goto done;
+ DPRINTF(("ldap_set_option(LDAP_OPT_HOST_NAME, %s)", host), 2);
+ rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, host);
+#else
+ DPRINTF(("ldap_init(%s, %d)", host, port), 2);
+ if ((ld = ldap_init(host, port)) != NULL)
+ rc = LDAP_SUCCESS;
+#endif
+ }
+
+done:
+ *ldp = ld;
+ return(rc);
+}
+
+/*
+ * Walk through search results and return TRUE if we have a matching
+ * netgroup, else FALSE.
+ */
+static int
+sudo_ldap_check_user_netgroup(ld, entry, user)
+ LDAP *ld;
+ LDAPMessage *entry;
+ char *user;
+{
+ struct berval **bv, **p;
+ char *val;
+ int ret = FALSE;
+
+ if (!entry)
+ return(ret);
+
+ /* get the values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoUser");
+ if (bv == NULL)
+ return(ret);
+
+ /* walk through values */
+ for (p = bv; *p != NULL && !ret; p++) {
+ val = (*p)->bv_val;
+ /* match any */
+ if (netgr_matches(val, NULL, NULL, user))
+ ret = TRUE;
+ DPRINTF(("ldap sudoUser netgroup '%s' ... %s", val,
+ ret ? "MATCH!" : "not"), 2);
+ }
+
+ ldap_value_free_len(bv); /* cleanup */
+
+ return(ret);
+}
+
+/*
+ * Walk through search results and return TRUE if we have a
+ * host match, else FALSE.
+ */
+static int
+sudo_ldap_check_host(ld, entry)
+ LDAP *ld;
+ LDAPMessage *entry;
+{
+ struct berval **bv, **p;
+ char *val;
+ int ret = FALSE;
+
+ if (!entry)
+ return(ret);
+
+ /* get the values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoHost");
+ if (bv == NULL)
+ return(ret);
+
+ /* walk through values */
+ for (p = bv; *p != NULL && !ret; p++) {
+ val = (*p)->bv_val;
+ /* match any or address or netgroup or hostname */
+ if (!strcmp(val, "ALL") || addr_matches(val) ||
+ netgr_matches(val, user_host, user_shost, NULL) ||
+ hostname_matches(user_shost, user_host, val))
+ ret = TRUE;
+ DPRINTF(("ldap sudoHost '%s' ... %s", val,
+ ret ? "MATCH!" : "not"), 2);
+ }
+
+ ldap_value_free_len(bv); /* cleanup */
+
+ return(ret);
+}
+
+static int
+sudo_ldap_check_runas_user(ld, entry)
+ LDAP *ld;
+ LDAPMessage *entry;
+{
+ struct berval **bv, **p;
+ char *val;
+ int ret = FALSE;
+
+ if (!runas_pw)
+ return(UNSPEC);
+
+ /* get the runas user from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoRunAsUser");
+ if (bv == NULL)
+ bv = ldap_get_values_len(ld, entry, "sudoRunAs"); /* old style */
+
+ /*
+ * BUG:
+ *
+ * if runas is not specified on the command line, the only information
+ * as to which user to run as is in the runas_default option. We should
+ * check to see if we have the local option present. Unfortunately we
+ * don't parse these options until after this routine says yes or no.
+ * The query has already returned, so we could peek at the attribute
+ * values here though.
+ *
+ * For now just require users to always use -u option unless its set
+ * in the global defaults. This behaviour is no different than the global
+ * /etc/sudoers.
+ *
+ * Sigh - maybe add this feature later
+ */
+
+ /*
+ * If there are no runas entries, match runas_default against
+ * what the user specified on the command line.
+ */
+ if (bv == NULL)
+ return(!strcasecmp(runas_pw->pw_name, def_runas_default));
+
+ /* walk through values returned, looking for a match */
+ for (p = bv; *p != NULL && !ret; p++) {
+ val = (*p)->bv_val;
+ switch (val[0]) {
+ case '+':
+ if (netgr_matches(val, NULL, NULL, runas_pw->pw_name))
+ ret = TRUE;
+ break;
+ case '%':
+ if (usergr_matches(val, runas_pw->pw_name, runas_pw))
+ ret = TRUE;
+ break;
+ case 'A':
+ if (strcmp(val, "ALL") == 0) {
+ ret = TRUE;
+ break;
+ }
+ /* FALLTHROUGH */
+ default:
+ if (strcasecmp(val, runas_pw->pw_name) == 0)
+ ret = TRUE;
+ break;
+ }
+ DPRINTF(("ldap sudoRunAsUser '%s' ... %s", val,
+ ret ? "MATCH!" : "not"), 2);
+ }
+
+ ldap_value_free_len(bv); /* cleanup */
+
+ return(ret);
+}
+
+static int
+sudo_ldap_check_runas_group(ld, entry)
+ LDAP *ld;
+ LDAPMessage *entry;
+{
+ struct berval **bv, **p;
+ char *val;
+ int ret = FALSE;
+
+ /* runas_gr is only set if the user specified the -g flag */
+ if (!runas_gr)
+ return(UNSPEC);
+
+ /* get the values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup");
+ if (bv == NULL)
+ return(ret);
+
+ /* walk through values returned, looking for a match */
+ for (p = bv; *p != NULL && !ret; p++) {
+ val = (*p)->bv_val;
+ if (strcmp(val, "ALL") == 0 || group_matches(val, runas_gr))
+ ret = TRUE;
+ DPRINTF(("ldap sudoRunAsGroup '%s' ... %s", val,
+ ret ? "MATCH!" : "not"), 2);
+ }
+
+ ldap_value_free_len(bv); /* cleanup */
+
+ return(ret);
+}
+
+/*
+ * Walk through search results and return TRUE if we have a runas match,
+ * else FALSE. RunAs info is optional.
+ */
+static int
+sudo_ldap_check_runas(ld, entry)
+ LDAP *ld;
+ LDAPMessage *entry;
+{
+ int ret;
+
+ if (!entry)
+ return(FALSE);
+
+ ret = sudo_ldap_check_runas_user(ld, entry) != FALSE &&
+ sudo_ldap_check_runas_group(ld, entry) != FALSE;
+
+ return(ret);
+}
+
+/*
+ * Walk through search results and return TRUE if we have a command match,
+ * FALSE if disallowed and UNSPEC if not matched.
+ */
+static int
+sudo_ldap_check_command(ld, entry, setenv_implied)
+ LDAP *ld;
+ LDAPMessage *entry;
+ int *setenv_implied;
+{
+ struct berval **bv, **p;
+ char *allowed_cmnd, *allowed_args, *val;
+ int foundbang, ret = UNSPEC;
+
+ if (!entry)
+ return(ret);
+
+ bv = ldap_get_values_len(ld, entry, "sudoCommand");
+ if (bv == NULL)
+ return(ret);
+
+ for (p = bv; *p != NULL && ret != FALSE; p++) {
+ val = (*p)->bv_val;
+ /* Match against ALL ? */
+ if (!strcmp(val, "ALL")) {
+ ret = TRUE;
+ if (setenv_implied != NULL)
+ *setenv_implied = TRUE;
+ DPRINTF(("ldap sudoCommand '%s' ... MATCH!", val), 2);
+ continue;
+ }
+
+ /* check for !command */
+ if (*val == '!') {
+ foundbang = TRUE;
+ allowed_cmnd = estrdup(1 + val); /* !command */
+ } else {
+ foundbang = FALSE;
+ allowed_cmnd = estrdup(val); /* command */
+ }
+
+ /* split optional args away from command */
+ allowed_args = strchr(allowed_cmnd, ' ');
+ if (allowed_args)
+ *allowed_args++ = '\0';
+
+ /* check the command like normal */
+ if (command_matches(allowed_cmnd, allowed_args)) {
+ /*
+ * If allowed (no bang) set ret but keep on checking.
+ * If disallowed (bang), exit loop.
+ */
+ ret = foundbang ? FALSE : TRUE;
+ }
+ DPRINTF(("ldap sudoCommand '%s' ... %s", val,
+ ret == TRUE ? "MATCH!" : "not"), 2);
+
+ efree(allowed_cmnd); /* cleanup */
+ }
+
+ ldap_value_free_len(bv); /* more cleanup */
+
+ return(ret);
+}
+
+/*
+ * Search for boolean "option" in sudoOption.
+ * Returns TRUE if found and allowed, FALSE if negated, else UNSPEC.
+ */
+static int
+sudo_ldap_check_bool(ld, entry, option)
+ LDAP *ld;
+ LDAPMessage *entry;
+ char *option;
+{
+ struct berval **bv, **p;
+ char ch, *var;
+ int ret = UNSPEC;
+
+ if (entry == NULL)
+ return(UNSPEC);
+
+ bv = ldap_get_values_len(ld, entry, "sudoOption");
+ if (bv == NULL)
+ return(ret);
+
+ /* walk through options */
+ for (p = bv; *p != NULL; p++) {
+ var = (*p)->bv_val;;
+ DPRINTF(("ldap sudoOption: '%s'", var), 2);
+
+ if ((ch = *var) == '!')
+ var++;
+ if (strcmp(var, option) == 0)
+ ret = (ch != '!');
+ }
+
+ ldap_value_free_len(bv);
+
+ return(ret);
+}
+
+/*
+ * Read sudoOption and modify the defaults as we go. This is used once
+ * from the cn=defaults entry and also once when a final sudoRole is matched.
+ */
+static void
+sudo_ldap_parse_options(ld, entry)
+ LDAP *ld;
+ LDAPMessage *entry;
+{
+ struct berval **bv, **p;
+ char op, *var, *val;
+
+ if (entry == NULL)
+ return;
+
+ bv = ldap_get_values_len(ld, entry, "sudoOption");
+ if (bv == NULL)
+ return;
+
+ /* walk through options */
+ for (p = bv; *p != NULL; p++) {
+ var = estrdup((*p)->bv_val);
+ DPRINTF(("ldap sudoOption: '%s'", var), 2);
+
+ /* check for equals sign past first char */
+ val = strchr(var, '=');
+ if (val > var) {
+ *val++ = '\0'; /* split on = and truncate var */
+ op = *(val - 2); /* peek for += or -= cases */
+ if (op == '+' || op == '-') {
+ *(val - 2) = '\0'; /* found, remove extra char */
+ /* case var+=val or var-=val */
+ set_default(var, val, (int) op);
+ } else {
+ /* case var=val */
+ set_default(var, val, TRUE);
+ }
+ } else if (*var == '!') {
+ /* case !var Boolean False */
+ set_default(var + 1, NULL, FALSE);
+ } else {
+ /* case var Boolean True */
+ set_default(var, NULL, TRUE);
+ }
+ efree(var);
+ }
+
+ ldap_value_free_len(bv);
+}
+
+/*
+ * builds together a filter to check against ldap
+ */
+static char *
+sudo_ldap_build_pass1(pw)
+ struct passwd *pw;
+{
+ struct group *grp;
+ size_t sz;
+ char *buf;
+ int i;
+
+ /* Start with (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */
+ sz = 29 + strlen(pw->pw_name);
+
+ /* Add space for groups */
+ if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL)
+ sz += 12 + strlen(grp->gr_name); /* primary group */
+ for (i = 0; i < user_ngroups; i++) {
+ if (user_groups[i] == pw->pw_gid)
+ continue;
+ if ((grp = sudo_getgrgid(user_groups[i])) != NULL)
+ sz += 12 + strlen(grp->gr_name); /* supplementary group */
+ }
+ buf = emalloc(sz);
+
+ /* Global OR + sudoUser=user_name filter */
+ (void) strlcpy(buf, "(|(sudoUser=", sz);
+ (void) strlcat(buf, pw->pw_name, sz);
+ (void) strlcat(buf, ")", sz);
+
+ /* Append primary group */
+ if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
+ (void) strlcat(buf, "(sudoUser=%", sz);
+ (void) strlcat(buf, grp->gr_name, sz);
+ (void) strlcat(buf, ")", sz);
+ }
+
+ /* Append supplementary groups */
+ for (i = 0; i < user_ngroups; i++) {
+ if (user_groups[i] == pw->pw_gid)
+ continue;
+ if ((grp = sudo_getgrgid(user_groups[i])) != NULL) {
+ (void) strlcat(buf, "(sudoUser=%", sz);
+ (void) strlcat(buf, grp->gr_name, sz);
+ (void) strlcat(buf, ")", sz);
+ }
+ }
+
+ /* Add ALL to list and end the global OR */
+ if (strlcat(buf, "(sudoUser=ALL))", sz) >= sz)
+ errorx(1, "sudo_ldap_build_pass1 allocation mismatch");
+
+ return(buf);
+}
+
+/*
+ * Map yes/true/on to TRUE, no/false/off to FALSE, else -1
+ */
+static int
+_atobool(s)
+ const char *s;
+{
+ switch (*s) {
+ case 'y':
+ case 'Y':
+ if (strcasecmp(s, "yes") == 0)
+ return(TRUE);
+ break;
+ case 't':
+ case 'T':
+ if (strcasecmp(s, "true") == 0)
+ return(TRUE);
+ break;
+ case 'o':
+ case 'O':
+ if (strcasecmp(s, "on") == 0)
+ return(TRUE);
+ if (strcasecmp(s, "off") == 0)
+ return(FALSE);
+ break;
+ case 'n':
+ case 'N':
+ if (strcasecmp(s, "no") == 0)
+ return(FALSE);
+ break;
+ case 'f':
+ case 'F':
+ if (strcasecmp(s, "false") == 0)
+ return(FALSE);
+ break;
+ }
+ return(-1);
+}
+
+static void
+sudo_ldap_read_secret(path)
+ const char *path;
+{
+ FILE *fp;
+ char buf[LINE_MAX], *cp;
+
+ if ((fp = fopen(_PATH_LDAP_SECRET, "r")) != NULL) {
+ if (fgets(buf, sizeof(buf), fp) != NULL) {
+ if ((cp = strchr(buf, '\n')) != NULL)
+ *cp = '\0';
+ /* copy to bindpw and binddn */
+ efree(ldap_conf.bindpw);
+ ldap_conf.bindpw = estrdup(buf);
+ efree(ldap_conf.binddn);
+ ldap_conf.binddn = ldap_conf.rootbinddn;
+ ldap_conf.rootbinddn = NULL;
+ }
+ fclose(fp);
+ }
+}
+
+static int
+sudo_ldap_read_config()
+{
+ FILE *fp;
+ char *cp, *keyword, *value;
+ struct ldap_config_table *cur;
+
+ /* defaults */
+ ldap_conf.version = 3;
+ ldap_conf.port = -1;
+ ldap_conf.tls_checkpeer = -1;
+ ldap_conf.timelimit = -1;
+ ldap_conf.bind_timelimit = -1;
+ ldap_conf.use_sasl = -1;
+ ldap_conf.rootuse_sasl = -1;
+
+ if ((fp = fopen(_PATH_LDAP_CONF, "r")) == NULL)
+ return(FALSE);
+
+ while ((cp = sudo_parseln(fp)) != NULL) {
+ if (*cp == '\0')
+ continue; /* skip empty line */
+
+ /* split into keyword and value */
+ keyword = cp;
+ while (*cp && !isblank((unsigned char) *cp))
+ cp++;
+ if (*cp)
+ *cp++ = '\0'; /* terminate keyword */
+
+ /* skip whitespace before value */
+ while (isblank((unsigned char) *cp))
+ cp++;
+ value = cp;
+
+ /* Look up keyword in config table. */
+ for (cur = ldap_conf_table; cur->conf_str != NULL; cur++) {
+ if (strcasecmp(keyword, cur->conf_str) == 0) {
+ switch (cur->type) {
+ case CONF_BOOL:
+ *(int *)(cur->valp) = _atobool(value);
+ break;
+ case CONF_INT:
+ *(int *)(cur->valp) = atoi(value);
+ break;
+ case CONF_STR:
+ efree(*(char **)(cur->valp));
+ *(char **)(cur->valp) = estrdup(value);
+ break;
+ case CONF_LIST_STR:
+ {
+ struct ldap_config_list_str **p;
+ size_t len = strlen(value);
+
+ if (len > 0) {
+ p = (struct ldap_config_list_str **)cur->valp;
+ while (*p != NULL)
+ p = &(*p)->next;
+ *p = emalloc(sizeof(struct ldap_config_list_str) + len);
+ memcpy((*p)->val, value, len + 1);
+ (*p)->next = NULL;
+ }
+ }
+ break;
+ }
+ break;
+ }
+ }
+ }
+ fclose(fp);
+
+ if (!ldap_conf.host)
+ ldap_conf.host = estrdup("localhost");
+
+ if (ldap_conf.bind_timelimit > 0)
+ ldap_conf.bind_timelimit *= 1000; /* convert to ms */
+
+ if (ldap_conf.debug > 1) {
+ fprintf(stderr, "LDAP Config Summary\n");
+ fprintf(stderr, "===================\n");
+ if (ldap_conf.uri) {
+ struct ldap_config_list_str *uri = ldap_conf.uri;
+
+ do {
+ fprintf(stderr, "uri %s\n", uri->val);
+ } while ((uri = uri->next) != NULL);
+ } else {
+ fprintf(stderr, "host %s\n", ldap_conf.host ?
+ ldap_conf.host : "(NONE)");
+ fprintf(stderr, "port %d\n", ldap_conf.port);
+ }
+ fprintf(stderr, "ldap_version %d\n", ldap_conf.version);
+ if (ldap_conf.base) {
+ struct ldap_config_list_str *base = ldap_conf.base;
+
+ do {
+ fprintf(stderr, "sudoers_base %s\n", base->val);
+ } while ((base = base->next) != NULL);
+ } else {
+ fprintf(stderr, "sudoers_base %s\n",
+ "(NONE) <---Sudo will ignore ldap)");
+ }
+ fprintf(stderr, "binddn %s\n", ldap_conf.binddn ?
+ ldap_conf.binddn : "(anonymous)");
+ fprintf(stderr, "bindpw %s\n", ldap_conf.bindpw ?
+ ldap_conf.bindpw : "(anonymous)");
+ if (ldap_conf.bind_timelimit > 0)
+ fprintf(stderr, "bind_timelimit %d\n", ldap_conf.bind_timelimit);
+ if (ldap_conf.timelimit > 0)
+ fprintf(stderr, "timelimit %d\n", ldap_conf.timelimit);
+ fprintf(stderr, "ssl %s\n", ldap_conf.ssl ?
+ ldap_conf.ssl : "(no)");
+ if (ldap_conf.tls_checkpeer != -1)
+ fprintf(stderr, "tls_checkpeer %s\n", ldap_conf.tls_checkpeer ?
+ "(yes)" : "(no)");
+ if (ldap_conf.tls_cacertfile != NULL)
+ fprintf(stderr, "tls_cacertfile %s\n", ldap_conf.tls_cacertfile);
+ if (ldap_conf.tls_cacertdir != NULL)
+ fprintf(stderr, "tls_cacertdir %s\n", ldap_conf.tls_cacertdir);
+ if (ldap_conf.tls_random_file != NULL)
+ fprintf(stderr, "tls_random_file %s\n", ldap_conf.tls_random_file);
+ if (ldap_conf.tls_cipher_suite != NULL)
+ fprintf(stderr, "tls_cipher_suite %s\n", ldap_conf.tls_cipher_suite);
+ if (ldap_conf.tls_certfile != NULL)
+ fprintf(stderr, "tls_certfile %s\n", ldap_conf.tls_certfile);
+ if (ldap_conf.tls_keyfile != NULL)
+ fprintf(stderr, "tls_keyfile %s\n", ldap_conf.tls_keyfile);
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+ if (ldap_conf.use_sasl != -1) {
+ fprintf(stderr, "use_sasl %s\n",
+ ldap_conf.use_sasl ? "yes" : "no");
+ fprintf(stderr, "sasl_auth_id %s\n", ldap_conf.sasl_auth_id ?
+ ldap_conf.sasl_auth_id : "(NONE)");
+ fprintf(stderr, "rootuse_sasl %d\n", ldap_conf.rootuse_sasl);
+ fprintf(stderr, "rootsasl_auth_id %s\n", ldap_conf.rootsasl_auth_id ?
+ ldap_conf.rootsasl_auth_id : "(NONE)");
+ fprintf(stderr, "sasl_secprops %s\n", ldap_conf.sasl_secprops ?
+ ldap_conf.sasl_secprops : "(NONE)");
+ fprintf(stderr, "krb5_ccname %s\n", ldap_conf.krb5_ccname ?
+ ldap_conf.krb5_ccname : "(NONE)");
+ }
+#endif
+ fprintf(stderr, "===================\n");
+ }
+ if (!ldap_conf.base)
+ return(FALSE); /* if no base is defined, ignore LDAP */
+
+ /*
+ * Interpret SSL option
+ */
+ if (ldap_conf.ssl != NULL) {
+ if (strcasecmp(ldap_conf.ssl, "start_tls") == 0)
+ ldap_conf.ssl_mode = SUDO_LDAP_STARTTLS;
+ else if (_atobool(ldap_conf.ssl))
+ ldap_conf.ssl_mode = SUDO_LDAP_SSL;
+ }
+
+#if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(LDAP_OPT_X_TLS_REQUIRE_CERT)
+ if (ldap_conf.tls_checkpeer != -1) {
+ ldapssl_set_strength(NULL,
+ ldap_conf.tls_checkpeer ? LDAPSSL_AUTH_CERT : LDAPSSL_AUTH_WEAK);
+ }
+#endif
+
+#ifndef HAVE_LDAP_INITIALIZE
+ /* Convert uri list to host list if no ldap_initialize(). */
+ if (ldap_conf.uri) {
+ struct ldap_config_list_str *uri = ldap_conf.uri;
+ if (sudo_ldap_parse_uri(uri) != 0)
+ return(FALSE);
+ do {
+ ldap_conf.uri = uri->next;
+ efree(uri);
+ } while ((uri = ldap_conf.uri));
+ ldap_conf.port = LDAP_PORT;
+ }
+#endif
+
+ if (!ldap_conf.uri) {
+ /* Use port 389 for plaintext LDAP and port 636 for SSL LDAP */
+ if (ldap_conf.port < 0)
+ ldap_conf.port =
+ ldap_conf.ssl_mode == SUDO_LDAP_SSL ? LDAPS_PORT : LDAP_PORT;
+
+#ifdef HAVE_LDAP_CREATE
+ /*
+ * Cannot specify port directly to ldap_create(), each host must
+ * include :port to override the default.
+ */
+ if (ldap_conf.port != LDAP_PORT)
+ sudo_ldap_conf_add_ports();
+#endif
+ }
+
+ /* If rootbinddn set, read in /etc/ldap.secret if it exists. */
+ if (ldap_conf.rootbinddn)
+ sudo_ldap_read_secret(_PATH_LDAP_SECRET);
+
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+ /*
+ * Make sure we can open the file specified by krb5_ccname.
+ */
+ if (ldap_conf.krb5_ccname != NULL) {
+ if (strncasecmp(ldap_conf.krb5_ccname, "FILE:", 5) == 0 ||
+ strncasecmp(ldap_conf.krb5_ccname, "WRFILE:", 7) == 0) {
+ value = ldap_conf.krb5_ccname +
+ (ldap_conf.krb5_ccname[4] == ':' ? 5 : 7);
+ if ((fp = fopen(value, "r")) != NULL) {
+ DPRINTF(("using krb5 credential cache: %s", value), 1);
+ fclose(fp);
+ } else {
+ /* Can't open it, just ignore the entry. */
+ DPRINTF(("unable to open krb5 credential cache: %s", value), 1);
+ efree(ldap_conf.krb5_ccname);
+ ldap_conf.krb5_ccname = NULL;
+ }
+ }
+ }
+#endif
+ return(TRUE);
+}
+
+/*
+ * Extract the dn from an entry and return the first rdn from it.
+ */
+static char *
+sudo_ldap_get_first_rdn(ld, entry)
+ LDAP *ld;
+ LDAPMessage *entry;
+{
+#ifdef HAVE_LDAP_STR2DN
+ char *dn, *rdn = NULL;
+ LDAPDN tmpDN;
+
+ if ((dn = ldap_get_dn(ld, entry)) == NULL)
+ return(NULL);
+ if (ldap_str2dn(dn, &tmpDN, LDAP_DN_FORMAT_LDAP) == LDAP_SUCCESS) {
+ ldap_rdn2str(tmpDN[0], &rdn, LDAP_DN_FORMAT_UFN);
+ ldap_dnfree(tmpDN);
+ }
+ ldap_memfree(dn);
+ return(rdn);
+#else
+ char *dn, **edn;
+
+ if ((dn = ldap_get_dn(ld, entry)) == NULL)
+ return(NULL);
+ edn = ldap_explode_dn(dn, 1);
+ ldap_memfree(dn);
+ return(edn ? edn[0] : NULL);
+#endif
+}
+
+/*
+ * Fetch and display the global Options.
+ */
+static int
+sudo_ldap_display_defaults(nss, pw, lbuf)
+ struct sudo_nss *nss;
+ struct passwd *pw;
+ struct lbuf *lbuf;
+{
+ struct berval **bv, **p;
+ struct ldap_config_list_str *base;
+ LDAP *ld = (LDAP *) nss->handle;
+ LDAPMessage *entry, *result;
+ char *prefix;
+ int rc, count = 0;
+
+ if (ld == NULL)
+ goto done;
+
+ for (base = ldap_conf.base; base != NULL; base = base->next) {
+ result = NULL;
+ rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE,
+ "cn=defaults", NULL, 0, NULL, NULL, NULL, 0, &result);
+ if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) {
+ bv = ldap_get_values_len(ld, entry, "sudoOption");
+ if (bv != NULL) {
+ if (lbuf->len == 0 || isspace((unsigned char)lbuf->buf[lbuf->len - 1]))
+ prefix = " ";
+ else
+ prefix = ", ";
+ for (p = bv; *p != NULL; p++) {
+ lbuf_append(lbuf, prefix, (*p)->bv_val, NULL);
+ prefix = ", ";
+ count++;
+ }
+ ldap_value_free_len(bv);
+ }
+ }
+ if (result)
+ ldap_msgfree(result);
+ }
+done:
+ return(count);
+}
+
+/*
+ * STUB
+ */
+static int
+sudo_ldap_display_bound_defaults(nss, pw, lbuf)
+ struct sudo_nss *nss;
+ struct passwd *pw;
+ struct lbuf *lbuf;
+{
+ return(0);
+}
+
+/*
+ * Print a record in the short form, ala file sudoers.
+ */
+static int
+sudo_ldap_display_entry_short(ld, entry, lbuf)
+ LDAP *ld;
+ LDAPMessage *entry;
+ struct lbuf *lbuf;
+{
+ struct berval **bv, **p;
+ int count = 0;
+
+ lbuf_append(lbuf, " (", NULL);
+
+ /* get the RunAsUser Values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoRunAsUser");
+ if (bv == NULL)
+ bv = ldap_get_values_len(ld, entry, "sudoRunAs");
+ if (bv != NULL) {
+ for (p = bv; *p != NULL; p++) {
+ if (p != bv)
+ lbuf_append(lbuf, ", ", NULL);
+ lbuf_append(lbuf, (*p)->bv_val, NULL);
+ }
+ ldap_value_free_len(bv);
+ } else
+ lbuf_append(lbuf, def_runas_default, NULL);
+
+ /* get the RunAsGroup Values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup");
+ if (bv != NULL) {
+ lbuf_append(lbuf, " : ", NULL);
+ for (p = bv; *p != NULL; p++) {
+ if (p != bv)
+ lbuf_append(lbuf, ", ", NULL);
+ lbuf_append(lbuf, (*p)->bv_val, NULL);
+ }
+ ldap_value_free_len(bv);
+ }
+ lbuf_append(lbuf, ") ", NULL);
+
+ /* get the Option Values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoOption");
+ if (bv != NULL) {
+ char *cp, *tag;
+
+ for (p = bv; *p != NULL; p++) {
+ cp = (*p)->bv_val;
+ if (*cp == '!')
+ cp++;
+ tag = NULL;
+ if (strcmp(cp, "authenticate") == 0)
+ tag = (*p)->bv_val[0] == '!' ?
+ "NOPASSWD: " : "PASSWD: ";
+ else if (strcmp(cp, "noexec") == 0)
+ tag = (*p)->bv_val[0] == '!' ?
+ "EXEC: " : "NOEXEC: ";
+ else if (strcmp(cp, "setenv") == 0)
+ tag = (*p)->bv_val[0] == '!' ?
+ "NOSETENV: " : "SETENV: ";
+ if (tag != NULL)
+ lbuf_append(lbuf, tag, NULL);
+ /* XXX - ignores other options */
+ }
+ ldap_value_free_len(bv);
+ }
+
+ /* get the Command Values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoCommand");
+ if (bv != NULL) {
+ for (p = bv; *p != NULL; p++) {
+ if (p != bv)
+ lbuf_append(lbuf, ", ", NULL);
+ lbuf_append(lbuf, (*p)->bv_val, NULL);
+ count++;
+ }
+ ldap_value_free_len(bv);
+ }
+ lbuf_append(lbuf, "\n", NULL);
+
+ return(count);
+}
+
+/*
+ * Print a record in the long form.
+ */
+static int
+sudo_ldap_display_entry_long(ld, entry, lbuf)
+ LDAP *ld;
+ LDAPMessage *entry;
+ struct lbuf *lbuf;
+{
+ struct berval **bv, **p;
+ char *rdn;
+ int count = 0;
+
+ /* extract the dn, only show the first rdn */
+ rdn = sudo_ldap_get_first_rdn(ld, entry);
+ lbuf_append(lbuf, "\nLDAP Role: ", rdn ? rdn : "UNKNOWN", "\n", NULL);
+ if (rdn)
+ ldap_memfree(rdn);
+
+ /* get the RunAsUser Values from the entry */
+ lbuf_append(lbuf, " RunAsUsers: ", NULL);
+ bv = ldap_get_values_len(ld, entry, "sudoRunAsUser");
+ if (bv == NULL)
+ bv = ldap_get_values_len(ld, entry, "sudoRunAs");
+ if (bv != NULL) {
+ for (p = bv; *p != NULL; p++) {
+ if (p != bv)
+ lbuf_append(lbuf, ", ", NULL);
+ lbuf_append(lbuf, (*p)->bv_val, NULL);
+ }
+ ldap_value_free_len(bv);
+ } else
+ lbuf_append(lbuf, def_runas_default, NULL);
+ lbuf_append(lbuf, "\n", NULL);
+
+ /* get the RunAsGroup Values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup");
+ if (bv != NULL) {
+ lbuf_append(lbuf, " RunAsGroups: ", NULL);
+ for (p = bv; *p != NULL; p++) {
+ if (p != bv)
+ lbuf_append(lbuf, ", ", NULL);
+ lbuf_append(lbuf, (*p)->bv_val, NULL);
+ }
+ ldap_value_free_len(bv);
+ lbuf_append(lbuf, "\n", NULL);
+ }
+
+ /* get the Option Values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoOption");
+ if (bv != NULL) {
+ lbuf_append(lbuf, " Options: ", NULL);
+ for (p = bv; *p != NULL; p++) {
+ if (p != bv)
+ lbuf_append(lbuf, ", ", NULL);
+ lbuf_append(lbuf, (*p)->bv_val, NULL);
+ }
+ ldap_value_free_len(bv);
+ lbuf_append(lbuf, "\n", NULL);
+ }
+
+ /* get the Command Values from the entry */
+ bv = ldap_get_values_len(ld, entry, "sudoCommand");
+ if (bv != NULL) {
+ lbuf_append(lbuf, " Commands:\n", NULL);
+ for (p = bv; *p != NULL; p++) {
+ lbuf_append(lbuf, "\t", (*p)->bv_val, "\n", NULL);
+ count++;
+ }
+ ldap_value_free_len(bv);
+ }
+
+ return(count);
+}
+
+/*
+ * Like sudo_ldap_lookup(), except we just print entries.
+ */
+static int
+sudo_ldap_display_privs(nss, pw, lbuf)
+ struct sudo_nss *nss;
+ struct passwd *pw;
+ struct lbuf *lbuf;
+{
+ struct ldap_config_list_str *base;
+ LDAP *ld = (LDAP *) nss->handle;
+ LDAPMessage *entry, *result;
+ char *filt;
+ int rc, do_netgr, count = 0;
+
+ if (ld == NULL)
+ goto done;
+
+ /*
+ * Okay - time to search for anything that matches this user
+ * Lets limit it to only two queries of the LDAP server
+ *
+ * The first pass will look by the username, groups, and
+ * the keyword ALL. We will then inspect the results that
+ * came back from the query. We don't need to inspect the
+ * sudoUser in this pass since the LDAP server already scanned
+ * it for us.
+ *
+ * The second pass will return all the entries that contain
+ * user netgroups. Then we take the netgroups returned and
+ * try to match them against the username.
+ */
+ for (do_netgr = 0; do_netgr < 2; do_netgr++) {
+ filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw);
+ DPRINTF(("ldap search '%s'", filt), 1);
+ for (base = ldap_conf.base; base != NULL; base = base->next) {
+ result = NULL;
+ rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
+ NULL, 0, NULL, NULL, NULL, 0, &result);
+ if (rc != LDAP_SUCCESS)
+ continue; /* no entries for this pass */
+
+ /* print each matching entry */
+ LDAP_FOREACH(entry, ld, result) {
+ if ((!do_netgr ||
+ sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name)) &&
+ sudo_ldap_check_host(ld, entry)) {
+
+ if (long_list)
+ count += sudo_ldap_display_entry_long(ld, entry, lbuf);
+ else
+ count += sudo_ldap_display_entry_short(ld, entry, lbuf);
+ }
+ }
+ ldap_msgfree(result);
+ }
+ efree(filt);
+ }
+done:
+ return(count);
+}
+
+static int
+sudo_ldap_display_cmnd(nss, pw)
+ struct sudo_nss *nss;
+ struct passwd *pw;
+{
+ struct ldap_config_list_str *base;
+ LDAP *ld = (LDAP *) nss->handle;
+ LDAPMessage *entry, *result; /* used for searches */
+ char *filt; /* used to parse attributes */
+ int rc, found, do_netgr; /* temp/final return values */
+
+ if (ld == NULL)
+ return(1);
+
+ /*
+ * Okay - time to search for anything that matches this user
+ * Lets limit it to only two queries of the LDAP server
+ *
+ * The first pass will look by the username, groups, and
+ * the keyword ALL. We will then inspect the results that
+ * came back from the query. We don't need to inspect the
+ * sudoUser in this pass since the LDAP server already scanned
+ * it for us.
+ *
+ * The second pass will return all the entries that contain
+ * user netgroups. Then we take the netgroups returned and
+ * try to match them against the username.
+ */
+ for (found = FALSE, do_netgr = 0; !found && do_netgr < 2; do_netgr++) {
+ filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw);
+ DPRINTF(("ldap search '%s'", filt), 1);
+ for (base = ldap_conf.base; base != NULL; base = base->next) {
+ result = NULL;
+ rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
+ NULL, 0, NULL, NULL, NULL, 0, &result);
+ if (rc != LDAP_SUCCESS)
+ continue; /* no entries for this pass */
+
+ LDAP_FOREACH(entry, ld, result) {
+ if ((!do_netgr ||
+ sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name)) &&
+ sudo_ldap_check_host(ld, entry) &&
+ sudo_ldap_check_command(ld, entry, NULL) &&
+ sudo_ldap_check_runas(ld, entry)) {
+
+ found = TRUE;
+ break;
+ }
+ }
+ ldap_msgfree(result);
+ }
+ efree(filt);
+ }
+
+ if (found)
+ printf("%s%s%s\n", safe_cmnd ? safe_cmnd : user_cmnd,
+ user_args ? " " : "", user_args ? user_args : "");
+ return(!found);
+}
+
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+static int
+sudo_ldap_sasl_interact(ld, flags, _auth_id, _interact)
+ LDAP *ld;
+ unsigned int flags;
+ void *_auth_id;
+ void *_interact;
+{
+ char *auth_id = (char *)_auth_id;
+ sasl_interact_t *interact = (sasl_interact_t *)_interact;
+
+ for (; interact->id != SASL_CB_LIST_END; interact++) {
+ if (interact->id != SASL_CB_USER)
+ return(LDAP_PARAM_ERROR);
+
+ if (auth_id != NULL)
+ interact->result = auth_id;
+ else if (interact->defresult != NULL)
+ interact->result = interact->defresult;
+ else
+ interact->result = "";
+
+ interact->len = strlen(interact->result);
+#if SASL_VERSION_MAJOR < 2
+ interact->result = estrdup(interact->result);
+#endif /* SASL_VERSION_MAJOR < 2 */
+ }
+ return(LDAP_SUCCESS);
+}
+#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
+
+/*
+ * Set LDAP options based on the config table.
+ */
+static int
+sudo_ldap_set_options(ld)
+ LDAP *ld;
+{
+ struct ldap_config_table *cur;
+ int rc;
+
+ /* Set ber options */
+#ifdef LBER_OPT_DEBUG_LEVEL
+ if (ldap_conf.ldap_debug)
+ ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &ldap_conf.ldap_debug);
+#endif
+
+ /* Set simple LDAP options */
+ for (cur = ldap_conf_table; cur->conf_str != NULL; cur++) {
+ LDAP *conn;
+ int ival;
+ char *sval;
+
+ if (cur->opt_val == -1)
+ continue;
+
+ conn = cur->connected ? ld : NULL;
+ switch (cur->type) {
+ case CONF_BOOL:
+ case CONF_INT:
+ ival = *(int *)(cur->valp);
+ if (ival >= 0) {
+ rc = ldap_set_option(conn, cur->opt_val, &ival);
+ if (rc != LDAP_OPT_SUCCESS) {
+ warningx("ldap_set_option: %s -> %d: %s",
+ cur->conf_str, ival, ldap_err2string(rc));
+ return(-1);
+ }
+ DPRINTF(("ldap_set_option: %s -> %d", cur->conf_str, ival), 1);
+ }
+ break;
+ case CONF_STR:
+ sval = *(char **)(cur->valp);
+ if (sval != NULL) {
+ rc = ldap_set_option(conn, cur->opt_val, sval);
+ if (rc != LDAP_OPT_SUCCESS) {
+ warningx("ldap_set_option: %s -> %s: %s",
+ cur->conf_str, sval, ldap_err2string(rc));
+ return(-1);
+ }
+ DPRINTF(("ldap_set_option: %s -> %s", cur->conf_str, sval), 1);
+ }
+ break;
+ }
+ }
+
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+ /* Convert bind_timelimit to a timeval */
+ if (ldap_conf.bind_timelimit > 0) {
+ struct timeval tv;
+ tv.tv_sec = ldap_conf.bind_timelimit / 1000;
+ tv.tv_usec = 0;
+ rc = ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+ if (rc != LDAP_OPT_SUCCESS) {
+ warningx("ldap_set_option(NETWORK_TIMEOUT, %ld): %s",
+ (long)tv.tv_sec, ldap_err2string(rc));
+ return(-1);
+ }
+ DPRINTF(("ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, %ld)",
+ (long)tv.tv_sec), 1);
+ }
+#endif
+
+#if defined(LDAP_OPT_X_TLS) && !defined(HAVE_LDAPSSL_INIT)
+ if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
+ int val = LDAP_OPT_X_TLS_HARD;
+ rc = ldap_set_option(ld, LDAP_OPT_X_TLS, &val);
+ if (rc != LDAP_SUCCESS) {
+ warningx("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD): %s",
+ ldap_err2string(rc));
+ return(-1);
+ }
+ DPRINTF(("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)"), 1);
+ }
+#endif
+ return(0);
+}
+
+/*
+ * Connect to the LDAP server specified by ld
+ */
+static int
+sudo_ldap_bind_s(ld)
+ LDAP *ld;
+{
+ int rc;
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+ const char *old_ccname = user_ccname;
+# ifdef HAVE_GSS_KRB5_CCACHE_NAME
+ unsigned int status;
+# endif
+#endif
+
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+ if (ldap_conf.rootuse_sasl == TRUE ||
+ (ldap_conf.rootuse_sasl != FALSE && ldap_conf.use_sasl == TRUE)) {
+ void *auth_id = ldap_conf.rootsasl_auth_id ?
+ ldap_conf.rootsasl_auth_id : ldap_conf.sasl_auth_id;
+
+ if (ldap_conf.krb5_ccname != NULL) {
+# ifdef HAVE_GSS_KRB5_CCACHE_NAME
+ if (gss_krb5_ccache_name(&status, ldap_conf.krb5_ccname, &old_ccname)
+ != GSS_S_COMPLETE) {
+ old_ccname = NULL;
+ DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1);
+ }
+# else
+ setenv("KRB5CCNAME", ldap_conf.krb5_ccname, TRUE);
+# endif
+ }
+ rc = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI",
+ NULL, NULL, LDAP_SASL_QUIET, sudo_ldap_sasl_interact, auth_id);
+ if (ldap_conf.krb5_ccname != NULL) {
+# ifdef HAVE_GSS_KRB5_CCACHE_NAME
+ if (gss_krb5_ccache_name(&status, old_ccname, NULL) != GSS_S_COMPLETE)
+ DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1);
+# else
+ if (old_ccname != NULL)
+ setenv("KRB5CCNAME", old_ccname, TRUE);
+ else
+ unsetenv("KRB5CCNAME");
+# endif
+ }
+ if (rc != LDAP_SUCCESS) {
+ warningx("ldap_sasl_interactive_bind_s(): %s", ldap_err2string(rc));
+ return(-1);
+ }
+ DPRINTF(("ldap_sasl_interactive_bind_s() ok"), 1);
+ } else
+#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
+#ifdef HAVE_LDAP_SASL_BIND_S
+ {
+ struct berval bv;
+
+ bv.bv_val = ldap_conf.bindpw ? ldap_conf.bindpw : "";
+ bv.bv_len = strlen(bv.bv_val);
+
+ rc = ldap_sasl_bind_s(ld, ldap_conf.binddn, LDAP_SASL_SIMPLE, &bv,
+ NULL, NULL, NULL);
+ if (rc != LDAP_SUCCESS) {
+ warningx("ldap_sasl_bind_s(): %s", ldap_err2string(rc));
+ return(-1);
+ }
+ DPRINTF(("ldap_sasl_bind_s() ok"), 1);
+ }
+#else
+ {
+ rc = ldap_simple_bind_s(ld, ldap_conf.binddn, ldap_conf.bindpw);
+ if (rc != LDAP_SUCCESS) {
+ warningx("ldap_simple_bind_s(): %s", ldap_err2string(rc));
+ return(-1);
+ }
+ DPRINTF(("ldap_simple_bind_s() ok"), 1);
+ }
+#endif
+ return(0);
+}
+
+/*
+ * Open a connection to the LDAP server.
+ * Returns 0 on success and non-zero on failure.
+ */
+static int
+sudo_ldap_open(nss)
+ struct sudo_nss *nss;
+{
+ LDAP *ld;
+ int rc, ldapnoinit = FALSE;
+
+ if (!sudo_ldap_read_config())
+ return(-1);
+
+ /* Prevent reading of user ldaprc and system defaults. */
+ if (getenv("LDAPNOINIT") == NULL) {
+ ldapnoinit = TRUE;
+ setenv("LDAPNOINIT", "1", TRUE);
+ }
+
+ /* Connect to LDAP server */
+#ifdef HAVE_LDAP_INITIALIZE
+ if (ldap_conf.uri != NULL) {
+ char *buf = sudo_ldap_join_uri(ldap_conf.uri);
+ DPRINTF(("ldap_initialize(ld, %s)", buf), 2);
+ rc = ldap_initialize(&ld, buf);
+ efree(buf);
+ } else
+#endif
+ rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port);
+ if (rc != LDAP_SUCCESS) {
+ warningx("unable to initialize LDAP: %s", ldap_err2string(rc));
+ return(-1);
+ }
+
+ if (ldapnoinit)
+ unsetenv("LDAPNOINIT");
+
+ /* Set LDAP options */
+ if (sudo_ldap_set_options(ld) < 0)
+ return(-1);
+
+ if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) {
+#if defined(HAVE_LDAP_START_TLS_S)
+ rc = ldap_start_tls_s(ld, NULL, NULL);
+ if (rc != LDAP_SUCCESS) {
+ warningx("ldap_start_tls_s(): %s", ldap_err2string(rc));
+ return(-1);
+ }
+ DPRINTF(("ldap_start_tls_s() ok"), 1);
+#elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP)
+ if (ldap_ssl_client_init(NULL, NULL, 0, &rc) != LDAP_SUCCESS) {
+ warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc));
+ return(-1);
+ }
+ rc = ldap_start_tls_s_np(ld, NULL);
+ if (rc != LDAP_SUCCESS) {
+ warningx("ldap_start_tls_s_np(): %s", ldap_err2string(rc));
+ return(-1);
+ }
+ DPRINTF(("ldap_start_tls_s_np() ok"), 1);
+#else
+ warningx("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()");
+#endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */
+ }
+
+ /* Actually connect */
+ if (sudo_ldap_bind_s(ld) != 0)
+ return(-1);
+
+ nss->handle = ld;
+ return(0);
+}
+
+static int
+sudo_ldap_setdefs(nss)
+ struct sudo_nss *nss;
+{
+ struct ldap_config_list_str *base;
+ LDAP *ld = (LDAP *) nss->handle;
+ LDAPMessage *entry, *result; /* used for searches */
+ int rc; /* temp return value */
+
+ if (ld == NULL)
+ return(-1);
+
+ for (base = ldap_conf.base; base != NULL; base = base->next) {
+ result = NULL;
+ rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE,
+ "cn=defaults", NULL, 0, NULL, NULL, NULL, 0, &result);
+ if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) {
+ DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1);
+ sudo_ldap_parse_options(ld, entry);
+ } else
+ DPRINTF(("no default options found in %s", base->val), 1);
+
+ if (result)
+ ldap_msgfree(result);
+ }
+
+ return(0);
+}
+
+/*
+ * like sudoers_lookup() - only LDAP style
+ */
+static int
+sudo_ldap_lookup(nss, ret, pwflag)
+ struct sudo_nss *nss;
+ int ret;
+ int pwflag;
+{
+ struct ldap_config_list_str *base;
+ LDAP *ld = (LDAP *) nss->handle;
+ LDAPMessage *entry, *result;
+ char *filt;
+ int do_netgr, rc, matched;
+ int setenv_implied;
+ int ldap_user_matches = FALSE, ldap_host_matches = FALSE;
+ struct passwd *pw = list_pw ? list_pw : sudo_user.pw;
+
+ if (ld == NULL)
+ return(ret);
+
+ if (pwflag) {
+ int doauth = UNSPEC;
+ enum def_tupple pwcheck =
+ (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
+
+ for (matched = 0, do_netgr = 0; !matched && do_netgr < 2; do_netgr++) {
+ filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw);
+ for (base = ldap_conf.base; base != NULL; base = base->next) {
+ result = NULL;
+ rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
+ NULL, 0, NULL, NULL, NULL, 0, &result);
+ if (rc != LDAP_SUCCESS)
+ continue;
+
+ LDAP_FOREACH(entry, ld, result) {
+ /* only verify netgroup matches in pass 2 */
+ if (do_netgr && !sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name))
+ continue;
+
+ ldap_user_matches = TRUE;
+ if (sudo_ldap_check_host(ld, entry)) {
+ ldap_host_matches = TRUE;
+ if ((pwcheck == any && doauth != FALSE) ||
+ (pwcheck == all && doauth == FALSE))
+ doauth = sudo_ldap_check_bool(ld, entry, "authenticate");
+ /* Only check the command when listing another user. */
+ if (user_uid == 0 || list_pw == NULL ||
+ user_uid == list_pw->pw_uid ||
+ sudo_ldap_check_command(ld, entry, NULL)) {
+ matched = 1;
+ break; /* end foreach */
+ }
+ }
+ }
+ ldap_msgfree(result);
+ }
+ efree(filt);
+ }
+ if (matched || user_uid == 0) {
+ SET(ret, VALIDATE_OK);
+ CLR(ret, VALIDATE_NOT_OK);
+ if (def_authenticate) {
+ switch (pwcheck) {
+ case always:
+ SET(ret, FLAG_CHECK_USER);
+ break;
+ case all:
+ case any:
+ if (doauth == FALSE)
+ def_authenticate = FALSE;
+ break;
+ case never:
+ def_authenticate = FALSE;
+ break;
+ default:
+ break;
+ }
+ }
+ }
+ goto done;
+ }
+
+ /*
+ * Okay - time to search for anything that matches this user
+ * Lets limit it to only two queries of the LDAP server
+ *
+ * The first pass will look by the username, groups, and
+ * the keyword ALL. We will then inspect the results that
+ * came back from the query. We don't need to inspect the
+ * sudoUser in this pass since the LDAP server already scanned
+ * it for us.
+ *
+ * The second pass will return all the entries that contain
+ * user netgroups. Then we take the netgroups returned and
+ * try to match them against the username.
+ */
+ setenv_implied = FALSE;
+ for (matched = 0, do_netgr = 0; !matched && do_netgr < 2; do_netgr++) {
+ filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw);
+ DPRINTF(("ldap search '%s'", filt), 1);
+ for (base = ldap_conf.base; base != NULL; base = base->next) {
+ result = NULL;
+ rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
+ NULL, 0, NULL, NULL, NULL, 0, &result);
+ if (rc != LDAP_SUCCESS) {
+ DPRINTF(("nothing found for '%s'", filt), 1);
+ continue;
+ }
+
+ /* parse each entry returned from this most recent search */
+ LDAP_FOREACH(entry, ld, result) {
+ DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1);
+ if (
+ /* first verify user netgroup matches - only if in pass 2 */
+ (!do_netgr || sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name)) &&
+ /* remember that user matched */
+ (ldap_user_matches = TRUE) &&
+ /* verify host match */
+ sudo_ldap_check_host(ld, entry) &&
+ /* remember that host matched */
+ (ldap_host_matches = TRUE) &&
+ /* verify runas match */
+ sudo_ldap_check_runas(ld, entry) &&
+ /* verify command match */
+ (rc = sudo_ldap_check_command(ld, entry, &setenv_implied)) != UNSPEC
+ ) {
+ /* We have a match! */
+ DPRINTF(("Command %sallowed", rc == TRUE ? "" : "NOT "), 1);
+ matched = TRUE;
+ if (rc == TRUE) {
+ /* pick up any options */
+ if (setenv_implied)
+ def_setenv = TRUE;
+ sudo_ldap_parse_options(ld, entry);
+#ifdef HAVE_SELINUX
+ /* Set role and type if not specified on command line. */
+ if (user_role == NULL)
+ user_role = def_role;
+ if (user_type == NULL)
+ user_type = def_type;
+#endif /* HAVE_SELINUX */
+ /* make sure we don't reenter loop */
+ SET(ret, VALIDATE_OK);
+ CLR(ret, VALIDATE_NOT_OK);
+ } else {
+ SET(ret, VALIDATE_NOT_OK);
+ CLR(ret, VALIDATE_OK);
+ }
+ /* break from inside for loop */
+ break;
+ }
+ }
+ ldap_msgfree(result);
+ }
+ efree(filt);
+ }
+
+done:
+ DPRINTF(("user_matches=%d", ldap_user_matches), 1);
+ DPRINTF(("host_matches=%d", ldap_host_matches), 1);
+
+ if (!ISSET(ret, VALIDATE_OK)) {
+ /* we do not have a match */
+ if (pwflag && list_pw == NULL)
+ SET(ret, FLAG_NO_CHECK);
+ }
+ if (ldap_user_matches)
+ CLR(ret, FLAG_NO_USER);
+ if (ldap_host_matches)
+ CLR(ret, FLAG_NO_HOST);
+ DPRINTF(("sudo_ldap_lookup(%d)=0x%02x", pwflag, ret), 1);
+
+ return(ret);
+}
+
+/*
+ * shut down LDAP connection
+ */
+static int
+sudo_ldap_close(nss)
+ struct sudo_nss *nss;
+{
+ if (nss->handle != NULL) {
+ ldap_unbind_ext_s((LDAP *) nss->handle, NULL, NULL);
+ nss->handle = NULL;
+ }
+ return(0);
+}
+
+/*
+ * STUB
+ */
+static int
+sudo_ldap_parse(nss)
+ struct sudo_nss *nss;
+{
+ return(0);
+}
diff --git a/sudo-1.7.4p4/linux_audit.c b/sudo-1.7.4p4/linux_audit.c
new file mode 100644
index 0000000..ba87e78
--- /dev/null
+++ b/sudo-1.7.4p4/linux_audit.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <libaudit.h>
+
+#include "compat.h"
+#include "error.h"
+#include "alloc.h"
+#include "missing.h"
+#include "linux_audit.h"
+
+/*
+ * Open audit connection if possible.
+ * Returns audit fd on success and -1 on failure.
+ */
+static int
+linux_audit_open(void)
+{
+ static int au_fd = -1;
+
+ if (au_fd != -1)
+ return au_fd;
+ au_fd = audit_open();
+ if (au_fd == -1) {
+ /* Kernel may not have audit support. */
+ if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
+ error(1, "unable to open audit system");
+ } else {
+ (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
+ }
+ return au_fd;
+}
+
+int
+linux_audit_command(char *argv[], int result)
+{
+ int au_fd, rc;
+ char *command, *cp, **av;
+ size_t size, n;
+
+ if ((au_fd = linux_audit_open()) == -1)
+ return -1;
+
+ /* Convert argv to a flat string. */
+ for (size = 0, av = argv; *av != NULL; av++)
+ size += strlen(*av) + 1;
+ command = cp = emalloc(size);
+ for (av = argv; *av != NULL; av++) {
+ n = strlcpy(cp, *av, size - (cp - command));
+ if (n >= size - (cp - command))
+ errorx(1, "internal error, linux_audit_command() overflow");
+ cp += n;
+ *cp++ = ' ';
+ }
+ *--cp = '\0';
+
+ /* Log command, ignoring EPERM on error. */
+ rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
+ if (rc <= 0)
+ warning("unable to send audit message");
+
+ efree(command);
+
+ return rc;
+}
+
+#ifdef HAVE_SELINUX
+int
+linux_audit_role_change(const char *old_context,
+ const char *new_context, const char *ttyn)
+{
+ int au_fd, rc;
+ char *message;
+
+ if ((au_fd = linux_audit_open()) == -1)
+ return -1;
+
+ /* audit role change using the same format as newrole(1) */
+ easprintf(&message, "newrole: old-context=%s new-context=%s",
+ old_context, new_context);
+ rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
+ message, NULL, NULL, ttyn, 1);
+ if (rc <= 0)
+ warning("unable to send audit message");
+
+ efree(message);
+
+ return rc;
+}
+#endif /* HAVE_SELINUX */
diff --git a/sudo-1.7.4p4/linux_audit.h b/sudo-1.7.4p4/linux_audit.h
new file mode 100644
index 0000000..f2574f6
--- /dev/null
+++ b/sudo-1.7.4p4/linux_audit.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_LINUX_AUDIT_H
+#define _SUDO_LINUX_AUDIT_H
+
+int linux_audit_command(char *argv[], int result);
+int linux_audit_role_change(const char *old_context,
+ const char *new_context, const char *ttyn);
+
+#endif /* _SUDO_LINUX_AUDIT_H */
diff --git a/sudo-1.7.4p4/list.c b/sudo-1.7.4p4/list.c
new file mode 100644
index 0000000..60c1138
--- /dev/null
+++ b/sudo-1.7.4p4/list.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2007-2008 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+
+#include "sudo.h"
+
+struct list_proto {
+ struct list_proto *prev;
+ struct list_proto *next;
+};
+
+struct list_head_proto {
+ struct list_proto *first;
+ struct list_proto *last;
+};
+
+/*
+ * Pop the last element off the end of vh.
+ * Returns the popped element.
+ */
+void *
+tq_pop(vh)
+ void *vh;
+{
+ struct list_head_proto *h = (struct list_head_proto *)vh;
+ void *last = NULL;
+
+ if (!tq_empty(h)) {
+ last = (void *)h->last;
+ if (h->first == h->last) {
+ h->first = NULL;
+ h->last = NULL;
+ } else {
+ h->last = h->last->prev;
+ h->last->next = NULL;
+ }
+ }
+ return (last);
+}
+
+/*
+ * Convert from a semi-circle queue to normal doubly-linked list
+ * with a head node.
+ */
+void
+list2tq(vh, vl)
+ void *vh;
+ void *vl;
+{
+ struct list_head_proto *h = (struct list_head_proto *)vh;
+ struct list_proto *l = (struct list_proto *)vl;
+
+ if (l != NULL) {
+#ifdef DEBUG
+ if (l->prev == NULL) {
+ warningx("list2tq called with non-semicircular list");
+ abort();
+ }
+#endif
+ h->first = l;
+ h->last = l->prev; /* l->prev points to the last member of l */
+ l->prev = NULL; /* zero last ptr now that we have a head */
+ } else {
+ h->first = NULL;
+ h->last = NULL;
+ }
+}
+
+/*
+ * Append one queue (or single entry) to another using the
+ * circular properties of the prev pointer to simplify the logic.
+ */
+void
+list_append(vl1, vl2)
+ void *vl1;
+ void *vl2;
+{
+ struct list_proto *l1 = (struct list_proto *)vl1;
+ struct list_proto *l2 = (struct list_proto *)vl2;
+ void *tail = l2->prev;
+
+ l1->prev->next = l2;
+ l2->prev = l1->prev;
+ l1->prev = tail;
+}
+
+/*
+ * Append the list of entries to the head node and convert
+ * e from a semi-circle queue to normal doubly-linked list.
+ */
+void
+tq_append(vh, vl)
+ void *vh;
+ void *vl;
+{
+ struct list_head_proto *h = (struct list_head_proto *)vh;
+ struct list_proto *l = (struct list_proto *)vl;
+ void *tail = l->prev;
+
+ if (h->first == NULL)
+ h->first = l;
+ else
+ h->last->next = l;
+ l->prev = h->last;
+ h->last = tail;
+}
diff --git a/sudo-1.7.4p4/list.h b/sudo-1.7.4p4/list.h
new file mode 100644
index 0000000..17aab41
--- /dev/null
+++ b/sudo-1.7.4p4/list.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_LIST_H
+#define _SUDO_LIST_H
+
+/*
+ * Convenience macro for declaring a list head.
+ */
+#ifdef __STDC__
+#define TQ_DECLARE(n) \
+struct n##_list { \
+ struct n *first; \
+ struct n *last; \
+};
+#else
+#define TQ_DECLARE(n) \
+struct n/**/_list { \
+ struct n *first; \
+ struct n *last; \
+};
+#endif
+
+/*
+ * Foreach loops: forward and reverse
+ */
+#undef tq_foreach_fwd
+#define tq_foreach_fwd(h, v) \
+ for ((v) = (h)->first; (v) != NULL; (v) = (v)->next)
+
+#undef tq_foreach_rev
+#define tq_foreach_rev(h, v) \
+ for ((v) = (h)->last; (v) != NULL; (v) = (v)->prev)
+
+/*
+ * Init a list head.
+ */
+#undef tq_init
+#define tq_init(h) do { \
+ (h)->first = NULL; \
+ (h)->last = NULL; \
+} while (0)
+
+/*
+ * Simple macros to avoid exposing first/last and prev/next.
+ */
+#undef tq_empty
+#define tq_empty(h) ((h)->first == NULL)
+
+#undef tq_first
+#define tq_first(h) ((h)->first)
+
+#undef tq_last
+#define tq_last(h) ((h)->last)
+
+#undef list_next
+#define list_next(e) ((e)->next)
+
+#undef list_prev
+#define list_prev(e) ((e)->prev)
+
+/*
+ * Prototypes for list.c
+ */
+void *tq_pop __P((void *));
+void tq_append __P((void *, void *));
+void list_append __P((void *, void *));
+void list2tq __P((void *, void *));
+
+#endif /* _SUDO_LIST_H */
diff --git a/sudo-1.7.4p4/logging.c b/sudo-1.7.4p4/logging.c
new file mode 100644
index 0000000..2b32968
--- /dev/null
+++ b/sudo-1.7.4p4/logging.c
@@ -0,0 +1,737 @@
+/*
+ * Copyright (c) 1994-1996, 1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifdef __TANDEM
+# include <floss.h>
+#endif
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <grp.h>
+#include <signal.h>
+#include <time.h>
+#include <errno.h>
+#include <fcntl.h>
+
+#include "sudo.h"
+
+static void do_syslog __P((int, char *));
+static void do_logfile __P((char *));
+static void send_mail __P((const char *fmt, ...));
+static int should_mail __P((int));
+static void mysyslog __P((int, const char *, ...));
+static char *new_logline __P((const char *, int));
+
+#define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */
+
+/*
+ * We do an openlog(3)/closelog(3) for each message because some
+ * authentication methods (notably PAM) use syslog(3) for their
+ * own nefarious purposes and may call openlog(3) and closelog(3).
+ * Note that because we don't want to assume that all systems have
+ * vsyslog(3) (HP-UX doesn't) "%m" will not be expanded.
+ * Sadly this is a maze of #ifdefs.
+ */
+static void
+#ifdef __STDC__
+mysyslog(int pri, const char *fmt, ...)
+#else
+mysyslog(pri, fmt, va_alist)
+ int pri;
+ const char *fmt;
+ va_dcl
+#endif
+{
+#ifdef BROKEN_SYSLOG
+ int i;
+#endif
+ char buf[MAXSYSLOGLEN+1];
+ va_list ap;
+
+#ifdef __STDC__
+ va_start(ap, fmt);
+#else
+ va_start(ap);
+#endif
+#ifdef LOG_NFACILITIES
+ openlog("sudo", 0, def_syslog);
+#else
+ openlog("sudo", 0);
+#endif
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+#ifdef BROKEN_SYSLOG
+ /*
+ * Some versions of syslog(3) don't guarantee success and return
+ * an int (notably HP-UX < 10.0). So, if at first we don't succeed,
+ * try, try again...
+ */
+ for (i = 0; i < MAXSYSLOGTRIES; i++)
+ if (syslog(pri, "%s", buf) == 0)
+ break;
+#else
+ syslog(pri, "%s", buf);
+#endif /* BROKEN_SYSLOG */
+ va_end(ap);
+ closelog();
+}
+
+#define FMT_FIRST "%8s : %s"
+#define FMT_CONTD "%8s : (command continued) %s"
+
+/*
+ * Log a message to syslog, pre-pending the username and splitting the
+ * message into parts if it is longer than MAXSYSLOGLEN.
+ */
+static void
+do_syslog(pri, msg)
+ int pri;
+ char *msg;
+{
+ size_t len, maxlen;
+ char *p, *tmp, save;
+ const char *fmt;
+
+ /*
+ * Log the full line, breaking into multiple syslog(3) calls if necessary
+ */
+ fmt = FMT_FIRST;
+ maxlen = MAXSYSLOGLEN - (sizeof(FMT_FIRST) - 6 + strlen(user_name));
+ for (p = msg; *p != '\0'; ) {
+ len = strlen(p);
+ if (len > maxlen) {
+ /*
+ * Break up the line into what will fit on one syslog(3) line
+ * Try to avoid breaking words into several lines if possible.
+ */
+ tmp = memrchr(p, ' ', maxlen);
+ if (tmp == NULL)
+ tmp = p + maxlen;
+
+ /* NULL terminate line, but save the char to restore later */
+ save = *tmp;
+ *tmp = '\0';
+
+ mysyslog(pri, fmt, user_name, p);
+
+ *tmp = save; /* restore saved character */
+
+ /* Advance p and eliminate leading whitespace */
+ for (p = tmp; *p == ' '; p++)
+ ;
+ } else {
+ mysyslog(pri, fmt, user_name, p);
+ p += len;
+ }
+ fmt = FMT_CONTD;
+ maxlen = MAXSYSLOGLEN - (sizeof(FMT_CONTD) - 6 + strlen(user_name));
+ }
+}
+
+static void
+do_logfile(msg)
+ char *msg;
+{
+ char *full_line;
+ char *beg, *oldend, *end;
+ FILE *fp;
+ mode_t oldmask;
+ size_t maxlen;
+
+ oldmask = umask(077);
+ maxlen = def_loglinelen > 0 ? def_loglinelen : 0;
+ fp = fopen(def_logfile, "a");
+ (void) umask(oldmask);
+ if (fp == NULL) {
+ send_mail("Can't open log file: %s: %s", def_logfile, strerror(errno));
+ } else if (!lock_file(fileno(fp), SUDO_LOCK)) {
+ send_mail("Can't lock log file: %s: %s", def_logfile, strerror(errno));
+ } else {
+ time_t now;
+
+ now = time(NULL);
+ if (def_loglinelen == 0) {
+ /* Don't pretty-print long log file lines (hard to grep) */
+ if (def_log_host)
+ (void) fprintf(fp, "%s : %s : HOST=%s : %s\n",
+ get_timestr(now, def_log_year), user_name, user_shost, msg);
+ else
+ (void) fprintf(fp, "%s : %s : %s\n",
+ get_timestr(now, def_log_year), user_name, msg);
+ } else {
+ if (def_log_host)
+ easprintf(&full_line, "%s : %s : HOST=%s : %s",
+ get_timestr(now, def_log_year), user_name, user_shost, msg);
+ else
+ easprintf(&full_line, "%s : %s : %s",
+ get_timestr(now, def_log_year), user_name, msg);
+
+ /*
+ * Print out full_line with word wrap
+ */
+ beg = end = full_line;
+ while (beg) {
+ oldend = end;
+ end = strchr(oldend, ' ');
+
+ if (maxlen > 0 && end) {
+ *end = '\0';
+ if (strlen(beg) > maxlen) {
+ /* too far, need to back up & print the line */
+
+ if (beg == (char *)full_line)
+ maxlen -= 4; /* don't indent first line */
+
+ *end = ' ';
+ if (oldend != beg) {
+ /* rewind & print */
+ end = oldend-1;
+ while (*end == ' ')
+ --end;
+ *(++end) = '\0';
+ (void) fprintf(fp, "%s\n ", beg);
+ *end = ' ';
+ } else {
+ (void) fprintf(fp, "%s\n ", beg);
+ }
+
+ /* reset beg to point to the start of the new substr */
+ beg = end;
+ while (*beg == ' ')
+ ++beg;
+ } else {
+ /* we still have room */
+ *end = ' ';
+ }
+
+ /* remove leading whitespace */
+ while (*end == ' ')
+ ++end;
+ } else {
+ /* final line */
+ (void) fprintf(fp, "%s\n", beg);
+ beg = NULL; /* exit condition */
+ }
+ }
+ efree(full_line);
+ }
+ (void) fflush(fp);
+ (void) lock_file(fileno(fp), SUDO_UNLOCK);
+ (void) fclose(fp);
+ }
+}
+
+/*
+ * Log and mail the denial message, optionally informing the user.
+ */
+void
+log_denial(status, inform_user)
+ int status;
+ int inform_user;
+{
+ char *message;
+ char *logline;
+
+ /* Set error message. */
+ if (ISSET(status, FLAG_NO_USER))
+ message = "user NOT in sudoers";
+ else if (ISSET(status, FLAG_NO_HOST))
+ message = "user NOT authorized on host";
+ else
+ message = "command not allowed";
+
+ logline = new_logline(message, 0);
+
+ if (should_mail(status))
+ send_mail("%s", logline); /* send mail based on status */
+
+ /* Inform the user if they failed to authenticate. */
+ if (inform_user) {
+ if (ISSET(status, FLAG_NO_USER))
+ (void) fprintf(stderr, "%s is not in the sudoers file. %s",
+ user_name, "This incident will be reported.\n");
+ else if (ISSET(status, FLAG_NO_HOST))
+ (void) fprintf(stderr, "%s is not allowed to run sudo on %s. %s",
+ user_name, user_shost, "This incident will be reported.\n");
+ else if (ISSET(status, FLAG_NO_CHECK))
+ (void) fprintf(stderr, "Sorry, user %s may not run sudo on %s.\n",
+ user_name, user_shost);
+ else
+ (void) fprintf(stderr,
+ "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n",
+ user_name, user_cmnd, user_args ? " " : "",
+ user_args ? user_args : "",
+ list_pw ? list_pw->pw_name : runas_pw ?
+ runas_pw->pw_name : user_name, runas_gr ? ":" : "",
+ runas_gr ? runas_gr->gr_name : "", user_host);
+ }
+
+ /*
+ * Log via syslog and/or a file.
+ */
+ if (def_syslog)
+ do_syslog(def_syslog_badpri, logline);
+ if (def_logfile)
+ do_logfile(logline);
+
+ efree(logline);
+}
+
+/*
+ * Log and potentially mail the allowed command.
+ */
+void
+log_allowed(status)
+ int status;
+{
+ char *logline;
+
+ logline = new_logline(NULL, 0);
+
+ if (should_mail(status))
+ send_mail("%s", logline); /* send mail based on status */
+
+ /*
+ * Log via syslog and/or a file.
+ */
+ if (def_syslog)
+ do_syslog(def_syslog_goodpri, logline);
+ if (def_logfile)
+ do_logfile(logline);
+
+ efree(logline);
+}
+
+void
+#ifdef __STDC__
+log_error(int flags, const char *fmt, ...)
+#else
+log_error(flags, fmt, va_alist)
+ int flags;
+ const char *fmt;
+ va_dcl
+#endif
+{
+ int serrno = errno;
+ char *message;
+ char *logline;
+ va_list ap;
+#ifdef __STDC__
+ va_start(ap, fmt);
+#else
+ va_start(ap);
+#endif
+
+ /* Become root if we are not already to avoid user interference */
+ set_perms(PERM_ROOT|PERM_NOEXIT);
+
+ /* Expand printf-style format + args. */
+ evasprintf(&message, fmt, ap);
+ va_end(ap);
+
+ if (ISSET(flags, MSG_ONLY))
+ logline = message;
+ else
+ logline = new_logline(message, ISSET(flags, USE_ERRNO) ? serrno : 0);
+
+ /*
+ * Tell the user.
+ */
+ if (!ISSET(flags, NO_STDERR)) {
+ if (ISSET(flags, USE_ERRNO))
+ warning("%s", message);
+ else
+ warningx("%s", message);
+ }
+ if (logline != message)
+ efree(message);
+
+ /*
+ * Send a copy of the error via mail.
+ */
+ if (!ISSET(flags, NO_MAIL))
+ send_mail("%s", logline);
+
+ /*
+ * Log to syslog and/or a file.
+ */
+ if (def_syslog)
+ do_syslog(def_syslog_badpri, logline);
+ if (def_logfile)
+ do_logfile(logline);
+
+ efree(logline);
+
+ if (!ISSET(flags, NO_EXIT)) {
+ cleanup(0);
+ exit(1);
+ }
+}
+
+#define MAX_MAILFLAGS 63
+
+/*
+ * Send a message to MAILTO user
+ */
+static void
+#ifdef __STDC__
+send_mail(const char *fmt, ...)
+#else
+send_mail(fmt, va_alist)
+ const char *fmt;
+ va_dcl
+#endif
+{
+ FILE *mail;
+ char *p;
+ int fd, pfd[2], status;
+ pid_t pid, rv;
+ sigaction_t sa;
+ va_list ap;
+#ifndef NO_ROOT_MAILER
+ static char *root_envp[] = {
+ "HOME=/",
+ "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
+ "LOGNAME=root",
+ "USERNAME=root",
+ "USER=root",
+ NULL
+ };
+#endif
+
+ /* Just return if mailer is disabled. */
+ if (!def_mailerpath || !def_mailto)
+ return;
+
+ /* Fork and return, child will daemonize. */
+ switch (pid = fork()) {
+ case -1:
+ /* Error. */
+ error(1, "cannot fork");
+ break;
+ case 0:
+ /* Child. */
+ switch (pid = fork()) {
+ case -1:
+ /* Error. */
+ mysyslog(LOG_ERR, "cannot fork: %m");
+ _exit(1);
+ case 0:
+ /* Grandchild continues below. */
+ break;
+ default:
+ /* Parent will wait for us. */
+ _exit(0);
+ }
+ break;
+ default:
+ /* Parent. */
+ do {
+#ifdef HAVE_WAITPID
+ rv = waitpid(pid, &status, 0);
+#else
+ rv = wait(&status);
+#endif
+ } while (rv == -1 && errno == EINTR);
+ return;
+ }
+
+ /* Daemonize - disassociate from session/tty. */
+ if (setsid() == -1)
+ warning("setsid");
+ (void) chdir("/");
+ if ((fd = open(_PATH_DEVNULL, O_RDWR, 0644)) != -1) {
+ (void) dup2(fd, STDIN_FILENO);
+ (void) dup2(fd, STDOUT_FILENO);
+ (void) dup2(fd, STDERR_FILENO);
+ }
+
+ /* Close password, group and other fds so we don't leak. */
+ sudo_endpwent();
+ sudo_endgrent();
+ closefrom(STDERR_FILENO + 1);
+
+ /* Ignore SIGPIPE in case mailer exits prematurely (or is missing). */
+ zero_bytes(&sa, sizeof(sa));
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_INTERRUPT;
+ sa.sa_handler = SIG_IGN;
+ (void) sigaction(SIGPIPE, &sa, NULL);
+
+ if (pipe(pfd) == -1) {
+ mysyslog(LOG_ERR, "cannot open pipe: %m");
+ _exit(1);
+ }
+
+ switch (pid = fork()) {
+ case -1:
+ /* Error. */
+ mysyslog(LOG_ERR, "cannot fork: %m");
+ _exit(1);
+ break;
+ case 0:
+ {
+ char *argv[MAX_MAILFLAGS + 1];
+ char *mpath, *mflags;
+ int i;
+
+ /* Child, set stdin to output side of the pipe */
+ if (pfd[0] != STDIN_FILENO) {
+ if (dup2(pfd[0], STDIN_FILENO) == -1) {
+ mysyslog(LOG_ERR, "cannot dup stdin: %m");
+ _exit(127);
+ }
+ (void) close(pfd[0]);
+ }
+ (void) close(pfd[1]);
+
+ /* Build up an argv based on the mailer path and flags */
+ mflags = estrdup(def_mailerflags);
+ mpath = estrdup(def_mailerpath);
+ if ((argv[0] = strrchr(mpath, ' ')))
+ argv[0]++;
+ else
+ argv[0] = mpath;
+
+ i = 1;
+ if ((p = strtok(mflags, " \t"))) {
+ do {
+ argv[i] = p;
+ } while (++i < MAX_MAILFLAGS && (p = strtok(NULL, " \t")));
+ }
+ argv[i] = NULL;
+
+ /*
+ * Depending on the config, either run the mailer as root
+ * (so user cannot kill it) or as the user (for the paranoid).
+ */
+#ifndef NO_ROOT_MAILER
+ set_perms(PERM_ROOT|PERM_NOEXIT);
+ execve(mpath, argv, root_envp);
+#else
+ set_perms(PERM_FULL_USER|PERM_NOEXIT);
+ execv(mpath, argv);
+#endif /* NO_ROOT_MAILER */
+ mysyslog(LOG_ERR, "cannot execute %s: %m", mpath);
+ _exit(127);
+ }
+ break;
+ }
+
+ (void) close(pfd[0]);
+ mail = fdopen(pfd[1], "w");
+
+ /* Pipes are all setup, send message. */
+ (void) fprintf(mail, "To: %s\nFrom: %s\nAuto-Submitted: %s\nSubject: ",
+ def_mailto, def_mailfrom ? def_mailfrom : user_name, "auto-generated");
+ for (p = def_mailsub; *p; p++) {
+ /* Expand escapes in the subject */
+ if (*p == '%' && *(p+1) != '%') {
+ switch (*(++p)) {
+ case 'h':
+ (void) fputs(user_host, mail);
+ break;
+ case 'u':
+ (void) fputs(user_name, mail);
+ break;
+ default:
+ p--;
+ break;
+ }
+ } else
+ (void) fputc(*p, mail);
+ }
+
+ (void) fprintf(mail, "\n\n%s : %s : %s : ", user_host,
+ get_timestr(time(NULL), def_log_year), user_name);
+#ifdef __STDC__
+ va_start(ap, fmt);
+#else
+ va_start(ap);
+#endif
+ (void) vfprintf(mail, fmt, ap);
+ va_end(ap);
+ fputs("\n\n", mail);
+
+ fclose(mail);
+ do {
+#ifdef HAVE_WAITPID
+ rv = waitpid(pid, &status, 0);
+#else
+ rv = wait(&status);
+#endif
+ } while (rv == -1 && errno == EINTR);
+ _exit(0);
+}
+
+/*
+ * Determine whether we should send mail based on "status" and defaults options.
+ */
+static int
+should_mail(status)
+ int status;
+{
+
+ return(def_mail_always || ISSET(status, VALIDATE_ERROR) ||
+ (def_mail_no_user && ISSET(status, FLAG_NO_USER)) ||
+ (def_mail_no_host && ISSET(status, FLAG_NO_HOST)) ||
+ (def_mail_no_perms && !ISSET(status, VALIDATE_OK)));
+}
+
+#define LL_TTY_STR "TTY="
+#define LL_CWD_STR "PWD=" /* XXX - should be CWD= */
+#define LL_USER_STR "USER="
+#define LL_GROUP_STR "GROUP="
+#define LL_ENV_STR "ENV="
+#define LL_CMND_STR "COMMAND="
+#define LL_TSID_STR "TSID="
+
+/*
+ * Allocate and fill in a new logline.
+ */
+static char *
+new_logline(message, serrno)
+ const char *message;
+ int serrno;
+{
+ size_t len = 0;
+ char *evstr = NULL;
+ char *errstr = NULL;
+ char *line;
+
+ /*
+ * Compute line length
+ */
+ if (message != NULL)
+ len += strlen(message) + 3;
+ if (serrno) {
+ errstr = strerror(serrno);
+ len += strlen(errstr) + 3;
+ }
+ len += sizeof(LL_TTY_STR) + 2 + strlen(user_tty);
+ len += sizeof(LL_CWD_STR) + 2 + strlen(user_cwd);
+ if (runas_pw != NULL)
+ len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name);
+ if (runas_gr != NULL)
+ len += sizeof(LL_GROUP_STR) + 2 + strlen(runas_gr->gr_name);
+ if (sudo_user.sessid[0] != '\0')
+ len += sizeof(LL_TSID_STR) + 2 + strlen(sudo_user.sessid);
+ if (sudo_user.env_vars != NULL) {
+ size_t evlen = 0;
+ struct list_member *cur;
+ for (cur = sudo_user.env_vars; cur != NULL; cur = cur->next)
+ evlen += strlen(cur->value) + 1;
+ evstr = emalloc(evlen);
+ evstr[0] = '\0';
+ for (cur = sudo_user.env_vars; cur != NULL; cur = cur->next) {
+ strlcat(evstr, cur->value, evlen);
+ strlcat(evstr, " ", evlen); /* NOTE: last one will fail */
+ }
+ len += sizeof(LL_ENV_STR) + 2 + evlen;
+ }
+ len += sizeof(LL_CMND_STR) - 1 + strlen(user_cmnd);
+ if (user_args != NULL)
+ len += strlen(user_args) + 1;
+
+ /*
+ * Allocate and build up the line.
+ */
+ line = emalloc(++len);
+ line[0] = '\0';
+
+ if (message != NULL) {
+ if (strlcat(line, message, len) >= len ||
+ strlcat(line, errstr ? " : " : " ; ", len) >= len)
+ goto toobig;
+ }
+ if (serrno) {
+ if (strlcat(line, errstr, len) >= len ||
+ strlcat(line, " ; ", len) >= len)
+ goto toobig;
+ }
+ if (strlcat(line, LL_TTY_STR, len) >= len ||
+ strlcat(line, user_tty, len) >= len ||
+ strlcat(line, " ; ", len) >= len)
+ goto toobig;
+ if (strlcat(line, LL_CWD_STR, len) >= len ||
+ strlcat(line, user_cwd, len) >= len ||
+ strlcat(line, " ; ", len) >= len)
+ goto toobig;
+ if (runas_pw != NULL) {
+ if (strlcat(line, LL_USER_STR, len) >= len ||
+ strlcat(line, runas_pw->pw_name, len) >= len ||
+ strlcat(line, " ; ", len) >= len)
+ goto toobig;
+ }
+ if (runas_gr != NULL) {
+ if (strlcat(line, LL_GROUP_STR, len) >= len ||
+ strlcat(line, runas_gr->gr_name, len) >= len ||
+ strlcat(line, " ; ", len) >= len)
+ goto toobig;
+ }
+ if (sudo_user.sessid[0] != '\0') {
+ if (strlcat(line, LL_TSID_STR, len) >= len ||
+ strlcat(line, sudo_user.sessid, len) >= len ||
+ strlcat(line, " ; ", len) >= len)
+ goto toobig;
+ }
+ if (evstr != NULL) {
+ if (strlcat(line, LL_ENV_STR, len) >= len ||
+ strlcat(line, evstr, len) >= len ||
+ strlcat(line, " ; ", len) >= len)
+ goto toobig;
+ efree(evstr);
+ }
+ if (strlcat(line, LL_CMND_STR, len) >= len ||
+ strlcat(line, user_cmnd, len) >= len)
+ goto toobig;
+ if (user_args != NULL) {
+ if (strlcat(line, " ", len) >= len ||
+ strlcat(line, user_args, len) >= len)
+ goto toobig;
+ }
+
+ return (line);
+toobig:
+ errorx(1, "internal error: insufficient space for log line");
+}
diff --git a/sudo-1.7.4p4/logging.h b/sudo-1.7.4p4/logging.h
new file mode 100644
index 0000000..c95423e
--- /dev/null
+++ b/sudo-1.7.4p4/logging.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1999-2005, 2009
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _LOGGING_H
+#define _LOGGING_H
+
+#include <syslog.h>
+#ifdef __STDC__
+# include <stdarg.h>
+#else
+# include <varargs.h>
+#endif
+
+/* Logging types */
+#define SLOG_SYSLOG 0x01
+#define SLOG_FILE 0x02
+#define SLOG_BOTH 0x03
+
+/* Flags for log_error() */
+#define MSG_ONLY 0x01
+#define USE_ERRNO 0x02
+#define NO_MAIL 0x04
+#define NO_EXIT 0x08
+#define NO_STDERR 0x10
+
+/*
+ * Maximum number of characters to log per entry. The syslogger
+ * will log this much, after that, it truncates the log line.
+ * We need this here to make sure that we continue with another
+ * syslog(3) call if the internal buffer is more than 1023 characters.
+ */
+#ifndef MAXSYSLOGLEN
+# define MAXSYSLOGLEN 960
+#endif
+
+void audit_success __P((char *[]));
+void audit_failure __P((char *[], char const * const, ...));
+void log_allowed __P((int));
+void log_denial __P((int, int));
+void log_error __P((int flags, const char *fmt, ...))
+ __printflike(2, 3);
+RETSIGTYPE reapchild __P((int));
+
+#endif /* _LOGGING_H */
diff --git a/sudo-1.7.4p4/ltmain.sh b/sudo-1.7.4p4/ltmain.sh
new file mode 100644
index 0000000..a72f2fd
--- /dev/null
+++ b/sudo-1.7.4p4/ltmain.sh
@@ -0,0 +1,8406 @@
+# Generated from ltmain.m4sh.
+
+# ltmain.sh (GNU libtool) 2.2.6b
+# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions. There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html,
+# or obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Usage: $progname [OPTION]... [MODE-ARG]...
+#
+# Provide generalized library-building support services.
+#
+# --config show all configuration variables
+# --debug enable verbose shell tracing
+# -n, --dry-run display commands without modifying any files
+# --features display basic configuration information and exit
+# --mode=MODE use operation mode MODE
+# --preserve-dup-deps don't remove duplicate dependency libraries
+# --quiet, --silent don't print informational messages
+# --tag=TAG use configuration variables from tag TAG
+# -v, --verbose print informational messages (default)
+# --version print version information
+# -h, --help print short or long help message
+#
+# MODE must be one of the following:
+#
+# clean remove files from the build directory
+# compile compile a source file into a libtool object
+# execute automatically set library path, then run a program
+# finish complete the installation of libtool libraries
+# install install libraries or executables
+# link create a library or an executable
+# uninstall remove libraries from an installed directory
+#
+# MODE-ARGS vary depending on the MODE.
+# Try `$progname --help --mode=MODE' for a more detailed description of MODE.
+#
+# When reporting a bug, please describe a test case to reproduce it and
+# include the following information:
+#
+# host-triplet: $host
+# shell: $SHELL
+# compiler: $LTCC
+# compiler flags: $LTCFLAGS
+# linker: $LD (gnu? $with_gnu_ld)
+# $progname: (GNU libtool) 2.2.6b
+# automake: $automake_version
+# autoconf: $autoconf_version
+#
+# Report bugs to <bug-libtool@gnu.org>.
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION=2.2.6b
+TIMESTAMP=""
+package_revision=1.3017
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# NLS nuisances: We save the old values to restore during execute mode.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+lt_user_locale=
+lt_safe_locale=
+for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+do
+ eval "if test \"\${$lt_var+set}\" = set; then
+ save_$lt_var=\$$lt_var
+ $lt_var=C
+ export $lt_var
+ lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\"
+ lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\"
+ fi"
+done
+
+$lt_unset CDPATH
+
+
+
+
+
+: ${CP="cp -f"}
+: ${ECHO="echo"}
+: ${EGREP="/bin/grep -E"}
+: ${FGREP="/bin/grep -F"}
+: ${GREP="/bin/grep"}
+: ${LN_S="ln -s"}
+: ${MAKE="make"}
+: ${MKDIR="mkdir"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+: ${SED="/bin/sed"}
+: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
+: ${Xsed="$SED -e 1s/^X//"}
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing.
+EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
+
+exit_status=$EXIT_SUCCESS
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" $lt_nl"
+
+dirname="s,/[^/]*$,,"
+basename="s,^.*/,,"
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+# Generated shell functions inserted here.
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+# In the unlikely event $progname began with a '-', it would play havoc with
+# func_echo (imagine progname=-n), so we prepend ./ in that case:
+func_dirname_and_basename "$progpath"
+progname=$func_basename_result
+case $progname in
+ -*) progname=./$progname ;;
+esac
+
+# Make sure we have an absolute path for reexecution:
+case $progpath in
+ [\\/]*|[A-Za-z]:\\*) ;;
+ *[\\/]*)
+ progdir=$func_dirname_result
+ progdir=`cd "$progdir" && pwd`
+ progpath="$progdir/$progname"
+ ;;
+ *)
+ save_IFS="$IFS"
+ IFS=:
+ for progdir in $PATH; do
+ IFS="$save_IFS"
+ test -x "$progdir/$progname" && break
+ done
+ IFS="$save_IFS"
+ test -n "$progdir" || progdir=`pwd`
+ progpath="$progdir/$progname"
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Re-`\' parameter expansions in output of double_quote_subst that were
+# `\'-ed in input to the same. If an odd number of `\' preceded a '$'
+# in input to double_quote_subst, that '$' was protected from expansion.
+# Since each input `\' is now two `\'s, look for any number of runs of
+# four `\'s followed by two `\'s and then a '$'. `\' that '$'.
+bs='\\'
+bs2='\\\\'
+bs4='\\\\\\\\'
+dollar='\$'
+sed_double_backslash="\
+ s/$bs4/&\\
+/g
+ s/^$bs2$dollar/$bs&/
+ s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g
+ s/\n//g"
+
+# Standard options:
+opt_dry_run=false
+opt_help=false
+opt_quiet=false
+opt_verbose=false
+opt_warning=:
+
+# func_echo arg...
+# Echo program name prefixed message, along with the current mode
+# name if it has been set yet.
+func_echo ()
+{
+ $ECHO "$progname${mode+: }$mode: $*"
+}
+
+# func_verbose arg...
+# Echo program name prefixed message in verbose mode only.
+func_verbose ()
+{
+ $opt_verbose && func_echo ${1+"$@"}
+
+ # A bug in bash halts the script if the last line of a function
+ # fails when set -e is in force, so we need another command to
+ # work around that:
+ :
+}
+
+# func_error arg...
+# Echo program name prefixed message to standard error.
+func_error ()
+{
+ $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2
+}
+
+# func_warning arg...
+# Echo program name prefixed warning message to standard error.
+func_warning ()
+{
+ $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2
+
+ # bash bug again:
+ :
+}
+
+# func_fatal_error arg...
+# Echo program name prefixed message to standard error, and exit.
+func_fatal_error ()
+{
+ func_error ${1+"$@"}
+ exit $EXIT_FAILURE
+}
+
+# func_fatal_help arg...
+# Echo program name prefixed message to standard error, followed by
+# a help hint, and exit.
+func_fatal_help ()
+{
+ func_error ${1+"$@"}
+ func_fatal_error "$help"
+}
+help="Try \`$progname --help' for more information." ## default
+
+
+# func_grep expression filename
+# Check whether EXPRESSION matches any line of FILENAME, without output.
+func_grep ()
+{
+ $GREP "$1" "$2" >/dev/null 2>&1
+}
+
+
+# func_mkdir_p directory-path
+# Make sure the entire path to DIRECTORY-PATH is available.
+func_mkdir_p ()
+{
+ my_directory_path="$1"
+ my_dir_list=
+
+ if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then
+
+ # Protect directory names starting with `-'
+ case $my_directory_path in
+ -*) my_directory_path="./$my_directory_path" ;;
+ esac
+
+ # While some portion of DIR does not yet exist...
+ while test ! -d "$my_directory_path"; do
+ # ...make a list in topmost first order. Use a colon delimited
+ # list incase some portion of path contains whitespace.
+ my_dir_list="$my_directory_path:$my_dir_list"
+
+ # If the last portion added has no slash in it, the list is done
+ case $my_directory_path in */*) ;; *) break ;; esac
+
+ # ...otherwise throw away the child directory and loop
+ my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"`
+ done
+ my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'`
+
+ save_mkdir_p_IFS="$IFS"; IFS=':'
+ for my_dir in $my_dir_list; do
+ IFS="$save_mkdir_p_IFS"
+ # mkdir can fail with a `File exist' error if two processes
+ # try to create one of the directories concurrently. Don't
+ # stop in that case!
+ $MKDIR "$my_dir" 2>/dev/null || :
+ done
+ IFS="$save_mkdir_p_IFS"
+
+ # Bail out if we (or some other process) failed to create a directory.
+ test -d "$my_directory_path" || \
+ func_fatal_error "Failed to create \`$1'"
+ fi
+}
+
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible. If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+ my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+ if test "$opt_dry_run" = ":"; then
+ # Return a directory name, but don't create it in dry-run mode
+ my_tmpdir="${my_template}-$$"
+ else
+
+ # If mktemp works, use that first and foremost
+ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+ if test ! -d "$my_tmpdir"; then
+ # Failing that, at least try and use $RANDOM to avoid a race
+ my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+ save_mktempdir_umask=`umask`
+ umask 0077
+ $MKDIR "$my_tmpdir"
+ umask $save_mktempdir_umask
+ fi
+
+ # If we're not in dry-run mode, bomb out on failure
+ test -d "$my_tmpdir" || \
+ func_fatal_error "cannot create temporary directory \`$my_tmpdir'"
+ fi
+
+ $ECHO "X$my_tmpdir" | $Xsed
+}
+
+
+# func_quote_for_eval arg
+# Aesthetically quote ARG to be evaled later.
+# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT
+# is double-quoted, suitable for a subsequent eval, whereas
+# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters
+# which are still active within double quotes backslashified.
+func_quote_for_eval ()
+{
+ case $1 in
+ *[\\\`\"\$]*)
+ func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;;
+ *)
+ func_quote_for_eval_unquoted_result="$1" ;;
+ esac
+
+ case $func_quote_for_eval_unquoted_result in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting, command substitution and and variable
+ # expansion for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\""
+ ;;
+ *)
+ func_quote_for_eval_result="$func_quote_for_eval_unquoted_result"
+ esac
+}
+
+
+# func_quote_for_expand arg
+# Aesthetically quote ARG to be evaled later; same as above,
+# but do not quote variable references.
+func_quote_for_expand ()
+{
+ case $1 in
+ *[\\\`\"]*)
+ my_arg=`$ECHO "X$1" | $Xsed \
+ -e "$double_quote_subst" -e "$sed_double_backslash"` ;;
+ *)
+ my_arg="$1" ;;
+ esac
+
+ case $my_arg in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting and command substitution for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ my_arg="\"$my_arg\""
+ ;;
+ esac
+
+ func_quote_for_expand_result="$my_arg"
+}
+
+
+# func_show_eval cmd [fail_exp]
+# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.
+func_show_eval ()
+{
+ my_cmd="$1"
+ my_fail_exp="${2-:}"
+
+ ${opt_silent-false} || {
+ func_quote_for_expand "$my_cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+
+ if ${opt_dry_run-false}; then :; else
+ eval "$my_cmd"
+ my_status=$?
+ if test "$my_status" -eq 0; then :; else
+ eval "(exit $my_status); $my_fail_exp"
+ fi
+ fi
+}
+
+
+# func_show_eval_locale cmd [fail_exp]
+# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it. Use the saved locale for evaluation.
+func_show_eval_locale ()
+{
+ my_cmd="$1"
+ my_fail_exp="${2-:}"
+
+ ${opt_silent-false} || {
+ func_quote_for_expand "$my_cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+
+ if ${opt_dry_run-false}; then :; else
+ eval "$lt_user_locale
+ $my_cmd"
+ my_status=$?
+ eval "$lt_safe_locale"
+ if test "$my_status" -eq 0; then :; else
+ eval "(exit $my_status); $my_fail_exp"
+ fi
+ fi
+}
+
+
+
+
+
+# func_version
+# Echo version message to standard output and exit.
+func_version ()
+{
+ $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / {
+ s/^# //
+ s/^# *$//
+ s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/
+ p
+ }' < "$progpath"
+ exit $?
+}
+
+# func_usage
+# Echo short help message to standard output and exit.
+func_usage ()
+{
+ $SED -n '/^# Usage:/,/# -h/ {
+ s/^# //
+ s/^# *$//
+ s/\$progname/'$progname'/
+ p
+ }' < "$progpath"
+ $ECHO
+ $ECHO "run \`$progname --help | more' for full usage"
+ exit $?
+}
+
+# func_help
+# Echo long help message to standard output and exit.
+func_help ()
+{
+ $SED -n '/^# Usage:/,/# Report bugs to/ {
+ s/^# //
+ s/^# *$//
+ s*\$progname*'$progname'*
+ s*\$host*'"$host"'*
+ s*\$SHELL*'"$SHELL"'*
+ s*\$LTCC*'"$LTCC"'*
+ s*\$LTCFLAGS*'"$LTCFLAGS"'*
+ s*\$LD*'"$LD"'*
+ s/\$with_gnu_ld/'"$with_gnu_ld"'/
+ s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
+ s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+ p
+ }' < "$progpath"
+ exit $?
+}
+
+# func_missing_arg argname
+# Echo program name prefixed message to standard error and set global
+# exit_cmd.
+func_missing_arg ()
+{
+ func_error "missing argument for $1"
+ exit_cmd=exit
+}
+
+exit_cmd=:
+
+
+
+
+
+# Check that we have a working $ECHO.
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell, and then maybe $ECHO will work.
+ exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit $EXIT_SUCCESS
+fi
+
+magic="%%%MAGIC variable%%%"
+magic_exe="%%%MAGIC EXE variable%%%"
+
+# Global variables.
+# $mode is unset
+nonopt=
+execute_dlfiles=
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+extracted_archives=
+extracted_serial=0
+
+opt_dry_run=false
+opt_duplicate_deps=false
+opt_silent=false
+opt_debug=:
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end. This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+# func_fatal_configuration arg...
+# Echo program name prefixed message to standard error, followed by
+# a configuration failure hint, and exit.
+func_fatal_configuration ()
+{
+ func_error ${1+"$@"}
+ func_error "See the $PACKAGE documentation for more information."
+ func_fatal_error "Fatal configuration error."
+}
+
+
+# func_config
+# Display the configuration for all the tags in this script.
+func_config ()
+{
+ re_begincf='^# ### BEGIN LIBTOOL'
+ re_endcf='^# ### END LIBTOOL'
+
+ # Default configuration.
+ $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
+
+ # Now print the configurations for the tags.
+ for tagname in $taglist; do
+ $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
+ done
+
+ exit $?
+}
+
+# func_features
+# Display the features supported by this script.
+func_features ()
+{
+ $ECHO "host: $host"
+ if test "$build_libtool_libs" = yes; then
+ $ECHO "enable shared libraries"
+ else
+ $ECHO "disable shared libraries"
+ fi
+ if test "$build_old_libs" = yes; then
+ $ECHO "enable static libraries"
+ else
+ $ECHO "disable static libraries"
+ fi
+
+ exit $?
+}
+
+# func_enable_tag tagname
+# Verify that TAGNAME is valid, and either flag an error and exit, or
+# enable the TAGNAME tag. We also add TAGNAME to the global $taglist
+# variable here.
+func_enable_tag ()
+{
+ # Global variable:
+ tagname="$1"
+
+ re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
+ re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
+ sed_extractcf="/$re_begincf/,/$re_endcf/p"
+
+ # Validate tagname.
+ case $tagname in
+ *[!-_A-Za-z0-9,/]*)
+ func_fatal_error "invalid tag name: $tagname"
+ ;;
+ esac
+
+ # Don't test for the "default" C tag, as we know it's
+ # there but not specially marked.
+ case $tagname in
+ CC) ;;
+ *)
+ if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
+ taglist="$taglist $tagname"
+
+ # Evaluate the configuration. Be careful to quote the path
+ # and the sed script, to avoid splitting on whitespace, but
+ # also don't use non-portable quotes within backquotes within
+ # quotes we have to do it in 2 steps:
+ extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
+ eval "$extractedcf"
+ else
+ func_error "ignoring unknown tag $tagname"
+ fi
+ ;;
+ esac
+}
+
+# Parse options once, thoroughly. This comes as soon as possible in
+# the script to make things like `libtool --version' happen quickly.
+{
+
+ # Shorthand for --mode=foo, only valid as the first argument
+ case $1 in
+ clean|clea|cle|cl)
+ shift; set dummy --mode clean ${1+"$@"}; shift
+ ;;
+ compile|compil|compi|comp|com|co|c)
+ shift; set dummy --mode compile ${1+"$@"}; shift
+ ;;
+ execute|execut|execu|exec|exe|ex|e)
+ shift; set dummy --mode execute ${1+"$@"}; shift
+ ;;
+ finish|finis|fini|fin|fi|f)
+ shift; set dummy --mode finish ${1+"$@"}; shift
+ ;;
+ install|instal|insta|inst|ins|in|i)
+ shift; set dummy --mode install ${1+"$@"}; shift
+ ;;
+ link|lin|li|l)
+ shift; set dummy --mode link ${1+"$@"}; shift
+ ;;
+ uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+ shift; set dummy --mode uninstall ${1+"$@"}; shift
+ ;;
+ esac
+
+ # Parse non-mode specific arguments:
+ while test "$#" -gt 0; do
+ opt="$1"
+ shift
+
+ case $opt in
+ --config) func_config ;;
+
+ --debug) preserve_args="$preserve_args $opt"
+ func_echo "enabling shell trace mode"
+ opt_debug='set -x'
+ $opt_debug
+ ;;
+
+ -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ execute_dlfiles="$execute_dlfiles $1"
+ shift
+ ;;
+
+ --dry-run | -n) opt_dry_run=: ;;
+ --features) func_features ;;
+ --finish) mode="finish" ;;
+
+ --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ case $1 in
+ # Valid mode arguments:
+ clean) ;;
+ compile) ;;
+ execute) ;;
+ finish) ;;
+ install) ;;
+ link) ;;
+ relink) ;;
+ uninstall) ;;
+
+ # Catch anything else as an error
+ *) func_error "invalid argument for $opt"
+ exit_cmd=exit
+ break
+ ;;
+ esac
+
+ mode="$1"
+ shift
+ ;;
+
+ --preserve-dup-deps)
+ opt_duplicate_deps=: ;;
+
+ --quiet|--silent) preserve_args="$preserve_args $opt"
+ opt_silent=:
+ ;;
+
+ --verbose| -v) preserve_args="$preserve_args $opt"
+ opt_silent=false
+ ;;
+
+ --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ preserve_args="$preserve_args $opt $1"
+ func_enable_tag "$1" # tagname is set here
+ shift
+ ;;
+
+ # Separate optargs to long options:
+ -dlopen=*|--mode=*|--tag=*)
+ func_opt_split "$opt"
+ set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"}
+ shift
+ ;;
+
+ -\?|-h) func_usage ;;
+ --help) opt_help=: ;;
+ --version) func_version ;;
+
+ -*) func_fatal_help "unrecognized option \`$opt'" ;;
+
+ *) nonopt="$opt"
+ break
+ ;;
+ esac
+ done
+
+
+ case $host in
+ *cygwin* | *mingw* | *pw32* | *cegcc*)
+ # don't eliminate duplications in $postdeps and $predeps
+ opt_duplicate_compiler_generated_deps=:
+ ;;
+ *)
+ opt_duplicate_compiler_generated_deps=$opt_duplicate_deps
+ ;;
+ esac
+
+ # Having warned about all mis-specified options, bail out if
+ # anything was wrong.
+ $exit_cmd $EXIT_FAILURE
+}
+
+# func_check_version_match
+# Ensure that we are using m4 macros, and libtool script from the same
+# release of libtool.
+func_check_version_match ()
+{
+ if test "$package_revision" != "$macro_revision"; then
+ if test "$VERSION" != "$macro_version"; then
+ if test -z "$macro_version"; then
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from an older release.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+ else
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+ fi
+ else
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision,
+$progname: but the definition of this LT_INIT comes from revision $macro_revision.
+$progname: You should recreate aclocal.m4 with macros from revision $package_revision
+$progname: of $PACKAGE $VERSION and run autoconf again.
+_LT_EOF
+ fi
+
+ exit $EXIT_MISMATCH
+ fi
+}
+
+
+## ----------- ##
+## Main. ##
+## ----------- ##
+
+$opt_help || {
+ # Sanity checks first:
+ func_check_version_match
+
+ if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+ func_fatal_configuration "not configured to build any kind of library"
+ fi
+
+ test -z "$mode" && func_fatal_error "error: you must specify a MODE."
+
+
+ # Darwin sucks
+ eval std_shrext=\"$shrext_cmds\"
+
+
+ # Only execute mode is allowed to have -dlopen flags.
+ if test -n "$execute_dlfiles" && test "$mode" != execute; then
+ func_error "unrecognized option \`-dlopen'"
+ $ECHO "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Change the help message to a mode-specific one.
+ generic_help="$help"
+ help="Try \`$progname --help --mode=$mode' for more information."
+}
+
+
+# func_lalib_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_lalib_p ()
+{
+ test -f "$1" &&
+ $SED -e 4q "$1" 2>/dev/null \
+ | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+}
+
+# func_lalib_unsafe_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function implements the same check as func_lalib_p without
+# resorting to external programs. To this end, it redirects stdin and
+# closes it afterwards, without saving the original file descriptor.
+# As a safety measure, use it only where a negative result would be
+# fatal anyway. Works if `file' does not exist.
+func_lalib_unsafe_p ()
+{
+ lalib_p=no
+ if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
+ for lalib_p_l in 1 2 3 4
+ do
+ read lalib_p_line
+ case "$lalib_p_line" in
+ \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
+ esac
+ done
+ exec 0<&5 5<&-
+ fi
+ test "$lalib_p" = yes
+}
+
+# func_ltwrapper_script_p file
+# True iff FILE is a libtool wrapper script
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_script_p ()
+{
+ func_lalib_p "$1"
+}
+
+# func_ltwrapper_executable_p file
+# True iff FILE is a libtool wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_executable_p ()
+{
+ func_ltwrapper_exec_suffix=
+ case $1 in
+ *.exe) ;;
+ *) func_ltwrapper_exec_suffix=.exe ;;
+ esac
+ $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
+}
+
+# func_ltwrapper_scriptname file
+# Assumes file is an ltwrapper_executable
+# uses $file to determine the appropriate filename for a
+# temporary ltwrapper_script.
+func_ltwrapper_scriptname ()
+{
+ func_ltwrapper_scriptname_result=""
+ if func_ltwrapper_executable_p "$1"; then
+ func_dirname_and_basename "$1" "" "."
+ func_stripname '' '.exe' "$func_basename_result"
+ func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
+ fi
+}
+
+# func_ltwrapper_p file
+# True iff FILE is a libtool wrapper script or wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_p ()
+{
+ func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
+}
+
+
+# func_execute_cmds commands fail_cmd
+# Execute tilde-delimited COMMANDS.
+# If FAIL_CMD is given, eval that upon failure.
+# FAIL_CMD may read-access the current command in variable CMD!
+func_execute_cmds ()
+{
+ $opt_debug
+ save_ifs=$IFS; IFS='~'
+ for cmd in $1; do
+ IFS=$save_ifs
+ eval cmd=\"$cmd\"
+ func_show_eval "$cmd" "${2-:}"
+ done
+ IFS=$save_ifs
+}
+
+
+# func_source file
+# Source FILE, adding directory component if necessary.
+# Note that it is not necessary on cygwin/mingw to append a dot to
+# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
+# behavior happens only for exec(3), not for open(2)! Also, sourcing
+# `FILE.' does not work on cygwin managed mounts.
+func_source ()
+{
+ $opt_debug
+ case $1 in
+ */* | *\\*) . "$1" ;;
+ *) . "./$1" ;;
+ esac
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+ $opt_debug
+ if test -n "$available_tags" && test -z "$tagname"; then
+ CC_quoted=
+ for arg in $CC; do
+ func_quote_for_eval "$arg"
+ CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ done
+ case $@ in
+ # Blanks in the command may have been stripped by the calling shell,
+ # but not from the CC environment variable when configure was run.
+ " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;;
+ # Blanks at the start of $base_compile will cause this to fail
+ # if we don't check for them as well.
+ *)
+ for z in $available_tags; do
+ if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+ CC_quoted=
+ for arg in $CC; do
+ # Double-quote args containing other shell metacharacters.
+ func_quote_for_eval "$arg"
+ CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ done
+ case "$@ " in
+ " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*)
+ # The compiler in the base compile command matches
+ # the one in the tagged configuration.
+ # Assume this is the tagged configuration we want.
+ tagname=$z
+ break
+ ;;
+ esac
+ fi
+ done
+ # If $tagname still isn't set, then no tagged configuration
+ # was found and let the user know that the "--tag" command
+ # line option must be used.
+ if test -z "$tagname"; then
+ func_echo "unable to infer tagged configuration"
+ func_fatal_error "specify a tag with \`--tag'"
+# else
+# func_verbose "using $tagname tagged configuration"
+ fi
+ ;;
+ esac
+ fi
+}
+
+
+
+# func_write_libtool_object output_name pic_name nonpic_name
+# Create a libtool object file (analogous to a ".la" file),
+# but don't create it if we're doing a dry run.
+func_write_libtool_object ()
+{
+ write_libobj=${1}
+ if test "$build_libtool_libs" = yes; then
+ write_lobj=\'${2}\'
+ else
+ write_lobj=none
+ fi
+
+ if test "$build_old_libs" = yes; then
+ write_oldobj=\'${3}\'
+ else
+ write_oldobj=none
+ fi
+
+ $opt_dry_run || {
+ cat >${write_libobj}T <<EOF
+# $write_libobj - a libtool object file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object=$write_lobj
+
+# Name of the non-PIC object
+non_pic_object=$write_oldobj
+
+EOF
+ $MV "${write_libobj}T" "${write_libobj}"
+ }
+}
+
+# func_mode_compile arg...
+func_mode_compile ()
+{
+ $opt_debug
+ # Get the compilation command and the source file.
+ base_compile=
+ srcfile="$nonopt" # always keep a non-empty value in "srcfile"
+ suppress_opt=yes
+ suppress_output=
+ arg_mode=normal
+ libobj=
+ later=
+ pie_flag=
+
+ for arg
+ do
+ case $arg_mode in
+ arg )
+ # do not "continue". Instead, add this to base_compile
+ lastarg="$arg"
+ arg_mode=normal
+ ;;
+
+ target )
+ libobj="$arg"
+ arg_mode=normal
+ continue
+ ;;
+
+ normal )
+ # Accept any command-line options.
+ case $arg in
+ -o)
+ test -n "$libobj" && \
+ func_fatal_error "you cannot specify \`-o' more than once"
+ arg_mode=target
+ continue
+ ;;
+
+ -pie | -fpie | -fPIE)
+ pie_flag="$pie_flag $arg"
+ continue
+ ;;
+
+ -shared | -static | -prefer-pic | -prefer-non-pic)
+ later="$later $arg"
+ continue
+ ;;
+
+ -no-suppress)
+ suppress_opt=no
+ continue
+ ;;
+
+ -Xcompiler)
+ arg_mode=arg # the next one goes into the "base_compile" arg list
+ continue # The current "srcfile" will either be retained or
+ ;; # replaced later. I would guess that would be a bug.
+
+ -Wc,*)
+ func_stripname '-Wc,' '' "$arg"
+ args=$func_stripname_result
+ lastarg=
+ save_ifs="$IFS"; IFS=','
+ for arg in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$arg"
+ lastarg="$lastarg $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$lastarg"
+ lastarg=$func_stripname_result
+
+ # Add the arguments to base_compile.
+ base_compile="$base_compile $lastarg"
+ continue
+ ;;
+
+ *)
+ # Accept the current argument as the source file.
+ # The previous "srcfile" becomes the current argument.
+ #
+ lastarg="$srcfile"
+ srcfile="$arg"
+ ;;
+ esac # case $arg
+ ;;
+ esac # case $arg_mode
+
+ # Aesthetically quote the previous argument.
+ func_quote_for_eval "$lastarg"
+ base_compile="$base_compile $func_quote_for_eval_result"
+ done # for arg
+
+ case $arg_mode in
+ arg)
+ func_fatal_error "you must specify an argument for -Xcompile"
+ ;;
+ target)
+ func_fatal_error "you must specify a target with \`-o'"
+ ;;
+ *)
+ # Get the name of the library object.
+ test -z "$libobj" && {
+ func_basename "$srcfile"
+ libobj="$func_basename_result"
+ }
+ ;;
+ esac
+
+ # Recognize several different file suffixes.
+ # If the user specifies -o file.o, it is replaced with file.lo
+ case $libobj in
+ *.[cCFSifmso] | \
+ *.ada | *.adb | *.ads | *.asm | \
+ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
+ *.[fF][09]? | *.for | *.java | *.obj | *.sx)
+ func_xform "$libobj"
+ libobj=$func_xform_result
+ ;;
+ esac
+
+ case $libobj in
+ *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
+ *)
+ func_fatal_error "cannot determine name of library object from \`$libobj'"
+ ;;
+ esac
+
+ func_infer_tag $base_compile
+
+ for arg in $later; do
+ case $arg in
+ -shared)
+ test "$build_libtool_libs" != yes && \
+ func_fatal_configuration "can not build a shared library"
+ build_old_libs=no
+ continue
+ ;;
+
+ -static)
+ build_libtool_libs=no
+ build_old_libs=yes
+ continue
+ ;;
+
+ -prefer-pic)
+ pic_mode=yes
+ continue
+ ;;
+
+ -prefer-non-pic)
+ pic_mode=no
+ continue
+ ;;
+ esac
+ done
+
+ func_quote_for_eval "$libobj"
+ test "X$libobj" != "X$func_quote_for_eval_result" \
+ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \
+ && func_warning "libobj name \`$libobj' may not contain shell special characters."
+ func_dirname_and_basename "$obj" "/" ""
+ objname="$func_basename_result"
+ xdir="$func_dirname_result"
+ lobj=${xdir}$objdir/$objname
+
+ test -z "$base_compile" && \
+ func_fatal_help "you must specify a compilation command"
+
+ # Delete any leftover library objects.
+ if test "$build_old_libs" = yes; then
+ removelist="$obj $lobj $libobj ${libobj}T"
+ else
+ removelist="$lobj $libobj ${libobj}T"
+ fi
+
+ # On Cygwin there's no "real" PIC flag so we must build both object types
+ case $host_os in
+ cygwin* | mingw* | pw32* | os2* | cegcc*)
+ pic_mode=default
+ ;;
+ esac
+ if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+ # non-PIC code in shared libraries is not supported
+ pic_mode=default
+ fi
+
+ # Calculate the filename of the output object if compiler does
+ # not support -o with -c
+ if test "$compiler_c_o" = no; then
+ output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+ lockfile="$output_obj.lock"
+ else
+ output_obj=
+ need_locks=no
+ lockfile=
+ fi
+
+ # Lock this critical section if it is needed
+ # We use this script file to make the link, it avoids creating a new file
+ if test "$need_locks" = yes; then
+ until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+ func_echo "Waiting for $lockfile to be removed"
+ sleep 2
+ done
+ elif test "$need_locks" = warn; then
+ if test -f "$lockfile"; then
+ $ECHO "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+ removelist="$removelist $output_obj"
+ $ECHO "$srcfile" > "$lockfile"
+ fi
+
+ $opt_dry_run || $RM $removelist
+ removelist="$removelist $lockfile"
+ trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
+
+ if test -n "$fix_srcfile_path"; then
+ eval srcfile=\"$fix_srcfile_path\"
+ fi
+ func_quote_for_eval "$srcfile"
+ qsrcfile=$func_quote_for_eval_result
+
+ # Only build a PIC object if we are building libtool libraries.
+ if test "$build_libtool_libs" = yes; then
+ # Without this assignment, base_compile gets emptied.
+ fbsd_hideous_sh_bug=$base_compile
+
+ if test "$pic_mode" != no; then
+ command="$base_compile $qsrcfile $pic_flag"
+ else
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ fi
+
+ func_mkdir_p "$xdir$objdir"
+
+ if test -z "$output_obj"; then
+ # Place PIC objects in $objdir
+ command="$command -o $lobj"
+ fi
+
+ func_show_eval_locale "$command" \
+ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed, then go on to compile the next one
+ if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+ func_show_eval '$MV "$output_obj" "$lobj"' \
+ 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+ fi
+
+ # Allow error messages only from the first compilation.
+ if test "$suppress_opt" = yes; then
+ suppress_output=' >/dev/null 2>&1'
+ fi
+ fi
+
+ # Only build a position-dependent object if we build old libraries.
+ if test "$build_old_libs" = yes; then
+ if test "$pic_mode" != yes; then
+ # Don't build PIC code
+ command="$base_compile $qsrcfile$pie_flag"
+ else
+ command="$base_compile $qsrcfile $pic_flag"
+ fi
+ if test "$compiler_c_o" = yes; then
+ command="$command -o $obj"
+ fi
+
+ # Suppress compiler output if we already did a PIC compilation.
+ command="$command$suppress_output"
+ func_show_eval_locale "$command" \
+ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed
+ if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+ func_show_eval '$MV "$output_obj" "$obj"' \
+ 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+ fi
+ fi
+
+ $opt_dry_run || {
+ func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
+
+ # Unlock the critical section if it was locked
+ if test "$need_locks" != no; then
+ removelist=$lockfile
+ $RM "$lockfile"
+ fi
+ }
+
+ exit $EXIT_SUCCESS
+}
+
+$opt_help || {
+test "$mode" = compile && func_mode_compile ${1+"$@"}
+}
+
+func_mode_help ()
+{
+ # We need to display help for each of the modes.
+ case $mode in
+ "")
+ # Generic help is extracted from the usage comments
+ # at the start of this file.
+ func_help
+ ;;
+
+ clean)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+ compile)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+ -o OUTPUT-FILE set the output file name to OUTPUT-FILE
+ -no-suppress do not suppress compiler output for multiple passes
+ -prefer-pic try to building PIC objects only
+ -prefer-non-pic try to building non-PIC objects only
+ -shared do not build a \`.o' file suitable for static linking
+ -static only build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+ ;;
+
+ execute)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+ -dlopen FILE add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+ ;;
+
+ finish)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges. Use
+the \`--dry-run' option if you just want to see what would be executed."
+ ;;
+
+ install)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command. The first component should be
+either the \`install' or \`cp' program.
+
+The following components of INSTALL-COMMAND are treated specially:
+
+ -inst-prefix PREFIX-DIR Use PREFIX-DIR as a staging area for installation
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+ ;;
+
+ link)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+ -all-static do not do any dynamic linking at all
+ -avoid-version do not add a version suffix if possible
+ -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime
+ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
+ -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+ -export-symbols SYMFILE
+ try to export only the symbols listed in SYMFILE
+ -export-symbols-regex REGEX
+ try to export only the symbols matching REGEX
+ -LLIBDIR search LIBDIR for required installed libraries
+ -lNAME OUTPUT-FILE requires the installed library libNAME
+ -module build a library that can dlopened
+ -no-fast-install disable the fast-install mode
+ -no-install link a not-installable executable
+ -no-undefined declare that a library does not refer to external symbols
+ -o OUTPUT-FILE create OUTPUT-FILE from the specified objects
+ -objectlist FILE Use a list of object files found in FILE to specify objects
+ -precious-files-regex REGEX
+ don't remove output files matching REGEX
+ -release RELEASE specify package release information
+ -rpath LIBDIR the created library will eventually be installed in LIBDIR
+ -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries
+ -shared only do dynamic linking of libtool libraries
+ -shrext SUFFIX override the standard shared library file extension
+ -static do not do any dynamic linking of uninstalled libtool libraries
+ -static-libtool-libs
+ do not do any dynamic linking of libtool libraries
+ -version-info CURRENT[:REVISION[:AGE]]
+ specify library version info [each variable defaults to 0]
+ -weak LIBNAME declare that the target provides the LIBNAME interface
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename. Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+ ;;
+
+ uninstall)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+ *)
+ func_fatal_help "invalid operation mode \`$mode'"
+ ;;
+ esac
+
+ $ECHO
+ $ECHO "Try \`$progname --help' for more information about other modes."
+
+ exit $?
+}
+
+ # Now that we've collected a possible --mode arg, show help if necessary
+ $opt_help && func_mode_help
+
+
+# func_mode_execute arg...
+func_mode_execute ()
+{
+ $opt_debug
+ # The first argument is the command name.
+ cmd="$nonopt"
+ test -z "$cmd" && \
+ func_fatal_help "you must specify a COMMAND"
+
+ # Handle -dlopen flags immediately.
+ for file in $execute_dlfiles; do
+ test -f "$file" \
+ || func_fatal_help "\`$file' is not a file"
+
+ dir=
+ case $file in
+ *.la)
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$file" \
+ || func_fatal_help "\`$lib' is not a valid libtool archive"
+
+ # Read the libtool library.
+ dlname=
+ library_names=
+ func_source "$file"
+
+ # Skip this library if it cannot be dlopened.
+ if test -z "$dlname"; then
+ # Warn if it was a shared library.
+ test -n "$library_names" && \
+ func_warning "\`$file' was not linked with \`-export-dynamic'"
+ continue
+ fi
+
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+
+ if test -f "$dir/$objdir/$dlname"; then
+ dir="$dir/$objdir"
+ else
+ if test ! -f "$dir/$dlname"; then
+ func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'"
+ fi
+ fi
+ ;;
+
+ *.lo)
+ # Just add the directory containing the .lo file.
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+ ;;
+
+ *)
+ func_warning "\`-dlopen' is ignored for non-libtool libraries and objects"
+ continue
+ ;;
+ esac
+
+ # Get the absolute pathname.
+ absdir=`cd "$dir" && pwd`
+ test -n "$absdir" && dir="$absdir"
+
+ # Now add the directory to shlibpath_var.
+ if eval "test -z \"\$$shlibpath_var\""; then
+ eval "$shlibpath_var=\"\$dir\""
+ else
+ eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+ fi
+ done
+
+ # This variable tells wrapper scripts just to set shlibpath_var
+ # rather than running their programs.
+ libtool_execute_magic="$magic"
+
+ # Check if any of the arguments is a wrapper script.
+ args=
+ for file
+ do
+ case $file in
+ -*) ;;
+ *)
+ # Do a test to see if this is really a libtool program.
+ if func_ltwrapper_script_p "$file"; then
+ func_source "$file"
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ elif func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ func_source "$func_ltwrapper_scriptname_result"
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ fi
+ ;;
+ esac
+ # Quote arguments (to preserve shell metacharacters).
+ func_quote_for_eval "$file"
+ args="$args $func_quote_for_eval_result"
+ done
+
+ if test "X$opt_dry_run" = Xfalse; then
+ if test -n "$shlibpath_var"; then
+ # Export the shlibpath_var.
+ eval "export $shlibpath_var"
+ fi
+
+ # Restore saved environment variables
+ for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+ do
+ eval "if test \"\${save_$lt_var+set}\" = set; then
+ $lt_var=\$save_$lt_var; export $lt_var
+ else
+ $lt_unset $lt_var
+ fi"
+ done
+
+ # Now prepare to actually exec the command.
+ exec_cmd="\$cmd$args"
+ else
+ # Display what would be done.
+ if test -n "$shlibpath_var"; then
+ eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
+ $ECHO "export $shlibpath_var"
+ fi
+ $ECHO "$cmd$args"
+ exit $EXIT_SUCCESS
+ fi
+}
+
+test "$mode" = execute && func_mode_execute ${1+"$@"}
+
+
+# func_mode_finish arg...
+func_mode_finish ()
+{
+ $opt_debug
+ libdirs="$nonopt"
+ admincmds=
+
+ if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+ for dir
+ do
+ libdirs="$libdirs $dir"
+ done
+
+ for libdir in $libdirs; do
+ if test -n "$finish_cmds"; then
+ # Do each command in the finish commands.
+ func_execute_cmds "$finish_cmds" 'admincmds="$admincmds
+'"$cmd"'"'
+ fi
+ if test -n "$finish_eval"; then
+ # Do the single finish_eval.
+ eval cmds=\"$finish_eval\"
+ $opt_dry_run || eval "$cmds" || admincmds="$admincmds
+ $cmds"
+ fi
+ done
+ fi
+
+ # Exit here if they wanted silent mode.
+ $opt_silent && exit $EXIT_SUCCESS
+
+ $ECHO "X----------------------------------------------------------------------" | $Xsed
+ $ECHO "Libraries have been installed in:"
+ for libdir in $libdirs; do
+ $ECHO " $libdir"
+ done
+ $ECHO
+ $ECHO "If you ever happen to want to link against installed libraries"
+ $ECHO "in a given directory, LIBDIR, you must either use libtool, and"
+ $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'"
+ $ECHO "flag during linking and do at least one of the following:"
+ if test -n "$shlibpath_var"; then
+ $ECHO " - add LIBDIR to the \`$shlibpath_var' environment variable"
+ $ECHO " during execution"
+ fi
+ if test -n "$runpath_var"; then
+ $ECHO " - add LIBDIR to the \`$runpath_var' environment variable"
+ $ECHO " during linking"
+ fi
+ if test -n "$hardcode_libdir_flag_spec"; then
+ libdir=LIBDIR
+ eval flag=\"$hardcode_libdir_flag_spec\"
+
+ $ECHO " - use the \`$flag' linker flag"
+ fi
+ if test -n "$admincmds"; then
+ $ECHO " - have your system administrator run these commands:$admincmds"
+ fi
+ if test -f /etc/ld.so.conf; then
+ $ECHO " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+ fi
+ $ECHO
+
+ $ECHO "See any operating system documentation about shared libraries for"
+ case $host in
+ solaris2.[6789]|solaris2.1[0-9])
+ $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual"
+ $ECHO "pages."
+ ;;
+ *)
+ $ECHO "more information, such as the ld(1) and ld.so(8) manual pages."
+ ;;
+ esac
+ $ECHO "X----------------------------------------------------------------------" | $Xsed
+ exit $EXIT_SUCCESS
+}
+
+test "$mode" = finish && func_mode_finish ${1+"$@"}
+
+
+# func_mode_install arg...
+func_mode_install ()
+{
+ $opt_debug
+ # There may be an optional sh(1) argument at the beginning of
+ # install_prog (especially on Windows NT).
+ if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+ # Allow the use of GNU shtool's install command.
+ $ECHO "X$nonopt" | $GREP shtool >/dev/null; then
+ # Aesthetically quote it.
+ func_quote_for_eval "$nonopt"
+ install_prog="$func_quote_for_eval_result "
+ arg=$1
+ shift
+ else
+ install_prog=
+ arg=$nonopt
+ fi
+
+ # The real first argument should be the name of the installation program.
+ # Aesthetically quote it.
+ func_quote_for_eval "$arg"
+ install_prog="$install_prog$func_quote_for_eval_result"
+
+ # We need to accept at least all the BSD install flags.
+ dest=
+ files=
+ opts=
+ prev=
+ install_type=
+ isdir=no
+ stripme=
+ for arg
+ do
+ if test -n "$dest"; then
+ files="$files $dest"
+ dest=$arg
+ continue
+ fi
+
+ case $arg in
+ -d) isdir=yes ;;
+ -f)
+ case " $install_prog " in
+ *[\\\ /]cp\ *) ;;
+ *) prev=$arg ;;
+ esac
+ ;;
+ -g | -m | -o)
+ prev=$arg
+ ;;
+ -s)
+ stripme=" -s"
+ continue
+ ;;
+ -*)
+ ;;
+ *)
+ # If the previous option needed an argument, then skip it.
+ if test -n "$prev"; then
+ prev=
+ else
+ dest=$arg
+ continue
+ fi
+ ;;
+ esac
+
+ # Aesthetically quote the argument.
+ func_quote_for_eval "$arg"
+ install_prog="$install_prog $func_quote_for_eval_result"
+ done
+
+ test -z "$install_prog" && \
+ func_fatal_help "you must specify an install program"
+
+ test -n "$prev" && \
+ func_fatal_help "the \`$prev' option requires an argument"
+
+ if test -z "$files"; then
+ if test -z "$dest"; then
+ func_fatal_help "no file or destination specified"
+ else
+ func_fatal_help "you must specify a destination"
+ fi
+ fi
+
+ # Strip any trailing slash from the destination.
+ func_stripname '' '/' "$dest"
+ dest=$func_stripname_result
+
+ # Check to see that the destination is a directory.
+ test -d "$dest" && isdir=yes
+ if test "$isdir" = yes; then
+ destdir="$dest"
+ destname=
+ else
+ func_dirname_and_basename "$dest" "" "."
+ destdir="$func_dirname_result"
+ destname="$func_basename_result"
+
+ # Not a directory, so check to see that there is only one file specified.
+ set dummy $files; shift
+ test "$#" -gt 1 && \
+ func_fatal_help "\`$dest' is not a directory"
+ fi
+ case $destdir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ for file in $files; do
+ case $file in
+ *.lo) ;;
+ *)
+ func_fatal_help "\`$destdir' must be an absolute directory name"
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ staticlibs=
+ future_libdirs=
+ current_libdirs=
+ for file in $files; do
+
+ # Do each installation.
+ case $file in
+ *.$libext)
+ # Do the static libraries later.
+ staticlibs="$staticlibs $file"
+ ;;
+
+ *.la)
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$file" \
+ || func_fatal_help "\`$file' is not a valid libtool archive"
+
+ library_names=
+ old_library=
+ relink_command=
+ func_source "$file"
+
+ # Add the libdir to current_libdirs if it is the destination.
+ if test "X$destdir" = "X$libdir"; then
+ case "$current_libdirs " in
+ *" $libdir "*) ;;
+ *) current_libdirs="$current_libdirs $libdir" ;;
+ esac
+ else
+ # Note the libdir as a future libdir.
+ case "$future_libdirs " in
+ *" $libdir "*) ;;
+ *) future_libdirs="$future_libdirs $libdir" ;;
+ esac
+ fi
+
+ func_dirname "$file" "/" ""
+ dir="$func_dirname_result"
+ dir="$dir$objdir"
+
+ if test -n "$relink_command"; then
+ # Determine the prefix the user has applied to our future dir.
+ inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"`
+
+ # Don't allow the user to place us outside of our expected
+ # location b/c this prevents finding dependent libraries that
+ # are installed to the same prefix.
+ # At present, this check doesn't affect windows .dll's that
+ # are installed into $libdir/../bin (currently, that works fine)
+ # but it's something to keep an eye on.
+ test "$inst_prefix_dir" = "$destdir" && \
+ func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir"
+
+ if test -n "$inst_prefix_dir"; then
+ # Stick the inst_prefix_dir data into the link command.
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+ else
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"`
+ fi
+
+ func_warning "relinking \`$file'"
+ func_show_eval "$relink_command" \
+ 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"'
+ fi
+
+ # See the names of the shared library.
+ set dummy $library_names; shift
+ if test -n "$1"; then
+ realname="$1"
+ shift
+
+ srcname="$realname"
+ test -n "$relink_command" && srcname="$realname"T
+
+ # Install the shared library and build the symlinks.
+ func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \
+ 'exit $?'
+ tstripme="$stripme"
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ case $realname in
+ *.dll.a)
+ tstripme=""
+ ;;
+ esac
+ ;;
+ esac
+ if test -n "$tstripme" && test -n "$striplib"; then
+ func_show_eval "$striplib $destdir/$realname" 'exit $?'
+ fi
+
+ if test "$#" -gt 0; then
+ # Delete the old symlinks, and create new ones.
+ # Try `ln -sf' first, because the `ln' binary might depend on
+ # the symlink we replace! Solaris /bin/ln does not understand -f,
+ # so we also need to try rm && ln -s.
+ for linkname
+ do
+ test "$linkname" != "$realname" \
+ && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })"
+ done
+ fi
+
+ # Do each command in the postinstall commands.
+ lib="$destdir/$realname"
+ func_execute_cmds "$postinstall_cmds" 'exit $?'
+ fi
+
+ # Install the pseudo-library for information purposes.
+ func_basename "$file"
+ name="$func_basename_result"
+ instname="$dir/$name"i
+ func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
+
+ # Maybe install the static library, too.
+ test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+ ;;
+
+ *.lo)
+ # Install (i.e. copy) a libtool object.
+
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ func_basename "$file"
+ destfile="$func_basename_result"
+ destfile="$destdir/$destfile"
+ fi
+
+ # Deduce the name of the destination old-style object file.
+ case $destfile in
+ *.lo)
+ func_lo2o "$destfile"
+ staticdest=$func_lo2o_result
+ ;;
+ *.$objext)
+ staticdest="$destfile"
+ destfile=
+ ;;
+ *)
+ func_fatal_help "cannot copy a libtool object to \`$destfile'"
+ ;;
+ esac
+
+ # Install the libtool object if requested.
+ test -n "$destfile" && \
+ func_show_eval "$install_prog $file $destfile" 'exit $?'
+
+ # Install the old object if enabled.
+ if test "$build_old_libs" = yes; then
+ # Deduce the name of the old-style object file.
+ func_lo2o "$file"
+ staticobj=$func_lo2o_result
+ func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?'
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+
+ *)
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ func_basename "$file"
+ destfile="$func_basename_result"
+ destfile="$destdir/$destfile"
+ fi
+
+ # If the file is missing, and there is a .exe on the end, strip it
+ # because it is most likely a libtool script we actually want to
+ # install
+ stripped_ext=""
+ case $file in
+ *.exe)
+ if test ! -f "$file"; then
+ func_stripname '' '.exe' "$file"
+ file=$func_stripname_result
+ stripped_ext=".exe"
+ fi
+ ;;
+ esac
+
+ # Do a test to see if this is really a libtool program.
+ case $host in
+ *cygwin* | *mingw*)
+ if func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ wrapper=$func_ltwrapper_scriptname_result
+ else
+ func_stripname '' '.exe' "$file"
+ wrapper=$func_stripname_result
+ fi
+ ;;
+ *)
+ wrapper=$file
+ ;;
+ esac
+ if func_ltwrapper_script_p "$wrapper"; then
+ notinst_deplibs=
+ relink_command=
+
+ func_source "$wrapper"
+
+ # Check the variables that should have been set.
+ test -z "$generated_by_libtool_version" && \
+ func_fatal_error "invalid libtool wrapper script \`$wrapper'"
+
+ finalize=yes
+ for lib in $notinst_deplibs; do
+ # Check to see that each library is installed.
+ libdir=
+ if test -f "$lib"; then
+ func_source "$lib"
+ fi
+ libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+ if test -n "$libdir" && test ! -f "$libfile"; then
+ func_warning "\`$lib' has not been installed in \`$libdir'"
+ finalize=no
+ fi
+ done
+
+ relink_command=
+ func_source "$wrapper"
+
+ outputname=
+ if test "$fast_install" = no && test -n "$relink_command"; then
+ $opt_dry_run || {
+ if test "$finalize" = yes; then
+ tmpdir=`func_mktempdir`
+ func_basename "$file$stripped_ext"
+ file="$func_basename_result"
+ outputname="$tmpdir/$file"
+ # Replace the output file specification.
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+ $opt_silent || {
+ func_quote_for_expand "$relink_command"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ if eval "$relink_command"; then :
+ else
+ func_error "error: relink \`$file' with the above command before installing it"
+ $opt_dry_run || ${RM}r "$tmpdir"
+ continue
+ fi
+ file="$outputname"
+ else
+ func_warning "cannot relink \`$file'"
+ fi
+ }
+ else
+ # Install the binary that we compiled earlier.
+ file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+ fi
+ fi
+
+ # remove .exe since cygwin /usr/bin/install will append another
+ # one anyway
+ case $install_prog,$host in
+ */usr/bin/install*,*cygwin*)
+ case $file:$destfile in
+ *.exe:*.exe)
+ # this is ok
+ ;;
+ *.exe:*)
+ destfile=$destfile.exe
+ ;;
+ *:*.exe)
+ func_stripname '' '.exe' "$destfile"
+ destfile=$func_stripname_result
+ ;;
+ esac
+ ;;
+ esac
+ func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?'
+ $opt_dry_run || if test -n "$outputname"; then
+ ${RM}r "$tmpdir"
+ fi
+ ;;
+ esac
+ done
+
+ for file in $staticlibs; do
+ func_basename "$file"
+ name="$func_basename_result"
+
+ # Set up the ranlib parameters.
+ oldlib="$destdir/$name"
+
+ func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
+
+ if test -n "$stripme" && test -n "$old_striplib"; then
+ func_show_eval "$old_striplib $oldlib" 'exit $?'
+ fi
+
+ # Do each command in the postinstall commands.
+ func_execute_cmds "$old_postinstall_cmds" 'exit $?'
+ done
+
+ test -n "$future_libdirs" && \
+ func_warning "remember to run \`$progname --finish$future_libdirs'"
+
+ if test -n "$current_libdirs"; then
+ # Maybe just do a dry run.
+ $opt_dry_run && current_libdirs=" -n$current_libdirs"
+ exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+ else
+ exit $EXIT_SUCCESS
+ fi
+}
+
+test "$mode" = install && func_mode_install ${1+"$@"}
+
+
+# func_generate_dlsyms outputname originator pic_p
+# Extract symbols from dlprefiles and create ${outputname}S.o with
+# a dlpreopen symbol table.
+func_generate_dlsyms ()
+{
+ $opt_debug
+ my_outputname="$1"
+ my_originator="$2"
+ my_pic_p="${3-no}"
+ my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'`
+ my_dlsyms=
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ if test -n "$NM" && test -n "$global_symbol_pipe"; then
+ my_dlsyms="${my_outputname}S.c"
+ else
+ func_error "not configured to extract global symbols from dlpreopened files"
+ fi
+ fi
+
+ if test -n "$my_dlsyms"; then
+ case $my_dlsyms in
+ "") ;;
+ *.c)
+ # Discover the nlist of each of the dlfiles.
+ nlist="$output_objdir/${my_outputname}.nm"
+
+ func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
+
+ # Parse the name list into a source file.
+ func_verbose "creating $output_objdir/$my_dlsyms"
+
+ $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
+/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */
+/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* External symbol declarations for the compiler. */\
+"
+
+ if test "$dlself" = yes; then
+ func_verbose "generating symbol list for \`$output'"
+
+ $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
+
+ # Add our own program objects to the symbol list.
+ progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ for progfile in $progfiles; do
+ func_verbose "extracting global C symbols from \`$progfile'"
+ $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -n "$exclude_expsyms"; then
+ $opt_dry_run || {
+ eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ }
+ fi
+
+ if test -n "$export_symbols_regex"; then
+ $opt_dry_run || {
+ eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ }
+ fi
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ export_symbols="$output_objdir/$outputname.exp"
+ $opt_dry_run || {
+ $RM $export_symbols
+ eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ }
+ else
+ $opt_dry_run || {
+ eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+ eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ case $host in
+ *cygwin | *mingw* | *cegcc* )
+ eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ }
+ fi
+ fi
+
+ for dlprefile in $dlprefiles; do
+ func_verbose "extracting global C symbols from \`$dlprefile'"
+ func_basename "$dlprefile"
+ name="$func_basename_result"
+ $opt_dry_run || {
+ eval '$ECHO ": $name " >> "$nlist"'
+ eval "$NM $dlprefile 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+ }
+ done
+
+ $opt_dry_run || {
+ # Make sure we have at least an empty file.
+ test -f "$nlist" || : > "$nlist"
+
+ if test -n "$exclude_expsyms"; then
+ $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+ $MV "$nlist"T "$nlist"
+ fi
+
+ # Try sorting and uniquifying the output.
+ if $GREP -v "^: " < "$nlist" |
+ if sort -k 3 </dev/null >/dev/null 2>&1; then
+ sort -k 3
+ else
+ sort +2
+ fi |
+ uniq > "$nlist"S; then
+ :
+ else
+ $GREP -v "^: " < "$nlist" > "$nlist"S
+ fi
+
+ if test -f "$nlist"S; then
+ eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
+ else
+ $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms"
+ fi
+
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+
+/* The mapping between symbol names and symbols. */
+typedef struct {
+ const char *name;
+ void *address;
+} lt_dlsymlist;
+"
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+/* DATA imports from DLLs on WIN32 con't be const, because
+ runtime relocations are performed -- see ld's documentation
+ on pseudo-relocs. */"
+ lt_dlsym_const= ;;
+ *osf5*)
+ echo >> "$output_objdir/$my_dlsyms" "\
+/* This system does not cope well with relocations in const data */"
+ lt_dlsym_const= ;;
+ *)
+ lt_dlsym_const=const ;;
+ esac
+
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+extern $lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[];
+$lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[] =
+{\
+ { \"$my_originator\", (void *) 0 },"
+
+ case $need_lib_prefix in
+ no)
+ eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms"
+ ;;
+ *)
+ eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
+ ;;
+ esac
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt_${my_prefix}_LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+ } # !$opt_dry_run
+
+ pic_flag_for_symtable=
+ case "$compile_command " in
+ *" -static "*) ;;
+ *)
+ case $host in
+ # compiling the symbol table file with pic_flag works around
+ # a FreeBSD bug that causes programs to crash when -lm is
+ # linked before any other PIC object. But we must not use
+ # pic_flag when linking with -static. The problem exists in
+ # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+ *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
+ *-*-hpux*)
+ pic_flag_for_symtable=" $pic_flag" ;;
+ *)
+ if test "X$my_pic_p" != Xno; then
+ pic_flag_for_symtable=" $pic_flag"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ symtab_cflags=
+ for arg in $LTCFLAGS; do
+ case $arg in
+ -pie | -fpie | -fPIE) ;;
+ *) symtab_cflags="$symtab_cflags $arg" ;;
+ esac
+ done
+
+ # Now compile the dynamic symbol file.
+ func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
+
+ # Clean up the generated files.
+ func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"'
+
+ # Transform the symbol file into the correct name.
+ symfileobj="$output_objdir/${my_outputname}S.$objext"
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ if test -f "$output_objdir/$my_outputname.def"; then
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ else
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ fi
+ ;;
+ *)
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ ;;
+ esac
+ ;;
+ *)
+ func_fatal_error "unknown suffix for \`$my_dlsyms'"
+ ;;
+ esac
+ else
+ # We keep going just in case the user didn't refer to
+ # lt_preloaded_symbols. The linker will fail if global_symbol_pipe
+ # really was required.
+
+ # Nullify the symbol file.
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+ fi
+}
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+ $opt_debug
+ win32_libid_type="unknown"
+ win32_fileres=`file -L $1 2>/dev/null`
+ case $win32_fileres in
+ *ar\ archive\ import\ library*) # definitely import
+ win32_libid_type="x86 archive import"
+ ;;
+ *ar\ archive*) # could be an import, or static
+ if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
+ $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+ win32_nmres=`eval $NM -f posix -A $1 |
+ $SED -n -e '
+ 1,100{
+ / I /{
+ s,.*,import,
+ p
+ q
+ }
+ }'`
+ case $win32_nmres in
+ import*) win32_libid_type="x86 archive import";;
+ *) win32_libid_type="x86 archive static";;
+ esac
+ fi
+ ;;
+ *DLL*)
+ win32_libid_type="x86 DLL"
+ ;;
+ *executable*) # but shell scripts are "executable" too...
+ case $win32_fileres in
+ *MS\ Windows\ PE\ Intel*)
+ win32_libid_type="x86 DLL"
+ ;;
+ esac
+ ;;
+ esac
+ $ECHO "$win32_libid_type"
+}
+
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+ $opt_debug
+ f_ex_an_ar_dir="$1"; shift
+ f_ex_an_ar_oldlib="$1"
+ func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?'
+ if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib"
+ fi
+}
+
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+ $opt_debug
+ my_gentop="$1"; shift
+ my_oldlibs=${1+"$@"}
+ my_oldobjs=""
+ my_xlib=""
+ my_xabs=""
+ my_xdir=""
+
+ for my_xlib in $my_oldlibs; do
+ # Extract the objects.
+ case $my_xlib in
+ [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+ *) my_xabs=`pwd`"/$my_xlib" ;;
+ esac
+ func_basename "$my_xlib"
+ my_xlib="$func_basename_result"
+ my_xlib_u=$my_xlib
+ while :; do
+ case " $extracted_archives " in
+ *" $my_xlib_u "*)
+ func_arith $extracted_serial + 1
+ extracted_serial=$func_arith_result
+ my_xlib_u=lt$extracted_serial-$my_xlib ;;
+ *) break ;;
+ esac
+ done
+ extracted_archives="$extracted_archives $my_xlib_u"
+ my_xdir="$my_gentop/$my_xlib_u"
+
+ func_mkdir_p "$my_xdir"
+
+ case $host in
+ *-darwin*)
+ func_verbose "Extracting $my_xabs"
+ # Do not bother doing anything if just a dry run
+ $opt_dry_run || {
+ darwin_orig_dir=`pwd`
+ cd $my_xdir || exit $?
+ darwin_archive=$my_xabs
+ darwin_curdir=`pwd`
+ darwin_base_archive=`basename "$darwin_archive"`
+ darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
+ if test -n "$darwin_arches"; then
+ darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
+ darwin_arch=
+ func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
+ for darwin_arch in $darwin_arches ; do
+ func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+ cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+ cd "$darwin_curdir"
+ $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+ done # $darwin_arches
+ ## Okay now we've a bunch of thin objects, gotta fatten them up :)
+ darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u`
+ darwin_file=
+ darwin_files=
+ for darwin_file in $darwin_filelist; do
+ darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+ $LIPO -create -output "$darwin_file" $darwin_files
+ done # $darwin_filelist
+ $RM -rf unfat-$$
+ cd "$darwin_orig_dir"
+ else
+ cd $darwin_orig_dir
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ fi # $darwin_arches
+ } # !$opt_dry_run
+ ;;
+ *)
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ ;;
+ esac
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+ done
+
+ func_extract_archives_result="$my_oldobjs"
+}
+
+
+
+# func_emit_wrapper_part1 [arg=no]
+#
+# Emit the first part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part1 ()
+{
+ func_emit_wrapper_part1_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_part1_arg1=$1
+ fi
+
+ $ECHO "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# Be Bourne compatible
+if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+ # install mode needs the following variables:
+ generated_by_libtool_version='$macro_version'
+ notinst_deplibs='$notinst_deplibs'
+else
+ # When we are sourced in execute mode, \$file and \$ECHO are already set.
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ ECHO=\"$qecho\"
+ file=\"\$0\"
+ # Make sure echo works.
+ if test \"X\$1\" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+ elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then
+ # Yippee, \$ECHO works!
+ :
+ else
+ # Restart under the correct shell, and then maybe \$ECHO will work.
+ exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+ fi
+ fi\
+"
+ $ECHO "\
+
+ # Find the directory that this script lives in.
+ thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+ test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+ # Follow symbolic links until we get to the real thisdir.
+ file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+ while test -n \"\$file\"; do
+ destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+ # If there was a directory component, then change thisdir.
+ if test \"x\$destdir\" != \"x\$file\"; then
+ case \"\$destdir\" in
+ [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+ *) thisdir=\"\$thisdir/\$destdir\" ;;
+ esac
+ fi
+
+ file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+ file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+ done
+"
+}
+# end: func_emit_wrapper_part1
+
+# func_emit_wrapper_part2 [arg=no]
+#
+# Emit the second part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part2 ()
+{
+ func_emit_wrapper_part2_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_part2_arg1=$1
+ fi
+
+ $ECHO "\
+
+ # Usually 'no', except on cygwin/mingw when embedded into
+ # the cwrapper.
+ WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1
+ if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
+ # special case for '.'
+ if test \"\$thisdir\" = \".\"; then
+ thisdir=\`pwd\`
+ fi
+ # remove .libs from thisdir
+ case \"\$thisdir\" in
+ *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;;
+ $objdir ) thisdir=. ;;
+ esac
+ fi
+
+ # Try to get the absolute directory name.
+ absdir=\`cd \"\$thisdir\" && pwd\`
+ test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+ if test "$fast_install" = yes; then
+ $ECHO "\
+ program=lt-'$outputname'$exeext
+ progdir=\"\$thisdir/$objdir\"
+
+ if test ! -f \"\$progdir/\$program\" ||
+ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+ test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+ file=\"\$\$-\$program\"
+
+ if test ! -d \"\$progdir\"; then
+ $MKDIR \"\$progdir\"
+ else
+ $RM \"\$progdir/\$file\"
+ fi"
+
+ $ECHO "\
+
+ # relink executable if necessary
+ if test -n \"\$relink_command\"; then
+ if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+ else
+ $ECHO \"\$relink_command_output\" >&2
+ $RM \"\$progdir/\$file\"
+ exit 1
+ fi
+ fi
+
+ $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+ { $RM \"\$progdir/\$program\";
+ $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+ $RM \"\$progdir/\$file\"
+ fi"
+ else
+ $ECHO "\
+ program='$outputname'
+ progdir=\"\$thisdir/$objdir\"
+"
+ fi
+
+ $ECHO "\
+
+ if test -f \"\$progdir/\$program\"; then"
+
+ # Export our shlibpath_var if we have one.
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ $ECHO "\
+ # Add our own library path to $shlibpath_var
+ $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+ # Some systems cannot cope with colon-terminated $shlibpath_var
+ # The second colon is a workaround for a bug in BeOS R4 sed
+ $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+ export $shlibpath_var
+"
+ fi
+
+ # fixup the dll searchpath if we need to.
+ if test -n "$dllsearchpath"; then
+ $ECHO "\
+ # Add the dll search path components to the executable PATH
+ PATH=$dllsearchpath:\$PATH
+"
+ fi
+
+ $ECHO "\
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ # Run the actual program with our arguments.
+"
+ case $host in
+ # Backslashes separate directories on plain windows
+ *-*-mingw | *-*-os2* | *-cegcc*)
+ $ECHO "\
+ exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+ ;;
+
+ *)
+ $ECHO "\
+ exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+ ;;
+ esac
+ $ECHO "\
+ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
+ exit 1
+ fi
+ else
+ # The program doesn't exist.
+ \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+ \$ECHO \"This script is just a wrapper for \$program.\" 1>&2
+ $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
+ exit 1
+ fi
+fi\
+"
+}
+# end: func_emit_wrapper_part2
+
+
+# func_emit_wrapper [arg=no]
+#
+# Emit a libtool wrapper script on stdout.
+# Don't directly open a file because we may want to
+# incorporate the script contents within a cygwin/mingw
+# wrapper executable. Must ONLY be called from within
+# func_mode_link because it depends on a number of variables
+# set therein.
+#
+# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
+# variable will take. If 'yes', then the emitted script
+# will assume that the directory in which it is stored is
+# the $objdir directory. This is a cygwin/mingw-specific
+# behavior.
+func_emit_wrapper ()
+{
+ func_emit_wrapper_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_arg1=$1
+ fi
+
+ # split this up so that func_emit_cwrapperexe_src
+ # can call each part independently.
+ func_emit_wrapper_part1 "${func_emit_wrapper_arg1}"
+ func_emit_wrapper_part2 "${func_emit_wrapper_arg1}"
+}
+
+
+# func_to_host_path arg
+#
+# Convert paths to host format when used with build tools.
+# Intended for use with "native" mingw (where libtool itself
+# is running under the msys shell), or in the following cross-
+# build environments:
+# $build $host
+# mingw (msys) mingw [e.g. native]
+# cygwin mingw
+# *nix + wine mingw
+# where wine is equipped with the `winepath' executable.
+# In the native mingw case, the (msys) shell automatically
+# converts paths for any non-msys applications it launches,
+# but that facility isn't available from inside the cwrapper.
+# Similar accommodations are necessary for $host mingw and
+# $build cygwin. Calling this function does no harm for other
+# $host/$build combinations not listed above.
+#
+# ARG is the path (on $build) that should be converted to
+# the proper representation for $host. The result is stored
+# in $func_to_host_path_result.
+func_to_host_path ()
+{
+ func_to_host_path_result="$1"
+ if test -n "$1" ; then
+ case $host in
+ *mingw* )
+ lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+ case $build in
+ *mingw* ) # actually, msys
+ # awkward: cmd appends spaces to result
+ lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+ func_to_host_path_tmp1=`( cmd //c echo "$1" |\
+ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ *cygwin* )
+ func_to_host_path_tmp1=`cygpath -w "$1"`
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ * )
+ # Unfortunately, winepath does not exit with a non-zero
+ # error code, so we are forced to check the contents of
+ # stdout. On the other hand, if the command is not
+ # found, the shell will set an exit code of 127 and print
+ # *an error message* to stdout. So we must check for both
+ # error code of zero AND non-empty stdout, which explains
+ # the odd construction:
+ func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null`
+ if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ else
+ # Allow warning below.
+ func_to_host_path_result=""
+ fi
+ ;;
+ esac
+ if test -z "$func_to_host_path_result" ; then
+ func_error "Could not determine host path corresponding to"
+ func_error " '$1'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback:
+ func_to_host_path_result="$1"
+ fi
+ ;;
+ esac
+ fi
+}
+# end: func_to_host_path
+
+# func_to_host_pathlist arg
+#
+# Convert pathlists to host format when used with build tools.
+# See func_to_host_path(), above. This function supports the
+# following $build/$host combinations (but does no harm for
+# combinations not listed here):
+# $build $host
+# mingw (msys) mingw [e.g. native]
+# cygwin mingw
+# *nix + wine mingw
+#
+# Path separators are also converted from $build format to
+# $host format. If ARG begins or ends with a path separator
+# character, it is preserved (but converted to $host format)
+# on output.
+#
+# ARG is a pathlist (on $build) that should be converted to
+# the proper representation on $host. The result is stored
+# in $func_to_host_pathlist_result.
+func_to_host_pathlist ()
+{
+ func_to_host_pathlist_result="$1"
+ if test -n "$1" ; then
+ case $host in
+ *mingw* )
+ lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+ # Remove leading and trailing path separator characters from
+ # ARG. msys behavior is inconsistent here, cygpath turns them
+ # into '.;' and ';.', and winepath ignores them completely.
+ func_to_host_pathlist_tmp2="$1"
+ # Once set for this call, this variable should not be
+ # reassigned. It is used in tha fallback case.
+ func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e 's|^:*||' -e 's|:*$||'`
+ case $build in
+ *mingw* ) # Actually, msys.
+ # Awkward: cmd appends spaces to result.
+ lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+ func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\
+ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ *cygwin* )
+ func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"`
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ * )
+ # unfortunately, winepath doesn't convert pathlists
+ func_to_host_pathlist_result=""
+ func_to_host_pathlist_oldIFS=$IFS
+ IFS=:
+ for func_to_host_pathlist_f in $func_to_host_pathlist_tmp1 ; do
+ IFS=$func_to_host_pathlist_oldIFS
+ if test -n "$func_to_host_pathlist_f" ; then
+ func_to_host_path "$func_to_host_pathlist_f"
+ if test -n "$func_to_host_path_result" ; then
+ if test -z "$func_to_host_pathlist_result" ; then
+ func_to_host_pathlist_result="$func_to_host_path_result"
+ else
+ func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result"
+ fi
+ fi
+ fi
+ IFS=:
+ done
+ IFS=$func_to_host_pathlist_oldIFS
+ ;;
+ esac
+ if test -z "$func_to_host_pathlist_result" ; then
+ func_error "Could not determine the host path(s) corresponding to"
+ func_error " '$1'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback. This may break if $1 contains DOS-style drive
+ # specifications. The fix is not to complicate the expression
+ # below, but for the user to provide a working wine installation
+ # with winepath so that path translation in the cross-to-mingw
+ # case works properly.
+ lt_replace_pathsep_nix_to_dos="s|:|;|g"
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp1" |\
+ $SED -e "$lt_replace_pathsep_nix_to_dos"`
+ fi
+ # Now, add the leading and trailing path separators back
+ case "$1" in
+ :* ) func_to_host_pathlist_result=";$func_to_host_pathlist_result"
+ ;;
+ esac
+ case "$1" in
+ *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+}
+# end: func_to_host_pathlist
+
+# func_emit_cwrapperexe_src
+# emit the source code for a wrapper executable on stdout
+# Must ONLY be called from within func_mode_link because
+# it depends on a number of variable set therein.
+func_emit_cwrapperexe_src ()
+{
+ cat <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+ Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+
+ The $output program cannot be directly executed until all the libtool
+ libraries that it depends on are installed.
+
+ This wrapper executable should never be moved out of the build directory.
+ If it is, it will not operate correctly.
+
+ Currently, it simply execs the wrapper *script* "$SHELL $output",
+ but could eventually absorb all of the scripts functionality and
+ exec $objdir/$outputname directly.
+*/
+EOF
+ cat <<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef _MSC_VER
+# include <direct.h>
+# include <process.h>
+# include <io.h>
+# define setmode _setmode
+#else
+# include <unistd.h>
+# include <stdint.h>
+# ifdef __CYGWIN__
+# include <io.h>
+# define HAVE_SETENV
+# ifdef __STRICT_ANSI__
+char *realpath (const char *, char *);
+int putenv (char *);
+int setenv (const char *, const char *, int);
+# endif
+# endif
+#endif
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef S_IXOTH
+# define S_IXOTH 0
+#endif
+#ifndef S_IXGRP
+# define S_IXGRP 0
+#endif
+
+#ifdef _MSC_VER
+# define S_IXUSR _S_IEXEC
+# define stat _stat
+# ifndef _INTPTR_T_DEFINED
+# define intptr_t int
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+ defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# define FOPEN_WB "wb"
+# ifndef DIR_SEPARATOR_2
+# define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+# define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#ifdef __CYGWIN__
+# define FOPEN_WB "wb"
+#endif
+
+#ifndef FOPEN_WB
+# define FOPEN_WB "w"
+#endif
+#ifndef _O_BINARY
+# define _O_BINARY 0
+#endif
+
+#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+ if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+#undef LTWRAPPER_DEBUGPRINTF
+#if defined DEBUGWRAPPER
+# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args
+static void
+ltwrapper_debugprintf (const char *fmt, ...)
+{
+ va_list args;
+ va_start (args, fmt);
+ (void) vfprintf (stderr, fmt, args);
+ va_end (args);
+}
+#else
+# define LTWRAPPER_DEBUGPRINTF(args)
+#endif
+
+const char *program_name = NULL;
+
+void *xmalloc (size_t num);
+char *xstrdup (const char *string);
+const char *base_name (const char *name);
+char *find_executable (const char *wrapper);
+char *chase_symlinks (const char *pathspec);
+int make_executable (const char *path);
+int check_executable (const char *path);
+char *strendzap (char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+void lt_setenv (const char *name, const char *value);
+char *lt_extend_str (const char *orig_value, const char *add, int to_end);
+void lt_opt_process_env_set (const char *arg);
+void lt_opt_process_env_prepend (const char *arg);
+void lt_opt_process_env_append (const char *arg);
+int lt_split_name_value (const char *arg, char** name, char** value);
+void lt_update_exe_path (const char *name, const char *value);
+void lt_update_lib_path (const char *name, const char *value);
+
+static const char *script_text_part1 =
+EOF
+
+ func_emit_wrapper_part1 yes |
+ $SED -e 's/\([\\"]\)/\\\1/g' \
+ -e 's/^/ "/' -e 's/$/\\n"/'
+ echo ";"
+ cat <<EOF
+
+static const char *script_text_part2 =
+EOF
+ func_emit_wrapper_part2 yes |
+ $SED -e 's/\([\\"]\)/\\\1/g' \
+ -e 's/^/ "/' -e 's/$/\\n"/'
+ echo ";"
+
+ cat <<EOF
+const char * MAGIC_EXE = "$magic_exe";
+const char * LIB_PATH_VARNAME = "$shlibpath_var";
+EOF
+
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ func_to_host_pathlist "$temp_rpath"
+ cat <<EOF
+const char * LIB_PATH_VALUE = "$func_to_host_pathlist_result";
+EOF
+ else
+ cat <<"EOF"
+const char * LIB_PATH_VALUE = "";
+EOF
+ fi
+
+ if test -n "$dllsearchpath"; then
+ func_to_host_pathlist "$dllsearchpath:"
+ cat <<EOF
+const char * EXE_PATH_VARNAME = "PATH";
+const char * EXE_PATH_VALUE = "$func_to_host_pathlist_result";
+EOF
+ else
+ cat <<"EOF"
+const char * EXE_PATH_VARNAME = "";
+const char * EXE_PATH_VALUE = "";
+EOF
+ fi
+
+ if test "$fast_install" = yes; then
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
+EOF
+ else
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
+EOF
+ fi
+
+
+ cat <<"EOF"
+
+#define LTWRAPPER_OPTION_PREFIX "--lt-"
+#define LTWRAPPER_OPTION_PREFIX_LENGTH 5
+
+static const size_t opt_prefix_len = LTWRAPPER_OPTION_PREFIX_LENGTH;
+static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
+
+static const char *dumpscript_opt = LTWRAPPER_OPTION_PREFIX "dump-script";
+
+static const size_t env_set_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 7;
+static const char *env_set_opt = LTWRAPPER_OPTION_PREFIX "env-set";
+ /* argument is putenv-style "foo=bar", value of foo is set to bar */
+
+static const size_t env_prepend_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 11;
+static const char *env_prepend_opt = LTWRAPPER_OPTION_PREFIX "env-prepend";
+ /* argument is putenv-style "foo=bar", new value of foo is bar${foo} */
+
+static const size_t env_append_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 10;
+static const char *env_append_opt = LTWRAPPER_OPTION_PREFIX "env-append";
+ /* argument is putenv-style "foo=bar", new value of foo is ${foo}bar */
+
+int
+main (int argc, char *argv[])
+{
+ char **newargz;
+ int newargc;
+ char *tmp_pathspec;
+ char *actual_cwrapper_path;
+ char *actual_cwrapper_name;
+ char *target_name;
+ char *lt_argv_zero;
+ intptr_t rval = 127;
+
+ int i;
+
+ program_name = (char *) xstrdup (base_name (argv[0]));
+ LTWRAPPER_DEBUGPRINTF (("(main) argv[0] : %s\n", argv[0]));
+ LTWRAPPER_DEBUGPRINTF (("(main) program_name : %s\n", program_name));
+
+ /* very simple arg parsing; don't want to rely on getopt */
+ for (i = 1; i < argc; i++)
+ {
+ if (strcmp (argv[i], dumpscript_opt) == 0)
+ {
+EOF
+ case "$host" in
+ *mingw* | *cygwin* )
+ # make stdout use "unix" line endings
+ echo " setmode(1,_O_BINARY);"
+ ;;
+ esac
+
+ cat <<"EOF"
+ printf ("%s", script_text_part1);
+ printf ("%s", script_text_part2);
+ return 0;
+ }
+ }
+
+ newargz = XMALLOC (char *, argc + 1);
+ tmp_pathspec = find_executable (argv[0]);
+ if (tmp_pathspec == NULL)
+ lt_fatal ("Couldn't find %s", argv[0]);
+ LTWRAPPER_DEBUGPRINTF (("(main) found exe (before symlink chase) at : %s\n",
+ tmp_pathspec));
+
+ actual_cwrapper_path = chase_symlinks (tmp_pathspec);
+ LTWRAPPER_DEBUGPRINTF (("(main) found exe (after symlink chase) at : %s\n",
+ actual_cwrapper_path));
+ XFREE (tmp_pathspec);
+
+ actual_cwrapper_name = xstrdup( base_name (actual_cwrapper_path));
+ strendzap (actual_cwrapper_path, actual_cwrapper_name);
+
+ /* wrapper name transforms */
+ strendzap (actual_cwrapper_name, ".exe");
+ tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
+ XFREE (actual_cwrapper_name);
+ actual_cwrapper_name = tmp_pathspec;
+ tmp_pathspec = 0;
+
+ /* target_name transforms -- use actual target program name; might have lt- prefix */
+ target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
+ strendzap (target_name, ".exe");
+ tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
+ XFREE (target_name);
+ target_name = tmp_pathspec;
+ tmp_pathspec = 0;
+
+ LTWRAPPER_DEBUGPRINTF (("(main) libtool target name: %s\n",
+ target_name));
+EOF
+
+ cat <<EOF
+ newargz[0] =
+ XMALLOC (char, (strlen (actual_cwrapper_path) +
+ strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
+ strcpy (newargz[0], actual_cwrapper_path);
+ strcat (newargz[0], "$objdir");
+ strcat (newargz[0], "/");
+EOF
+
+ cat <<"EOF"
+ /* stop here, and copy so we don't have to do this twice */
+ tmp_pathspec = xstrdup (newargz[0]);
+
+ /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
+ strcat (newargz[0], actual_cwrapper_name);
+
+ /* DO want the lt- prefix here if it exists, so use target_name */
+ lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
+ XFREE (tmp_pathspec);
+ tmp_pathspec = NULL;
+EOF
+
+ case $host_os in
+ mingw*)
+ cat <<"EOF"
+ {
+ char* p;
+ while ((p = strchr (newargz[0], '\\')) != NULL)
+ {
+ *p = '/';
+ }
+ while ((p = strchr (lt_argv_zero, '\\')) != NULL)
+ {
+ *p = '/';
+ }
+ }
+EOF
+ ;;
+ esac
+
+ cat <<"EOF"
+ XFREE (target_name);
+ XFREE (actual_cwrapper_path);
+ XFREE (actual_cwrapper_name);
+
+ lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
+ lt_setenv ("DUALCASE", "1"); /* for MSK sh */
+ lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
+ lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
+
+ newargc=0;
+ for (i = 1; i < argc; i++)
+ {
+ if (strncmp (argv[i], env_set_opt, env_set_opt_len) == 0)
+ {
+ if (argv[i][env_set_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_set_opt_len + 1;
+ lt_opt_process_env_set (p);
+ }
+ else if (argv[i][env_set_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_set (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_set_opt);
+ continue;
+ }
+ if (strncmp (argv[i], env_prepend_opt, env_prepend_opt_len) == 0)
+ {
+ if (argv[i][env_prepend_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_prepend_opt_len + 1;
+ lt_opt_process_env_prepend (p);
+ }
+ else if (argv[i][env_prepend_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_prepend (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_prepend_opt);
+ continue;
+ }
+ if (strncmp (argv[i], env_append_opt, env_append_opt_len) == 0)
+ {
+ if (argv[i][env_append_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_append_opt_len + 1;
+ lt_opt_process_env_append (p);
+ }
+ else if (argv[i][env_append_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_append (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_append_opt);
+ continue;
+ }
+ if (strncmp (argv[i], ltwrapper_option_prefix, opt_prefix_len) == 0)
+ {
+ /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
+ namespace, but it is not one of the ones we know about and
+ have already dealt with, above (inluding dump-script), then
+ report an error. Otherwise, targets might begin to believe
+ they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
+ namespace. The first time any user complains about this, we'll
+ need to make LTWRAPPER_OPTION_PREFIX a configure-time option
+ or a configure.ac-settable value.
+ */
+ lt_fatal ("Unrecognized option in %s namespace: '%s'",
+ ltwrapper_option_prefix, argv[i]);
+ }
+ /* otherwise ... */
+ newargz[++newargc] = xstrdup (argv[i]);
+ }
+ newargz[++newargc] = NULL;
+
+ LTWRAPPER_DEBUGPRINTF (("(main) lt_argv_zero : %s\n", (lt_argv_zero ? lt_argv_zero : "<NULL>")));
+ for (i = 0; i < newargc; i++)
+ {
+ LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d] : %s\n", i, (newargz[i] ? newargz[i] : "<NULL>")));
+ }
+
+EOF
+
+ case $host_os in
+ mingw*)
+ cat <<"EOF"
+ /* execv doesn't actually work on mingw as expected on unix */
+ rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
+ if (rval == -1)
+ {
+ /* failed to start process */
+ LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno));
+ return 127;
+ }
+ return rval;
+EOF
+ ;;
+ *)
+ cat <<"EOF"
+ execv (lt_argv_zero, newargz);
+ return rval; /* =127, but avoids unused variable warning */
+EOF
+ ;;
+ esac
+
+ cat <<"EOF"
+}
+
+void *
+xmalloc (size_t num)
+{
+ void *p = (void *) malloc (num);
+ if (!p)
+ lt_fatal ("Memory exhausted");
+
+ return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+ return string ? strcpy ((char *) xmalloc (strlen (string) + 1),
+ string) : NULL;
+}
+
+const char *
+base_name (const char *name)
+{
+ const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ /* Skip over the disk name in MSDOS pathnames. */
+ if (isalpha ((unsigned char) name[0]) && name[1] == ':')
+ name += 2;
+#endif
+
+ for (base = name; *name; name++)
+ if (IS_DIR_SEPARATOR (*name))
+ base = name + 1;
+ return base;
+}
+
+int
+check_executable (const char *path)
+{
+ struct stat st;
+
+ LTWRAPPER_DEBUGPRINTF (("(check_executable) : %s\n",
+ path ? (*path ? path : "EMPTY!") : "NULL!"));
+ if ((!path) || (!*path))
+ return 0;
+
+ if ((stat (path, &st) >= 0)
+ && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
+ return 1;
+ else
+ return 0;
+}
+
+int
+make_executable (const char *path)
+{
+ int rval = 0;
+ struct stat st;
+
+ LTWRAPPER_DEBUGPRINTF (("(make_executable) : %s\n",
+ path ? (*path ? path : "EMPTY!") : "NULL!"));
+ if ((!path) || (!*path))
+ return 0;
+
+ if (stat (path, &st) >= 0)
+ {
+ rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR);
+ }
+ return rval;
+}
+
+/* Searches for the full path of the wrapper. Returns
+ newly allocated full path name if found, NULL otherwise
+ Does not chase symlinks, even on platforms that support them.
+*/
+char *
+find_executable (const char *wrapper)
+{
+ int has_slash = 0;
+ const char *p;
+ const char *p_next;
+ /* static buffer for getcwd */
+ char tmp[LT_PATHMAX + 1];
+ int tmp_len;
+ char *concat_name;
+
+ LTWRAPPER_DEBUGPRINTF (("(find_executable) : %s\n",
+ wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"));
+
+ if ((wrapper == NULL) || (*wrapper == '\0'))
+ return NULL;
+
+ /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+ else
+ {
+#endif
+ if (IS_DIR_SEPARATOR (wrapper[0]))
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ }
+#endif
+
+ for (p = wrapper; *p; p++)
+ if (*p == '/')
+ {
+ has_slash = 1;
+ break;
+ }
+ if (!has_slash)
+ {
+ /* no slashes; search PATH */
+ const char *path = getenv ("PATH");
+ if (path != NULL)
+ {
+ for (p = path; *p; p = p_next)
+ {
+ const char *q;
+ size_t p_len;
+ for (q = p; *q; q++)
+ if (IS_PATH_SEPARATOR (*q))
+ break;
+ p_len = q - p;
+ p_next = (*q == '\0' ? q : q + 1);
+ if (p_len == 0)
+ {
+ /* empty path: current directory */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen (tmp);
+ concat_name =
+ XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+ }
+ else
+ {
+ concat_name =
+ XMALLOC (char, p_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, p, p_len);
+ concat_name[p_len] = '/';
+ strcpy (concat_name + p_len + 1, wrapper);
+ }
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+ }
+ /* not found in PATH; assume curdir */
+ }
+ /* Relative path | not found in path: prepend cwd */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen (tmp);
+ concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ return NULL;
+}
+
+char *
+chase_symlinks (const char *pathspec)
+{
+#ifndef S_ISLNK
+ return xstrdup (pathspec);
+#else
+ char buf[LT_PATHMAX];
+ struct stat s;
+ char *tmp_pathspec = xstrdup (pathspec);
+ char *p;
+ int has_symlinks = 0;
+ while (strlen (tmp_pathspec) && !has_symlinks)
+ {
+ LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n",
+ tmp_pathspec));
+ if (lstat (tmp_pathspec, &s) == 0)
+ {
+ if (S_ISLNK (s.st_mode) != 0)
+ {
+ has_symlinks = 1;
+ break;
+ }
+
+ /* search backwards for last DIR_SEPARATOR */
+ p = tmp_pathspec + strlen (tmp_pathspec) - 1;
+ while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+ p--;
+ if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+ {
+ /* no more DIR_SEPARATORS left */
+ break;
+ }
+ *p = '\0';
+ }
+ else
+ {
+ char *errstr = strerror (errno);
+ lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr);
+ }
+ }
+ XFREE (tmp_pathspec);
+
+ if (!has_symlinks)
+ {
+ return xstrdup (pathspec);
+ }
+
+ tmp_pathspec = realpath (pathspec, buf);
+ if (tmp_pathspec == 0)
+ {
+ lt_fatal ("Could not follow symlinks for %s", pathspec);
+ }
+ return xstrdup (tmp_pathspec);
+#endif
+}
+
+char *
+strendzap (char *str, const char *pat)
+{
+ size_t len, patlen;
+
+ assert (str != NULL);
+ assert (pat != NULL);
+
+ len = strlen (str);
+ patlen = strlen (pat);
+
+ if (patlen <= len)
+ {
+ str += len - patlen;
+ if (strcmp (str, pat) == 0)
+ *str = '\0';
+ }
+ return str;
+}
+
+static void
+lt_error_core (int exit_status, const char *mode,
+ const char *message, va_list ap)
+{
+ fprintf (stderr, "%s: %s: ", program_name, mode);
+ vfprintf (stderr, message, ap);
+ fprintf (stderr, ".\n");
+
+ if (exit_status >= 0)
+ exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+ va_list ap;
+ va_start (ap, message);
+ lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+ va_end (ap);
+}
+
+void
+lt_setenv (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+ {
+#ifdef HAVE_SETENV
+ /* always make a copy, for consistency with !HAVE_SETENV */
+ char *str = xstrdup (value);
+ setenv (name, str, 1);
+#else
+ int len = strlen (name) + 1 + strlen (value) + 1;
+ char *str = XMALLOC (char, len);
+ sprintf (str, "%s=%s", name, value);
+ if (putenv (str) != EXIT_SUCCESS)
+ {
+ XFREE (str);
+ }
+#endif
+ }
+}
+
+char *
+lt_extend_str (const char *orig_value, const char *add, int to_end)
+{
+ char *new_value;
+ if (orig_value && *orig_value)
+ {
+ int orig_value_len = strlen (orig_value);
+ int add_len = strlen (add);
+ new_value = XMALLOC (char, add_len + orig_value_len + 1);
+ if (to_end)
+ {
+ strcpy (new_value, orig_value);
+ strcpy (new_value + orig_value_len, add);
+ }
+ else
+ {
+ strcpy (new_value, add);
+ strcpy (new_value + add_len, orig_value);
+ }
+ }
+ else
+ {
+ new_value = xstrdup (add);
+ }
+ return new_value;
+}
+
+int
+lt_split_name_value (const char *arg, char** name, char** value)
+{
+ const char *p;
+ int len;
+ if (!arg || !*arg)
+ return 1;
+
+ p = strchr (arg, (int)'=');
+
+ if (!p)
+ return 1;
+
+ *value = xstrdup (++p);
+
+ len = strlen (arg) - strlen (*value);
+ *name = XMALLOC (char, len);
+ strncpy (*name, arg, len-1);
+ (*name)[len - 1] = '\0';
+
+ return 0;
+}
+
+void
+lt_opt_process_env_set (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg);
+ }
+
+ lt_setenv (name, value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_opt_process_env_prepend (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+ char *new_value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg);
+ }
+
+ new_value = lt_extend_str (getenv (name), value, 0);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_opt_process_env_append (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+ char *new_value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg);
+ }
+
+ new_value = lt_extend_str (getenv (name), value, 1);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_update_exe_path (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ /* some systems can't cope with a ':'-terminated path #' */
+ int len = strlen (new_value);
+ while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
+ {
+ new_value[len-1] = '\0';
+ }
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+void
+lt_update_lib_path (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+
+EOF
+}
+# end: func_emit_cwrapperexe_src
+
+# func_mode_link arg...
+func_mode_link ()
+{
+ $opt_debug
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ # It is impossible to link a dll without this setting, and
+ # we shouldn't force the makefile maintainer to figure out
+ # which system we are compiling for in order to pass an extra
+ # flag for every libtool invocation.
+ # allow_undefined=no
+
+ # FIXME: Unfortunately, there are problems with the above when trying
+ # to make a dll which has undefined symbols, in which case not
+ # even a static library is built. For now, we need to specify
+ # -no-undefined on the libtool link line when we can be certain
+ # that all symbols are satisfied, otherwise we get a static library.
+ allow_undefined=yes
+ ;;
+ *)
+ allow_undefined=yes
+ ;;
+ esac
+ libtool_args=$nonopt
+ base_compile="$nonopt $@"
+ compile_command=$nonopt
+ finalize_command=$nonopt
+
+ compile_rpath=
+ finalize_rpath=
+ compile_shlibpath=
+ finalize_shlibpath=
+ convenience=
+ old_convenience=
+ deplibs=
+ old_deplibs=
+ compiler_flags=
+ linker_flags=
+ dllsearchpath=
+ lib_search_path=`pwd`
+ inst_prefix_dir=
+ new_inherited_linker_flags=
+
+ avoid_version=no
+ dlfiles=
+ dlprefiles=
+ dlself=no
+ export_dynamic=no
+ export_symbols=
+ export_symbols_regex=
+ generated=
+ libobjs=
+ ltlibs=
+ module=no
+ no_install=no
+ objs=
+ non_pic_objects=
+ precious_files_regex=
+ prefer_static_libs=no
+ preload=no
+ prev=
+ prevarg=
+ release=
+ rpath=
+ xrpath=
+ perm_rpath=
+ temp_rpath=
+ thread_safe=no
+ vinfo=
+ vinfo_number=no
+ weak_libs=
+ single_module="${wl}-single_module"
+ func_infer_tag $base_compile
+
+ # We need to know -static, to get the right output filenames.
+ for arg
+ do
+ case $arg in
+ -shared)
+ test "$build_libtool_libs" != yes && \
+ func_fatal_configuration "can not build a shared library"
+ build_old_libs=no
+ break
+ ;;
+ -all-static | -static | -static-libtool-libs)
+ case $arg in
+ -all-static)
+ if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+ func_warning "complete static linking is impossible in this configuration"
+ fi
+ if test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ ;;
+ -static)
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=built
+ ;;
+ -static-libtool-libs)
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ ;;
+ esac
+ build_libtool_libs=no
+ build_old_libs=yes
+ break
+ ;;
+ esac
+ done
+
+ # See if our shared archives depend on static archives.
+ test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+ # Go through the arguments, transforming them on the way.
+ while test "$#" -gt 0; do
+ arg="$1"
+ shift
+ func_quote_for_eval "$arg"
+ qarg=$func_quote_for_eval_unquoted_result
+ func_append libtool_args " $func_quote_for_eval_result"
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ output)
+ func_append compile_command " @OUTPUT@"
+ func_append finalize_command " @OUTPUT@"
+ ;;
+ esac
+
+ case $prev in
+ dlfiles|dlprefiles)
+ if test "$preload" = no; then
+ # Add the symbol object into the linking commands.
+ func_append compile_command " @SYMFILE@"
+ func_append finalize_command " @SYMFILE@"
+ preload=yes
+ fi
+ case $arg in
+ *.la | *.lo) ;; # We handle these cases below.
+ force)
+ if test "$dlself" = no; then
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ self)
+ if test "$prev" = dlprefiles; then
+ dlself=yes
+ elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+ dlself=yes
+ else
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ *)
+ if test "$prev" = dlfiles; then
+ dlfiles="$dlfiles $arg"
+ else
+ dlprefiles="$dlprefiles $arg"
+ fi
+ prev=
+ continue
+ ;;
+ esac
+ ;;
+ expsyms)
+ export_symbols="$arg"
+ test -f "$arg" \
+ || func_fatal_error "symbol file \`$arg' does not exist"
+ prev=
+ continue
+ ;;
+ expsyms_regex)
+ export_symbols_regex="$arg"
+ prev=
+ continue
+ ;;
+ framework)
+ case $host in
+ *-*-darwin*)
+ case "$deplibs " in
+ *" $qarg.ltframework "*) ;;
+ *) deplibs="$deplibs $qarg.ltframework" # this is fixed later
+ ;;
+ esac
+ ;;
+ esac
+ prev=
+ continue
+ ;;
+ inst_prefix)
+ inst_prefix_dir="$arg"
+ prev=
+ continue
+ ;;
+ objectlist)
+ if test -f "$arg"; then
+ save_arg=$arg
+ moreargs=
+ for fil in `cat "$save_arg"`
+ do
+# moreargs="$moreargs $fil"
+ arg=$fil
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if func_lalib_unsafe_p "$arg"; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ func_source "$arg"
+
+ if test -z "$pic_object" ||
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none &&
+ test "$non_pic_object" = none; then
+ func_fatal_error "cannot find name of object for \`$arg'"
+ fi
+
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ func_append libobjs " $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ func_append non_pic_objects " $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if $opt_dry_run; then
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ func_lo2o "$arg"
+ pic_object=$xdir$objdir/$func_lo2o_result
+ non_pic_object=$xdir$func_lo2o_result
+ func_append libobjs " $pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ else
+ func_fatal_error "\`$arg' is not a valid libtool object"
+ fi
+ fi
+ done
+ else
+ func_fatal_error "link input file \`$arg' does not exist"
+ fi
+ arg=$save_arg
+ prev=
+ continue
+ ;;
+ precious_regex)
+ precious_files_regex="$arg"
+ prev=
+ continue
+ ;;
+ release)
+ release="-$arg"
+ prev=
+ continue
+ ;;
+ rpath | xrpath)
+ # We need an absolute path.
+ case $arg in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ func_fatal_error "only absolute run-paths are allowed"
+ ;;
+ esac
+ if test "$prev" = rpath; then
+ case "$rpath " in
+ *" $arg "*) ;;
+ *) rpath="$rpath $arg" ;;
+ esac
+ else
+ case "$xrpath " in
+ *" $arg "*) ;;
+ *) xrpath="$xrpath $arg" ;;
+ esac
+ fi
+ prev=
+ continue
+ ;;
+ shrext)
+ shrext_cmds="$arg"
+ prev=
+ continue
+ ;;
+ weak)
+ weak_libs="$weak_libs $arg"
+ prev=
+ continue
+ ;;
+ xcclinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ func_append compile_command " $qarg"
+ func_append finalize_command " $qarg"
+ continue
+ ;;
+ xcompiler)
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ func_append compile_command " $qarg"
+ func_append finalize_command " $qarg"
+ continue
+ ;;
+ xlinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $wl$qarg"
+ prev=
+ func_append compile_command " $wl$qarg"
+ func_append finalize_command " $wl$qarg"
+ continue
+ ;;
+ *)
+ eval "$prev=\"\$arg\""
+ prev=
+ continue
+ ;;
+ esac
+ fi # test -n "$prev"
+
+ prevarg="$arg"
+
+ case $arg in
+ -all-static)
+ if test -n "$link_static_flag"; then
+ # See comment for -static flag below, for more details.
+ func_append compile_command " $link_static_flag"
+ func_append finalize_command " $link_static_flag"
+ fi
+ continue
+ ;;
+
+ -allow-undefined)
+ # FIXME: remove this flag sometime in the future.
+ func_fatal_error "\`-allow-undefined' must not be used because it is the default"
+ ;;
+
+ -avoid-version)
+ avoid_version=yes
+ continue
+ ;;
+
+ -dlopen)
+ prev=dlfiles
+ continue
+ ;;
+
+ -dlpreopen)
+ prev=dlprefiles
+ continue
+ ;;
+
+ -export-dynamic)
+ export_dynamic=yes
+ continue
+ ;;
+
+ -export-symbols | -export-symbols-regex)
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ func_fatal_error "more than one -exported-symbols argument is not allowed"
+ fi
+ if test "X$arg" = "X-export-symbols"; then
+ prev=expsyms
+ else
+ prev=expsyms_regex
+ fi
+ continue
+ ;;
+
+ -framework)
+ prev=framework
+ continue
+ ;;
+
+ -inst-prefix-dir)
+ prev=inst_prefix
+ continue
+ ;;
+
+ # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+ # so, if we see these flags be careful not to treat them like -L
+ -L[A-Z][A-Z]*:*)
+ case $with_gcc/$host in
+ no/*-*-irix* | /*-*-irix*)
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ ;;
+ esac
+ continue
+ ;;
+
+ -L*)
+ func_stripname '-L' '' "$arg"
+ dir=$func_stripname_result
+ if test -z "$dir"; then
+ if test "$#" -gt 0; then
+ func_fatal_error "require no space between \`-L' and \`$1'"
+ else
+ func_fatal_error "need path for \`-L' option"
+ fi
+ fi
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ test -z "$absdir" && \
+ func_fatal_error "cannot determine absolute directory name of \`$dir'"
+ dir="$absdir"
+ ;;
+ esac
+ case "$deplibs " in
+ *" -L$dir "*) ;;
+ *)
+ deplibs="$deplibs -L$dir"
+ lib_search_path="$lib_search_path $dir"
+ ;;
+ esac
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$dir:"*) ;;
+ ::) dllsearchpath=$dir;;
+ *) dllsearchpath="$dllsearchpath:$dir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ ::) dllsearchpath=$testbindir;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ continue
+ ;;
+
+ -l*)
+ if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*)
+ # These systems don't actually have a C or math library (as such)
+ continue
+ ;;
+ *-*-os2*)
+ # These systems don't actually have a C library (as such)
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C and math libraries are in the System framework
+ deplibs="$deplibs System.ltframework"
+ continue
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ test "X$arg" = "X-lc" && continue
+ ;;
+ esac
+ elif test "X$arg" = "X-lc_r"; then
+ case $host in
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc_r directly, use -pthread flag.
+ continue
+ ;;
+ esac
+ fi
+ deplibs="$deplibs $arg"
+ continue
+ ;;
+
+ -module)
+ module=yes
+ continue
+ ;;
+
+ # Tru64 UNIX uses -model [arg] to determine the layout of C++
+ # classes, name mangling, and exception handling.
+ # Darwin uses the -arch flag to determine output architecture.
+ -model|-arch|-isysroot)
+ compiler_flags="$compiler_flags $arg"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ prev=xcompiler
+ continue
+ ;;
+
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ compiler_flags="$compiler_flags $arg"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ case "$new_inherited_linker_flags " in
+ *" $arg "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $arg" ;;
+ esac
+ continue
+ ;;
+
+ -multi_module)
+ single_module="${wl}-multi_module"
+ continue
+ ;;
+
+ -no-fast-install)
+ fast_install=no
+ continue
+ ;;
+
+ -no-install)
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
+ # The PATH hackery in wrapper scripts is required on Windows
+ # and Darwin in order for the loader to find any dlls it needs.
+ func_warning "\`-no-install' is ignored for $host"
+ func_warning "assuming \`-no-fast-install' instead"
+ fast_install=no
+ ;;
+ *) no_install=yes ;;
+ esac
+ continue
+ ;;
+
+ -no-undefined)
+ allow_undefined=no
+ continue
+ ;;
+
+ -objectlist)
+ prev=objectlist
+ continue
+ ;;
+
+ -o) prev=output ;;
+
+ -precious-files-regex)
+ prev=precious_regex
+ continue
+ ;;
+
+ -release)
+ prev=release
+ continue
+ ;;
+
+ -rpath)
+ prev=rpath
+ continue
+ ;;
+
+ -R)
+ prev=xrpath
+ continue
+ ;;
+
+ -R*)
+ func_stripname '-R' '' "$arg"
+ dir=$func_stripname_result
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ func_fatal_error "only absolute run-paths are allowed"
+ ;;
+ esac
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ continue
+ ;;
+
+ -shared)
+ # The effects of -shared are defined in a previous loop.
+ continue
+ ;;
+
+ -shrext)
+ prev=shrext
+ continue
+ ;;
+
+ -static | -static-libtool-libs)
+ # The effects of -static are defined in a previous loop.
+ # We used to do the same as -all-static on platforms that
+ # didn't have a PIC flag, but the assumption that the effects
+ # would be equivalent was wrong. It would break on at least
+ # Digital Unix and AIX.
+ continue
+ ;;
+
+ -thread-safe)
+ thread_safe=yes
+ continue
+ ;;
+
+ -version-info)
+ prev=vinfo
+ continue
+ ;;
+
+ -version-number)
+ prev=vinfo
+ vinfo_number=yes
+ continue
+ ;;
+
+ -weak)
+ prev=weak
+ continue
+ ;;
+
+ -Wc,*)
+ func_stripname '-Wc,' '' "$arg"
+ args=$func_stripname_result
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$flag"
+ arg="$arg $wl$func_quote_for_eval_result"
+ compiler_flags="$compiler_flags $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$arg"
+ arg=$func_stripname_result
+ ;;
+
+ -Wl,*)
+ func_stripname '-Wl,' '' "$arg"
+ args=$func_stripname_result
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$flag"
+ arg="$arg $wl$func_quote_for_eval_result"
+ compiler_flags="$compiler_flags $wl$func_quote_for_eval_result"
+ linker_flags="$linker_flags $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$arg"
+ arg=$func_stripname_result
+ ;;
+
+ -Xcompiler)
+ prev=xcompiler
+ continue
+ ;;
+
+ -Xlinker)
+ prev=xlinker
+ continue
+ ;;
+
+ -XCClinker)
+ prev=xcclinker
+ continue
+ ;;
+
+ # -msg_* for osf cc
+ -msg_*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+
+ # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+ # -r[0-9][0-9]* specifies the processor on the SGI compiler
+ # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+ # +DA*, +DD* enable 64-bit mode on the HP compiler
+ # -q* pass through compiler args for the IBM compiler
+ # -m*, -t[45]*, -txscale* pass through architecture-specific
+ # compiler args for GCC
+ # -F/path gives path to uninstalled frameworks, gcc on darwin
+ # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC
+ # @file GCC response files
+ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
+ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ compiler_flags="$compiler_flags $arg"
+ continue
+ ;;
+
+ # Some other compiler flag.
+ -* | +*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+
+ *.$objext)
+ # A standard object.
+ objs="$objs $arg"
+ ;;
+
+ *.lo)
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if func_lalib_unsafe_p "$arg"; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ func_source "$arg"
+
+ if test -z "$pic_object" ||
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none &&
+ test "$non_pic_object" = none; then
+ func_fatal_error "cannot find name of object for \`$arg'"
+ fi
+
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ func_append libobjs " $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ func_append non_pic_objects " $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if $opt_dry_run; then
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ func_lo2o "$arg"
+ pic_object=$xdir$objdir/$func_lo2o_result
+ non_pic_object=$xdir$func_lo2o_result
+ func_append libobjs " $pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ else
+ func_fatal_error "\`$arg' is not a valid libtool object"
+ fi
+ fi
+ ;;
+
+ *.$libext)
+ # An archive.
+ deplibs="$deplibs $arg"
+ old_deplibs="$old_deplibs $arg"
+ continue
+ ;;
+
+ *.la)
+ # A libtool-controlled library.
+
+ if test "$prev" = dlfiles; then
+ # This library was specified with -dlopen.
+ dlfiles="$dlfiles $arg"
+ prev=
+ elif test "$prev" = dlprefiles; then
+ # The library was specified with -dlpreopen.
+ dlprefiles="$dlprefiles $arg"
+ prev=
+ else
+ deplibs="$deplibs $arg"
+ fi
+ continue
+ ;;
+
+ # Some other compiler argument.
+ *)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+ esac # arg
+
+ # Now actually substitute the argument into the commands.
+ if test -n "$arg"; then
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ fi
+ done # argument parsing loop
+
+ test -n "$prev" && \
+ func_fatal_help "the \`$prevarg' option requires an argument"
+
+ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+ eval arg=\"$export_dynamic_flag_spec\"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ fi
+
+ oldlibs=
+ # calculate the name of the file, without its directory
+ func_basename "$output"
+ outputname="$func_basename_result"
+ libobjs_save="$libobjs"
+
+ if test -n "$shlibpath_var"; then
+ # get the directories listed in $shlibpath_var
+ eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+ else
+ shlib_search_path=
+ fi
+ eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+ eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+ func_dirname "$output" "/" ""
+ output_objdir="$func_dirname_result$objdir"
+ # Create the object directory.
+ func_mkdir_p "$output_objdir"
+
+ # Determine the type of output
+ case $output in
+ "")
+ func_fatal_help "you must specify an output file"
+ ;;
+ *.$libext) linkmode=oldlib ;;
+ *.lo | *.$objext) linkmode=obj ;;
+ *.la) linkmode=lib ;;
+ *) linkmode=prog ;; # Anything else should be a program.
+ esac
+
+ specialdeplibs=
+
+ libs=
+ # Find all interdependent deplibs by searching for libraries
+ # that are linked more than once (e.g. -la -lb -la)
+ for deplib in $deplibs; do
+ if $opt_duplicate_deps ; then
+ case "$libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ libs="$libs $deplib"
+ done
+
+ if test "$linkmode" = lib; then
+ libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+ # Compute libraries that are listed more than once in $predeps
+ # $postdeps and mark them as special (i.e., whose duplicates are
+ # not to be eliminated).
+ pre_post_deps=
+ if $opt_duplicate_compiler_generated_deps; then
+ for pre_post_dep in $predeps $postdeps; do
+ case "$pre_post_deps " in
+ *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+ esac
+ pre_post_deps="$pre_post_deps $pre_post_dep"
+ done
+ fi
+ pre_post_deps=
+ fi
+
+ deplibs=
+ newdependency_libs=
+ newlib_search_path=
+ need_relink=no # whether we're linking any uninstalled libtool libraries
+ notinst_deplibs= # not-installed libtool libraries
+ notinst_path= # paths that contain not-installed libtool libraries
+
+ case $linkmode in
+ lib)
+ passes="conv dlpreopen link"
+ for file in $dlfiles $dlprefiles; do
+ case $file in
+ *.la) ;;
+ *)
+ func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file"
+ ;;
+ esac
+ done
+ ;;
+ prog)
+ compile_deplibs=
+ finalize_deplibs=
+ alldeplibs=no
+ newdlfiles=
+ newdlprefiles=
+ passes="conv scan dlopen dlpreopen link"
+ ;;
+ *) passes="conv"
+ ;;
+ esac
+
+ for pass in $passes; do
+ # The preopen pass in lib mode reverses $deplibs; put it back here
+ # so that -L comes before libs that need it for instance...
+ if test "$linkmode,$pass" = "lib,link"; then
+ ## FIXME: Find the place where the list is rebuilt in the wrong
+ ## order, and fix it there properly
+ tmp_deplibs=
+ for deplib in $deplibs; do
+ tmp_deplibs="$deplib $tmp_deplibs"
+ done
+ deplibs="$tmp_deplibs"
+ fi
+
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan"; then
+ libs="$deplibs"
+ deplibs=
+ fi
+ if test "$linkmode" = prog; then
+ case $pass in
+ dlopen) libs="$dlfiles" ;;
+ dlpreopen) libs="$dlprefiles" ;;
+ link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+ esac
+ fi
+ if test "$linkmode,$pass" = "lib,dlpreopen"; then
+ # Collect and forward deplibs of preopened libtool libs
+ for lib in $dlprefiles; do
+ # Ignore non-libtool-libs
+ dependency_libs=
+ case $lib in
+ *.la) func_source "$lib" ;;
+ esac
+
+ # Collect preopened libtool deplibs, except any this library
+ # has declared as weak libs
+ for deplib in $dependency_libs; do
+ deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"`
+ case " $weak_libs " in
+ *" $deplib_base "*) ;;
+ *) deplibs="$deplibs $deplib" ;;
+ esac
+ done
+ done
+ libs="$dlprefiles"
+ fi
+ if test "$pass" = dlopen; then
+ # Collect dlpreopened libraries
+ save_deplibs="$deplibs"
+ deplibs=
+ fi
+
+ for deplib in $libs; do
+ lib=
+ found=no
+ case $deplib in
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags $deplib"
+ if test "$linkmode" = lib ; then
+ case "$new_inherited_linker_flags " in
+ *" $deplib "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+ esac
+ fi
+ fi
+ continue
+ ;;
+ -l*)
+ if test "$linkmode" != lib && test "$linkmode" != prog; then
+ func_warning "\`-l' is ignored for archives/objects"
+ continue
+ fi
+ func_stripname '-l' '' "$deplib"
+ name=$func_stripname_result
+ if test "$linkmode" = lib; then
+ searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
+ else
+ searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
+ fi
+ for searchdir in $searchdirs; do
+ for search_ext in .la $std_shrext .so .a; do
+ # Search the libtool library
+ lib="$searchdir/lib${name}${search_ext}"
+ if test -f "$lib"; then
+ if test "$search_ext" = ".la"; then
+ found=yes
+ else
+ found=no
+ fi
+ break 2
+ fi
+ done
+ done
+ if test "$found" != yes; then
+ # deplib doesn't seem to be a libtool library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
